From 26a029d407be480d791972afb5975cf62c9360a6 Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Fri, 19 Apr 2024 02:47:55 +0200
Subject: Adding upstream version 124.0.1.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 ...issions-policy-default.tentative.https.sub.html | 55 ++++++++++++++++++
 ...ermissions-policy-none.tentative.https.sub.html | 59 +++++++++++++++++++
 ...ns-policy-none.tentative.https.sub.html.headers |  1 +
 ...ermissions-policy-self.tentative.https.sub.html | 66 ++++++++++++++++++++++
 ...ns-policy-self.tentative.https.sub.html.headers |  1 +
 ...cument-api-insecure-context.tentative.http.html | 17 ++++++
 .../document-api.tentative.https.html              | 15 +++++
 ...-visible-in-service-worker.tentative.https.html | 36 ++++++++++++
 ...tch-topics-insecure-context.tentative.http.html | 17 ++++++
 .../fetch-topics.tentative.https.html              | 17 ++++++
 .../fetch-without-topics-flag.tentative.https.html | 15 +++++
 ...ribute-insecure-context.tentative.http.sub.html | 36 ++++++++++++
 .../iframe-topics-attribute.tentative.https.html   | 19 +++++++
 .../check-topics-request-header-notify-parent.py   | 18 ++++++
 .../resources/check-topics-request-header.py       |  4 ++
 ...document-api-notify-parent.tentative.https.html | 11 ++++
 .../tests/browsing-topics/resources/empty.html     |  1 +
 ...e-in-service-worker-helper.tentative.https.html | 21 +++++++
 .../browsing-topics/resources/fetch-topics.js      | 14 +++++
 .../browsing-topics/resources/header-util.sub.js   | 38 +++++++++++++
 .../browsing-topics/resources/intercept-request.js | 12 ++++
 .../resources/permissions-policy-util.sub.js       | 30 ++++++++++
 ...ervice-worker-fetch-helper.tentative.https.html | 19 +++++++
 ...d-for-service-worker-fetch.tentative.https.html | 36 ++++++++++++
 24 files changed, 558 insertions(+)
 create mode 100644 testing/web-platform/tests/browsing-topics/browsing-topics-permissions-policy-default.tentative.https.sub.html
 create mode 100644 testing/web-platform/tests/browsing-topics/browsing-topics-permissions-policy-none.tentative.https.sub.html
 create mode 100644 testing/web-platform/tests/browsing-topics/browsing-topics-permissions-policy-none.tentative.https.sub.html.headers
 create mode 100644 testing/web-platform/tests/browsing-topics/browsing-topics-permissions-policy-self.tentative.https.sub.html
 create mode 100644 testing/web-platform/tests/browsing-topics/browsing-topics-permissions-policy-self.tentative.https.sub.html.headers
 create mode 100644 testing/web-platform/tests/browsing-topics/document-api-insecure-context.tentative.http.html
 create mode 100644 testing/web-platform/tests/browsing-topics/document-api.tentative.https.html
 create mode 100644 testing/web-platform/tests/browsing-topics/fetch-topics-header-not-visible-in-service-worker.tentative.https.html
 create mode 100644 testing/web-platform/tests/browsing-topics/fetch-topics-insecure-context.tentative.http.html
 create mode 100644 testing/web-platform/tests/browsing-topics/fetch-topics.tentative.https.html
 create mode 100644 testing/web-platform/tests/browsing-topics/fetch-without-topics-flag.tentative.https.html
 create mode 100644 testing/web-platform/tests/browsing-topics/iframe-topics-attribute-insecure-context.tentative.http.sub.html
 create mode 100644 testing/web-platform/tests/browsing-topics/iframe-topics-attribute.tentative.https.html
 create mode 100644 testing/web-platform/tests/browsing-topics/resources/check-topics-request-header-notify-parent.py
 create mode 100644 testing/web-platform/tests/browsing-topics/resources/check-topics-request-header.py
 create mode 100644 testing/web-platform/tests/browsing-topics/resources/document-api-notify-parent.tentative.https.html
 create mode 100644 testing/web-platform/tests/browsing-topics/resources/empty.html
 create mode 100644 testing/web-platform/tests/browsing-topics/resources/fetch-topics-header-not-visible-in-service-worker-helper.tentative.https.html
 create mode 100644 testing/web-platform/tests/browsing-topics/resources/fetch-topics.js
 create mode 100644 testing/web-platform/tests/browsing-topics/resources/header-util.sub.js
 create mode 100644 testing/web-platform/tests/browsing-topics/resources/intercept-request.js
 create mode 100644 testing/web-platform/tests/browsing-topics/resources/permissions-policy-util.sub.js
 create mode 100644 testing/web-platform/tests/browsing-topics/resources/topics-not-allowed-for-service-worker-fetch-helper.tentative.https.html
 create mode 100644 testing/web-platform/tests/browsing-topics/topics-not-allowed-for-service-worker-fetch.tentative.https.html

(limited to 'testing/web-platform/tests/browsing-topics')

