Adding upstream version 124.0.1.upstream/124.0.1

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

31 files changed, 580 insertions, 0 deletions

diff --git a/testing/web-platform/tests/feature-policy/reporting/camera-reporting.https.html b/testing/web-platform/tests/feature-policy/reporting/camera-reporting.https.html
new file mode 100644
index 0000000000..708d3fa525
--- /dev/null
+++ b/testing/web-platform/tests/feature-policy/reporting/camera-reporting.https.html
@@ -0,0 +1,34 @@
+<!DOCTYPE html>
+<html>
+  <head>
+    <script src='/resources/testharness.js'></script>
+    <script src='/resources/testharnessreport.js'></script>
+    <script src=/resources/testdriver.js></script>
+    <script src=/resources/testdriver-vendor.js></script>
+    <script src='../../mediacapture-streams/permission-helper.js'></script>
+  </head>
+  <body>
+    <script>
+var t = async_test("Camera Report Format");
+
+var check_report_format = (reports, observer) => {
+  let report = reports[0];
+  assert_equals(report.type, "permissions-policy-violation");
+  assert_equals(report.url, document.location.href);
+  assert_equals(report.body.featureId, "camera");
+  assert_equals(report.body.sourceFile, document.location.href);
+  assert_equals(typeof report.body.lineNumber, "number");
+  assert_equals(typeof report.body.columnNumber, "number");
+  assert_equals(report.body.disposition, "enforce");
+};
+
+new ReportingObserver(t.step_func_done(check_report_format),
+                      {types: ['permissions-policy-violation']}).observe();
+
+  setMediaPermission("granted", ["camera"]).then(() => navigator.mediaDevices.getUserMedia({video: true}))
+  .then(
+  t.unreached_func("UserMedia camera access should not be allowed in this document.")
+).catch(() => {});
+    </script>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/feature-policy/reporting/camera-reporting.https.html.headers b/testing/web-platform/tests/feature-policy/reporting/camera-reporting.https.html.headers
new file mode 100644
index 0000000000..2adc5e237f
--- /dev/null
+++ b/testing/web-platform/tests/feature-policy/reporting/camera-reporting.https.html.headers
@@ -0,0 +1 @@
+Feature-Policy: camera 'none'
diff --git a/testing/web-platform/tests/feature-policy/reporting/encrypted-media-reporting.https.html b/testing/web-platform/tests/feature-policy/reporting/encrypted-media-reporting.https.html
new file mode 100644
index 0000000000..32a5a2cc48
--- /dev/null
+++ b/testing/web-platform/tests/feature-policy/reporting/encrypted-media-reporting.https.html
@@ -0,0 +1,37 @@
+<!DOCTYPE html>
+<html>
+  <head>
+    <script src='/resources/testharness.js'></script>
+    <script src='/resources/testharnessreport.js'></script>
+  </head>
+  <body>
+    <script>
+var check_report_format = (reports, observer) => {
+  let report = reports[0];
+  assert_equals(report.type, "permissions-policy-violation");
+  assert_equals(report.url, document.location.href);
+  assert_equals(report.body.featureId, "encrypted-media");
+  assert_equals(report.body.disposition, "enforce");
+  assert_equals(report.body.sourceFile, document.location.href);
+  assert_equals(typeof report.body.lineNumber, "number");
+  assert_equals(typeof report.body.columnNumber, "number");
+};
+
+promise_test(async t => {
+  const report = new Promise(resolve => {
+    new ReportingObserver((reports, observer) => resolve([reports, observer]),
+                          {types: ['permissions-policy-violation']}).observe();
+  });
+  await promise_rejects_dom(t, "SecurityError",
+    navigator.requestMediaKeySystemAccess("org.w3.clearkey",
+      [{
+        initDataTypes: ["webm"],
+        videoCapabilities: [{contentType: 'video/webm;codecs="vp8"'}],
+      }]),
+      "requestMediaKeySystemAccess() should not be allowed in this document.");
+  const [reports, observer] = await report;
+  check_report_format(reports, observer);
+}, "Encrypted Media report format");
+    </script>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/feature-policy/reporting/encrypted-media-reporting.https.html.headers b/testing/web-platform/tests/feature-policy/reporting/encrypted-media-reporting.https.html.headers
new file mode 100644
index 0000000000..73753a2e41
--- /dev/null
+++ b/testing/web-platform/tests/feature-policy/reporting/encrypted-media-reporting.https.html.headers
@@ -0,0 +1 @@
+Feature-Policy: encrypted-media 'none'
diff --git a/testing/web-platform/tests/feature-policy/reporting/fullscreen-reporting.html b/testing/web-platform/tests/feature-policy/reporting/fullscreen-reporting.html
new file mode 100644
index 0000000000..d7b905744d
--- /dev/null
+++ b/testing/web-platform/tests/feature-policy/reporting/fullscreen-reporting.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<html>
+  <head>
+    <script src='/resources/testharness.js'></script>
+    <script src='/resources/testharnessreport.js'></script>
+  </head>
+  <body>
+    <div id='fs'></div>
+    <script>
+var observer1;
+var observer2;
+
+var check_report_format = (reports, observer) => {
+  // Test that observer2 is notified, even if it is disconnected.
