Merging upstream version 127.0.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

13 files changed, 581 insertions, 6 deletions

diff --git a/testing/web-platform/tests/fenced-frame/fence-report-event-cross-origin-content-initiated.https.html b/testing/web-platform/tests/fenced-frame/fence-report-event-cross-origin-content-initiated.https.html
new file mode 100644
index 0000000000..9c1d47d050
--- /dev/null
+++ b/testing/web-platform/tests/fenced-frame/fence-report-event-cross-origin-content-initiated.https.html
@@ -0,0 +1,51 @@
+<!DOCTYPE html>
+<title>Test window.fence.reportEvent from cross-origin subframes.</title>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/common/utils.js"></script>
+<script src="/common/dispatcher/dispatcher.js"></script>
+<script src="/common/get-host-info.sub.js"></script>
+<script src="resources/automatic-beacon-helper.js"></script>
+<script src="resources/utils.js"></script>
+
+<body>
+<script>
+promise_test(async(t) => {
+  const fencedframe = await attachFencedFrameContext({
+    generator_api: 'fledge',
+    headers: [[
+      'Allow-Cross-Origin-Event-Reporting', 'true'
+    ]],
+    register_beacon: true,
+    origin: get_host_info().HTTPS_ORIGIN
+  });
+  // Perform a cross-origin navigation. Since the navigation is
+  // content-initiated, the fenced frame reporting metadata will persist.
+  await navigateFrameContext(fencedframe, {
+    origin: get_host_info().HTTPS_REMOTE_ORIGIN,
+  });
+  await fencedframe.execute(() => {
+    // This page will call reportEvent() twice. Once for a destination enum
+    // event (i.e. an event with an eventType/eventData specified), and once for
+    // a destination URL event (i.e. an event with a destinationURL specified).
+    const destination_enum_event = {
+      eventType: "click",
+      eventData: "enum",
+      destination: ["buyer"],
+      crossOriginExposed: true
+    }
+    window.fence.reportEvent(destination_enum_event);
+
+    const destination_url = new URL(BEACON_URL + "?type=url",
+        get_host_info().HTTPS_ORIGIN);
+    const destination_url_event = {
+      destinationURL: destination_url,
+      crossOriginExposed: true
+    }
+    window.fence.reportEvent(destination_url_event);
+  });
+  await nextBeacon("click", "enum");
+  await nextBeacon("url", "<No data>");
+}, 'window.fence.reportEvent from a content-initiated cross-origin navigation');
+</script>
+</body>
diff --git a/testing/web-platform/tests/fenced-frame/fence-report-event-cross-origin-nested-urn-iframe.https.html b/testing/web-platform/tests/fenced-frame/fence-report-event-cross-origin-nested-urn-iframe.https.html
new file mode 100644
index 0000000000..7d0544a5ad
--- /dev/null
+++ b/testing/web-platform/tests/fenced-frame/fence-report-event-cross-origin-nested-urn-iframe.https.html
@@ -0,0 +1,62 @@
+<!DOCTYPE html>
+<title>Test window.fence.reportEvent from nested cross-origin subframes.</title>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/common/utils.js"></script>
+<script src="/common/dispatcher/dispatcher.js"></script>
+<script src="/common/get-host-info.sub.js"></script>
+<script src="resources/automatic-beacon-helper.js"></script>
+<script src="resources/utils.js"></script>
+
+<body>
+<script>
+promise_test(async(t) => {
+  // This test creates the following frame setup:
+  // ┌(test)─────────────────┐
+  // │┌(a.com)───[iframe]───┐│
+  // ││┌(b.com)──[iframe]──┐││
+  // │││┌(b.com)─[iframe]─┐│││
+  // ││││reportEvent();   ││││
+  // │││└─────────────────┘│││
+  // ││└───────────────────┘││
+  // │└─────────────────────┘│
+  // └───────────────────────┘
+  const fencedframe = await attachIFrameContext({
+    generator_api: 'fledge',
+    headers: [[
+      'Allow-Cross-Origin-Event-Reporting', 'true'
+    ]],
+    register_beacon: true
+  });
+  await fencedframe.execute(async () => {
+    const iframe = await attachIFrameContext({
+      origin: get_host_info().HTTPS_REMOTE_ORIGIN,
+    });
+    await iframe.execute(async () => {
+      const nested_iframe = await attachIFrameContext({
+        origin: get_host_info().HTTPS_REMOTE_ORIGIN,
+      });
+      await nested_iframe.execute(() => {
+        const destination_url = new URL(BEACON_URL + "?type=url",
+            get_host_info().HTTPS_ORIGIN);
+        window.fence.reportEvent({
+          eventType: "click",
+          eventData: "enum",
+          destination: ["buyer"],
+          crossOriginExposed: true
+        });
+        window.fence.reportEvent({
+          destinationURL: destination_url,
+          crossOriginExposed: true
+        });
+      });
+    });
+  });
+  // Check that both the destination enum and destination URL events were
+  // reported.
