summaryrefslogtreecommitdiffstats
path: root/testing/web-platform/tests/signed-exchange/reporting
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 09:22:09 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 09:22:09 +0000
commit43a97878ce14b72f0981164f87f2e35e14151312 (patch)
tree620249daf56c0258faa40cbdcf9cfba06de2a846 /testing/web-platform/tests/signed-exchange/reporting
parentInitial commit. (diff)
downloadfirefox-upstream.tar.xz
firefox-upstream.zip
Adding upstream version 110.0.1.upstream/110.0.1upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'testing/web-platform/tests/signed-exchange/reporting')
-rw-r--r--testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-cert_fetch_error-downgraded.tentative.html64
-rw-r--r--testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-cert_fetch_error.tentative.html76
-rw-r--r--testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-cert_parse_error-downgraded.tentative.html65
-rw-r--r--testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-cert_parse_error.tentative.html76
-rw-r--r--testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-cert_verification_error-downgraded.tentative.html65
-rw-r--r--testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-cert_verification_error.tentative.html60
-rw-r--r--testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-failed-zero-success-fraction.tentative.html69
-rw-r--r--testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-invalid_integrity_header.tentative.html61
-rw-r--r--testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-mi_error.tentative.html68
-rw-r--r--testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-ok-no-referrer.tentative.html59
-rw-r--r--testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-ok-origin-referrer.tentative.html59
-rw-r--r--testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-ok.tentative.html59
-rw-r--r--testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-parse_error.tentative.html65
-rw-r--r--testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-signature_verification_error-downgraded.tentative.html65
-rw-r--r--testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-signature_verification_error.tentative.html60
-rw-r--r--testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-cert_fetch_error-downgraded.tentative.html62
-rw-r--r--testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-cert_fetch_error.tentative.html73
-rw-r--r--testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-cert_parse_error-downgraded.tentative.html63
-rw-r--r--testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-cert_parse_error.tentative.html73
-rw-r--r--testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-cert_verification_error-downgraded.tentative.html62
-rw-r--r--testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-cert_verification_error.tentative.html57
-rw-r--r--testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-failed-zero-success-feaction.tentative.html67
-rw-r--r--testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-invalid_integrity_header.tentative.html58
-rw-r--r--testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-mi_error.tentative.html58
-rw-r--r--testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-ok.tentative.html56
-rw-r--r--testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-parse_error.tentative.html54
-rw-r--r--testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-signature_verification_error-downgraded.tentative.html62
-rw-r--r--testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-signature_verification_error.tentative.html57
28 files changed, 1773 insertions, 0 deletions
diff --git a/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-cert_fetch_error-downgraded.tentative.html b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-cert_fetch_error-downgraded.tentative.html
new file mode 100644
index 0000000000..ce20c4726e
--- /dev/null
+++ b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-cert_fetch_error-downgraded.tentative.html
@@ -0,0 +1,64 @@
+<!DOCTYPE html>
+<title>SXG reporting test of sxg.failed downgraded from sxg.cert_fetch_error for navigation</title>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/common/get-host-info.sub.js"></script>
+<script src="/network-error-logging/support/nel.sub.js"></script>
+<script src="../resources/sxg-util.js"></script>
+<body>
+<script>
+const alt_origin = get_host_info().HTTPS_NOTSAMESITE_ORIGIN;
+const test_origin = get_host_info().HTTPS_ORIGIN;
+
+nel_iframe_test(async t => {
+ await loadResourceWithBasicPolicyInIframe();
+ const sxg_url =
+ alt_origin + '/signed-exchange/resources/sxg/sxg-cert-not-found.sxg?navigation';
+ const cert_url = test_origin + '/signed-exchange/resources/not_found_certfile.cbor';
+ const message = await openSXGInIframeAndWaitForMessage(t, sxg_url);
+ assert_equals(message.location,
+ innerURLOrigin() + '/signed-exchange/resources/inner-url.html');
+ assert_true(message.is_fallback);
+ assert_true(await reportsExist([
+ {
+ url: sxg_url,
+ user_agent: navigator.userAgent,
+ type: "network-error",
+ body: {
+ phase: "sxg",
+ // The origin of this SXG's certURL is different from the reporting
+ // origin. So the report must be downgraded.
+ type: "sxg.failed",
+ elapsed_time: 0,
+ status_code: 200,
+ referrer: location.origin + '/',
+ sxg: {
+ outer_url: sxg_url,
+ inner_url:
+ innerURLOrigin() + '/signed-exchange/resources/inner-url.html',
+ cert_url: [cert_url]
+ }
+ },
+ metadata: {
+ content_type: "application/reports+json",
+ },
+ },
+ {
+ url: sxg_url,
+ user_agent: navigator.userAgent,
+ type: "network-error",
+ body: {
+ phase: "application",
+ type: "ok",
+ status_code: 200,
+ referrer: location.origin + '/',
+ },
+ metadata: {
+ content_type: "application/reports+json",
+ },
+ },
+ ]));
+}, 'SXG reporting test of sxg.failed downgraded from sxg.cert_fetch_error for' +
+ ' navigation.');
+</script>
+</body>
diff --git a/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-cert_fetch_error.tentative.html b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-cert_fetch_error.tentative.html
new file mode 100644
index 0000000000..15a7176e74
--- /dev/null
+++ b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-cert_fetch_error.tentative.html
@@ -0,0 +1,76 @@
+<!DOCTYPE html>
+<title>SXG reporting test of sxg.cert_fetch_error for navigation</title>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/common/get-host-info.sub.js"></script>
+<script src="/network-error-logging/support/nel.sub.js"></script>
+<script src="../resources/sxg-util.js"></script>
+<body>
+<script>
+const alt_origin = get_host_info().HTTPS_NOTSAMESITE_ORIGIN;
+
+nel_iframe_test(async t => {
+ await loadResourceWithBasicPolicyInIframe();
+ const sxg_url =
+ alt_origin +
+ '/signed-exchange/resources/sxg/sxg-cert-not-found-on-alt-origin.sxg?navigation';
+ const cert_url =
+ alt_origin + '/signed-exchange/resources/not_found_certfile.cbor';
+ const message = await openSXGInIframeAndWaitForMessage(t, sxg_url);
+ assert_equals(message.location,
+ innerURLOrigin() + '/signed-exchange/resources/inner-url.html');
+ assert_true(message.is_fallback);
+ assert_true(await reportsExist([
+ {
+ url: sxg_url,
+ user_agent: navigator.userAgent,
+ type: "network-error",
+ body: {
+ phase: "sxg",
+ // The origin of this SXG's certURL is same as the reporting origin. So
+ // the report must not be downgraded.
+ type: "sxg.cert_fetch_error",
+ status_code: 200,
+ referrer: location.origin + '/',
+ sxg: {
+ outer_url: sxg_url,
+ inner_url:
+ innerURLOrigin() + '/signed-exchange/resources/inner-url.html',
+ cert_url: [cert_url]
+ }
+ },
+ metadata: {
+ content_type: "application/reports+json",
+ },
+ },
+ {
+ url: sxg_url,
+ user_agent: navigator.userAgent,
+ type: "network-error",
+ body: {
+ phase: "application",
+ type: "ok",
+ status_code: 200,
+ referrer: location.origin + '/',
+ },
+ metadata: {
+ content_type: "application/reports+json",
+ },
+ },
+ {
+ url: cert_url,
+ user_agent: navigator.userAgent,
+ type: "network-error",
+ body: {
+ phase: "application",
+ type: "http.error",
+ status_code: 404,
+ },
+ metadata: {
+ content_type: "application/reports+json",
+ },
+ },
+ ]));
+}, 'SXG reporting test of sxg.cert_fetch_error for navigation.');
+</script>
+</body>
diff --git a/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-cert_parse_error-downgraded.tentative.html b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-cert_parse_error-downgraded.tentative.html
new file mode 100644
index 0000000000..e6cdad035e
--- /dev/null
+++ b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-cert_parse_error-downgraded.tentative.html
@@ -0,0 +1,65 @@
+<!DOCTYPE html>
+<title>SXG reporting test of sxg.failed downgraded from sxg.cert_parse_error for navigation</title>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/common/get-host-info.sub.js"></script>
+<script src="/network-error-logging/support/nel.sub.js"></script>
+<script src="../resources/sxg-util.js"></script>
+<body>
+<script>
+const alt_origin = get_host_info().HTTPS_NOTSAMESITE_ORIGIN;
+const test_origin = get_host_info().HTTPS_ORIGIN;
+
+nel_iframe_test(async t => {
+ await loadResourceWithBasicPolicyInIframe();
+ const sxg_url =
+ alt_origin +
+ '/signed-exchange/resources/sxg/sxg-invalid-cert-format.sxg?navigation';
+ const cert_url =
+ test_origin + '/signed-exchange/resources/invalid-cert-format.cbor';
+ const message = await openSXGInIframeAndWaitForMessage(t, sxg_url);
+ assert_equals(message.location,
+ innerURLOrigin() + '/signed-exchange/resources/inner-url.html');
+ assert_true(message.is_fallback);
+ assert_true(await reportsExist([
+ {
+ url: sxg_url,
+ user_agent: navigator.userAgent,
+ type: "network-error",
+ body: {
+ phase: "sxg",
+ // The origin of this SXG's certURL is different from the reporting
+ // origin. So the report must be downgraded.