diff --git a/testing/web-platform/tests/browsing-topics/browsing-topics-permissions-policy-default.tentative.https.sub.html b/testing/web-platform/tests/browsing-topics/browsing-topics-permissions-policy-default.tentative.https.sub.html
new file mode 100644
index 0000000000..8467ab6569
--- /dev/null
+++ b/testing/web-platform/tests/browsing-topics/browsing-topics-permissions-policy-default.tentative.https.sub.html
@@ -0,0 +1,55 @@
+<!doctype html>
+<body>
+  <script src=/resources/testharness.js></script>
+  <script src=/resources/testharnessreport.js></script>
+  <script src=/browsing-topics/resources/header-util.sub.js></script>
+  <script src=/browsing-topics/resources/permissions-policy-util.sub.js></script>
+  <script>
+    'use strict';
+    const header = 'Default permissions policy';
+
+    promise_test(async t => {
+      let topics = await document.browsingTopics();
+      assert_equals(topics.length, 0);
+    }, header + ' allows document.browsingTopics() in the current page.');
+
+    async_test(t => {
+      test_topics_feature_availability_in_subframe(t, /*is_same_origin=*/true,
+          expect_topics_feature_available);
+    }, header + ' allows document.browsingTopics() in same-origin iframes.');
+
+    async_test(t => {
+      test_topics_feature_availability_in_subframe(t, /*is_same_origin=*/false,
+          expect_topics_feature_available);
+    }, header + ' allows document.browsingTopics() in cross-origin iframes.');
+
+    const same_origin_url = '/browsing-topics/resources/check-topics-request-header.py';
+    const cross_origin_url = 'https://{{domains[www]}}:{{ports[https][0]}}' +
+      same_origin_url;
+
+    promise_test(async t => {
+      let response = await fetch(same_origin_url, {browsingTopics: true});
+      let topics_header = await response.text();
+      assert_equals(topics_header, EMPTY_TOPICS_HEADER);
+    }, header + 'allows the \'Sec-Browsing-Topics\' header to be sent for the same-origin topics fetch request.');
+
+    promise_test(async t => {
+      let response = await fetch(cross_origin_url, {browsingTopics: true});
+      let topics_header = await response.text();
+      assert_equals(topics_header, EMPTY_TOPICS_HEADER);
+    }, header + 'allows the \'Sec-Browsing-Topics\' header to be sent for the cross-origin topics fetch request.');
+
+    async_test(t => {
+      test_topics_iframe_navigation_header(
+          t, /*has_browsing_topics_attribute=*/true, /*is_same_origin=*/true,
+          expect_topics_header_available);
+    }, header + ' allows the \'Sec-Browsing-Topics\' header to be sent for the same-origin iframe navigation request.');
+
+    async_test(t => {
+      test_topics_iframe_navigation_header(
+          t, /*has_browsing_topics_attribute=*/true, /*is_same_origin=*/false,
+          expect_topics_header_available);
+    }, header + ' allows the \'Sec-Browsing-Topics\' header to be sent for the cross-origin iframe navigation request.');
+
+  </script>
+</body>
diff --git a/testing/web-platform/tests/browsing-topics/browsing-topics-permissions-policy-none.tentative.https.sub.html b/testing/web-platform/tests/browsing-topics/browsing-topics-permissions-policy-none.tentative.https.sub.html
new file mode 100644
index 0000000000..23bac4381f
--- /dev/null
+++ b/testing/web-platform/tests/browsing-topics/browsing-topics-permissions-policy-none.tentative.https.sub.html
@@ -0,0 +1,59 @@
+<!doctype html>
+<body>
+  <script src=/resources/testharness.js></script>
+  <script src=/resources/testharnessreport.js></script>
+  <script src=/browsing-topics/resources/header-util.sub.js></script>
+  <script src=/browsing-topics/resources/permissions-policy-util.sub.js></script>
+  <script>
+    'use strict';
+    const header = 'permissions policy header browsing-topics=()';
+
+    promise_test(async t => {
+      try {
+        await document.browsingTopics();
+      } catch (e) {
+        assert_equals(e.message, TOPICS_PERMISSIONS_POLICY_ERROR_MESSAGE);
+        return;
+      }
+      assert_unreached("did not reject");
+    }, header + ' disallows document.browsingTopics() in the current page.');
+
+    async_test(t => {
+      test_topics_feature_availability_in_subframe(t, /*is_same_origin=*/true,
+          expect_topics_feature_unavailable);
+    }, header + ' disallows document.browsingTopics() in same-origin iframes.');
+
+    async_test(t => {
+      test_topics_feature_availability_in_subframe(t, /*is_same_origin=*/false,
+          expect_topics_feature_unavailable);
+    }, header + ' disallows document.browsingTopics() in cross-origin iframes.');
+
+    const same_origin_url = '/browsing-topics/resources/check-topics-request-header.py';
