summaryrefslogtreecommitdiffstats
path: root/testing/web-platform/tests/feature-policy/reporting
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 09:22:09 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 09:22:09 +0000
commit43a97878ce14b72f0981164f87f2e35e14151312 (patch)
tree620249daf56c0258faa40cbdcf9cfba06de2a846 /testing/web-platform/tests/feature-policy/reporting
parentInitial commit. (diff)
downloadfirefox-43a97878ce14b72f0981164f87f2e35e14151312.tar.xz
firefox-43a97878ce14b72f0981164f87f2e35e14151312.zip
Adding upstream version 110.0.1.upstream/110.0.1upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'testing/web-platform/tests/feature-policy/reporting')
-rw-r--r--testing/web-platform/tests/feature-policy/reporting/camera-reporting.https.html34
-rw-r--r--testing/web-platform/tests/feature-policy/reporting/camera-reporting.https.html.headers1
-rw-r--r--testing/web-platform/tests/feature-policy/reporting/encrypted-media-reporting.https.html37
-rw-r--r--testing/web-platform/tests/feature-policy/reporting/encrypted-media-reporting.https.html.headers1
-rw-r--r--testing/web-platform/tests/feature-policy/reporting/fullscreen-reporting.html45
-rw-r--r--testing/web-platform/tests/feature-policy/reporting/fullscreen-reporting.html.headers1
-rw-r--r--testing/web-platform/tests/feature-policy/reporting/generic-sensor-reporting.https.html55
-rw-r--r--testing/web-platform/tests/feature-policy/reporting/generic-sensor-reporting.https.html.headers1
-rw-r--r--testing/web-platform/tests/feature-policy/reporting/geolocation-reporting.https.html30
-rw-r--r--testing/web-platform/tests/feature-policy/reporting/geolocation-reporting.https.html.headers1
-rw-r--r--testing/web-platform/tests/feature-policy/reporting/image.bmpbin0 -> 6538 bytes
-rw-r--r--testing/web-platform/tests/feature-policy/reporting/microphone-reporting.https.html34
-rw-r--r--testing/web-platform/tests/feature-policy/reporting/microphone-reporting.https.html.headers1
-rw-r--r--testing/web-platform/tests/feature-policy/reporting/midi-reporting.https.html32
-rw-r--r--testing/web-platform/tests/feature-policy/reporting/midi-reporting.https.html.headers1
-rw-r--r--testing/web-platform/tests/feature-policy/reporting/payment-reporting.https.html37
-rw-r--r--testing/web-platform/tests/feature-policy/reporting/payment-reporting.https.html.headers1
-rw-r--r--testing/web-platform/tests/feature-policy/reporting/picture-in-picture-reporting.html46
-rw-r--r--testing/web-platform/tests/feature-policy/reporting/picture-in-picture-reporting.html.headers1
-rw-r--r--testing/web-platform/tests/feature-policy/reporting/serial-reporting.https.html54
-rw-r--r--testing/web-platform/tests/feature-policy/reporting/serial-reporting.https.html.headers1
-rw-r--r--testing/web-platform/tests/feature-policy/reporting/sync-xhr-reporting.html36
-rw-r--r--testing/web-platform/tests/feature-policy/reporting/sync-xhr-reporting.html.headers1
-rw-r--r--testing/web-platform/tests/feature-policy/reporting/usb-reporting.https.html30
-rw-r--r--testing/web-platform/tests/feature-policy/reporting/usb-reporting.https.html.headers1
-rw-r--r--testing/web-platform/tests/feature-policy/reporting/vr-report-only.https.html30
-rw-r--r--testing/web-platform/tests/feature-policy/reporting/vr-report-only.https.html.headers1
-rw-r--r--testing/web-platform/tests/feature-policy/reporting/vr-reporting.https.html32
-rw-r--r--testing/web-platform/tests/feature-policy/reporting/vr-reporting.https.html.headers1
-rw-r--r--testing/web-platform/tests/feature-policy/reporting/xr-reporting.https.html33
-rw-r--r--testing/web-platform/tests/feature-policy/reporting/xr-reporting.https.html.headers1
31 files changed, 580 insertions, 0 deletions
diff --git a/testing/web-platform/tests/feature-policy/reporting/camera-reporting.https.html b/testing/web-platform/tests/feature-policy/reporting/camera-reporting.https.html
new file mode 100644
index 0000000000..708d3fa525
--- /dev/null
+++ b/testing/web-platform/tests/feature-policy/reporting/camera-reporting.https.html
@@ -0,0 +1,34 @@
+<!DOCTYPE html>
+<html>
+ <head>
+ <script src='/resources/testharness.js'></script>
+ <script src='/resources/testharnessreport.js'></script>
+ <script src=/resources/testdriver.js></script>
+ <script src=/resources/testdriver-vendor.js></script>
+ <script src='../../mediacapture-streams/permission-helper.js'></script>
+ </head>
+ <body>
+ <script>
+var t = async_test("Camera Report Format");
+
+var check_report_format = (reports, observer) => {
+ let report = reports[0];
+ assert_equals(report.type, "permissions-policy-violation");
+ assert_equals(report.url, document.location.href);
+ assert_equals(report.body.featureId, "camera");
+ assert_equals(report.body.sourceFile, document.location.href);
+ assert_equals(typeof report.body.lineNumber, "number");
+ assert_equals(typeof report.body.columnNumber, "number");
+ assert_equals(report.body.disposition, "enforce");
+};
+
+new ReportingObserver(t.step_func_done(check_report_format),
+ {types: ['permissions-policy-violation']}).observe();
+
+ setMediaPermission("granted", ["camera"]).then(() => navigator.mediaDevices.getUserMedia({video: true}))
+ .then(
+ t.unreached_func("UserMedia camera access should not be allowed in this document.")