+ type: "sxg.failed",
+ elapsed_time: 0,
+ status_code: 200,
+ referrer: location.origin + '/',
+ sxg: {
+ outer_url: sxg_url,
+ inner_url:
+ innerURLOrigin() + '/signed-exchange/resources/inner-url.html',
+ cert_url: [cert_url]
+ }
+ },
+ metadata: {
+ content_type: "application/reports+json",
+ },
+ },
+ {
+ url: sxg_url,
+ user_agent: navigator.userAgent,
+ type: "network-error",
+ body: {
+ phase: "application",
+ type: "ok",
+ status_code: 200,
+ referrer: location.origin + '/',
+ },
+ metadata: {
+ content_type: "application/reports+json",
+ },
+ },
+ ]));
+}, 'SXG reporting test of sxg.failed downgraded from sxg.cert_parse_error for navigation.');
+</script>
+</body>
diff --git a/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-cert_parse_error.tentative.html b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-cert_parse_error.tentative.html
new file mode 100644
index 0000000000..a0cc607bf5
--- /dev/null
+++ b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-cert_parse_error.tentative.html
@@ -0,0 +1,76 @@
+<!DOCTYPE html>
+<title>SXG reporting test of sxg.cert_parse_error for navigation</title>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/common/get-host-info.sub.js"></script>
+<script src="/network-error-logging/support/nel.sub.js"></script>
+<script src="../resources/sxg-util.js"></script>
+<body>
+<script>
+const alt_origin = get_host_info().HTTPS_NOTSAMESITE_ORIGIN;
+
+nel_iframe_test(async t => {
+ await loadResourceWithBasicPolicyInIframe();
+ const sxg_url =
+ alt_origin +
+ '/signed-exchange/resources/sxg/sxg-invalid-cert-format-on-alt-origin.sxg?navigation';
+ const cert_url =
+ alt_origin + '/signed-exchange/resources/invalid-cert-format.cbor';
+ const message = await openSXGInIframeAndWaitForMessage(t, sxg_url);
+ assert_equals(message.location,
+ innerURLOrigin() + '/signed-exchange/resources/inner-url.html');
+ assert_true(message.is_fallback);
+ assert_true(await reportsExist([
+ {
+ url: sxg_url,
+ user_agent: navigator.userAgent,
+ type: "network-error",
+ body: {
+ phase: "sxg",
+ // The origin of this SXG's certURL is same as the reporting origin. So
+ // the report must not be downgraded.
+ type: "sxg.cert_parse_error",
+ status_code: 200,
+ referrer: location.origin + '/',
+ sxg: {
+ outer_url: sxg_url,
+ inner_url:
+ innerURLOrigin() + '/signed-exchange/resources/inner-url.html',
+ cert_url: [cert_url]
+ }
+ },
+ metadata: {
+ content_type: "application/reports+json",
+ },
+ },
+ {
+ url: sxg_url,
+ user_agent: navigator.userAgent,
+ type: "network-error",
+ body: {
+ phase: "application",
+ type: "ok",
+ status_code: 200,
+ referrer: location.origin + '/',
+ },
+ metadata: {
+ content_type: "application/reports+json",
+ },
+ },
+ {
+ url: cert_url,
+ user_agent: navigator.userAgent,
+ type: "network-error",
+ body: {
+ phase: "application",
+ type: "ok",
+ status_code: 200,
+ },
+ metadata: {
+ content_type: "application/reports+json",
+ },
+ },
+ ]));
+}, 'SXG reporting test of sxg.cert_parse_error for navigation.');
+</script>
+</body>
diff --git a/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-cert_verification_error-downgraded.tentative.html b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-cert_verification_error-downgraded.tentative.html
new file mode 100644
index 0000000000..d3ad4204f2
--- /dev/null
+++ b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-cert_verification_error-downgraded.tentative.html
@@ -0,0 +1,65 @@
+<!DOCTYPE html>
+<title>SXG reporting test of sxg.failed downgraded from sxg.cert_verification_error for navigation</title>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/common/get-host-info.sub.js"></script>
+<script src="/network-error-logging/support/nel.sub.js"></script>
+<script src="../resources/sxg-util.js"></script>
+<body>
+<script>
+const alt_origin = get_host_info().HTTPS_NOTSAMESITE_ORIGIN;
+const test_origin = get_host_info().HTTPS_ORIGIN;
+
+nel_iframe_test(async t => {
+ await loadResourceWithBasicPolicyInIframe();
+ const sxg_url =
+ alt_origin +
+ '/signed-exchange/resources/sxg/sxg-validity-period-too-long.sxg?navigation';
+ const cert_url = test_origin + '/signed-exchange/resources/127.0.0.1.sxg.pem.cbor';
+ const message = await openSXGInIframeAndWaitForMessage(t, sxg_url);
+ assert_equals(message.location,
+ innerURLOrigin() + '/signed-exchange/resources/inner-url.html', 'location');
+ assert_true(message.is_fallback, 'is_fallback');
+ assert_true(await reportsExist([
+ {
+ url: sxg_url,
+ user_agent: navigator.userAgent,
+ type: "network-error",
+ body: {
+ phase: "sxg",
+ // The origin of this SXG's certURL is different from the reporting
+ // origin. So the report must be downgraded.