+  observer1.disconnect();
+  observer2.disconnect();
+  let report = reports[0];
+  assert_equals(report.type, "permissions-policy-violation");
+  assert_equals(report.url, document.location.href);
+  assert_equals(report.body.featureId, "fullscreen");
+  assert_equals(report.body.sourceFile, document.location.href);
+  assert_equals(typeof report.body.lineNumber, "number");
+  assert_equals(typeof report.body.columnNumber, "number");
+  assert_equals(report.body.disposition, "enforce");
+};
+
+var check_second_observer = (reports, observer) => {
+  let report = reports[0];
+  assert_equals(report.type, "permissions-policy-violation");
+  assert_equals(report.body.featureId, "fullscreen");
+};
+
+async_test(t => {
+  observer1 = new ReportingObserver(t.step_func(check_report_format),
+                                    {types: ['permissions-policy-violation']});
+  observer1.observe();
+  observer2 = new ReportingObserver(t.step_func_done(check_second_observer),
+                                    {types: ['permissions-policy-violation']});
+  observer2.observe();
+  document.getElementById('fs').requestFullscreen().then(t.unreached_func(
+    "Fullscreen should not be allowed in this document.")).catch(()=>{});
+}, "Fullscreen Report Format");
+    </script>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/feature-policy/reporting/fullscreen-reporting.html.headers b/testing/web-platform/tests/feature-policy/reporting/fullscreen-reporting.html.headers
new file mode 100644
index 0000000000..d35e48ba40
--- /dev/null
+++ b/testing/web-platform/tests/feature-policy/reporting/fullscreen-reporting.html.headers
@@ -0,0 +1 @@
+Feature-Policy: fullscreen 'none'
diff --git a/testing/web-platform/tests/feature-policy/reporting/generic-sensor-reporting.https.html b/testing/web-platform/tests/feature-policy/reporting/generic-sensor-reporting.https.html
new file mode 100644
index 0000000000..c29c069ee3
--- /dev/null
+++ b/testing/web-platform/tests/feature-policy/reporting/generic-sensor-reporting.https.html
@@ -0,0 +1,55 @@
+<!DOCTYPE html>
+<html>
+  <head>
+    <script src='/resources/testharness.js'></script>
+    <script src='/resources/testharnessreport.js'></script>
+  </head>
+  <body>
+    <script>
+var sensor_features_verified = {
+  "accelerometer": false,
+  "ambient-light-sensor": false,
+  "magnetometer": false,
+  "gyroscope": false
+};
+
+var check_report_format = function(reports, observer) {
+  // Check each report in this batch. This observer callback may be called
+  // multiple times before all reports have been processed.
+  for (const report of reports) {
+
+    // Validate that the reported feature is one of the sensor features, and that
+    // we have not seen a report for this feature before.