+).catch(() => {});
+ </script>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/feature-policy/reporting/camera-reporting.https.html.headers b/testing/web-platform/tests/feature-policy/reporting/camera-reporting.https.html.headers
new file mode 100644
index 0000000000..2adc5e237f
--- /dev/null
+++ b/testing/web-platform/tests/feature-policy/reporting/camera-reporting.https.html.headers
@@ -0,0 +1 @@
+Feature-Policy: camera 'none'
diff --git a/testing/web-platform/tests/feature-policy/reporting/encrypted-media-reporting.https.html b/testing/web-platform/tests/feature-policy/reporting/encrypted-media-reporting.https.html
new file mode 100644
index 0000000000..32a5a2cc48
--- /dev/null
+++ b/testing/web-platform/tests/feature-policy/reporting/encrypted-media-reporting.https.html
@@ -0,0 +1,37 @@
+<!DOCTYPE html>
+<html>
+ <head>
+ <script src='/resources/testharness.js'></script>
+ <script src='/resources/testharnessreport.js'></script>
+ </head>
+ <body>
+ <script>
+var check_report_format = (reports, observer) => {
+ let report = reports[0];
+ assert_equals(report.type, "permissions-policy-violation");
+ assert_equals(report.url, document.location.href);
+ assert_equals(report.body.featureId, "encrypted-media");
+ assert_equals(report.body.disposition, "enforce");
+ assert_equals(report.body.sourceFile, document.location.href);
+ assert_equals(typeof report.body.lineNumber, "number");
+ assert_equals(typeof report.body.columnNumber, "number");
+};
+
+promise_test(async t => {
+ const report = new Promise(resolve => {
+ new ReportingObserver((reports, observer) => resolve([reports, observer]),
+ {types: ['permissions-policy-violation']}).observe();
+ });
+ await promise_rejects_dom(t, "SecurityError",
+ navigator.requestMediaKeySystemAccess("org.w3.clearkey",
+ [{
+ initDataTypes: ["webm"],
+ videoCapabilities: [{contentType: 'video/webm;codecs="vp8"'}],
+ }]),
+ "requestMediaKeySystemAccess() should not be allowed in this document.");
+ const [reports, observer] = await report;
+ check_report_format(reports, observer);
+}, "Encrypted Media report format");
+ </script>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/feature-policy/reporting/encrypted-media-reporting.https.html.headers b/testing/web-platform/tests/feature-policy/reporting/encrypted-media-reporting.https.html.headers
new file mode 100644
index 0000000000..73753a2e41
--- /dev/null
+++ b/testing/web-platform/tests/feature-policy/reporting/encrypted-media-reporting.https.html.headers
@@ -0,0 +1 @@
+Feature-Policy: encrypted-media 'none'
diff --git a/testing/web-platform/tests/feature-policy/reporting/fullscreen-reporting.html b/testing/web-platform/tests/feature-policy/reporting/fullscreen-reporting.html
new file mode 100644
index 0000000000..d7b905744d
--- /dev/null
+++ b/testing/web-platform/tests/feature-policy/reporting/fullscreen-reporting.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<html>
+ <head>
+ <script src='/resources/testharness.js'></script>
+ <script src='/resources/testharnessreport.js'></script>
+ </head>
+ <body>
+ <div id='fs'></div>
+ <script>
+var observer1;
+var observer2;
+
+var check_report_format = (reports, observer) => {
+ // Test that observer2 is notified, even if it is disconnected.