+ type: "sxg.failed",
+ elapsed_time: 0,
+ status_code: 200,
+ referrer: location.origin + '/',
+ sxg: {
+ outer_url: sxg_url,
+ inner_url:
+ innerURLOrigin() + '/signed-exchange/resources/inner-url.html',
+ cert_url: [cert_url]
+ }
+ },
+ metadata: {
+ content_type: "application/reports+json",
+ },
+ },
+ {
+ url: sxg_url,
+ user_agent: navigator.userAgent,
+ type: "network-error",
+ body: {
+ phase: "application",
+ type: "ok",
+ status_code: 200,
+ referrer: location.origin + '/',
+ },
+ metadata: {
+ content_type: "application/reports+json",
+ },
+ },
+ ]));
+}, 'SXG reporting test of sxg.failed downgraded from ' +
+ 'sxg.cert_verification_error for navigation.');
+</script>
+</body>
diff --git a/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-cert_verification_error.tentative.html b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-cert_verification_error.tentative.html
new file mode 100644
index 0000000000..04fd0e785c
--- /dev/null
+++ b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-cert_verification_error.tentative.html
@@ -0,0 +1,60 @@
+<!DOCTYPE html>
+<title>SXG reporting test of sxg.cert_verification_error for navigation</title>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/common/get-host-info.sub.js"></script>
+<script src="/network-error-logging/support/nel.sub.js"></script>
+<script src="../resources/sxg-util.js"></script>
+<body>
+<script>
+const alt_origin = get_host_info().HTTPS_NOTSAMESITE_ORIGIN;
+
+nel_iframe_test(async t => {
+ await loadResourceWithBasicPolicyInIframe();
+ const sxg_url =
+ alt_origin +
+ '/signed-exchange/resources/sxg/sxg-validity-period-too-long-cert-on-alt-origin.sxg?navigation';
+ const cert_url = alt_origin + '/signed-exchange/resources/127.0.0.1.sxg.pem.cbor';
+ const message = await openSXGInIframeAndWaitForMessage(t, sxg_url);
+ assert_equals(message.location,
+ innerURLOrigin() + '/signed-exchange/resources/inner-url.html');
+ assert_true(message.is_fallback);
+ assert_true(await reportsExist([
+ {
+ url: sxg_url,
+ user_agent: navigator.userAgent,
+ type: "network-error",
+ body: {
+ phase: "sxg",
+ type: "sxg.cert_verification_error",
+ status_code: 200,
+ referrer: location.origin + '/',
+ sxg: {
+ outer_url: sxg_url,
+ inner_url:
+ innerURLOrigin() + '/signed-exchange/resources/inner-url.html',
+ cert_url: [cert_url]
+ }
+ },
+ metadata: {
+ content_type: "application/reports+json",
+ },
+ },
+ {
+ url: sxg_url,
+ user_agent: navigator.userAgent,
+ type: "network-error",
+ body: {
+ phase: "application",
+ type: "ok",
+ status_code: 200,
+ referrer: location.origin + '/',
+ },
+ metadata: {
+ content_type: "application/reports+json",
+ },
+ },
+ ]));
+}, 'SXG reporting test of sxg.cert_verification_error for navigation.');
+</script>
+</body>
diff --git a/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-failed-zero-success-fraction.tentative.html b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-failed-zero-success-fraction.tentative.html
new file mode 100644
index 0000000000..a92735f714
--- /dev/null
+++ b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-failed-zero-success-fraction.tentative.html
@@ -0,0 +1,69 @@
+<!DOCTYPE html>
+<title>SXG reporting test of sxg.failed for navigation (zero success fraction)</title>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/common/get-host-info.sub.js"></script>
+<script src="/network-error-logging/support/nel.sub.js"></script>
+<script src="../resources/sxg-util.js"></script>
+<body>
+<script>
+const alt_origin = get_host_info().HTTPS_NOTSAMESITE_ORIGIN;
+const test_origin = get_host_info().HTTPS_ORIGIN;
+
+nel_iframe_test(async t => {
+ await loadResourceWithZeroSuccessFractionPolicyInIframe();
+ const sxg_url =
+ alt_origin + '/signed-exchange/resources/sxg/sxg-cert-not-found.sxg?navigation';
+ const cert_url = test_origin + '/signed-exchange/resources/not_found_certfile.cbor';
+ const message = await openSXGInIframeAndWaitForMessage(t, sxg_url);
+ assert_equals(message.location,
+ innerURLOrigin() + '/signed-exchange/resources/inner-url.html');
+ assert_true(message.is_fallback);
+ assert_true(await reportExists(
+ {
+ url: sxg_url,
+ user_agent: navigator.userAgent,
+ type: "network-error",
+ body: {
+ phase: "sxg",
+ // The origin of this SXG's certURL is different from the reporting
+ // origin. So the report must be downgraded.
+ type: "sxg.failed",
+ elapsed_time: 0,
+ status_code: 200,
+ referrer: location.origin + '/',
+ sxg: {
+ outer_url: sxg_url,
+ inner_url:
+ innerURLOrigin() + '/signed-exchange/resources/inner-url.html',
+ cert_url: cert_url
+ }
+ },
+ metadata: {
+ content_type: "application/reports+json",
+ },
+ }
+ ), 'SXG error reporting must be downgraded when the cert URL is different ' +
+ 'from the reporting origin');
+ assert_false(await reportExists(
+ {
+ url: sxg_url,
+ user_agent: navigator.userAgent,
+ type: "network-error",
+ body: {
+ phase: "application",
+ type: "ok",
+ status_code: 200,
+ referrer: location.origin + '/',
+ },
+ metadata: {
+ content_type: "application/reports+json",
+ },
+ }
+ ), 'Succeeded normal NEL report should not be sent when success fraction ' +
+ 'is zero.');
+}, 'SXG error report must be downgraded when the cert URL is different from ' +
+ 'the reporting origin. And succeeded normal NEL report should not be sent ' +
+ ' when success fraction is zero.');
+</script>
+</body>
diff --git a/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-invalid_integrity_header.tentative.html b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-invalid_integrity_header.tentative.html
new file mode 100644
index 0000000000..3e00d9dbe3
--- /dev/null
+++ b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-invalid_integrity_header.tentative.html
@@ -0,0 +1,61 @@
+<!DOCTYPE html>
+<title>SXG reporting test of sxg.invalid_integrity_header for navigation</title>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/common/get-host-info.sub.js"></script>
+<script src="/network-error-logging/support/nel.sub.js"></script>
+<script src="../resources/sxg-util.js"></script>
+<body>
+<script>
+const alt_origin = get_host_info().HTTPS_NOTSAMESITE_ORIGIN;
+const test_origin = get_host_info().HTTPS_ORIGIN;
+
+nel_iframe_test(async t => {
+ await loadResourceWithBasicPolicyInIframe();
+ const sxg_url =
+ alt_origin +
+ '/signed-exchange/resources/sxg/sxg-invalid-integrity-header.sxg?navigation';
+ const cert_url = test_origin + '/signed-exchange/resources/127.0.0.1.sxg.pem.cbor';
+ const message = await openSXGInIframeAndWaitForMessage(t, sxg_url);
+ assert_equals(message.location,
+ innerURLOrigin() + '/signed-exchange/resources/inner-url.html');
+ assert_true(message.is_fallback);
+ assert_true(await reportsExist([
+ {
+ url: sxg_url,
+ user_agent: navigator.userAgent,
+ type: "network-error",
+ body: {
+ phase: "sxg",
+ type: "sxg.invalid_integrity_header",
+ status_code: 200,
+ referrer: location.origin + '/',
+ sxg: {
+ outer_url: sxg_url,
+ inner_url:
+ innerURLOrigin() + '/signed-exchange/resources/inner-url.html',
+ cert_url: [cert_url]
+ }
+ },
+ metadata: {
+ content_type: "application/reports+json",
+ },
+ },
+ {
+ url: sxg_url,
+ user_agent: navigator.userAgent,
+ type: "network-error",
+ body: {
+ phase: "application",
+ type: "ok",
+ status_code: 200,
+ referrer: location.origin + '/',
+ },
+ metadata: {
+ content_type: "application/reports+json",
+ },
+ },
+ ]));
+}, 'SXG reporting test of sxg.invalid_integrity_header for navigation.');
+</script>
+</body>
diff --git a/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-mi_error.tentative.html b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-mi_error.tentative.html
new file mode 100644
index 0000000000..b6d7ba3b1a
--- /dev/null
+++ b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-mi_error.tentative.html