+    assert_true(sensor_features_verified.hasOwnProperty(report.body.featureId));
+    assert_false(sensor_features_verified[report.body.featureId]);
+
+    // Validate the remainder of the report
+    assert_equals(report.type, "permissions-policy-violation");
+    assert_equals(report.url, document.location.href);
+    assert_equals(report.body.sourceFile, document.location.href);
+    assert_equals(typeof report.body.lineNumber, "number");
+    assert_equals(typeof report.body.columnNumber, "number");
+    assert_equals(report.body.disposition, "enforce");
+
+    sensor_features_verified[report.body.featureId] = true;
+  }
+
+  // Test is only done when reports for all features have been seen
+  for (let result of Object.values(sensor_features_verified)) {
+    if (!result)
+      return;
+  }
+  this.done();
+};
+
+async_test(t => {
+  new ReportingObserver(t.step_func(check_report_format),
+                        {types: ['permissions-policy-violation']}).observe();
+  assert_throws_dom("SecurityError", () => new Accelerometer(), "Constructing sensors should be blocked by policy");
+  assert_throws_dom("SecurityError", () => new AmbientLightSensor(), "Constructing sensors should be blocked by policy");
+  assert_throws_dom("SecurityError", () => new Gyroscope(), "Constructing sensors should be blocked by policy");
+  assert_throws_dom("SecurityError", () => new Magnetometer(), "Constructing sensors should be blocked by policy");
+}, "Generic Sensor Report Format");
+    </script>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/feature-policy/reporting/generic-sensor-reporting.https.html.headers b/testing/web-platform/tests/feature-policy/reporting/generic-sensor-reporting.https.html.headers
new file mode 100644
index 0000000000..80cc027530
--- /dev/null
+++ b/testing/web-platform/tests/feature-policy/reporting/generic-sensor-reporting.https.html.headers
@@ -0,0 +1 @@
+Feature-Policy: ambient-light-sensor 'none'; accelerometer 'none'; gyroscope 'none'; magnetometer 'none'
diff --git a/testing/web-platform/tests/feature-policy/reporting/geolocation-reporting.https.html b/testing/web-platform/tests/feature-policy/reporting/geolocation-reporting.https.html
new file mode 100644
index 0000000000..e0eb275bcc
--- /dev/null
+++ b/testing/web-platform/tests/feature-policy/reporting/geolocation-reporting.https.html
@@ -0,0 +1,30 @@
+<!DOCTYPE html>
+<html>
+  <head>
+    <script src='/resources/testharness.js'></script>
+    <script src='/resources/testharnessreport.js'></script>
+  </head>
+  <body>
+    <script>
+var t = async_test("Geolocation Report Format");
+
+var check_report_format = (reports, observer) => {
+  let report = reports[0];
+  assert_equals(report.type, "permissions-policy-violation");
+  assert_equals(report.url, document.location.href);
+  assert_equals(report.body.featureId, "geolocation");
+  assert_equals(report.body.sourceFile, document.location.href);
+  assert_equals(typeof report.body.lineNumber, "number");
+  assert_equals(typeof report.body.columnNumber, "number");
+  assert_equals(report.body.disposition, "enforce");
+};
+
+new ReportingObserver(t.step_func_done(check_report_format),
+                      {types: ['permissions-policy-violation']}).observe();
+
+navigator.geolocation.getCurrentPosition(
+  t.unreached_func("geolocation should be disabled in this document"),
+  () => {});
+    </script>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/feature-policy/reporting/geolocation-reporting.https.html.headers b/testing/web-platform/tests/feature-policy/reporting/geolocation-reporting.https.html.headers
new file mode 100644
index 0000000000..7e75481ea6
--- /dev/null
+++ b/testing/web-platform/tests/feature-policy/reporting/geolocation-reporting.https.html.headers
@@ -0,0 +1 @@
+Feature-Policy: geolocation 'none'
diff --git a/testing/web-platform/tests/feature-policy/reporting/image.bmp b/testing/web-platform/tests/feature-policy/reporting/image.bmp
new file mode 100644
index 0000000000..f2b88690fc
--- /dev/null
+++ b/testing/web-platform/tests/feature-policy/reporting/image.bmp
diff --git a/testing/web-platform/tests/feature-policy/reporting/microphone-reporting.https.html b/testing/web-platform/tests/feature-policy/reporting/microphone-reporting.https.html
new file mode 100644
index 0000000000..14ae976cde
--- /dev/null
+++ b/testing/web-platform/tests/feature-policy/reporting/microphone-reporting.https.html
@@ -0,0 +1,34 @@
+<!DOCTYPE html>
+<html>
+  <head>
+    <script src='/resources/testharness.js'></script>
+    <script src='/resources/testharnessreport.js'></script>
+    <script src=/resources/testdriver.js></script>
+    <script src=/resources/testdriver-vendor.js></script>
+    <script src='../../mediacapture-streams/permission-helper.js'></script>
+  </head>
+  <body>
+    <script>
+var t = async_test("Microphone Report Format");
+
+var check_report_format = (reports, observer) => {
+  let report = reports[0];
+  assert_equals(report.type, "permissions-policy-violation");
+  assert_equals(report.url, document.location.href);
+  assert_equals(report.body.featureId, "microphone");
+  assert_equals(report.body.sourceFile, document.location.href);
+  assert_equals(typeof report.body.lineNumber, "number");
+  assert_equals(typeof report.body.columnNumber, "number");
+  assert_equals(report.body.disposition, "enforce");
+};
+
+new ReportingObserver(t.step_func_done(check_report_format),
+                      {types: ['permissions-policy-violation']}).observe();
+
+setMediaPermission().then(() => navigator.mediaDevices.getUserMedia({audio: true}))
+  .then(
+  t.unreached_func("UserMedia microphone access should not be allowed in this document.")