+    const cross_origin_url = 'https://{{domains[www]}}:{{ports[https][0]}}' +
+      same_origin_url;
+
+    promise_test(async t => {
+      let response = await fetch(same_origin_url, {browsingTopics: true});
+      let topics_header = await response.text();
+      assert_equals(topics_header, "NO_TOPICS_HEADER");
+    }, header + 'disallows the \'Sec-Browsing-Topics\' header to be sent for the same-origin topics fetch request.');
+
+    promise_test(async t => {
+      let response = await fetch(cross_origin_url, {browsingTopics: true});
+      let topics_header = await response.text();
+      assert_equals(topics_header, "NO_TOPICS_HEADER");
+    }, header + 'disallows the \'Sec-Browsing-Topics\' header to be sent for the cross-origin topics fetch request.');
+
+    async_test(t => {
+      test_topics_iframe_navigation_header(
+          t, /*has_browsing_topics_attribute=*/true, /*is_same_origin=*/true,
+          expect_topics_header_unavailable);
+    }, header + ' disallows the \'Sec-Browsing-Topics\' header to be sent for the same-origin iframe navigation request.');
+
+    async_test(t => {
+      test_topics_iframe_navigation_header(
+          t, /*has_browsing_topics_attribute=*/true, /*is_same_origin=*/false,
+          expect_topics_header_unavailable);
+    }, header + ' disallows the \'Sec-Browsing-Topics\' header to be sent for the cross-origin iframe navigation request.');
+  </script>
+</body>
diff --git a/testing/web-platform/tests/browsing-topics/browsing-topics-permissions-policy-none.tentative.https.sub.html.headers b/testing/web-platform/tests/browsing-topics/browsing-topics-permissions-policy-none.tentative.https.sub.html.headers
new file mode 100644
index 0000000000..9c93ff7384
--- /dev/null
+++ b/testing/web-platform/tests/browsing-topics/browsing-topics-permissions-policy-none.tentative.https.sub.html.headers
@@ -0,0 +1 @@
+Permissions-Policy: browsing-topics=()
diff --git a/testing/web-platform/tests/browsing-topics/browsing-topics-permissions-policy-self.tentative.https.sub.html b/testing/web-platform/tests/browsing-topics/browsing-topics-permissions-policy-self.tentative.https.sub.html
new file mode 100644
index 0000000000..91ee4f05f3
--- /dev/null
+++ b/testing/web-platform/tests/browsing-topics/browsing-topics-permissions-policy-self.tentative.https.sub.html
@@ -0,0 +1,66 @@
+<!doctype html>
+<body>
+  <script src=/resources/testharness.js></script>
+  <script src=/resources/testharnessreport.js></script>
+  <script src=/browsing-topics/resources/header-util.sub.js></script>
+  <script src=/browsing-topics/resources/permissions-policy-util.sub.js></script>
+  <script>
+    'use strict';
+    const header = 'permissions policy header browsing-topics=(self)';
+
+    promise_test(async t => {
+      let topics = await document.browsingTopics();
+      assert_equals(topics.length, 0);
+    }, header + ' allows document.browsingTopics() in the current page.');
+
+    async_test(t => {
+      test_topics_feature_availability_in_subframe(t, /*is_same_origin=*/true,
+          expect_topics_feature_available);
+    }, header + ' allows document.browsingTopics() in same-origin iframes.');
+
+    async_test(t => {
+      test_topics_feature_availability_in_subframe(t, /*is_same_origin=*/false,
+          expect_topics_feature_unavailable);
+    }, header + ' disallows document.browsingTopics() in cross-origin iframes.');
+
+    const same_origin_url = '/browsing-topics/resources/check-topics-request-header.py';
+    const cross_origin_url = 'https://{{domains[www]}}:{{ports[https][0]}}' +
+      same_origin_url;
+
+    promise_test(async t => {
+      let response = await fetch(same_origin_url, {browsingTopics: true});
+      let topics_header = await response.text();
+      assert_equals(topics_header, EMPTY_TOPICS_HEADER);
+    }, header + 'allows the \'Sec-Browsing-Topics\' header to be sent for the same-origin topics fetch request.');
+
+    promise_test(async t => {
+      let response = await fetch(cross_origin_url, {browsingTopics: true});
+      let topics_header = await response.text();
+      assert_equals(topics_header, "NO_TOPICS_HEADER");
+    }, header + 'disallows the \'Sec-Browsing-Topics\' header to be sent for the cross-origin topics fetch request.');
+
+    promise_test(async t => {
+      let response = await fetch('/common/redirect.py?location=' + same_origin_url, {browsingTopics: true});
+      let topics_header = await response.text();
+      assert_equals(topics_header, EMPTY_TOPICS_HEADER);
+    }, header + 'allows the \'Sec-Browsing-Topics\' header to be sent for the redirect of a topics fetch request, where the redirect has a same-origin URL.');