+ observer1.disconnect();
+ observer2.disconnect();
+ let report = reports[0];
+ assert_equals(report.type, "permissions-policy-violation");
+ assert_equals(report.url, document.location.href);
+ assert_equals(report.body.featureId, "fullscreen");
+ assert_equals(report.body.sourceFile, document.location.href);
+ assert_equals(typeof report.body.lineNumber, "number");
+ assert_equals(typeof report.body.columnNumber, "number");
+ assert_equals(report.body.disposition, "enforce");
+};
+
+var check_second_observer = (reports, observer) => {
+ let report = reports[0];
+ assert_equals(report.type, "permissions-policy-violation");
+ assert_equals(report.body.featureId, "fullscreen");
+};
+
+async_test(t => {
+ observer1 = new ReportingObserver(t.step_func(check_report_format),
+ {types: ['permissions-policy-violation']});
+ observer1.observe();
+ observer2 = new ReportingObserver(t.step_func_done(check_second_observer),
+ {types: ['permissions-policy-violation']});
+ observer2.observe();
+ document.getElementById('fs').requestFullscreen().then(t.unreached_func(
+ "Fullscreen should not be allowed in this document.")).catch(()=>{});
+}, "Fullscreen Report Format");
+ </script>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/feature-policy/reporting/fullscreen-reporting.html.headers b/testing/web-platform/tests/feature-policy/reporting/fullscreen-reporting.html.headers
new file mode 100644
index 0000000000..d35e48ba40
--- /dev/null
+++ b/testing/web-platform/tests/feature-policy/reporting/fullscreen-reporting.html.headers
@@ -0,0 +1 @@
+Feature-Policy: fullscreen 'none'
diff --git a/testing/web-platform/tests/feature-policy/reporting/generic-sensor-reporting.https.html b/testing/web-platform/tests/feature-policy/reporting/generic-sensor-reporting.https.html
new file mode 100644
index 0000000000..c29c069ee3
--- /dev/null
+++ b/testing/web-platform/tests/feature-policy/reporting/generic-sensor-reporting.https.html
@@ -0,0 +1,55 @@
+<!DOCTYPE html>
+<html>
+ <head>
+ <script src='/resources/testharness.js'></script>
+ <script src='/resources/testharnessreport.js'></script>
+ </head>
+ <body>
+ <script>
+var sensor_features_verified = {
+ "accelerometer": false,
+ "ambient-light-sensor": false,
+ "magnetometer": false,
+ "gyroscope": false
+};
+
+var check_report_format = function(reports, observer) {
+ // Check each report in this batch. This observer callback may be called
+ // multiple times before all reports have been processed.
+ for (const report of reports) {
+
+ // Validate that the reported feature is one of the sensor features, and that
+ // we have not seen a report for this feature before.
+ assert_true(sensor_features_verified.hasOwnProperty(report.body.featureId));
+ assert_false(sensor_features_verified[report.body.featureId]);
+
+ // Validate the remainder of the report
+ assert_equals(report.type, "permissions-policy-violation");
+ assert_equals(report.url, document.location.href);
+ assert_equals(report.body.sourceFile, document.location.href);
+ assert_equals(typeof report.body.lineNumber, "number");
+ assert_equals(typeof report.body.columnNumber, "number");
+ assert_equals(report.body.disposition, "enforce");
+
+ sensor_features_verified[report.body.featureId] = true;
+ }
+
+ // Test is only done when reports for all features have been seen
+ for (let result of Object.values(sensor_features_verified)) {
+ if (!result)
+ return;
+ }
+ this.done();
+};
+
+async_test(t => {
+ new ReportingObserver(t.step_func(check_report_format),
+ {types: ['permissions-policy-violation']}).observe();
+ assert_throws_dom("SecurityError", () => new Accelerometer(), "Constructing sensors should be blocked by policy");
+ assert_throws_dom("SecurityError", () => new AmbientLightSensor(), "Constructing sensors should be blocked by policy");
+ assert_throws_dom("SecurityError", () => new Gyroscope(), "Constructing sensors should be blocked by policy");
+ assert_throws_dom("SecurityError", () => new Magnetometer(), "Constructing sensors should be blocked by policy");
+}, "Generic Sensor Report Format");