+).catch(() => {});
+    </script>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/feature-policy/reporting/microphone-reporting.https.html.headers b/testing/web-platform/tests/feature-policy/reporting/microphone-reporting.https.html.headers
new file mode 100644
index 0000000000..a86e0a0778
--- /dev/null
+++ b/testing/web-platform/tests/feature-policy/reporting/microphone-reporting.https.html.headers
@@ -0,0 +1 @@
+Feature-Policy: microphone 'none'
diff --git a/testing/web-platform/tests/feature-policy/reporting/midi-reporting.https.html b/testing/web-platform/tests/feature-policy/reporting/midi-reporting.https.html
new file mode 100644
index 0000000000..6cc07f5371
--- /dev/null
+++ b/testing/web-platform/tests/feature-policy/reporting/midi-reporting.https.html
@@ -0,0 +1,32 @@
+<!DOCTYPE html>
+<html>
+  <head>
+    <script src='/resources/testharness.js'></script>
+    <script src='/resources/testharnessreport.js'></script>
+  </head>
+  <body>
+    <script>
+var check_report_format = (reports, observer) => {
+  let report = reports[0];
+  assert_equals(report.type, "permissions-policy-violation");
+  assert_equals(report.url, document.location.href);
+  assert_equals(report.body.featureId, "midi");
+  assert_equals(report.body.sourceFile, document.location.href);
+  assert_equals(typeof report.body.lineNumber, "number");
+  assert_equals(typeof report.body.columnNumber, "number");
+  assert_equals(report.body.disposition, "enforce");
+};
+
+promise_test(async (t) => {
+  const report = new Promise(resolve => {
+    new ReportingObserver((reports, observer) => resolve([reports, observer]),
+                          {types: ['permissions-policy-violation']}).observe();
+  });
+  await promise_rejects_dom(t, 'SecurityError', navigator.requestMIDIAccess(),
+                        "MIDI device access should not be allowed in this document.");
+  const [reports, observer] = await report;
+  check_report_format(reports, observer);
+}, "MIDI Report Format");
+    </script>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/feature-policy/reporting/midi-reporting.https.html.headers b/testing/web-platform/tests/feature-policy/reporting/midi-reporting.https.html.headers
new file mode 100644
index 0000000000..0e145978a0
--- /dev/null
+++ b/testing/web-platform/tests/feature-policy/reporting/midi-reporting.https.html.headers
@@ -0,0 +1 @@
+Feature-Policy: midi 'none'
diff --git a/testing/web-platform/tests/feature-policy/reporting/payment-reporting.https.html b/testing/web-platform/tests/feature-policy/reporting/payment-reporting.https.html
new file mode 100644
index 0000000000..3c04db864d
--- /dev/null
+++ b/testing/web-platform/tests/feature-policy/reporting/payment-reporting.https.html
@@ -0,0 +1,37 @@
+<!DOCTYPE html>
+<html>
+  <head>
+    <script src='/resources/testharness.js'></script>
+    <script src='/resources/testharnessreport.js'></script>
+    <script src='../resources/feature-policy-report-json.js'></script>
+  </head>
+  <body>
+    <script>
+var t = async_test("PaymentRequest Report Format");
+
+var check_report_format = (reports, observer) => {
+  let report = reports[0];
+  assert_equals(report.type, "permissions-policy-violation");
+  assert_equals(report.url, document.location.href);
+  assert_equals(report.body.featureId, "payment");
+  assert_equals(report.body.sourceFile, document.location.href);
+  assert_equals(typeof report.body.lineNumber, "number");
+  assert_equals(typeof report.body.columnNumber, "number");
+  assert_equals(report.body.disposition, "enforce");
+  check_report_json(report);
+};
+
+new ReportingObserver(t.step_func_done(check_report_format),
+                      {types: ['permissions-policy-violation']}).observe();
+
+t.step_func(() => {
+  assert_throws_dom('SecurityError',
+  () => new PaymentRequest(