@@ -0,0 +1,68 @@
+<!DOCTYPE html>
+<title>SXG reporting test of sxg.mi_error for navigation</title>
+<meta name="timeout" content="long">
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/common/get-host-info.sub.js"></script>
+<script src="/network-error-logging/support/nel.sub.js"></script>
+<script src="../resources/sxg-util.js"></script>
+<body>
+<script>
+const alt_origin = get_host_info().HTTPS_NOTSAMESITE_ORIGIN;
+const test_origin = get_host_info().HTTPS_ORIGIN;
+
+nel_iframe_test(async t => {
+ await loadResourceWithBasicPolicyInIframe();
+ const sxg_url =
+ alt_origin +
+ '/signed-exchange/resources/sxg/sxg-merkle-integrity-error.sxg?navigation';
+ const cert_url = test_origin + '/signed-exchange/resources/127.0.0.1.sxg.pem.cbor';
+ try {
+ const message = await openSXGInIframeAndWaitForMessage(t, sxg_url);
+ if (message.is_fallback) {
+ assert_unreached('Fallback redirect should not have happened');
+ } else {
+ assert_unreached('SXG should not have loaded');
+ }
+ } catch (e) {
+ assert_equals(e, 'timeout');
+ }
+ assert_true(await reportsExist([
+ {
+ url: sxg_url,
+ user_agent: navigator.userAgent,
+ type: "network-error",
+ body: {
+ phase: "sxg",
+ type: "sxg.mi_error",
+ status_code: 200,
+ referrer: location.origin + '/',
+ sxg: {
+ outer_url: sxg_url,
+ inner_url:
+ innerURLOrigin() + '/signed-exchange/resources/inner-url.html',
+ cert_url: [cert_url]
+ }
+ },
+ metadata: {
+ content_type: "application/reports+json",
+ },
+ },
+ {
+ url: sxg_url,
+ user_agent: navigator.userAgent,
+ type: "network-error",
+ body: {
+ phase: "application",
+ type: "ok",
+ status_code: 200,
+ referrer: location.origin + '/',
+ },
+ metadata: {
+ content_type: "application/reports+json",
+ },
+ }
+ ]));
+}, 'SXG reporting test of sxg.mi_error for navigation.');
+</script>
+</body>
diff --git a/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-ok-no-referrer.tentative.html b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-ok-no-referrer.tentative.html
new file mode 100644
index 0000000000..b6cadbca50
--- /dev/null
+++ b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-ok-no-referrer.tentative.html
@@ -0,0 +1,59 @@
+<!DOCTYPE html>
+<title>SXG reporting test of ok for navigation with no-referrer</title>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/common/get-host-info.sub.js"></script>
+<script src="/network-error-logging/support/nel.sub.js"></script>
+<script src="../resources/sxg-util.js"></script>
+<body>
+<script>
+const alt_origin = get_host_info().HTTPS_NOTSAMESITE_ORIGIN;
+const test_origin = get_host_info().HTTPS_ORIGIN;
+
+nel_iframe_test(async t => {
+ await loadResourceWithBasicPolicyInIframe();
+ const sxg_url = alt_origin + '/signed-exchange/resources/sxg/sxg-location.sxg?navigation';
+ const cert_url = test_origin + '/signed-exchange/resources/127.0.0.1.sxg.pem.cbor';
+ const message = await openSXGInIframeAndWaitForMessage(t, sxg_url, 'no-referrer');
+ assert_equals(message.location,
+ innerURLOrigin() + '/signed-exchange/resources/inner-url.html');
+ assert_false(message.is_fallback);
+ assert_true(await reportsExist([
+ {
+ url: sxg_url,
+ user_agent: navigator.userAgent,
+ type: "network-error",
+ body: {
+ phase: "sxg",
+ type: "ok",
+ status_code: 200,
+ referrer: '',
+ sxg: {
+ outer_url: sxg_url,
+ inner_url:
+ innerURLOrigin() + '/signed-exchange/resources/inner-url.html',
+ cert_url: [cert_url]
+ }
+ },
+ metadata: {
+ content_type: "application/reports+json",
+ },
+ },
+ {
+ url: sxg_url,
+ user_agent: navigator.userAgent,
+ type: "network-error",
+ body: {
+ phase: "application",
+ type: "ok",
+ status_code: 200,
+ referrer: '',
+ },
+ metadata: {
+ content_type: "application/reports+json",
+ },
+ },
+ ]));
+}, 'SXG reporting test of ok for navigation with no-referrer.');
+</script>
+</body>
diff --git a/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-ok-origin-referrer.tentative.html b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-ok-origin-referrer.tentative.html
new file mode 100644
index 0000000000..351ad92782
--- /dev/null
+++ b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-ok-origin-referrer.tentative.html
@@ -0,0 +1,59 @@
+<!DOCTYPE html>
+<title>SXG reporting test of ok for navigation with origin referrer</title>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/common/get-host-info.sub.js"></script>
+<script src="/network-error-logging/support/nel.sub.js"></script>
+<script src="../resources/sxg-util.js"></script>
+<body>
+<script>
+const alt_origin = get_host_info().HTTPS_NOTSAMESITE_ORIGIN;
+const test_origin = get_host_info().HTTPS_ORIGIN;
+
+nel_iframe_test(async t => {
+ await loadResourceWithBasicPolicyInIframe();
+ const sxg_url = alt_origin + '/signed-exchange/resources/sxg/sxg-location.sxg?navigation';
+ const cert_url = test_origin + '/signed-exchange/resources/127.0.0.1.sxg.pem.cbor';
+ const message = await openSXGInIframeAndWaitForMessage(t, sxg_url, 'origin');
+ assert_equals(message.location,
+ innerURLOrigin() + '/signed-exchange/resources/inner-url.html');
+ assert_false(message.is_fallback);
+ assert_true(await reportsExist([
+ {
+ url: sxg_url,
+ user_agent: navigator.userAgent,
+ type: "network-error",
+ body: {
+ phase: "sxg",
+ type: "ok",
+ status_code: 200,
+ referrer: document.location.origin + '/',
+ sxg: {
+ outer_url: sxg_url,
+ inner_url:
+ innerURLOrigin() + '/signed-exchange/resources/inner-url.html',
+ cert_url: [cert_url]
+ }
+ },
+ metadata: {
+ content_type: "application/reports+json",
+ },
+ },
+ {
+ url: sxg_url,
+ user_agent: navigator.userAgent,
+ type: "network-error",
+ body: {
+ phase: "application",
+ type: "ok",
+ status_code: 200,
+ referrer: document.location.origin + '/',
+ },
+ metadata: {
+ content_type: "application/reports+json",
+ },
+ },
+ ]));
+}, 'SXG reporting test of ok for navigation with origin referrer.');
+</script>
+</body>
diff --git a/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-ok.tentative.html b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-ok.tentative.html
new file mode 100644
index 0000000000..0afa626d09
--- /dev/null
+++ b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-ok.tentative.html
@@ -0,0 +1,59 @@
+<!DOCTYPE html>
+<title>SXG reporting test of ok for navigation</title>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/common/get-host-info.sub.js"></script>
+<script src="/network-error-logging/support/nel.sub.js"></script>
+<script src="../resources/sxg-util.js"></script>
+<body>
+<script>
+const alt_origin = get_host_info().HTTPS_NOTSAMESITE_ORIGIN;
+const test_origin = get_host_info().HTTPS_ORIGIN;
+
+nel_iframe_test(async t => {
+ await loadResourceWithBasicPolicyInIframe();
+ const sxg_url = alt_origin + '/signed-exchange/resources/sxg/sxg-location.sxg?navigation';
+ const cert_url = test_origin + '/signed-exchange/resources/127.0.0.1.sxg.pem.cbor';
+ const message = await openSXGInIframeAndWaitForMessage(t, sxg_url);
+ assert_equals(message.location,
+ innerURLOrigin() + '/signed-exchange/resources/inner-url.html');
+ assert_false(message.is_fallback);
+ assert_true(await reportsExist([
+ {
+ url: sxg_url,
+ user_agent: navigator.userAgent,
+ type: "network-error",
+ body: {
+ phase: "sxg",
+ type: "ok",
+ status_code: 200,
+ referrer: location.origin + '/',
+ sxg: {
+ outer_url: sxg_url,
+ inner_url:
+ innerURLOrigin() + '/signed-exchange/resources/inner-url.html',
+ cert_url: [cert_url]
+ }
+ },
+ metadata: {
+ content_type: "application/reports+json",
+ },
+ },
+ {
+ url: sxg_url,
+ user_agent: navigator.userAgent,
+ type: "network-error",
+ body: {
+ phase: "application",
+ type: "ok",
+ status_code: 200,
+ referrer: location.origin + '/',
+ },
+ metadata: {
+ content_type: "application/reports+json",
+ },
+ },
+ ]));