+ </script>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/feature-policy/reporting/generic-sensor-reporting.https.html.headers b/testing/web-platform/tests/feature-policy/reporting/generic-sensor-reporting.https.html.headers
new file mode 100644
index 0000000000..80cc027530
--- /dev/null
+++ b/testing/web-platform/tests/feature-policy/reporting/generic-sensor-reporting.https.html.headers
@@ -0,0 +1 @@
+Feature-Policy: ambient-light-sensor 'none'; accelerometer 'none'; gyroscope 'none'; magnetometer 'none'
diff --git a/testing/web-platform/tests/feature-policy/reporting/geolocation-reporting.https.html b/testing/web-platform/tests/feature-policy/reporting/geolocation-reporting.https.html
new file mode 100644
index 0000000000..e0eb275bcc
--- /dev/null
+++ b/testing/web-platform/tests/feature-policy/reporting/geolocation-reporting.https.html
@@ -0,0 +1,30 @@
+<!DOCTYPE html>
+<html>
+ <head>
+ <script src='/resources/testharness.js'></script>
+ <script src='/resources/testharnessreport.js'></script>
+ </head>
+ <body>
+ <script>
+var t = async_test("Geolocation Report Format");
+
+var check_report_format = (reports, observer) => {
+ let report = reports[0];
+ assert_equals(report.type, "permissions-policy-violation");
+ assert_equals(report.url, document.location.href);
+ assert_equals(report.body.featureId, "geolocation");
+ assert_equals(report.body.sourceFile, document.location.href);
+ assert_equals(typeof report.body.lineNumber, "number");
+ assert_equals(typeof report.body.columnNumber, "number");
+ assert_equals(report.body.disposition, "enforce");
+};
+
+new ReportingObserver(t.step_func_done(check_report_format),
+ {types: ['permissions-policy-violation']}).observe();
+
+navigator.geolocation.getCurrentPosition(
+ t.unreached_func("geolocation should be disabled in this document"),
+ () => {});
+ </script>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/feature-policy/reporting/geolocation-reporting.https.html.headers b/testing/web-platform/tests/feature-policy/reporting/geolocation-reporting.https.html.headers
new file mode 100644
index 0000000000..7e75481ea6
--- /dev/null
+++ b/testing/web-platform/tests/feature-policy/reporting/geolocation-reporting.https.html.headers
@@ -0,0 +1 @@
+Feature-Policy: geolocation 'none'
diff --git a/testing/web-platform/tests/feature-policy/reporting/image.bmp b/testing/web-platform/tests/feature-policy/reporting/image.bmp
new file mode 100644
index 0000000000..f2b88690fc
--- /dev/null
+++ b/testing/web-platform/tests/feature-policy/reporting/image.bmp
Binary files differ
diff --git a/testing/web-platform/tests/feature-policy/reporting/microphone-reporting.https.html b/testing/web-platform/tests/feature-policy/reporting/microphone-reporting.https.html
new file mode 100644
index 0000000000..14ae976cde
--- /dev/null
+++ b/testing/web-platform/tests/feature-policy/reporting/microphone-reporting.https.html
@@ -0,0 +1,34 @@
+<!DOCTYPE html>
+<html>
+ <head>
+ <script src='/resources/testharness.js'></script>
+ <script src='/resources/testharnessreport.js'></script>
+ <script src=/resources/testdriver.js></script>
+ <script src=/resources/testdriver-vendor.js></script>
+ <script src='../../mediacapture-streams/permission-helper.js'></script>
+ </head>
+ <body>
+ <script>
+var t = async_test("Microphone Report Format");
+
+var check_report_format = (reports, observer) => {
+ let report = reports[0];
+ assert_equals(report.type, "permissions-policy-violation");
+ assert_equals(report.url, document.location.href);
+ assert_equals(report.body.featureId, "microphone");
+ assert_equals(report.body.sourceFile, document.location.href);
+ assert_equals(typeof report.body.lineNumber, "number");
+ assert_equals(typeof report.body.columnNumber, "number");
+ assert_equals(report.body.disposition, "enforce");
+};
+
+new ReportingObserver(t.step_func_done(check_report_format),
+ {types: ['permissions-policy-violation']}).observe();
+
+setMediaPermission().then(() => navigator.mediaDevices.getUserMedia({audio: true}))
+ .then(
+ t.unreached_func("UserMedia microphone access should not be allowed in this document.")