+  await nextBeacon("click", "enum");
+  await nextBeacon("url", "<No data>");
+}, 'window.fence.reportEvent from a nested cross-origin subframe of a URN ' +
+   'iframe');
+</script>
+</body>
diff --git a/testing/web-platform/tests/fenced-frame/fence-report-event-cross-origin-nested.https.html b/testing/web-platform/tests/fenced-frame/fence-report-event-cross-origin-nested.https.html
new file mode 100644
index 0000000000..4d1262f4b1
--- /dev/null
+++ b/testing/web-platform/tests/fenced-frame/fence-report-event-cross-origin-nested.https.html
@@ -0,0 +1,61 @@
+<!DOCTYPE html>
+<title>Test window.fence.reportEvent from nested cross-origin subframes.</title>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/common/utils.js"></script>
+<script src="/common/dispatcher/dispatcher.js"></script>
+<script src="/common/get-host-info.sub.js"></script>
+<script src="resources/automatic-beacon-helper.js"></script>
+<script src="resources/utils.js"></script>
+
+<body>
+<script>
+promise_test(async(t) => {
+  // This test creates the following frame setup:
+  // ┌(test)──────────────────────┐
+  // │┌(a.com)───[fencedframe]───┐│
+  // ││┌(b.com)──[iframe]───────┐││
+  // │││┌(b.com)─[iframe]──────┐│││
+  // ││││reportEvent();        ││││
+  // │││└──────────────────────┘│││
+  // ││└────────────────────────┘││
+  // │└──────────────────────────┘│
+  // └────────────────────────────┘
+  const fencedframe = await attachFencedFrameContext({
+    generator_api: 'fledge',
+    headers: [[
+      'Allow-Cross-Origin-Event-Reporting', 'true'
+    ]],
+    register_beacon: true
+  });
+  await fencedframe.execute(async () => {
+    const iframe = await attachIFrameContext({
+      origin: get_host_info().HTTPS_REMOTE_ORIGIN,
+    });
+    await iframe.execute(async () => {
+      const nested_iframe = await attachIFrameContext({
+        origin: get_host_info().HTTPS_REMOTE_ORIGIN,
+      });
+      await nested_iframe.execute(() => {
+        const destination_url = new URL(BEACON_URL + "?type=url",
+            get_host_info().HTTPS_ORIGIN);
+        window.fence.reportEvent({
+          eventType: "click",
+          eventData: "enum",
+          destination: ["buyer"],
+          crossOriginExposed: true
+        });
+        window.fence.reportEvent({
+          destinationURL: destination_url,
+          crossOriginExposed: true
+        });
+      });
+    });
+  });
+  // Check that both the destination enum and destination URL events were
+  // reported.