+}, 'SXG success report must be sent for navigation.');
+</script>
+</body>
diff --git a/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-parse_error.tentative.html b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-parse_error.tentative.html
new file mode 100644
index 0000000000..95cd140cea
--- /dev/null
+++ b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-parse_error.tentative.html
@@ -0,0 +1,65 @@
+<!DOCTYPE html>
+<title>SXG reporting test of sxg.parse_error for navigation</title>
+<meta name="timeout" content="long">
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/common/get-host-info.sub.js"></script>
+<script src="/network-error-logging/support/nel.sub.js"></script>
+<script src="../resources/sxg-util.js"></script>
+<body>
+<script>
+const alt_origin = get_host_info().HTTPS_NOTSAMESITE_ORIGIN;
+
+nel_iframe_test(async t => {
+ await loadResourceWithBasicPolicyInIframe();
+ const sxg_url =
+ alt_origin +
+ '/signed-exchange/resources/sxg/sxg-invalid-format.sxg?navigation';
+ try {
+ const message = await openSXGInIframeAndWaitForMessage(t, sxg_url);
+ if (message.is_fallback) {
+ assert_unreached('Fallback redirect should not have happened');
+ } else {
+ assert_unreached('SXG should not have loaded');
+ }
+ } catch (e) {
+ assert_equals(e, 'timeout');
+ }
+
+ assert_true(await reportsExist([
+ {
+ url: sxg_url,
+ user_agent: navigator.userAgent,
+ type: "network-error",
+ body: {
+ phase: "sxg",
+ type: "sxg.parse_error",
+ status_code: 200,
+ referrer: location.origin + '/',
+ sxg: {
+ outer_url: sxg_url,
+ cert_url: []
+ }
+ },
+ metadata: {
+ content_type: "application/reports+json",
+ },
+ },
+ {
+ url: sxg_url,
+ user_agent: navigator.userAgent,
+ type: "network-error",
+ body: {
+ phase: "application",
+ type: "ok",
+ status_code: 200,
+ referrer: location.origin + '/',
+ },
+ metadata: {
+ content_type: "application/reports+json",
+ },
+ },
+ ]));
+}, 'SXG reporting test of sxg.parse_error for navigation.');
+</script>
+</body>
diff --git a/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-signature_verification_error-downgraded.tentative.html b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-signature_verification_error-downgraded.tentative.html
new file mode 100644
index 0000000000..2679ae5a6c
--- /dev/null
+++ b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-signature_verification_error-downgraded.tentative.html
@@ -0,0 +1,65 @@
+<!DOCTYPE html>
+<title>SXG reporting test of sxg.failed downgraded from sxg.signature_verification_error for navigation</title>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/common/get-host-info.sub.js"></script>
+<script src="/network-error-logging/support/nel.sub.js"></script>
+<script src="../resources/sxg-util.js"></script>
+<body>
+<script>
+const alt_origin = get_host_info().HTTPS_NOTSAMESITE_ORIGIN;
+const test_origin = get_host_info().HTTPS_ORIGIN;
+
+nel_iframe_test(async t => {
+ await loadResourceWithBasicPolicyInIframe();
+ const sxg_url =
+ alt_origin +
+ '/signed-exchange/resources/sxg/sxg-invalid-cert-sha256.sxg?navigation';
+ const cert_url = test_origin + '/signed-exchange/resources/127.0.0.1.sxg.pem.cbor';
+ const message = await openSXGInIframeAndWaitForMessage(t, sxg_url);
+ assert_equals(message.location,
+ innerURLOrigin() + '/signed-exchange/resources/inner-url.html');
+ assert_true(message.is_fallback);
+ assert_true(await reportsExist([
+ {
+ url: sxg_url,
+ user_agent: navigator.userAgent,
+ type: "network-error",
+ body: {
+ phase: "sxg",
+ // The origin of this SXG's certURL is different from the reporting
+ // origin. So the report must be downgraded.
+ type: "sxg.failed",
+ elapsed_time: 0,
+ status_code: 200,
+ referrer: location.origin + '/',
+ sxg: {
+ outer_url: sxg_url,
+ inner_url:
+ innerURLOrigin() + '/signed-exchange/resources/inner-url.html',
+ cert_url: [cert_url]
+ }
+ },
+ metadata: {
+ content_type: "application/reports+json",
+ },
+ },
+ {
+ url: sxg_url,
+ user_agent: navigator.userAgent,
+ type: "network-error",
+ body: {
+ phase: "application",
+ type: "ok",
+ status_code: 200,
+ referrer: location.origin + '/',
+ },
+ metadata: {
+ content_type: "application/reports+json",
+ },
+ },
+ ]));
+}, 'SXG reporting test of sxg.failed downgraded from ' +
+ 'sxg.signature_verification_error for navigation.');
+</script>
+</body>
diff --git a/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-signature_verification_error.tentative.html b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-signature_verification_error.tentative.html
new file mode 100644
index 0000000000..f3e0b8f0e6
--- /dev/null
+++ b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-signature_verification_error.tentative.html
@@ -0,0 +1,60 @@
+<!DOCTYPE html>
+<title>SXG reporting test of sxg.signature_verification_error for navigation</title>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/common/get-host-info.sub.js"></script>
+<script src="/network-error-logging/support/nel.sub.js"></script>
+<script src="../resources/sxg-util.js"></script>
+<body>
+<script>
+const alt_origin = get_host_info().HTTPS_NOTSAMESITE_ORIGIN;
+
+nel_iframe_test(async t => {
+ await loadResourceWithBasicPolicyInIframe();
+ const sxg_url =
+ alt_origin +
+ '/signed-exchange/resources/sxg/sxg-invalid-cert-sha256-cert-on-alt-origin.sxg?navigation';
+ const cert_url = alt_origin + '/signed-exchange/resources/127.0.0.1.sxg.pem.cbor';
+ const message = await openSXGInIframeAndWaitForMessage(t, sxg_url);
+ assert_equals(message.location,
+ innerURLOrigin() + '/signed-exchange/resources/inner-url.html');
+ assert_true(message.is_fallback);
+ assert_true(await reportsExist([
+ {
+ url: sxg_url,
+ user_agent: navigator.userAgent,
+ type: "network-error",
+ body: {
+ phase: "sxg",
+ type: "sxg.signature_verification_error",
+ status_code: 200,
+ referrer: location.origin + '/',
+ sxg: {
+ outer_url: sxg_url,
+ inner_url:
+ innerURLOrigin() + '/signed-exchange/resources/inner-url.html',
+ cert_url: [cert_url]
+ }
+ },
+ metadata: {
+ content_type: "application/reports+json",
+ },
+ },
+ {
+ url: sxg_url,
+ user_agent: navigator.userAgent,
+ type: "network-error",
+ body: {
+ phase: "application",
+ type: "ok",
+ status_code: 200,
+ referrer: location.origin + '/',
+ },
+ metadata: {
+ content_type: "application/reports+json",
+ },
+ },
+ ]));
+}, 'SXG reporting test of sxg.signature_verification_error for navigation.');
+</script>
+</body>
diff --git a/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-cert_fetch_error-downgraded.tentative.html b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-cert_fetch_error-downgraded.tentative.html
new file mode 100644
index 0000000000..82b5d8f11e
--- /dev/null
+++ b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-cert_fetch_error-downgraded.tentative.html
@@ -0,0 +1,62 @@
+<!DOCTYPE html>
+<title>SXG reporting test of sxg.failed downgraded from sxg.cert_fetch_error for prefetch</title>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/common/get-host-info.sub.js"></script>
+<script src="/network-error-logging/support/nel.sub.js"></script>
+<script src="../resources/sxg-util.js"></script>
+<body>
+<script>
+const alt_origin = get_host_info().HTTPS_NOTSAMESITE_ORIGIN;
+const test_origin = get_host_info().HTTPS_ORIGIN;
+
+nel_test(async t => {
+ await fetchResourceWithBasicPolicy();
+ const sxg_url =
+ alt_origin + '/signed-exchange/resources/sxg/sxg-cert-not-found.sxg?prefetch';
+ const cert_url =
+ test_origin + '/signed-exchange/resources/not_found_certfile.cbor';
+ addPrefetch(sxg_url);
+ assert_true(await reportsExist([
+ {
+ url: sxg_url,
+ user_agent: navigator.userAgent,
+ type: "network-error",
+ body: {
+ phase: "sxg",
+ // The origin of this SXG's certURL is different from the reporting
+ // origin. So the report must be downgraded.