+).catch(() => {});
+ </script>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/feature-policy/reporting/microphone-reporting.https.html.headers b/testing/web-platform/tests/feature-policy/reporting/microphone-reporting.https.html.headers
new file mode 100644
index 0000000000..a86e0a0778
--- /dev/null
+++ b/testing/web-platform/tests/feature-policy/reporting/microphone-reporting.https.html.headers
@@ -0,0 +1 @@
+Feature-Policy: microphone 'none'
diff --git a/testing/web-platform/tests/feature-policy/reporting/midi-reporting.https.html b/testing/web-platform/tests/feature-policy/reporting/midi-reporting.https.html
new file mode 100644
index 0000000000..6cc07f5371
--- /dev/null
+++ b/testing/web-platform/tests/feature-policy/reporting/midi-reporting.https.html
@@ -0,0 +1,32 @@
+<!DOCTYPE html>
+<html>
+ <head>
+ <script src='/resources/testharness.js'></script>
+ <script src='/resources/testharnessreport.js'></script>
+ </head>
+ <body>
+ <script>
+var check_report_format = (reports, observer) => {
+ let report = reports[0];
+ assert_equals(report.type, "permissions-policy-violation");
+ assert_equals(report.url, document.location.href);
+ assert_equals(report.body.featureId, "midi");
+ assert_equals(report.body.sourceFile, document.location.href);
+ assert_equals(typeof report.body.lineNumber, "number");
+ assert_equals(typeof report.body.columnNumber, "number");
+ assert_equals(report.body.disposition, "enforce");
+};
+
+promise_test(async (t) => {
+ const report = new Promise(resolve => {
+ new ReportingObserver((reports, observer) => resolve([reports, observer]),
+ {types: ['permissions-policy-violation']}).observe();
+ });
+ await promise_rejects_dom(t, 'SecurityError', navigator.requestMIDIAccess(),
+ "MIDI device access should not be allowed in this document.");
+ const [reports, observer] = await report;
+ check_report_format(reports, observer);
+}, "MIDI Report Format");
+ </script>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/feature-policy/reporting/midi-reporting.https.html.headers b/testing/web-platform/tests/feature-policy/reporting/midi-reporting.https.html.headers
new file mode 100644
index 0000000000..0e145978a0
--- /dev/null
+++ b/testing/web-platform/tests/feature-policy/reporting/midi-reporting.https.html.headers
@@ -0,0 +1 @@
+Feature-Policy: midi 'none'
diff --git a/testing/web-platform/tests/feature-policy/reporting/payment-reporting.https.html b/testing/web-platform/tests/feature-policy/reporting/payment-reporting.https.html
new file mode 100644
index 0000000000..3c04db864d
--- /dev/null
+++ b/testing/web-platform/tests/feature-policy/reporting/payment-reporting.https.html
@@ -0,0 +1,37 @@
+<!DOCTYPE html>
+<html>
+ <head>
+ <script src='/resources/testharness.js'></script>
+ <script src='/resources/testharnessreport.js'></script>
+ <script src='../resources/feature-policy-report-json.js'></script>
+ </head>
+ <body>
+ <script>
+var t = async_test("PaymentRequest Report Format");
+
+var check_report_format = (reports, observer) => {
+ let report = reports[0];
+ assert_equals(report.type, "permissions-policy-violation");
+ assert_equals(report.url, document.location.href);
+ assert_equals(report.body.featureId, "payment");
+ assert_equals(report.body.sourceFile, document.location.href);
+ assert_equals(typeof report.body.lineNumber, "number");
+ assert_equals(typeof report.body.columnNumber, "number");
+ assert_equals(report.body.disposition, "enforce");
+ check_report_json(report);
+};
+
+new ReportingObserver(t.step_func_done(check_report_format),
+ {types: ['permissions-policy-violation']}).observe();
+
+t.step_func(() => {
+ assert_throws_dom('SecurityError',
+ () => new PaymentRequest(
+ [{ supportedMethods: 'https://example.com/pay' }],
+ { total: { label: 'Total', amount: { currency: 'USD', value: 0 }}},
+ {}).show(),
+ "PaymentRequest API should not be allowed in this document.");
+})();
+ </script>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/feature-policy/reporting/payment-reporting.https.html.headers b/testing/web-platform/tests/feature-policy/reporting/payment-reporting.https.html.headers
new file mode 100644
index 0000000000..a2836778bc
--- /dev/null
+++ b/testing/web-platform/tests/feature-policy/reporting/payment-reporting.https.html.headers
@@ -0,0 +1 @@
+Feature-Policy: payment 'none'
diff --git a/testing/web-platform/tests/feature-policy/reporting/picture-in-picture-reporting.html b/testing/web-platform/tests/feature-policy/reporting/picture-in-picture-reporting.html
new file mode 100644
index 0000000000..177e4d5c02
--- /dev/null
+++ b/testing/web-platform/tests/feature-policy/reporting/picture-in-picture-reporting.html