+  await nextBeacon("click", "enum");
+  await nextBeacon("url", "<No data>");
+}, 'window.fence.reportEvent from a nested cross-origin subframe');
+</script>
+</body>
diff --git a/testing/web-platform/tests/fenced-frame/fence-report-event-cross-origin-no-embedder-opt-in.https.html b/testing/web-platform/tests/fenced-frame/fence-report-event-cross-origin-no-embedder-opt-in.https.html
new file mode 100644
index 0000000000..d8fa5133cd
--- /dev/null
+++ b/testing/web-platform/tests/fenced-frame/fence-report-event-cross-origin-no-embedder-opt-in.https.html
@@ -0,0 +1,50 @@
+<!DOCTYPE html>
+<title>Test window.fence.reportEvent from cross-origin subframes.</title>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/common/utils.js"></script>
+<script src="/common/dispatcher/dispatcher.js"></script>
+<script src="/common/get-host-info.sub.js"></script>
+<script src="resources/automatic-beacon-helper.js"></script>
+<script src="resources/utils.js"></script>
+
+<body>
+<script>
+promise_test(async(t) => {
+  const fencedframe = await attachFencedFrameContext({
+    generator_api: 'fledge',
+    headers: [[
+      'Allow-Cross-Origin-Event-Reporting', 'false'
+    ]],
+    register_beacon: true
+  });
+  // Perform a cross-origin navigation. Since the navigation is
+  // content-initiated, the fenced frame reporting metadata will persist.
+  await navigateFrameContext(fencedframe, {
+    origin: get_host_info().HTTPS_REMOTE_ORIGIN,
+  });
+  await fencedframe.execute(() => {
+    // This page will call reportEvent() twice. Once for a destination enum
+    // event (i.e. an event with an eventType/eventData specified), and once for
+    // a destination URL event (i.e. an event with a destinationURL specified).
+    const destination_enum_event = {
+      eventType: "click",
+      eventData: "enum",
+      destination: ["buyer"],
+      crossOriginExposed: true
+    }
+    window.fence.reportEvent(destination_enum_event);
+
+    const destination_url = new URL(BEACON_URL + "?type=url",
+        get_host_info().HTTPS_ORIGIN);
+    const destination_url_event = {
+      destinationURL: destination_url,
+      crossOriginExposed: true
+    }
+    window.fence.reportEvent(destination_url_event);
+  });
+  await verifyBeaconData("click", "enum", false, t);
+  await verifyBeaconData("url", "<No data>", false, t);
+}, 'Cross-origin window.fence.reportEvent without embedder opt-in');
+</script>
+</body>
diff --git a/testing/web-platform/tests/fenced-frame/fence-report-event-cross-origin-no-subframe-opt-in.https.html b/testing/web-platform/tests/fenced-frame/fence-report-event-cross-origin-no-subframe-opt-in.https.html
new file mode 100644
index 0000000000..2b054c1837
--- /dev/null
+++ b/testing/web-platform/tests/fenced-frame/fence-report-event-cross-origin-no-subframe-opt-in.https.html
@@ -0,0 +1,46 @@
+<!DOCTYPE html>
+<title>Test window.fence.reportEvent from cross-origin subframes.</title>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/common/utils.js"></script>
+<script src="/common/dispatcher/dispatcher.js"></script>
+<script src="/common/get-host-info.sub.js"></script>
+<script src="resources/automatic-beacon-helper.js"></script>
+<script src="resources/utils.js"></script>
+
+<body>
+<script>
+promise_test(async(t) => {
+  const fencedframe = await attachFencedFrameContext({
+    generator_api: 'fledge',
+    headers: [[
+      'Allow-Cross-Origin-Event-Reporting', 'true'
+    ]],
+    register_beacon: true
+  });
+  await fencedframe.execute(async () => {
+    const iframe = await attachIFrameContext({
+      origin: get_host_info().HTTPS_REMOTE_ORIGIN,
+    });
+    await iframe.execute(() => {
+      const destination_url = new URL(BEACON_URL + "?type=url",
+          get_host_info().HTTPS_ORIGIN);
+      window.fence.reportEvent({
+        eventType: "click",
+        eventData: "enum",
+        destination: ["buyer"],
+        crossOriginExposed: false
+      });
+      window.fence.reportEvent({
+        destinationURL: destination_url,
+        crossOriginExposed: false
+      });
+    });
+  });
+  // Check that both the destination enum and destination URL events were
+  // reported.