+ type: "sxg.failed",
+ elapsed_time: 0,
+ status_code: 200,
+ referrer: location.origin + '/',
+ sxg: {
+ outer_url: sxg_url,
+ inner_url:
+ innerURLOrigin() + '/signed-exchange/resources/inner-url.html',
+ cert_url: [cert_url]
+ }
+ },
+ metadata: {
+ content_type: "application/reports+json",
+ },
+ },
+ {
+ url: sxg_url,
+ user_agent: navigator.userAgent,
+ type: "network-error",
+ body: {
+ phase: "application",
+ type: "ok",
+ status_code: 200,
+ referrer: location.origin + '/',
+ },
+ metadata: {
+ content_type: "application/reports+json",
+ },
+ },
+ ]));
+}, 'SXG reporting test of sxg.failed downgraded from ' +
+ 'sxg.cert_fetch_error for prefetch.');
+</script>
+</body>
diff --git a/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-cert_fetch_error.tentative.html b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-cert_fetch_error.tentative.html
new file mode 100644
index 0000000000..32e3cad1b0
--- /dev/null
+++ b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-cert_fetch_error.tentative.html
@@ -0,0 +1,73 @@
+<!DOCTYPE html>
+<title>SXG reporting test of sxg.cert_fetch_error for prefetch</title>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/common/get-host-info.sub.js"></script>
+<script src="/network-error-logging/support/nel.sub.js"></script>
+<script src="../resources/sxg-util.js"></script>
+<body>
+<script>
+const alt_origin = get_host_info().HTTPS_NOTSAMESITE_ORIGIN;
+
+nel_test(async t => {
+ await fetchResourceWithBasicPolicy();
+ const sxg_url =
+ alt_origin +
+ '/signed-exchange/resources/sxg/sxg-cert-not-found-on-alt-origin.sxg?prefetch';
+ const cert_url =
+ alt_origin + '/signed-exchange/resources/not_found_certfile.cbor';
+ addPrefetch(sxg_url);
+ assert_true(await reportsExist([
+ {
+ url: sxg_url,
+ user_agent: navigator.userAgent,
+ type: "network-error",
+ body: {
+ phase: "sxg",
+ // The origin of this SXG's certURL is same as the reporting origin. So
+ // the report must not be downgraded.
+ type: "sxg.cert_fetch_error",
+ status_code: 200,
+ referrer: location.origin + '/',
+ sxg: {
+ outer_url: sxg_url,
+ inner_url:
+ innerURLOrigin() + '/signed-exchange/resources/inner-url.html',
+ cert_url: [cert_url]
+ }
+ },
+ metadata: {
+ content_type: "application/reports+json",
+ },
+ },
+ {
+ url: sxg_url,
+ user_agent: navigator.userAgent,
+ type: "network-error",
+ body: {
+ phase: "application",
+ type: "ok",
+ status_code: 200,
+ referrer: location.origin + '/',
+ },
+ metadata: {
+ content_type: "application/reports+json",
+ },
+ },
+ {
+ url: cert_url,
+ user_agent: navigator.userAgent,
+ type: "network-error",
+ body: {
+ phase: "application",
+ type: "http.error",
+ status_code: 404,
+ },
+ metadata: {
+ content_type: "application/reports+json",
+ },
+ },
+ ]));
+}, 'SXG reporting test of sxg.cert_fetch_error for prefetch.');
+</script>
+</body>
diff --git a/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-cert_parse_error-downgraded.tentative.html b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-cert_parse_error-downgraded.tentative.html
new file mode 100644
index 0000000000..bbad6032e2
--- /dev/null
+++ b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-cert_parse_error-downgraded.tentative.html
@@ -0,0 +1,63 @@
+<!DOCTYPE html>
+<title>SXG reporting test of sxg.failed downgraded from sxg.cert_parse_error for prefetch</title>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/common/get-host-info.sub.js"></script>
+<script src="/network-error-logging/support/nel.sub.js"></script>
+<script src="../resources/sxg-util.js"></script>
+<body>
+<script>
+const alt_origin = get_host_info().HTTPS_NOTSAMESITE_ORIGIN;
+const test_origin = get_host_info().HTTPS_ORIGIN;
+
+nel_test(async t => {
+ await fetchResourceWithBasicPolicy();
+ const sxg_url =
+ alt_origin +
+ '/signed-exchange/resources/sxg/sxg-invalid-cert-format.sxg?prefetch';
+ const cert_url =
+ test_origin + '/signed-exchange/resources/invalid-cert-format.cbor';
+ addPrefetch(sxg_url);
+ assert_true(await reportsExist([
+ {
+ url: sxg_url,
+ user_agent: navigator.userAgent,
+ type: "network-error",
+ body: {
+ phase: "sxg",
+ // The origin of this SXG's certURL is different from the reporting
+ // origin. So the report must be downgraded.
+ type: "sxg.failed",
+ elapsed_time: 0,
+ status_code: 200,
+ referrer: location.origin + '/',
+ sxg: {
+ outer_url: sxg_url,
+ inner_url:
+ innerURLOrigin() + '/signed-exchange/resources/inner-url.html',
+ cert_url: [cert_url]
+ }
+ },
+ metadata: {
+ content_type: "application/reports+json",
+ },
+ },
+ {
+ url: sxg_url,
+ user_agent: navigator.userAgent,
+ type: "network-error",
+ body: {
+ phase: "application",
+ type: "ok",
+ status_code: 200,
+ referrer: location.origin + '/',
+ },
+ metadata: {
+ content_type: "application/reports+json",
+ },
+ },
+ ]));
+}, 'SXG reporting test of sxg.failed downgraded from sxg.cert_parse_error for' +
+ ' prefetch.');
+</script>
+</body>
diff --git a/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-cert_parse_error.tentative.html b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-cert_parse_error.tentative.html
new file mode 100644
index 0000000000..a6ea9e4eed
--- /dev/null
+++ b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-cert_parse_error.tentative.html
@@ -0,0 +1,73 @@
+<!DOCTYPE html>
+<title>SXG reporting test of sxg.cert_parse_error for prefetch</title>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/common/get-host-info.sub.js"></script>
+<script src="/network-error-logging/support/nel.sub.js"></script>
+<script src="../resources/sxg-util.js"></script>
+<body>
+<script>
+const alt_origin = get_host_info().HTTPS_NOTSAMESITE_ORIGIN;
+
+nel_test(async t => {
+ await fetchResourceWithBasicPolicy();
+ const sxg_url =
+ alt_origin +
+ '/signed-exchange/resources/sxg/sxg-invalid-cert-format-on-alt-origin.sxg?prefetch';
+ const cert_url =
+ alt_origin + '/signed-exchange/resources/invalid-cert-format.cbor';
+ addPrefetch(sxg_url);
+ assert_true(await reportsExist([
+ {
+ url: sxg_url,
+ user_agent: navigator.userAgent,
+ type: "network-error",
+ body: {
+ phase: "sxg",
+ // The origin of this SXG's certURL is same as the reporting origin. So
+ // the report must not be downgraded.
+ type: "sxg.cert_parse_error",
+ status_code: 200,
+ referrer: location.origin + '/',
+ sxg: {
+ outer_url: sxg_url,
+ inner_url:
+ innerURLOrigin() + '/signed-exchange/resources/inner-url.html',
+ cert_url: [cert_url]
+ }
+ },
+ metadata: {
+ content_type: "application/reports+json",
+ },
+ },
+ {
+ url: sxg_url,
+ user_agent: navigator.userAgent,
+ type: "network-error",
+ body: {
+ phase: "application",
+ type: "ok",
+ status_code: 200,
+ referrer: location.origin + '/',
+ },
+ metadata: {
+ content_type: "application/reports+json",
+ },
+ },
+ {
+ url: cert_url,
+ user_agent: navigator.userAgent,
+ type: "network-error",
+ body: {
+ phase: "application",
+ type: "ok",
+ status_code: 200,
+ },
+ metadata: {
+ content_type: "application/reports+json",
+ },
+ },
+ ]));
+}, 'SXG reporting test of sxg.cert_parse_error for prefetch.');
+</script>
+</body>
diff --git a/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-cert_verification_error-downgraded.tentative.html b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-cert_verification_error-downgraded.tentative.html
new file mode 100644
index 0000000000..b25bf491da
--- /dev/null
+++ b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-cert_verification_error-downgraded.tentative.html
@@ -0,0 +1,62 @@
+<!DOCTYPE html>
+<title>SXG reporting test of sxg.failed downgraded from sxg.cert_verification_error for prefetch</title>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/common/get-host-info.sub.js"></script>
+<script src="/network-error-logging/support/nel.sub.js"></script>
+<script src="../resources/sxg-util.js"></script>
+<body>
+<script>
+const alt_origin = get_host_info().HTTPS_NOTSAMESITE_ORIGIN;
+const test_origin = get_host_info().HTTPS_ORIGIN;
+
+nel_test(async t => {
+ await fetchResourceWithBasicPolicy();
+ const sxg_url =
+ alt_origin +
+ '/signed-exchange/resources/sxg/sxg-validity-period-too-long.sxg?prefetch';
+ const cert_url = test_origin + '/signed-exchange/resources/127.0.0.1.sxg.pem.cbor';
+ addPrefetch(sxg_url);
+ assert_true(await reportsExist([
+ {
+ url: sxg_url,
+ user_agent: navigator.userAgent,
+ type: "network-error",
+ body: {
+ phase: "sxg",
+ // The origin of this SXG's certURL is different from the reporting
+ // origin. So the report must be downgraded.