+
+    promise_test(async t => {
+      let response = await fetch('/common/redirect.py?location=' + cross_origin_url, {browsingTopics: true});
+      let topics_header = await response.text();
+      assert_equals(topics_header, "NO_TOPICS_HEADER");
+    }, header + 'disallows the \'Sec-Browsing-Topics\' header to be sent for the redirect of a topics fetch request, where the redirect has a cross-origin URL.');
+
+    async_test(t => {
+      test_topics_iframe_navigation_header(
+          t, /*has_browsing_topics_attribute=*/true, /*is_same_origin=*/true,
+          expect_topics_header_available);
+    }, header + ' allows the \'Sec-Browsing-Topics\' header to be sent for the same-origin iframe navigation request.');
+
+    async_test(t => {
+      test_topics_iframe_navigation_header(
+          t, /*has_browsing_topics_attribute=*/true, /*is_same_origin=*/false,
+          expect_topics_header_unavailable);
+    }, header + ' disallows the \'Sec-Browsing-Topics\' header to be sent for the cross-origin iframe navigation request.');
+  </script>
+</body>
diff --git a/testing/web-platform/tests/browsing-topics/browsing-topics-permissions-policy-self.tentative.https.sub.html.headers b/testing/web-platform/tests/browsing-topics/browsing-topics-permissions-policy-self.tentative.https.sub.html.headers
new file mode 100644
index 0000000000..6eb902eb68
--- /dev/null
+++ b/testing/web-platform/tests/browsing-topics/browsing-topics-permissions-policy-self.tentative.https.sub.html.headers
@@ -0,0 +1 @@
+Permissions-Policy: browsing-topics=(self)
diff --git a/testing/web-platform/tests/browsing-topics/document-api-insecure-context.tentative.http.html b/testing/web-platform/tests/browsing-topics/document-api-insecure-context.tentative.http.html
new file mode 100644
index 0000000000..b2f0abf8e0
--- /dev/null
+++ b/testing/web-platform/tests/browsing-topics/document-api-insecure-context.tentative.http.html
@@ -0,0 +1,17 @@
+<!doctype html>
+<body>
+  <script src=/resources/testharness.js></script>
+  <script src=/resources/testharnessreport.js></script>
+  <script>
+    promise_test(async t => {
+      try {
+        await document.browsingTopics();
+      } catch (e) {
+        assert_equals(e.name, 'TypeError');
+        assert_equals(e.message, 'document.browsingTopics is not a function');
+        return;
+      }
+      assert_unreached("did not reject");
+    }, 'test document.browsingTopics() in insecure context');
+  </script>
+</body>
diff --git a/testing/web-platform/tests/browsing-topics/document-api.tentative.https.html b/testing/web-platform/tests/browsing-topics/document-api.tentative.https.html
new file mode 100644
index 0000000000..d1d515ccba
--- /dev/null
+++ b/testing/web-platform/tests/browsing-topics/document-api.tentative.https.html
@@ -0,0 +1,15 @@
+<!doctype html>
+<body>
+  <script src=/resources/testharness.js></script>
+  <script src=/resources/testharnessreport.js></script>
+  <script>
+    promise_test(async t => {
+      let topics = await document.browsingTopics();
+
+      // An empty result indicates that the request was eligible for topics.
+      // Currently, the web-platform-tests framework does not support actually
+      // handling the topics request.
+      assert_equals(topics.length, 0);
+    }, 'test document.browsingTopics()');
+  </script>
+</body>
diff --git a/testing/web-platform/tests/browsing-topics/fetch-topics-header-not-visible-in-service-worker.tentative.https.html b/testing/web-platform/tests/browsing-topics/fetch-topics-header-not-visible-in-service-worker.tentative.https.html
new file mode 100644
index 0000000000..76f7b90957
--- /dev/null
+++ b/testing/web-platform/tests/browsing-topics/fetch-topics-header-not-visible-in-service-worker.tentative.https.html
@@ -0,0 +1,36 @@
+<!doctype html>
+<body>
+  <script src=/resources/testharness.js></script>
+  <script src=/resources/testharnessreport.js></script>
+  <script src="/service-workers/service-worker/resources/test-helpers.sub.js"></script>
+  <script>
+    promise_test(async t => {
+      let url = 'resources/fetch-topics-header-not-visible-in-service-worker-helper.tentative.https.html';
+
+      let r = await service_worker_unregister_and_register(t,
+          'resources/intercept-request.js', url);
+      await wait_for_state(t, r.installing, 'activated');
+
+      var popup_window = window.open("/common/blank.html");
+
+      t.add_cleanup(async _=>{
+        popup_window.close();
+        await r.unregister();
+      });
+
+      // The current page isn't yet controlled by the service worker. Thus,
+      // execute the actual test in a new page and let it post its result back
+      // to this page.