+    [{ supportedMethods: 'https://example.com/pay' }],
+    { total: { label: 'Total', amount: { currency: 'USD', value: 0 }}},
+    {}).show(),
+  "PaymentRequest API should not be allowed in this document.");
+})();
+    </script>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/feature-policy/reporting/payment-reporting.https.html.headers b/testing/web-platform/tests/feature-policy/reporting/payment-reporting.https.html.headers
new file mode 100644
index 0000000000..a2836778bc
--- /dev/null
+++ b/testing/web-platform/tests/feature-policy/reporting/payment-reporting.https.html.headers
@@ -0,0 +1 @@
+Feature-Policy: payment 'none'
diff --git a/testing/web-platform/tests/feature-policy/reporting/picture-in-picture-reporting.html b/testing/web-platform/tests/feature-policy/reporting/picture-in-picture-reporting.html
new file mode 100644
index 0000000000..177e4d5c02
--- /dev/null
+++ b/testing/web-platform/tests/feature-policy/reporting/picture-in-picture-reporting.html
@@ -0,0 +1,46 @@
+<!DOCTYPE html>
+<html>
+  <head>
+    <script src='/common/media.js'></script>
+    <script src='/resources/testharness.js'></script>
+    <script src='/resources/testharnessreport.js'></script>
+    <script src="/resources/testdriver.js"></script>
+    <script src="/resources/testdriver-vendor.js"></script>
+    <script src='../resources/picture-in-picture.js'></script>
+  </head>
+  <body>
+    <script>
+const check_report_format = (reports, observer) => {
+  const report = reports[0];
+  assert_equals(report.type, "permissions-policy-violation");
+  assert_equals(report.url, document.location.href);
+  assert_equals(report.body.featureId, "picture-in-picture");
+  assert_equals(report.body.sourceFile, document.location.href);
+  assert_equals(typeof report.body.lineNumber, "number");
+  assert_equals(typeof report.body.columnNumber, "number");
+  assert_equals(report.body.disposition, "enforce");
+};
+
+const loadVideo = () => new Promise(resolve => {
+    const video = document.createElement('video');
+    video.src = getVideoURI('/media/movie_5');
+    video.addEventListener('loadedmetadata', () => {
+      resolve(video);
+    }, { once: true });
+});
+
+promise_pip_test(async (t) => {
+  const report = new Promise(resolve => {
+    new ReportingObserver((reports, observer) => resolve([reports, observer]),
+                          {types: ['permissions-policy-violation']}).observe();
+  });
+  const videoElement = await loadVideo();
+  await test_driver.bless('picture-in-picture');
+  await promise_rejects_dom(t, 'SecurityError', videoElement.requestPictureInPicture(),
+                        "Picture-in-Picture should not be allowed in this document.");
+  const [reports, observer] = await report;
+  check_report_format(reports, observer);
+}, "Picture-in-Picture Report Format");
+    </script>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/feature-policy/reporting/picture-in-picture-reporting.html.headers b/testing/web-platform/tests/feature-policy/reporting/picture-in-picture-reporting.html.headers
new file mode 100644
index 0000000000..1759381fdc
--- /dev/null
+++ b/testing/web-platform/tests/feature-policy/reporting/picture-in-picture-reporting.html.headers
@@ -0,0 +1 @@
+Feature-Policy: picture-in-picture 'none'
diff --git a/testing/web-platform/tests/feature-policy/reporting/serial-reporting.https.html b/testing/web-platform/tests/feature-policy/reporting/serial-reporting.https.html
new file mode 100644
index 0000000000..c96d8f878a
--- /dev/null
+++ b/testing/web-platform/tests/feature-policy/reporting/serial-reporting.https.html
@@ -0,0 +1,54 @@
+<!DOCTYPE html>
+<html>
+  <head>
+    <script src='/resources/testharness.js'></script>
+    <script src='/resources/testharnessreport.js'></script>
+    <script src='/resources/testdriver.js'></script>
+    <script src="/resources/testdriver-vendor.js"></script>