+  await verifyBeaconData("click", "enum", false, t);
+  await verifyBeaconData("url", "<No data>", false, t);
+}, 'Cross-origin window.fence.reportEvent without subframe opt-in');
+</script>
+</body>
diff --git a/testing/web-platform/tests/fenced-frame/fence-report-event-cross-origin-urn-iframe-content-initiated.https.html b/testing/web-platform/tests/fenced-frame/fence-report-event-cross-origin-urn-iframe-content-initiated.https.html
new file mode 100644
index 0000000000..21c9ea1a43
--- /dev/null
+++ b/testing/web-platform/tests/fenced-frame/fence-report-event-cross-origin-urn-iframe-content-initiated.https.html
@@ -0,0 +1,51 @@
+<!DOCTYPE html>
+<title>Test window.fence.reportEvent from cross-origin subframes.</title>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/common/utils.js"></script>
+<script src="/common/dispatcher/dispatcher.js"></script>
+<script src="/common/get-host-info.sub.js"></script>
+<script src="resources/automatic-beacon-helper.js"></script>
+<script src="resources/utils.js"></script>
+
+<body>
+<script>
+promise_test(async(t) => {
+  const iframe = await attachIFrameContext({
+    generator_api: 'fledge',
+    headers: [[
+      'Allow-Cross-Origin-Event-Reporting', 'true'
+    ]],
+    register_beacon: true,
+    origin: get_host_info().HTTPS_ORIGIN
+  });
+  // Perform a cross-origin navigation. Since the navigation is
+  // content-initiated, the fenced frame reporting metadata will persist.
+  await navigateFrameContext(iframe, {
+    origin: get_host_info().HTTPS_REMOTE_ORIGIN,
+  });
+  await iframe.execute(() => {
+    // This page will call reportEvent() twice. Once for a destination enum
+    // event (i.e. an event with an eventType/eventData specified), and once for
+    // a destination URL event (i.e. an event with a destinationURL specified).
+    const destination_enum_event = {
+      eventType: "click",
+      eventData: "enum",
+      destination: ["buyer"],
+      crossOriginExposed: true
+    }
+    window.fence.reportEvent(destination_enum_event);
+
+    const destination_url = new URL(BEACON_URL + "?type=url",
+        get_host_info().HTTPS_ORIGIN);
+    const destination_url_event = {
+      destinationURL: destination_url,
+      crossOriginExposed: true
+    }
+    window.fence.reportEvent(destination_url_event);
+  });
+  await nextBeacon("click", "enum");
+  await nextBeacon("url", "<No data>");
+}, 'window.fence.reportEvent from a content-initiated cross-origin navigation');
+</script>
+</body>
diff --git a/testing/web-platform/tests/fenced-frame/fence-report-event-cross-origin-urn-iframe-no-embedder-opt-in.https.html b/testing/web-platform/tests/fenced-frame/fence-report-event-cross-origin-urn-iframe-no-embedder-opt-in.https.html
new file mode 100644
index 0000000000..5d368fe7f1
--- /dev/null
+++ b/testing/web-platform/tests/fenced-frame/fence-report-event-cross-origin-urn-iframe-no-embedder-opt-in.https.html
@@ -0,0 +1,50 @@
+<!DOCTYPE html>
+<title>Test window.fence.reportEvent from cross-origin subframes.</title>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/common/utils.js"></script>
+<script src="/common/dispatcher/dispatcher.js"></script>
+<script src="/common/get-host-info.sub.js"></script>
+<script src="resources/automatic-beacon-helper.js"></script>
+<script src="resources/utils.js"></script>
+
+<body>
+<script>
+promise_test(async(t) => {
+  const iframe = await attachIFrameContext({
+    generator_api: 'fledge',
+    headers: [[
+      'Allow-Cross-Origin-Event-Reporting', 'false'
+    ]],
+    register_beacon: true
+  });
+  // Perform a cross-origin navigation. Since the navigation is
+  // content-initiated, the fenced frame reporting metadata will persist.
+  await navigateFrameContext(iframe, {
+    origin: get_host_info().HTTPS_REMOTE_ORIGIN,
+  });
+  await iframe.execute(() => {
+    // This page will call reportEvent() twice. Once for a destination enum
+    // event (i.e. an event with an eventType/eventData specified), and once for
+    // a destination URL event (i.e. an event with a destinationURL specified).