+ type: "sxg.failed",
+ elapsed_time: 0,
+ status_code: 200,
+ referrer: location.origin + '/',
+ sxg: {
+ outer_url: sxg_url,
+ inner_url:
+ innerURLOrigin() + '/signed-exchange/resources/inner-url.html',
+ cert_url: [cert_url]
+ }
+ },
+ metadata: {
+ content_type: "application/reports+json",
+ },
+ },
+ {
+ url: sxg_url,
+ user_agent: navigator.userAgent,
+ type: "network-error",
+ body: {
+ phase: "application",
+ type: "ok",
+ status_code: 200,
+ referrer: location.origin + '/',
+ },
+ metadata: {
+ content_type: "application/reports+json",
+ },
+ },
+ ]));
+}, 'SXG reporting test of sxg.failed downgraded from ' +
+ 'sxg.cert_verification_error for prefetch.');
+</script>
+</body>
diff --git a/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-cert_verification_error.tentative.html b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-cert_verification_error.tentative.html
new file mode 100644
index 0000000000..f31a4c49d4
--- /dev/null
+++ b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-cert_verification_error.tentative.html
@@ -0,0 +1,57 @@
+<!DOCTYPE html>
+<title>SXG reporting test of sxg.cert_verification_error for prefetch</title>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/common/get-host-info.sub.js"></script>
+<script src="/network-error-logging/support/nel.sub.js"></script>
+<script src="../resources/sxg-util.js"></script>
+<body>
+<script>
+const alt_origin = get_host_info().HTTPS_NOTSAMESITE_ORIGIN;
+
+nel_test(async t => {
+ await fetchResourceWithBasicPolicy();
+ const sxg_url =
+ alt_origin +
+ '/signed-exchange/resources/sxg/sxg-validity-period-too-long-cert-on-alt-origin.sxg?prefetch';
+ const cert_url = alt_origin + '/signed-exchange/resources/127.0.0.1.sxg.pem.cbor';
+ addPrefetch(sxg_url);
+ assert_true(await reportsExist([
+ {
+ url: sxg_url,
+ user_agent: navigator.userAgent,
+ type: "network-error",
+ body: {
+ phase: "sxg",
+ type: "sxg.cert_verification_error",
+ status_code: 200,
+ referrer: location.origin + '/',
+ sxg: {
+ outer_url: sxg_url,
+ inner_url:
+ innerURLOrigin() + '/signed-exchange/resources/inner-url.html',
+ cert_url: [cert_url]
+ }
+ },
+ metadata: {
+ content_type: "application/reports+json",
+ },
+ },
+ {
+ url: sxg_url,
+ user_agent: navigator.userAgent,
+ type: "network-error",
+ body: {
+ phase: "application",
+ type: "ok",
+ status_code: 200,
+ referrer: location.origin + '/',
+ },
+ metadata: {
+ content_type: "application/reports+json",
+ },
+ },
+ ]));
+}, 'SXG reporting test of sxg.cert_verification_error for prefetch.');
+</script>
+</body>
diff --git a/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-failed-zero-success-feaction.tentative.html b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-failed-zero-success-feaction.tentative.html
new file mode 100644
index 0000000000..faa02bc0eb
--- /dev/null
+++ b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-failed-zero-success-feaction.tentative.html
@@ -0,0 +1,67 @@
+<!DOCTYPE html>
+<title>SXG reporting test of sxg.failed for prefetch (zero success fraction)</title>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/common/get-host-info.sub.js"></script>
+<script src="/network-error-logging/support/nel.sub.js"></script>
+<script src="../resources/sxg-util.js"></script>
+<body>
+<script>
+const alt_origin = get_host_info().HTTPS_NOTSAMESITE_ORIGIN;
+const test_origin = get_host_info().HTTPS_ORIGIN;
+
+nel_test(async t => {
+ await fetchResourceWithZeroSuccessFractionPolicy();
+ const sxg_url =
+ alt_origin + '/signed-exchange/resources/sxg/sxg-cert-not-found.sxg?prefetch';
+ const cert_url =
+ test_origin + '/signed-exchange/resources/not_found_certfile.cbor';
+ addPrefetch(sxg_url);
+ assert_true(await reportExists(
+ {
+ url: sxg_url,
+ user_agent: navigator.userAgent,
+ type: "network-error",
+ body: {
+ phase: "sxg",
+ // The origin of this SXG's certURL is different from the reporting
+ // origin. So the report must be downgraded.
+ type: "sxg.failed",
+ elapsed_time: 0,
+ status_code: 200,
+ referrer: location.origin + '/',
+ sxg: {
+ outer_url: sxg_url,
+ inner_url:
+ innerURLOrigin() + '/signed-exchange/resources/inner-url.html',
+ cert_url: [cert_url]
+ }
+ },
+ metadata: {
+ content_type: "application/reports+json",
+ },
+ },
+ ), 'SXG error reporting must be downgraded when the cert URL is different ' +
+ 'from the reporting origin');
+ assert_false(await reportExists(
+ {
+ url: sxg_url,
+ user_agent: navigator.userAgent,
+ type: "network-error",
+ body: {
+ phase: "application",
+ type: "ok",
+ status_code: 200,
+ referrer: location.origin + '/',
+ },
+ metadata: {
+ content_type: "application/reports+json",
+ },
+ }
+ ), 'Succeeded normal NEL report should not be sent when success fraction ' +
+ 'is zero.');
+}, 'SXG error report must be downgraded when the cert URL is different from ' +
+ 'the reporting origin. And succeeded normal NEL report should not be sent ' +
+ ' when success fraction is zero.');
+</script>
+</body>
diff --git a/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-invalid_integrity_header.tentative.html b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-invalid_integrity_header.tentative.html
new file mode 100644
index 0000000000..990b4a387e
--- /dev/null
+++ b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-invalid_integrity_header.tentative.html
@@ -0,0 +1,58 @@
+<!DOCTYPE html>
+<title>SXG reporting test of sxg.invalid_integrity_header for prefetch</title>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/common/get-host-info.sub.js"></script>
+<script src="/network-error-logging/support/nel.sub.js"></script>
+<script src="../resources/sxg-util.js"></script>
+<body>
+<script>
+const alt_origin = get_host_info().HTTPS_NOTSAMESITE_ORIGIN;
+const test_origin = get_host_info().HTTPS_ORIGIN;
+
+nel_test(async t => {
+ await fetchResourceWithBasicPolicy();
+ const sxg_url =
+ alt_origin +
+ '/signed-exchange/resources/sxg/sxg-invalid-integrity-header.sxg?prefetch';
+ const cert_url = test_origin + '/signed-exchange/resources/127.0.0.1.sxg.pem.cbor';
+ addPrefetch(sxg_url);
+ assert_true(await reportsExist([
+ {
+ url: sxg_url,
+ user_agent: navigator.userAgent,
+ type: "network-error",
+ body: {
+ phase: "sxg",
+ type: "sxg.invalid_integrity_header",
+ status_code: 200,
+ referrer: location.origin + '/',
+ sxg: {
+ outer_url: sxg_url,
+ inner_url:
+ innerURLOrigin() + '/signed-exchange/resources/inner-url.html',
+ cert_url: [cert_url]
+ }
+ },
+ metadata: {
+ content_type: "application/reports+json",
+ },
+ },
+ {
+ url: sxg_url,
+ user_agent: navigator.userAgent,
+ type: "network-error",
+ body: {
+ phase: "application",
+ type: "ok",
+ status_code: 200,
+ referrer: location.origin + '/',
+ },
+ metadata: {
+ content_type: "application/reports+json",
+ },
+ },
+ ]));
+}, 'SXG reporting test of sxg.invalid_integrity_header for prefetch.');