+  </head>
+  <body>
+    <script>
+var check_report_format = ([reports, observer]) => {
+  let report = reports[0];
+  assert_equals(report.type, "permissions-policy-violation");
+  assert_equals(report.url, document.location.href);
+  assert_equals(report.body.featureId, "serial");
+  assert_equals(report.body.sourceFile, document.location.href);
+  assert_equals(typeof report.body.lineNumber, "number");
+  assert_equals(typeof report.body.columnNumber, "number");
+  assert_equals(report.body.disposition, "enforce");
+};
+
+promise_test(async t => {
+  const report = new Promise(resolve => {
+    new ReportingObserver((reports, observer) => resolve([reports, observer]),
+                          {types: ['permissions-policy-violation']}).observe();
+  });
+
+  await test_driver.bless('Activate document for serial.requestPort');
+  try {
+    await navigator.serial.requestPort({ filters: [] });
+    assert_unreached("Serial port access should not be allowed in this document.");
+  } catch (e) {
+    assert_equals(e.code, DOMException.SECURITY_ERR);
+  }
+  check_report_format(await report);
+}, "requestPort in serial reporting mode");
+
+promise_test(async t => {
+  const report = new Promise(resolve => {
+    new ReportingObserver((reports, observer) => resolve([reports, observer]),
+                          {types: ['permissions-policy-violation']}).observe();
+  });
+
+  try {
+    await navigator.serial.getPorts();
+    assert_unreached("Serial port access should not be allowed in this document.");
+  } catch (e) {
+    assert_equals(e.code, DOMException.SECURITY_ERR);
+  }
+  check_report_format(await report);
+}, "getPorts in serial reporting mode");
+    </script>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/feature-policy/reporting/serial-reporting.https.html.headers b/testing/web-platform/tests/feature-policy/reporting/serial-reporting.https.html.headers
new file mode 100644
index 0000000000..be3e6afd42
--- /dev/null
+++ b/testing/web-platform/tests/feature-policy/reporting/serial-reporting.https.html.headers
@@ -0,0 +1 @@
+Feature-Policy: serial 'none'
diff --git a/testing/web-platform/tests/feature-policy/reporting/sync-xhr-reporting.html b/testing/web-platform/tests/feature-policy/reporting/sync-xhr-reporting.html
new file mode 100644
index 0000000000..416edf0cbb
--- /dev/null
+++ b/testing/web-platform/tests/feature-policy/reporting/sync-xhr-reporting.html
@@ -0,0 +1,36 @@
+<!DOCTYPE html>
+<html>
+  <head>
+    <script src='/resources/testharness.js'></script>
+    <script src='/resources/testharnessreport.js'></script>
+    <script src='../resources/feature-policy-report-json.js'></script>
+  </head>
+  <body>
+    <script>
+var t = async_test("Sync-xhr Report Format");
+
+var check_report_format = (reports, observer) => {
+  let report = reports[0];
+  assert_equals(report.type, "permissions-policy-violation");
+  assert_equals(report.url, document.location.href);
+  assert_equals(report.body.featureId, "sync-xhr");
+  assert_equals(report.body.sourceFile, document.location.href);
+  assert_equals(typeof report.body.lineNumber, "number");
+  assert_equals(typeof report.body.columnNumber, "number");
+  assert_equals(report.body.disposition, "enforce");
+  check_report_json(report);
+};
+
+new ReportingObserver(t.step_func_done(check_report_format),
+                      {types: ['permissions-policy-violation']}).observe();
+
+t.step_func(() => {
+  var xhr = new XMLHttpRequest();
+  xhr.open("GET", document.location.href, false);
+  assert_throws_dom('NetworkError',
+    () => xhr.send(),
+    "Synchronous XHR.send should throw an exception when disabled");
+})();
+    </script>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/feature-policy/reporting/sync-xhr-reporting.html.headers b/testing/web-platform/tests/feature-policy/reporting/sync-xhr-reporting.html.headers