+    const destination_enum_event = {
+      eventType: "click",
+      eventData: "enum",
+      destination: ["buyer"],
+      crossOriginExposed: true
+    }
+    window.fence.reportEvent(destination_enum_event);
+
+    const destination_url = new URL(BEACON_URL + "?type=url",
+        get_host_info().HTTPS_ORIGIN);
+    const destination_url_event = {
+      destinationURL: destination_url,
+      crossOriginExposed: true
+    }
+    window.fence.reportEvent(destination_url_event);
+  });
+  await verifyBeaconData("click", "enum", false, t);
+  await verifyBeaconData("url", "<No data>", false, t);
+}, 'Cross-origin window.fence.reportEvent without embedder opt-in');
+</script>
+</body>
diff --git a/testing/web-platform/tests/fenced-frame/fence-report-event-cross-origin-urn-iframe-no-subframe-opt-in.https.html b/testing/web-platform/tests/fenced-frame/fence-report-event-cross-origin-urn-iframe-no-subframe-opt-in.https.html
new file mode 100644
index 0000000000..df22749a9e
--- /dev/null
+++ b/testing/web-platform/tests/fenced-frame/fence-report-event-cross-origin-urn-iframe-no-subframe-opt-in.https.html
@@ -0,0 +1,46 @@
+<!DOCTYPE html>
+<title>Test window.fence.reportEvent from cross-origin subframes.</title>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/common/utils.js"></script>
+<script src="/common/dispatcher/dispatcher.js"></script>
+<script src="/common/get-host-info.sub.js"></script>
+<script src="resources/automatic-beacon-helper.js"></script>
+<script src="resources/utils.js"></script>
+
+<body>
+<script>
+promise_test(async(t) => {
+  const outer_iframe = await attachIFrameContext({
+    generator_api: 'fledge',
+    headers: [[
+      'Allow-Cross-Origin-Event-Reporting', 'true'
+    ]],
+    register_beacon: true
+  });
+  await outer_iframe.execute(async () => {
+    const inner_iframe = await attachIFrameContext({
+      origin: get_host_info().HTTPS_REMOTE_ORIGIN,
+    });
+    await inner_iframe.execute(() => {
+      const destination_url = new URL(BEACON_URL + "?type=url",
+          get_host_info().HTTPS_ORIGIN);
+      window.fence.reportEvent({
+        eventType: "click",
+        eventData: "enum",
+        destination: ["buyer"],
+        crossOriginExposed: false
+      });
+      window.fence.reportEvent({
+        destinationURL: destination_url,
+        crossOriginExposed: false
+      });
+    });
+  });
+  // Check that both the destination enum and destination URL events were
+  // reported.
+  await verifyBeaconData("click", "enum", false, t);
+  await verifyBeaconData("url", "<No data>", false, t);
+}, 'Cross-origin window.fence.reportEvent without subframe opt-in');
+</script>
+</body>
diff --git a/testing/web-platform/tests/fenced-frame/fence-report-event-cross-origin-urn-iframe.https.html b/testing/web-platform/tests/fenced-frame/fence-report-event-cross-origin-urn-iframe.https.html
new file mode 100644
index 0000000000..b37fec812d
--- /dev/null
+++ b/testing/web-platform/tests/fenced-frame/fence-report-event-cross-origin-urn-iframe.https.html
@@ -0,0 +1,46 @@
+<!DOCTYPE html>
+<title>Test window.fence.reportEvent from cross-origin subframes.</title>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/common/utils.js"></script>
+<script src="/common/dispatcher/dispatcher.js"></script>
+<script src="/common/get-host-info.sub.js"></script>
+<script src="resources/automatic-beacon-helper.js"></script>
+<script src="resources/utils.js"></script>
+
+<body>
+<script>
+promise_test(async(t) => {
+  const outer_iframe = await attachIFrameContext({
+    generator_api: 'fledge',
+    headers: [[
+      'Allow-Cross-Origin-Event-Reporting', 'true'
+    ]],
+    register_beacon: true
+  });
+  await outer_iframe.execute(async () => {
+    const inner_iframe = await attachIFrameContext({
+      origin: get_host_info().HTTPS_REMOTE_ORIGIN,
+    });
+    await inner_iframe.execute(() => {
+      const destination_url = new URL(BEACON_URL + "?type=url",
+          get_host_info().HTTPS_ORIGIN);
+      window.fence.reportEvent({
+        eventType: "click",
+        eventData: "enum",
+        destination: ["buyer"],
+        crossOriginExposed: true
+      });
+      window.fence.reportEvent({
+        destinationURL: destination_url,
+        crossOriginExposed: true
+      });
+    });
+  });
+  // Check that both the destination enum and destination URL events were
+  // reported.