+      test_helper_popup_page_result = new Promise((resolve, reject) => {
+        window.addEventListener('message', t.step_func((e) => {
+          assert_equals(e.data.testResult,
+                        'Service worker intercepted no topics header');
+          resolve();
+        }));
+      });
+
+      popup_window.location = url;
+      await test_helper_popup_page_result;
+    }, 'test that the topics header for fetch(<url>, {browsingTopics: true}) is not visible in a service worker context');
+  </script>
+</body>
diff --git a/testing/web-platform/tests/browsing-topics/fetch-topics-insecure-context.tentative.http.html b/testing/web-platform/tests/browsing-topics/fetch-topics-insecure-context.tentative.http.html
new file mode 100644
index 0000000000..d4cdd9ae95
--- /dev/null
+++ b/testing/web-platform/tests/browsing-topics/fetch-topics-insecure-context.tentative.http.html
@@ -0,0 +1,17 @@
+<!doctype html>
+<body>
+  <script src=/resources/testharness.js></script>
+  <script src=/resources/testharnessreport.js></script>
+  <script>
+    promise_test(async t => {
+      try {
+        let response = await fetch('./resources/check-topics-request-header.py', {browsingTopics: true});
+      } catch (e) {
+        assert_equals(e.name, 'TypeError');
+        assert_equals(e.message, 'Failed to execute \'fetch\' on \'Window\': browsingTopics: Topics operations are only available in secure contexts.');
+        return;
+      }
+      assert_unreached("did not reject");
+    }, 'test fetch(<url>, {browsingTopics: true}) in insecure context');
+  </script>
+</body>
diff --git a/testing/web-platform/tests/browsing-topics/fetch-topics.tentative.https.html b/testing/web-platform/tests/browsing-topics/fetch-topics.tentative.https.html
new file mode 100644
index 0000000000..c33d4dd11d
--- /dev/null
+++ b/testing/web-platform/tests/browsing-topics/fetch-topics.tentative.https.html
@@ -0,0 +1,17 @@
+<!doctype html>
+<body>
+  <script src=/resources/testharness.js></script>
+  <script src=/resources/testharnessreport.js></script>
+  <script src=/browsing-topics/resources/header-util.sub.js></script>
+  <script>
+    promise_test(async t => {
+      let response = await fetch('./resources/check-topics-request-header.py', {browsingTopics: true});
+      let topics_header = await response.text();
+
+      // An empty result indicates that the request was eligible for topics.
+      // Currently, the web-platform-tests framework does not support actually
+      // handling the topics request.
+      assert_equals(topics_header, EMPTY_TOPICS_HEADER);
+    }, 'test fetch(<url>, {browsingTopics: true})');
+  </script>
+</body>
diff --git a/testing/web-platform/tests/browsing-topics/fetch-without-topics-flag.tentative.https.html b/testing/web-platform/tests/browsing-topics/fetch-without-topics-flag.tentative.https.html
new file mode 100644
index 0000000000..f942915a7f
--- /dev/null
+++ b/testing/web-platform/tests/browsing-topics/fetch-without-topics-flag.tentative.https.html
@@ -0,0 +1,15 @@
+<!doctype html>
+<body>
+  <script src=/resources/testharness.js></script>
+  <script src=/resources/testharnessreport.js></script>
+  <script>
+    promise_test(async t => {
+      let response = await fetch('./resources/check-topics-request-header.py');
+      let topics_header = await response.text();
+
+      // The request was not eligible for topics, as the `browsingTopics` flag
+      // was not set.
