Bug 1699373 - Add WPT for COEP/CORP image reloading r=annevk a=pascalc

Differential Revision: https://phabricator.services.mozilla.com/D125129

testing/web-platform/tests/html/cross-origin-embedder-policy/require-corp-cached-images.https.html

@@ -0,0 +1,73 @@
+<!doctype html>
+<html>
+<title> Images on a page Cross-Origin-Embedder-Policy: require-corp should load the same from the cache or network</title>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/common/get-host-info.sub.js"></script>
+<script>
+
+function remote(path) {
+  const REMOTE_ORIGIN = get_host_info().HTTPS_REMOTE_ORIGIN;
+  return new URL(path, REMOTE_ORIGIN);
+}
+
+//
+// This test loads a same-orign iframe resources/load_corp_images.html with
+// Cross-Origin-Embedder-Policy: require-corp
+// The iframe loads two cross origin images, one with a
+// Cross-Origin-Resource-Policy: cross-origin header, and one without.
+// We expect the image with the header to load successfully and the one without
+// to fail to load.
+// After the first load we then reload the iframe, with the same expectations
+// for the image loads when they are loaded from the cache.
+//
+
+const image_path = "/html/cross-origin-embedder-policy/resources/corp-image.py";
+
+let EXPECTED_LOADS = {
+  [`NETWORK-${remote(image_path)}`]: false,
+  [`NETWORK-${remote(image_path)}?corp-cross-origin=1`]: true,
+  [`CACHED-${remote(image_path)}`]: false,
+  [`CACHED-${remote(image_path)}?corp-cross-origin=1`]: true,
+}
+
+let TESTS = {};
+for (let t in EXPECTED_LOADS) {
+  TESTS[t] = async_test(t);
+}
+
+window.addEventListener("load", async () => {
+  let iframe = document.createElement("iframe");
+  let firstRun = true;
+  let t = async_test("main_test");
+  await new Promise((resolve, reject) => {
+    iframe.src = "resources/load-corp-images.html";
+    iframe.onload = () => { resolve() };
+    iframe.onerror = (e) => { reject(); };
+    window.addEventListener("message", (event) => {
+      // After the first done event we reload the iframe.
+      if (event.data.done) {
+        if (firstRun) {
+          firstRun = false;
+          iframe.contentWindow.location.reload();
+        } else {
+          // After the second done event the test is finished.
+          t.done();
+        }
+      } else {
+        // Check that each image either loads or doesn't based on the expectations
+        let testName = `${firstRun ? "NETWORK-" : "CACHED-"}${event.data.src}`;
+        let test = TESTS[testName];
+        test.step(() => {
+          assert_equals(event.data.loaded, EXPECTED_LOADS[testName], `${firstRun ? "NETWORK" : "CACHED"} load of ${event.data.src} should ${EXPECTED_LOADS[testName] ? "" : "not"} succeed`);
+        });
+        test.done();
+      }
+    }, false);
+    document.body.appendChild(iframe);
+  })
+});
+
+
+</script>
+</html>

testing/web-platform/tests/html/cross-origin-embedder-policy/require-corp-cached-images.https.html.headers

@@ -0,0 +1 @@
+Cross-Origin-Embedder-Policy: require-corp

testing/web-platform/tests/html/cross-origin-embedder-policy/resources/corp-image.py

@@ -0,0 +1,27 @@
+import json
+import base64
+
+# A 1x1 PNG image.
+# Source: https://commons.wikimedia.org/wiki/File:1x1.png (Public Domain)
+IMAGE = "iVBORw0KGgoAAAANSUhEUgAAAAEAAAABAQMAAAAl21bKAAAAA1BMVEUAAACnej3aAAAAAXRSTlMAQObYZgAAAApJREFUCNdjYAAAAAIAAeIhvDMAAAAASUVORK5CYII="
+
+def main(request, response):
+    response.headers.set(b'Access-Control-Allow-Origin', b'*')
+    response.headers.set(b'Access-Control-Allow-Methods', b'OPTIONS, GET, POST')
+    response.headers.set(b'Access-Control-Allow-Headers', b'Content-Type')
+
+    response.headers.set(b"Cache-Control", b"max-age=3600");
+    # CORS preflight
+    if request.method == u'OPTIONS':
+        return u''
+
+    if b'some-etag' == request.headers.get(b"If-None-Match", None):
+        response.status = 304
+        return u''
+
+    if request.GET.first(b"corp-cross-origin", default=b""):
+        response.headers.set(b'Cross-Origin-Resource-Policy', b'cross-origin')
+
+    response.headers.set(b'Etag', b'some-etag')
+    response.headers.set(b'Content-Type', b'image/png')
+    return base64.b64decode(IMAGE)

testing/web-platform/tests/html/cross-origin-embedder-policy/resources/load-corp-images.html

@@ -0,0 +1,34 @@
+<!doctype html>
+<html>
+<script src="/common/get-host-info.sub.js"></script>
+<script>
+
+function remote(path) {
+  const REMOTE_ORIGIN = get_host_info().HTTPS_REMOTE_ORIGIN;
+  return new URL(path, REMOTE_ORIGIN);
+}
+
+const image_path = "/html/cross-origin-embedder-policy/resources/corp-image.py";
+
+window.addEventListener("load", async () => {
+  await new Promise(resolve => {
+    let img = document.createElement("img");
+    img.src = remote(image_path);
+    img.onload = () => { window.parent.postMessage({loaded: true, src: img.src}, "*"); resolve(); };
+    img.onerror = (e) => { window.parent.postMessage({loaded: false, src: img.src}, "*"); resolve(); };
+    document.body.appendChild(img);
+  });
+
+  await new Promise(resolve => {
+    let img = document.createElement("img");
+    img.src = remote(image_path + "?corp-cross-origin=1");
+    img.onload = () => { window.parent.postMessage({loaded: true, src: img.src}, "*"); resolve(); };
+    img.onerror = (e) => { window.parent.postMessage({loaded: false, src: img.src}, "*"); resolve(); };
+    document.body.appendChild(img);
+  });
+
+  window.parent.postMessage({done: true}, "*")
+});
+
+</script>
+</html>

testing/web-platform/tests/html/cross-origin-embedder-policy/resources/load-corp-images.html.headers

@@ -0,0 +1 @@
+cross-origin-embedder-policy: require-corp