+  await nextBeacon("click", "enum");
+  await nextBeacon("url", "<No data>");
+}, 'window.fence.reportEvent from a cross-origin iframe');
+</script>
+</body>
diff --git a/testing/web-platform/tests/fenced-frame/fence-report-event-cross-origin.https.html b/testing/web-platform/tests/fenced-frame/fence-report-event-cross-origin.https.html
new file mode 100644
index 0000000000..df7ae776ab
--- /dev/null
+++ b/testing/web-platform/tests/fenced-frame/fence-report-event-cross-origin.https.html
@@ -0,0 +1,46 @@
+<!DOCTYPE html>
+<title>Test window.fence.reportEvent from cross-origin subframes.</title>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/common/utils.js"></script>
+<script src="/common/dispatcher/dispatcher.js"></script>
+<script src="/common/get-host-info.sub.js"></script>
+<script src="resources/automatic-beacon-helper.js"></script>
+<script src="resources/utils.js"></script>
+
+<body>
+<script>
+promise_test(async(t) => {
+  const fencedframe = await attachFencedFrameContext({
+    generator_api: 'fledge',
+    headers: [[
+      'Allow-Cross-Origin-Event-Reporting', 'true'
+    ]],
+    register_beacon: true
+  });
+  await fencedframe.execute(async () => {
+    const iframe = await attachIFrameContext({
+      origin: get_host_info().HTTPS_REMOTE_ORIGIN,
+    });
+    await iframe.execute(() => {
+      const destination_url = new URL(BEACON_URL + "?type=url",
+          get_host_info().HTTPS_ORIGIN);
+      window.fence.reportEvent({
+        eventType: "click",
+        eventData: "enum",
+        destination: ["buyer"],
+        crossOriginExposed: true
+      });
+      window.fence.reportEvent({
+        destinationURL: destination_url,
+        crossOriginExposed: true
+      });
+    });
+  });
+  // Check that both the destination enum and destination URL events were
+  // reported.
+  await nextBeacon("click", "enum");
+  await nextBeacon("url", "<No data>");
+}, 'window.fence.reportEvent from a cross-origin subframe');
+</script>
+</body>
diff --git a/testing/web-platform/tests/fenced-frame/fence-report-event-sub-fencedframe.https.html b/testing/web-platform/tests/fenced-frame/fence-report-event-sub-fencedframe.https.html
new file mode 100644
index 0000000000..0b3231ca92
--- /dev/null
+++ b/testing/web-platform/tests/fenced-frame/fence-report-event-sub-fencedframe.https.html
@@ -0,0 +1,46 @@
+<!DOCTYPE html>
+<title>Test window.fence.reportEvent from nested fenced frames.</title>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/common/utils.js"></script>
+<script src="/common/dispatcher/dispatcher.js"></script>
+<script src="/common/get-host-info.sub.js"></script>
+<script src="resources/automatic-beacon-helper.js"></script>
+<script src="resources/utils.js"></script>
+
+<body>
+<script>
+promise_test(async(t) => {
+  const fencedframe = await attachFencedFrameContext({
+    generator_api: 'fledge',
+    headers: [[
+      'Allow-Cross-Origin-Event-Reporting', 'true'
+    ]],
+    register_beacon: true
+  });
+  await fencedframe.execute(async () => {
+    const fencedframe = await attachFencedFrameContext({
+      generator_api: 'sharedstorage'
+    });
+    await fencedframe.execute(() => {
+      const destination_url = new URL(BEACON_URL + "?type=url",
+          get_host_info().HTTPS_ORIGIN);
+      window.fence.reportEvent({
+        eventType: "click",
+        eventData: "enum",
+        destination: ["buyer"],
+        crossOriginExposed: true
+      });
+      window.fence.reportEvent({
+        destinationURL: destination_url,
+        crossOriginExposed: true
+      });
+    });
+  });
+  // Check that both the destination enum and destination URL events were
+  // reported.