+      assert_equals(topics_header, "NO_TOPICS_HEADER");
+    }, 'test fetch(<url>)');
+  </script>
+</body>
diff --git a/testing/web-platform/tests/browsing-topics/iframe-topics-attribute-insecure-context.tentative.http.sub.html b/testing/web-platform/tests/browsing-topics/iframe-topics-attribute-insecure-context.tentative.http.sub.html
new file mode 100644
index 0000000000..8e25b769ce
--- /dev/null
+++ b/testing/web-platform/tests/browsing-topics/iframe-topics-attribute-insecure-context.tentative.http.sub.html
@@ -0,0 +1,36 @@
+<!doctype html>
+<body>
+  <script src=/resources/testharness.js></script>
+  <script src=/resources/testharnessreport.js></script>
+  <script src=/browsing-topics/resources/header-util.sub.js></script>
+  <script>
+    async_test(t => {
+      test_topics_iframe_navigation_header(
+          t, /*has_browsing_topics_attribute=*/true, /*is_same_origin=*/false,
+          expect_topics_header_unavailable);
+    }, 'test <iframe browsingtopics src=[url]></iframe> in an insecure context, where the browsingtopics attribute is set via IDL.');
+
+    async_test(t => {
+      const same_origin_src = '/browsing-topics/resources/check-topics-request-header-notify-parent.py';
+      const cross_origin_src = 'https://{{domains[www]}}:{{ports[https][0]}}' +
+            same_origin_src;
+
+      let frame = document.createElement('iframe');
+
+      window.addEventListener('message', t.step_func(function handler(evt) {
+        if (evt.source === frame.contentWindow) {
+          assert_equals(evt.data.topicsHeader, 'NO_TOPICS_HEADER');
+
+          document.body.removeChild(frame);
+          window.removeEventListener('message', handler);
+          t.done();
+        }
+      }));
+
+      document.body.appendChild(frame);
+
+      frame.setAttribute("browsingtopics", "123");
+      frame.src = cross_origin_src;
+    }, 'test <iframe browsingtopics src=[url]></iframe> in an insecure context, where the browsingtopics attribute is set via setAttribute().');
+  </script>
+</body>
diff --git a/testing/web-platform/tests/browsing-topics/iframe-topics-attribute.tentative.https.html b/testing/web-platform/tests/browsing-topics/iframe-topics-attribute.tentative.https.html
new file mode 100644
index 0000000000..7b3b6c7045
--- /dev/null
+++ b/testing/web-platform/tests/browsing-topics/iframe-topics-attribute.tentative.https.html
@@ -0,0 +1,19 @@
+<!doctype html>
+<body>
+  <script src=/resources/testharness.js></script>
+  <script src=/resources/testharnessreport.js></script>
+  <script src=/browsing-topics/resources/header-util.sub.js></script>
+  <script>
+    async_test(t => {
+      test_topics_iframe_navigation_header(
+          t, /*has_browsing_topics_attribute=*/false, /*is_same_origin=*/false,
+          expect_topics_header_unavailable);
+    }, 'test <iframe src=[url]></iframe>');
+
+    async_test(t => {
+      test_topics_iframe_navigation_header(
+          t, /*has_browsing_topics_attribute=*/true, /*is_same_origin=*/false,
+          expect_topics_header_available);
+    }, 'test <iframe browsingtopics src=[url]></iframe>');
+  </script>
+</body>
diff --git a/testing/web-platform/tests/browsing-topics/resources/check-topics-request-header-notify-parent.py b/testing/web-platform/tests/browsing-topics/resources/check-topics-request-header-notify-parent.py
new file mode 100644
index 0000000000..98c77c2b0b
--- /dev/null
+++ b/testing/web-platform/tests/browsing-topics/resources/check-topics-request-header-notify-parent.py
@@ -0,0 +1,18 @@
+def main(request, response):
+    """
+    Returns an HTML response that notifies its parent frame the topics header
+    via postMessage
+    """
+
+    topics_header = request.headers.get(b"sec-browsing-topics", b"NO_TOPICS_HEADER")
+
+    headers = [(b"Content-Type", b"text/html"),
+               (b"Access-Control-Allow-Origin", b"*")]
+    content = b'''
+<script>
+  let parentOrOpener = window.opener || window.parent;
+  parentOrOpener.postMessage({ topicsHeader: '%s'}, "*");
+</script>
+''' % (topics_header)
+
+    return 200, headers, content
diff --git a/testing/web-platform/tests/browsing-topics/resources/check-topics-request-header.py b/testing/web-platform/tests/browsing-topics/resources/check-topics-request-header.py
new file mode 100644
index 0000000000..569b754496
--- /dev/null
+++ b/testing/web-platform/tests/browsing-topics/resources/check-topics-request-header.py
@@ -0,0 +1,4 @@
+def main(request, response):
+    topics_header = request.headers.get(b"sec-browsing-topics", b"NO_TOPICS_HEADER")
+    response.headers.append(b"Access-Control-Allow-Origin", b"*")