@@ -0,0 +1,46 @@
+<!DOCTYPE html>
+<html>
+ <head>
+ <script src='/common/media.js'></script>
+ <script src='/resources/testharness.js'></script>
+ <script src='/resources/testharnessreport.js'></script>
+ <script src="/resources/testdriver.js"></script>
+ <script src="/resources/testdriver-vendor.js"></script>
+ <script src='../resources/picture-in-picture.js'></script>
+ </head>
+ <body>
+ <script>
+const check_report_format = (reports, observer) => {
+ const report = reports[0];
+ assert_equals(report.type, "permissions-policy-violation");
+ assert_equals(report.url, document.location.href);
+ assert_equals(report.body.featureId, "picture-in-picture");
+ assert_equals(report.body.sourceFile, document.location.href);
+ assert_equals(typeof report.body.lineNumber, "number");
+ assert_equals(typeof report.body.columnNumber, "number");
+ assert_equals(report.body.disposition, "enforce");
+};
+
+const loadVideo = () => new Promise(resolve => {
+ const video = document.createElement('video');
+ video.src = getVideoURI('/media/movie_5');
+ video.addEventListener('loadedmetadata', () => {
+ resolve(video);
+ }, { once: true });
+});
+
+promise_pip_test(async (t) => {
+ const report = new Promise(resolve => {
+ new ReportingObserver((reports, observer) => resolve([reports, observer]),
+ {types: ['permissions-policy-violation']}).observe();
+ });
+ const videoElement = await loadVideo();
+ await test_driver.bless('picture-in-picture');
+ await promise_rejects_dom(t, 'SecurityError', videoElement.requestPictureInPicture(),
+ "Picture-in-Picture should not be allowed in this document.");
+ const [reports, observer] = await report;
+ check_report_format(reports, observer);
+}, "Picture-in-Picture Report Format");
+ </script>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/feature-policy/reporting/picture-in-picture-reporting.html.headers b/testing/web-platform/tests/feature-policy/reporting/picture-in-picture-reporting.html.headers
new file mode 100644
index 0000000000..1759381fdc
--- /dev/null
+++ b/testing/web-platform/tests/feature-policy/reporting/picture-in-picture-reporting.html.headers
@@ -0,0 +1 @@
+Feature-Policy: picture-in-picture 'none'
diff --git a/testing/web-platform/tests/feature-policy/reporting/serial-reporting.https.html b/testing/web-platform/tests/feature-policy/reporting/serial-reporting.https.html
new file mode 100644
index 0000000000..c96d8f878a
--- /dev/null
+++ b/testing/web-platform/tests/feature-policy/reporting/serial-reporting.https.html
@@ -0,0 +1,54 @@
+<!DOCTYPE html>
+<html>
+ <head>
+ <script src='/resources/testharness.js'></script>
+ <script src='/resources/testharnessreport.js'></script>
+ <script src='/resources/testdriver.js'></script>
+ <script src="/resources/testdriver-vendor.js"></script>
+ </head>
+ <body>
+ <script>
+var check_report_format = ([reports, observer]) => {
+ let report = reports[0];
+ assert_equals(report.type, "permissions-policy-violation");
+ assert_equals(report.url, document.location.href);
+ assert_equals(report.body.featureId, "serial");
+ assert_equals(report.body.sourceFile, document.location.href);
+ assert_equals(typeof report.body.lineNumber, "number");
+ assert_equals(typeof report.body.columnNumber, "number");
+ assert_equals(report.body.disposition, "enforce");
+};
+
+promise_test(async t => {
+ const report = new Promise(resolve => {
+ new ReportingObserver((reports, observer) => resolve([reports, observer]),
+ {types: ['permissions-policy-violation']}).observe();
+ });
+
+ await test_driver.bless('Activate document for serial.requestPort');
+ try {
+ await navigator.serial.requestPort({ filters: [] });
+ assert_unreached("Serial port access should not be allowed in this document.");
+ } catch (e) {
+ assert_equals(e.code, DOMException.SECURITY_ERR);
+ }
+ check_report_format(await report);
+}, "requestPort in serial reporting mode");
+
+promise_test(async t => {
+ const report = new Promise(resolve => {
+ new ReportingObserver((reports, observer) => resolve([reports, observer]),
+ {types: ['permissions-policy-violation']}).observe();
+ });
+
+ try {
+ await navigator.serial.getPorts();
+ assert_unreached("Serial port access should not be allowed in this document.");
+ } catch (e) {
+ assert_equals(e.code, DOMException.SECURITY_ERR);
+ }
+ check_report_format(await report);
+}, "getPorts in serial reporting mode");
+ </script>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/feature-policy/reporting/serial-reporting.https.html.headers b/testing/web-platform/tests/feature-policy/reporting/serial-reporting.https.html.headers