new file mode 100644
index 0000000000..21a909e1fb
--- /dev/null
+++ b/testing/web-platform/tests/feature-policy/reporting/sync-xhr-reporting.html.headers
@@ -0,0 +1 @@
+Feature-Policy: sync-xhr 'none'
diff --git a/testing/web-platform/tests/feature-policy/reporting/usb-reporting.https.html b/testing/web-platform/tests/feature-policy/reporting/usb-reporting.https.html
new file mode 100644
index 0000000000..1ec5ba4370
--- /dev/null
+++ b/testing/web-platform/tests/feature-policy/reporting/usb-reporting.https.html
@@ -0,0 +1,30 @@
+<!DOCTYPE html>
+<html>
+  <head>
+    <script src='/resources/testharness.js'></script>
+    <script src='/resources/testharnessreport.js'></script>
+  </head>
+  <body>
+    <script>
+var t = async_test("USB Report Format");
+
+var check_report_format = (reports, observer) => {
+  let report = reports[0];
+  assert_equals(report.type, "permissions-policy-violation");
+  assert_equals(report.url, document.location.href);
+  assert_equals(report.body.featureId, "usb");
+  assert_equals(report.body.sourceFile, document.location.href);
+  assert_equals(typeof report.body.lineNumber, "number");
+  assert_equals(typeof report.body.columnNumber, "number");
+  assert_equals(report.body.disposition, "enforce");
+};
+
+new ReportingObserver(t.step_func_done(check_report_format),
+                      {types: ['permissions-policy-violation']}).observe();
+
+navigator.usb.getDevices().then(
+  t.unreached_func("USB device access should not be allowed in this document.")
+).catch(() => {});
+    </script>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/feature-policy/reporting/usb-reporting.https.html.headers b/testing/web-platform/tests/feature-policy/reporting/usb-reporting.https.html.headers
new file mode 100644
index 0000000000..4fd1e26936
--- /dev/null
+++ b/testing/web-platform/tests/feature-policy/reporting/usb-reporting.https.html.headers
@@ -0,0 +1 @@
+Feature-Policy: usb 'none'
diff --git a/testing/web-platform/tests/feature-policy/reporting/vr-report-only.https.html b/testing/web-platform/tests/feature-policy/reporting/vr-report-only.https.html
new file mode 100644
index 0000000000..b64a2015f7
--- /dev/null
+++ b/testing/web-platform/tests/feature-policy/reporting/vr-report-only.https.html
@@ -0,0 +1,30 @@
+<!DOCTYPE html>
+<html>
+  <head>
+    <script src='/resources/testharness.js'></script>
+    <script src='/resources/testharnessreport.js'></script>
+  </head>
+  <body>
+    <script>
+const check_report_format = ([reports, observer]) => {
+  const report = reports[0];
+  assert_equals(report.type, "feature-policy-violation");
+  assert_equals(report.url, document.location.href);
+  assert_equals(report.body.featureId, "vr");
+  assert_equals(report.body.sourceFile, document.location.href);
+  assert_equals(typeof report.body.lineNumber, "number");
+  assert_equals(typeof report.body.columnNumber, "number");
+  assert_equals(report.body.disposition, "report");
+};
+
+promise_test(async t => {
+  const report = new Promise(resolve => {
+    new ReportingObserver((reports, observer) => resolve([reports, observer]),
+                          {types: ['feature-policy-violation']}).observe();
+  });
+  await navigator.getVRDisplays();
+  check_report_format(await report);
+}, "VR report only mode");
+    </script>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/feature-policy/reporting/vr-report-only.https.html.headers b/testing/web-platform/tests/feature-policy/reporting/vr-report-only.https.html.headers
new file mode 100644
index 0000000000..0761021f45
--- /dev/null
+++ b/testing/web-platform/tests/feature-policy/reporting/vr-report-only.https.html.headers
@@ -0,0 +1 @@
+Feature-Policy-Report-Only: vr 'none'
diff --git a/testing/web-platform/tests/feature-policy/reporting/vr-reporting.https.html b/testing/web-platform/tests/feature-policy/reporting/vr-reporting.https.html