+    response.content = topics_header
diff --git a/testing/web-platform/tests/browsing-topics/resources/document-api-notify-parent.tentative.https.html b/testing/web-platform/tests/browsing-topics/resources/document-api-notify-parent.tentative.https.html
new file mode 100644
index 0000000000..2fd55ebeb2
--- /dev/null
+++ b/testing/web-platform/tests/browsing-topics/resources/document-api-notify-parent.tentative.https.html
@@ -0,0 +1,11 @@
+<!doctype html>
+<body>
+  <script>
+    document.browsingTopics().then((topics) => {
+      window.parent.postMessage({error: 'No error'}, '*');
+    })
+    .catch((err) => {
+      window.parent.postMessage({error: err.message}, '*');
+    });
+  </script>
+</body>
diff --git a/testing/web-platform/tests/browsing-topics/resources/empty.html b/testing/web-platform/tests/browsing-topics/resources/empty.html
new file mode 100644
index 0000000000..c50eddd41f
--- /dev/null
+++ b/testing/web-platform/tests/browsing-topics/resources/empty.html
@@ -0,0 +1 @@
+<!doctype html>
diff --git a/testing/web-platform/tests/browsing-topics/resources/fetch-topics-header-not-visible-in-service-worker-helper.tentative.https.html b/testing/web-platform/tests/browsing-topics/resources/fetch-topics-header-not-visible-in-service-worker-helper.tentative.https.html
new file mode 100644
index 0000000000..e9cb8144e0
--- /dev/null
+++ b/testing/web-platform/tests/browsing-topics/resources/fetch-topics-header-not-visible-in-service-worker-helper.tentative.https.html
@@ -0,0 +1,21 @@
+<!doctype html>
+<body>
+  <script>
+    var current_url = window.location.href;
+    var fetch_url = current_url.substring(0, current_url.lastIndexOf("/")) + '/empty.html'
+
+    navigator.serviceWorker.addEventListener('message', e => {
+      if (e.data.fetchUrl == fetch_url) {
+        if (e.data.topicsHeader === 'null') {
+          window.opener.postMessage(
+            {testResult: 'Service worker intercepted no topics header'}, '*');
+        } else {
+          window.opener.postMessage(
+            {testResult: 'Service worker intercepted topics header'}, '*');
+        }
+      }
+    });
+
+    fetch(fetch_url, {browsingTopics: true});
+  </script>
+</body>
diff --git a/testing/web-platform/tests/browsing-topics/resources/fetch-topics.js b/testing/web-platform/tests/browsing-topics/resources/fetch-topics.js
new file mode 100644
index 0000000000..71064a90c5
--- /dev/null
+++ b/testing/web-platform/tests/browsing-topics/resources/fetch-topics.js
@@ -0,0 +1,14 @@
+self.addEventListener('message', event => {
+  if (event.data.fetchUrl) {
+    clients.matchAll().then((clients) => {
+      fetch(event.data.fetchUrl, {browsingTopics: true}).then((response) => {
+        response.text().then((topics_header) => {
+            // clients[0] is the most recently focused one
+            clients[0].postMessage({
+              topicsHeader: topics_header
+            });
+          });
+      });
+    });
+  }
+});
diff --git a/testing/web-platform/tests/browsing-topics/resources/header-util.sub.js b/testing/web-platform/tests/browsing-topics/resources/header-util.sub.js
new file mode 100644
index 0000000000..bb5a63426d
--- /dev/null
+++ b/testing/web-platform/tests/browsing-topics/resources/header-util.sub.js
@@ -0,0 +1,38 @@
+const EMPTY_TOPICS_HEADER = '();p=P0000000000000000000000000000000';
+
+function test_topics_iframe_navigation_header(
+    test, has_browsing_topics_attribute, is_same_origin, expect_topics_header_available_func) {
+  const same_origin_src = '/browsing-topics/resources/check-topics-request-header-notify-parent.py';
+  const cross_origin_src = 'https://{{domains[www]}}:{{ports[https][0]}}' +
+    same_origin_src;
+
+  let frame = document.createElement('iframe');
+  frame.src = is_same_origin ? same_origin_src : cross_origin_src;
+
+  if (has_browsing_topics_attribute) {
+    frame.browsingTopics = true;
+  }
+
+  window.addEventListener('message', test.step_func(function handler(evt) {
+    if (evt.source === frame.contentWindow) {
+      expect_topics_header_available_func(evt.data);
+
+      document.body.removeChild(frame);
+      window.removeEventListener('message', handler);
+      test.done();
+    }
+  }));
+
+  document.body.appendChild(frame);
+}
+
+function expect_topics_header_unavailable(data) {
+  assert_equals(data.topicsHeader, 'NO_TOPICS_HEADER');
+}
+
+function expect_topics_header_available(data) {
+  // An empty result indicates that the request was eligible for topics.
+  // Currently, the web-platform-tests framework does not support actually
+  // handling the topics request.