new file mode 100644
index 0000000000..be3e6afd42
--- /dev/null
+++ b/testing/web-platform/tests/feature-policy/reporting/serial-reporting.https.html.headers
@@ -0,0 +1 @@
+Feature-Policy: serial 'none'
diff --git a/testing/web-platform/tests/feature-policy/reporting/sync-xhr-reporting.html b/testing/web-platform/tests/feature-policy/reporting/sync-xhr-reporting.html
new file mode 100644
index 0000000000..416edf0cbb
--- /dev/null
+++ b/testing/web-platform/tests/feature-policy/reporting/sync-xhr-reporting.html
@@ -0,0 +1,36 @@
+<!DOCTYPE html>
+<html>
+ <head>
+ <script src='/resources/testharness.js'></script>
+ <script src='/resources/testharnessreport.js'></script>
+ <script src='../resources/feature-policy-report-json.js'></script>
+ </head>
+ <body>
+ <script>
+var t = async_test("Sync-xhr Report Format");
+
+var check_report_format = (reports, observer) => {
+ let report = reports[0];
+ assert_equals(report.type, "permissions-policy-violation");
+ assert_equals(report.url, document.location.href);
+ assert_equals(report.body.featureId, "sync-xhr");
+ assert_equals(report.body.sourceFile, document.location.href);
+ assert_equals(typeof report.body.lineNumber, "number");
+ assert_equals(typeof report.body.columnNumber, "number");
+ assert_equals(report.body.disposition, "enforce");
+ check_report_json(report);
+};
+
+new ReportingObserver(t.step_func_done(check_report_format),
+ {types: ['permissions-policy-violation']}).observe();
+
+t.step_func(() => {
+ var xhr = new XMLHttpRequest();
+ xhr.open("GET", document.location.href, false);
+ assert_throws_dom('NetworkError',
+ () => xhr.send(),
+ "Synchronous XHR.send should throw an exception when disabled");
+})();
+ </script>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/feature-policy/reporting/sync-xhr-reporting.html.headers b/testing/web-platform/tests/feature-policy/reporting/sync-xhr-reporting.html.headers
new file mode 100644
index 0000000000..21a909e1fb
--- /dev/null
+++ b/testing/web-platform/tests/feature-policy/reporting/sync-xhr-reporting.html.headers
@@ -0,0 +1 @@
+Feature-Policy: sync-xhr 'none'
diff --git a/testing/web-platform/tests/feature-policy/reporting/usb-reporting.https.html b/testing/web-platform/tests/feature-policy/reporting/usb-reporting.https.html
new file mode 100644
index 0000000000..1ec5ba4370
--- /dev/null
+++ b/testing/web-platform/tests/feature-policy/reporting/usb-reporting.https.html
@@ -0,0 +1,30 @@
+<!DOCTYPE html>
+<html>
+ <head>
+ <script src='/resources/testharness.js'></script>
+ <script src='/resources/testharnessreport.js'></script>
+ </head>
+ <body>
+ <script>
+var t = async_test("USB Report Format");
+
+var check_report_format = (reports, observer) => {
+ let report = reports[0];
+ assert_equals(report.type, "permissions-policy-violation");
+ assert_equals(report.url, document.location.href);
+ assert_equals(report.body.featureId, "usb");
+ assert_equals(report.body.sourceFile, document.location.href);
+ assert_equals(typeof report.body.lineNumber, "number");
+ assert_equals(typeof report.body.columnNumber, "number");
+ assert_equals(report.body.disposition, "enforce");
+};
+
+new ReportingObserver(t.step_func_done(check_report_format),
+ {types: ['permissions-policy-violation']}).observe();
+
+navigator.usb.getDevices().then(
+ t.unreached_func("USB device access should not be allowed in this document.")
+).catch(() => {});
+ </script>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/feature-policy/reporting/usb-reporting.https.html.headers b/testing/web-platform/tests/feature-policy/reporting/usb-reporting.https.html.headers
new file mode 100644
index 0000000000..4fd1e26936
--- /dev/null
+++ b/testing/web-platform/tests/feature-policy/reporting/usb-reporting.https.html.headers
@@ -0,0 +1 @@
+Feature-Policy: usb 'none'
diff --git a/testing/web-platform/tests/feature-policy/reporting/vr-report-only.https.html b/testing/web-platform/tests/feature-policy/reporting/vr-report-only.https.html
new file mode 100644
index 0000000000..b64a2015f7
--- /dev/null
+++ b/testing/web-platform/tests/feature-policy/reporting/vr-report-only.https.html
@@ -0,0 +1,30 @@
+<!DOCTYPE html>
+<html>
+ <head>
+ <script src='/resources/testharness.js'></script>
+ <script src='/resources/testharnessreport.js'></script>
+ </head>
+ <body>
+ <script>
+const check_report_format = ([reports, observer]) => {
+ const report = reports[0];
+ assert_equals(report.type, "feature-policy-violation");
+ assert_equals(report.url, document.location.href);
+ assert_equals(report.body.featureId, "vr");
+ assert_equals(report.body.sourceFile, document.location.href);