+  await verifyBeaconData("click", "enum", false, t);
+  await verifyBeaconData("url", "<No data>", false, t);
+}, 'window.fence.reportEvent should not work in a nested fenced frame');
+</script>
+</body>
diff --git a/testing/web-platform/tests/fenced-frame/resources/utils.js b/testing/web-platform/tests/fenced-frame/resources/utils.js
index 462bda37fc..4914802518 100644
--- a/testing/web-platform/tests/fenced-frame/resources/utils.js
+++ b/testing/web-platform/tests/fenced-frame/resources/utils.js
@@ -162,8 +162,8 @@ async function generateURNFromFledgeRawURL(
 // @param {boolean} [ad_with_size = false] - Determines whether the auction is
 //                                           run with ad sizes specified.
 // @param {boolean} [register_beacon = false] - If true, FLEDGE logic will
-//                                               register reporting beacons
-//                                               after completion.
+//                                              register reporting beacons after
+//                                              completion.
 async function generateURNFromFledge(
     href, keylist, nested_urls = [], resolve_to_config = false,
     ad_with_size = false, requested_size = null, register_beacon = false) {
@@ -347,6 +347,19 @@ function attachFrameContext(
       num_components);
 }
 
+// Performs a content-initiated navigation of a frame proxy. This navigated page
+// uses a new urn:uuid as its communication channel to prevent potential clashes
+// with the currently loaded document.
+async function navigateFrameContext(frame_proxy, {headers = [], origin = ''}) {
+  const [uuid, url] = generateRemoteContextURL(headers, origin);
+  frame_proxy.execute((url) => {
+    window.executor.suspend(() => {
+      window.location = url;
+    });
+  }, [url])
+  frame_proxy.context_id = uuid;
+}
+
 function replaceFrameContext(frame_proxy, {
   generator_api = '',
   resolve_to_config = false,
diff --git a/testing/web-platform/tests/fenced-frame/setting-null-config-navigates-to-about-blank.https.html b/testing/web-platform/tests/fenced-frame/setting-null-config-navigates-to-about-blank.https.html
index 2595fd64c9..c8322dab19 100644
--- a/testing/web-platform/tests/fenced-frame/setting-null-config-navigates-to-about-blank.https.html
+++ b/testing/web-platform/tests/fenced-frame/setting-null-config-navigates-to-about-blank.https.html
@@ -1,4 +1,5 @@
 <!DOCTYPE html>
+<meta name=timeout content=long>
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
 <script src="/common/utils.js"></script>
@@ -11,13 +12,13 @@
 
   <script>
     promise_test(async (t) => {
-      var frame_context = attachFencedFrameContext();
+      var frame_context = await attachFencedFrameContext();
 
       // Ensure remote context responds.
       let alive_indicator = await Promise.race([
         frame_context.execute(() => 'alive'),
         new Promise((resolve, reject) => t.step_timeout(
-          () => reject('timed_out'), 3000))
+          () => reject('timed_out'), 1500))
       ]);
       assert_equals(alive_indicator, 'alive');
 
@@ -28,14 +29,20 @@
       // removed.
       frame_context.element.config = null;
 
+      let fenced_frame_alive_promise = async (resolve) => {
+        await frame_context.execute(() => {});
+        resolve('alive');
+      };
+
       // This call should not succeed, because we should have navigated to
       // about:blank. Note that because the code has been deleted as described
       // above, we can't actually inspect the URL to determine it is
       // about:blank; we have to use our timeout as a proxy.
       let timeout_indicator = await Promise.any([
-        frame_context.execute(() => 'alive'),
         new Promise(resolve => t.step_timeout(
-          () => resolve('timed_out'), 3000))
+          () => fenced_frame_alive_promise(resolve), 500)),
+        new Promise(resolve => t.step_timeout(
+          () => resolve('timed_out'), 1500))
       ]);
       assert_equals(timeout_indicator, 'timed_out');
     }, "Test that a fenced frame with a config explicitly set to null navigates to about:blank");