+  assert_equals(data.topicsHeader, EMPTY_TOPICS_HEADER);
+}
\ No newline at end of file
diff --git a/testing/web-platform/tests/browsing-topics/resources/intercept-request.js b/testing/web-platform/tests/browsing-topics/resources/intercept-request.js
new file mode 100644
index 0000000000..c19efb5f2f
--- /dev/null
+++ b/testing/web-platform/tests/browsing-topics/resources/intercept-request.js
@@ -0,0 +1,12 @@
+self.addEventListener('fetch', event => {
+  event.waitUntil(async function () {
+    if (!event.clientId) return;
+    const client = await clients.get(event.clientId);
+    if (!client) return;
+
+    client.postMessage({
+      fetchUrl: event.request.url,
+      topicsHeader: String(event.request.headers.get("Sec-Browsing-Topics"))
+    });
+  }());
+});
diff --git a/testing/web-platform/tests/browsing-topics/resources/permissions-policy-util.sub.js b/testing/web-platform/tests/browsing-topics/resources/permissions-policy-util.sub.js
new file mode 100644
index 0000000000..e8bf45049c
--- /dev/null
+++ b/testing/web-platform/tests/browsing-topics/resources/permissions-policy-util.sub.js
@@ -0,0 +1,30 @@
+const TOPICS_PERMISSIONS_POLICY_ERROR_MESSAGE = 'The \"browsing-topics\" Permissions Policy denied the use of document.browsingTopics().';
+
+function test_topics_feature_availability_in_subframe(test, is_same_origin, expect_feature_available_func) {
+  const same_origin_src = '/browsing-topics/resources/document-api-notify-parent.tentative.https.html';
+  const cross_origin_src = 'https://{{domains[www]}}:{{ports[https][0]}}' +
+    same_origin_src;
+
+  let frame = document.createElement('iframe');
+  frame.src = is_same_origin ? same_origin_src : cross_origin_src;
+
+  window.addEventListener('message', test.step_func(function handler(evt) {
+    if (evt.source === frame.contentWindow) {
+      expect_feature_available_func(evt.data);
+
+      document.body.removeChild(frame);
+      window.removeEventListener('message', handler);
+      test.done();
+    }
+  }));
+
+  document.body.appendChild(frame);
+}
+
+function expect_topics_feature_unavailable(data) {
+  assert_equals(data.error, TOPICS_PERMISSIONS_POLICY_ERROR_MESSAGE);
+}
+
+function expect_topics_feature_available(data) {
+  assert_equals(data.error, 'No error');
+}
diff --git a/testing/web-platform/tests/browsing-topics/resources/topics-not-allowed-for-service-worker-fetch-helper.tentative.https.html b/testing/web-platform/tests/browsing-topics/resources/topics-not-allowed-for-service-worker-fetch-helper.tentative.https.html
new file mode 100644
index 0000000000..2278d5bc76
--- /dev/null
+++ b/testing/web-platform/tests/browsing-topics/resources/topics-not-allowed-for-service-worker-fetch-helper.tentative.https.html
@@ -0,0 +1,19 @@
+<!doctype html>
+<body>
+  <script>
+    var current_url = window.location.href;
+    var fetch_url = current_url.substring(0, current_url.lastIndexOf("/")) + '/check-topics-request-header.py'
+
+    navigator.serviceWorker.addEventListener('message', e => {
+      if (e.data.topicsHeader === 'NO_TOPICS_HEADER') {
+        window.opener.postMessage({testResult: 'Topics fetch initiated from service worker did not include the topics header'}, '*');
+      } else {
+        window.opener.postMessage({testResult: 'Topics fetch initiated from service worker included the topics header'}, '*');
+      }
+    });
+
+    navigator.serviceWorker.controller.postMessage({
+      fetchUrl: fetch_url
+    });
+  </script>
+</body>
diff --git a/testing/web-platform/tests/browsing-topics/topics-not-allowed-for-service-worker-fetch.tentative.https.html b/testing/web-platform/tests/browsing-topics/topics-not-allowed-for-service-worker-fetch.tentative.https.html
new file mode 100644
index 0000000000..1bd578e9bf
--- /dev/null
+++ b/testing/web-platform/tests/browsing-topics/topics-not-allowed-for-service-worker-fetch.tentative.https.html
@@ -0,0 +1,36 @@
+<!doctype html>
+<body>
+  <script src=/resources/testharness.js></script>
+  <script src=/resources/testharnessreport.js></script>
+  <script src="/service-workers/service-worker/resources/test-helpers.sub.js"></script>
+  <script>
+    promise_test(async t => {
+      let url = 'resources/topics-not-allowed-for-service-worker-fetch-helper.tentative.https.html';
+
+      let r = await service_worker_unregister_and_register(t,
+          'resources/fetch-topics.js', url);
+      await wait_for_state(t, r.installing, 'activated');
+
+      var popup_window = window.open("/common/blank.html");
+
+      t.add_cleanup(async _=>{
+        popup_window.close();
+        await r.unregister();
+      });
+
+      // The current page isn't yet controlled by the service worker. Thus,
+      // execute the actual test in a new page and let it post its result back
+      // to this page.
+      test_helper_popup_page_result = new Promise((resolve, reject) => {
+        window.addEventListener('message', t.step_func((e) => {
+          assert_equals(e.data.testResult,
+                        'Topics fetch initiated from service worker did not include the topics header');
+          resolve();
+        }));
+      });
+
+      popup_window.location = url;
+      await test_helper_popup_page_result;
+    }, 'test that fetch(<url>, {browsingTopics: true}) from a service worker context will not include the topics header');
+  </script>
+</body>
-- 
cgit v1.2.3