new file mode 100644
index 0000000000..b47f7e187e
--- /dev/null
+++ b/testing/web-platform/tests/feature-policy/reporting/vr-reporting.https.html
@@ -0,0 +1,32 @@
+<!DOCTYPE html>
+<html>
+  <head>
+    <script src='/resources/testharness.js'></script>
+    <script src='/resources/testharnessreport.js'></script>
+  </head>
+  <body>
+    <script>
+var check_report_format = (reports, observer) => {
+  let report = reports[0];
+  assert_equals(report.type, "feature-policy-violation");
+  assert_equals(report.url, document.location.href);
+  assert_equals(report.body.featureId, "vr");
+  assert_equals(report.body.sourceFile, document.location.href);
+  assert_equals(typeof report.body.lineNumber, "number");
+  assert_equals(typeof report.body.columnNumber, "number");
+  assert_equals(report.body.disposition, "enforce");
+};
+
+promise_test(async (t) => {
+  const report = new Promise(resolve => {
+    new ReportingObserver((reports, observer) => resolve([reports, observer]),
+                          {types: ['feature-policy-violation']}).observe();
+  });
+  await promise_rejects_dom(t, 'SecurityError', navigator.getVRDisplays(),
+                        "VR device access should not be allowed in this document.");
+  const [reports, observer] = await report;
+  check_report_format(reports, observer);
+}, "VR Report Format");
+    </script>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/feature-policy/reporting/vr-reporting.https.html.headers b/testing/web-platform/tests/feature-policy/reporting/vr-reporting.https.html.headers
new file mode 100644
index 0000000000..d021af7563
--- /dev/null
+++ b/testing/web-platform/tests/feature-policy/reporting/vr-reporting.https.html.headers
@@ -0,0 +1 @@
+Feature-Policy: vr 'none'
diff --git a/testing/web-platform/tests/feature-policy/reporting/xr-reporting.https.html b/testing/web-platform/tests/feature-policy/reporting/xr-reporting.https.html
new file mode 100644
index 0000000000..d87d4fb028
--- /dev/null
+++ b/testing/web-platform/tests/feature-policy/reporting/xr-reporting.https.html
@@ -0,0 +1,33 @@
+<!DOCTYPE html>
+<html>
+  <head>
+    <script src='/resources/testharness.js'></script>
+    <script src='/resources/testharnessreport.js'></script>
+  </head>
+  <body>
+    <script>
+var check_report_format = (reports, observer) => {
+  let report = reports[0];
+  assert_equals(report.type, "permissions-policy-violation");
+  assert_equals(report.url, document.location.href);
+  assert_equals(report.body.featureId, "xr-spatial-tracking");
+  assert_equals(report.body.sourceFile, document.location.href);
+  assert_equals(typeof report.body.lineNumber, "number");
+  assert_equals(typeof report.body.columnNumber, "number");
+  assert_equals(report.body.disposition, "enforce");
+};
+
+promise_test(async (t) => {
+  const report = new Promise(resolve => {
+    new ReportingObserver((reports, observer) => resolve([reports, observer]),
+                          {types: ['permissions-policy-violation']}).observe();
+  });
+  await promise_rejects_dom(t, 'SecurityError',
+                        navigator.xr.isSessionSupported('immersive-vr'),
+                        "XR spatial tracking should not be allowed in this document.");
+  const [reports, observer] = await report;
+  check_report_format(reports, observer);
+}, "XR Report Format");
+    </script>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/feature-policy/reporting/xr-reporting.https.html.headers b/testing/web-platform/tests/feature-policy/reporting/xr-reporting.https.html.headers
new file mode 100644
index 0000000000..2c75896233
--- /dev/null
+++ b/testing/web-platform/tests/feature-policy/reporting/xr-reporting.https.html.headers
@@ -0,0 +1 @@
+Feature-Policy: xr-spatial-tracking 'none'