+ assert_equals(typeof report.body.lineNumber, "number");
+ assert_equals(typeof report.body.columnNumber, "number");
+ assert_equals(report.body.disposition, "report");
+};
+
+promise_test(async t => {
+ const report = new Promise(resolve => {
+ new ReportingObserver((reports, observer) => resolve([reports, observer]),
+ {types: ['feature-policy-violation']}).observe();
+ });
+ await navigator.getVRDisplays();
+ check_report_format(await report);
+}, "VR report only mode");
+ </script>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/feature-policy/reporting/vr-report-only.https.html.headers b/testing/web-platform/tests/feature-policy/reporting/vr-report-only.https.html.headers
new file mode 100644
index 0000000000..0761021f45
--- /dev/null
+++ b/testing/web-platform/tests/feature-policy/reporting/vr-report-only.https.html.headers
@@ -0,0 +1 @@
+Feature-Policy-Report-Only: vr 'none'
diff --git a/testing/web-platform/tests/feature-policy/reporting/vr-reporting.https.html b/testing/web-platform/tests/feature-policy/reporting/vr-reporting.https.html
new file mode 100644
index 0000000000..b47f7e187e
--- /dev/null
+++ b/testing/web-platform/tests/feature-policy/reporting/vr-reporting.https.html
@@ -0,0 +1,32 @@
+<!DOCTYPE html>
+<html>
+ <head>
+ <script src='/resources/testharness.js'></script>
+ <script src='/resources/testharnessreport.js'></script>
+ </head>
+ <body>
+ <script>
+var check_report_format = (reports, observer) => {
+ let report = reports[0];
+ assert_equals(report.type, "feature-policy-violation");
+ assert_equals(report.url, document.location.href);
+ assert_equals(report.body.featureId, "vr");
+ assert_equals(report.body.sourceFile, document.location.href);
+ assert_equals(typeof report.body.lineNumber, "number");
+ assert_equals(typeof report.body.columnNumber, "number");
+ assert_equals(report.body.disposition, "enforce");
+};
+
+promise_test(async (t) => {
+ const report = new Promise(resolve => {
+ new ReportingObserver((reports, observer) => resolve([reports, observer]),
+ {types: ['feature-policy-violation']}).observe();
+ });
+ await promise_rejects_dom(t, 'SecurityError', navigator.getVRDisplays(),
+ "VR device access should not be allowed in this document.");
+ const [reports, observer] = await report;
+ check_report_format(reports, observer);
+}, "VR Report Format");
+ </script>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/feature-policy/reporting/vr-reporting.https.html.headers b/testing/web-platform/tests/feature-policy/reporting/vr-reporting.https.html.headers
new file mode 100644
index 0000000000..d021af7563
--- /dev/null
+++ b/testing/web-platform/tests/feature-policy/reporting/vr-reporting.https.html.headers
@@ -0,0 +1 @@
+Feature-Policy: vr 'none'
diff --git a/testing/web-platform/tests/feature-policy/reporting/xr-reporting.https.html b/testing/web-platform/tests/feature-policy/reporting/xr-reporting.https.html
new file mode 100644
index 0000000000..d87d4fb028
--- /dev/null
+++ b/testing/web-platform/tests/feature-policy/reporting/xr-reporting.https.html
@@ -0,0 +1,33 @@
+<!DOCTYPE html>
+<html>
+ <head>
+ <script src='/resources/testharness.js'></script>
+ <script src='/resources/testharnessreport.js'></script>
+ </head>
+ <body>
+ <script>
+var check_report_format = (reports, observer) => {
+ let report = reports[0];
+ assert_equals(report.type, "permissions-policy-violation");
+ assert_equals(report.url, document.location.href);
+ assert_equals(report.body.featureId, "xr-spatial-tracking");
+ assert_equals(report.body.sourceFile, document.location.href);
+ assert_equals(typeof report.body.lineNumber, "number");
+ assert_equals(typeof report.body.columnNumber, "number");
+ assert_equals(report.body.disposition, "enforce");
+};
+
+promise_test(async (t) => {
+ const report = new Promise(resolve => {
+ new ReportingObserver((reports, observer) => resolve([reports, observer]),
+ {types: ['permissions-policy-violation']}).observe();
+ });
+ await promise_rejects_dom(t, 'SecurityError',
+ navigator.xr.isSessionSupported('immersive-vr'),
+ "XR spatial tracking should not be allowed in this document.");
+ const [reports, observer] = await report;
+ check_report_format(reports, observer);
+}, "XR Report Format");
+ </script>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/feature-policy/reporting/xr-reporting.https.html.headers b/testing/web-platform/tests/feature-policy/reporting/xr-reporting.https.html.headers
new file mode 100644
index 0000000000..2c75896233
--- /dev/null
+++ b/testing/web-platform/tests/feature-policy/reporting/xr-reporting.https.html.headers
@@ -0,0 +1 @@
+Feature-Policy: xr-spatial-tracking 'none'