+</script>
+</body>
diff --git a/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-mi_error.tentative.html b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-mi_error.tentative.html
new file mode 100644
index 0000000000..f265a92058
--- /dev/null
+++ b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-mi_error.tentative.html
@@ -0,0 +1,58 @@
+<!DOCTYPE html>
+<title>SXG reporting test of sxg.mi_error for prefetch</title>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/common/get-host-info.sub.js"></script>
+<script src="/network-error-logging/support/nel.sub.js"></script>
+<script src="../resources/sxg-util.js"></script>
+<body>
+<script>
+const alt_origin = get_host_info().HTTPS_NOTSAMESITE_ORIGIN;
+const test_origin = get_host_info().HTTPS_ORIGIN;
+
+nel_test(async t => {
+ await fetchResourceWithBasicPolicy();
+ const sxg_url =
+ alt_origin +
+ '/signed-exchange/resources/sxg/sxg-merkle-integrity-error.sxg?prefetch';
+ const cert_url = test_origin + '/signed-exchange/resources/127.0.0.1.sxg.pem.cbor';
+ addPrefetch(sxg_url);
+ assert_true(await reportsExist([
+ {
+ url: sxg_url,
+ user_agent: navigator.userAgent,
+ type: "network-error",
+ body: {
+ phase: "sxg",
+ type: "sxg.mi_error",
+ status_code: 200,
+ referrer: location.origin + '/',
+ sxg: {
+ outer_url: sxg_url,
+ inner_url:
+ innerURLOrigin() + '/signed-exchange/resources/inner-url.html',
+ cert_url: [cert_url]
+ }
+ },
+ metadata: {
+ content_type: "application/reports+json",
+ },
+ },
+ {
+ url: sxg_url,
+ user_agent: navigator.userAgent,
+ type: "network-error",
+ body: {
+ phase: "application",
+ type: "ok",
+ status_code: 200,
+ referrer: location.origin + '/',
+ },
+ metadata: {
+ content_type: "application/reports+json",
+ },
+ }
+ ]));
+}, 'SXG reporting test of sxg.mi_error for prefetch.');
+</script>
+</body>
diff --git a/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-ok.tentative.html b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-ok.tentative.html
new file mode 100644
index 0000000000..e3c6a0eeea
--- /dev/null
+++ b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-ok.tentative.html
@@ -0,0 +1,56 @@
+<!DOCTYPE html>
+<title>SXG reporting test of ok for prefetch</title>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/common/get-host-info.sub.js"></script>
+<script src="/network-error-logging/support/nel.sub.js"></script>
+<script src="../resources/sxg-util.js"></script>
+<body>
+<script>
+const alt_origin = get_host_info().HTTPS_NOTSAMESITE_ORIGIN;
+const test_origin = get_host_info().HTTPS_ORIGIN;
+
+nel_test(async t => {
+ await fetchResourceWithBasicPolicy();
+ const sxg_url = alt_origin + '/signed-exchange/resources/sxg/sxg-location.sxg?prefetch';
+ const cert_url = test_origin + '/signed-exchange/resources/127.0.0.1.sxg.pem.cbor';
+ addPrefetch(sxg_url);
+ assert_true(await reportsExist([
+ {
+ url: sxg_url,
+ user_agent: navigator.userAgent,
+ type: "network-error",
+ body: {
+ phase: "sxg",
+ type: "ok",
+ status_code: 200,
+ referrer: location.origin + '/',
+ sxg: {
+ outer_url: sxg_url,
+ inner_url:
+ innerURLOrigin() + '/signed-exchange/resources/inner-url.html',
+ cert_url: [cert_url]
+ }
+ },
+ metadata: {
+ content_type: "application/reports+json",
+ },
+ },
+ {
+ url: sxg_url,
+ user_agent: navigator.userAgent,
+ type: "network-error",
+ body: {
+ phase: "application",
+ type: "ok",
+ status_code: 200,
+ referrer: location.origin + '/',
+ },
+ metadata: {
+ content_type: "application/reports+json",
+ },
+ },
+ ]));
+}, 'SXG success report must be sent for prefetching.');
+</script>
+</body>
diff --git a/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-parse_error.tentative.html b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-parse_error.tentative.html
new file mode 100644
index 0000000000..2e2b860e22
--- /dev/null
+++ b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-parse_error.tentative.html
@@ -0,0 +1,54 @@
+<!DOCTYPE html>
+<title>SXG reporting test of sxg.parse_error for prefetch</title>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/common/get-host-info.sub.js"></script>
+<script src="/network-error-logging/support/nel.sub.js"></script>
+<script src="../resources/sxg-util.js"></script>
+<body>
+<script>
+const alt_origin = get_host_info().HTTPS_NOTSAMESITE_ORIGIN;
+
+nel_test(async t => {
+ await fetchResourceWithBasicPolicy();
+ const sxg_url =
+ alt_origin +
+ '/signed-exchange/resources/sxg/sxg-invalid-format.sxg?prefetch';
+ addPrefetch(sxg_url);
+ assert_true(await reportsExist([
+ {
+ url: sxg_url,
+ user_agent: navigator.userAgent,
+ type: "network-error",
+ body: {
+ phase: "sxg",
+ type: "sxg.parse_error",
+ status_code: 200,
+ referrer: location.origin + '/',
+ sxg: {
+ outer_url: sxg_url,
+ cert_url: []
+ }
+ },
+ metadata: {
+ content_type: "application/reports+json",
+ },
+ },
+ {
+ url: sxg_url,
+ user_agent: navigator.userAgent,
+ type: "network-error",
+ body: {
+ phase: "application",
+ type: "ok",
+ status_code: 200,
+ referrer: location.origin + '/',
+ },
+ metadata: {
+ content_type: "application/reports+json",
+ },
+ },
+ ]));
+}, 'SXG reporting test of sxg.parse_error for prefetch.');
+</script>
+</body>
diff --git a/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-signature_verification_error-downgraded.tentative.html b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-signature_verification_error-downgraded.tentative.html
new file mode 100644
index 0000000000..fbeaeecff9
--- /dev/null
+++ b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-signature_verification_error-downgraded.tentative.html
@@ -0,0 +1,62 @@
+<!DOCTYPE html>
+<title>SXG reporting test of sxg.failed downgraded from sxg.signature_verification_error for prefetch</title>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/common/get-host-info.sub.js"></script>
+<script src="/network-error-logging/support/nel.sub.js"></script>
+<script src="../resources/sxg-util.js"></script>
+<body>
+<script>
+const alt_origin = get_host_info().HTTPS_NOTSAMESITE_ORIGIN;
+const test_origin = get_host_info().HTTPS_ORIGIN;
+
+nel_test(async t => {
+ await fetchResourceWithBasicPolicy();
+ const sxg_url =
+ alt_origin +
+ '/signed-exchange/resources/sxg/sxg-invalid-cert-sha256.sxg?prefetch';
+ const cert_url = test_origin + '/signed-exchange/resources/127.0.0.1.sxg.pem.cbor';
+ addPrefetch(sxg_url);
+ assert_true(await reportsExist([
+ {
+ url: sxg_url,
+ user_agent: navigator.userAgent,
+ type: "network-error",
+ body: {
+ phase: "sxg",
+ // The origin of this SXG's certURL is different from the reporting
+ // origin. So the report must be downgraded.
+ type: "sxg.failed",
+ elapsed_time: 0,
+ status_code: 200,
+ referrer: location.origin + '/',
+ sxg: {
+ outer_url: sxg_url,
+ inner_url:
+ innerURLOrigin() + '/signed-exchange/resources/inner-url.html',
+ cert_url: [cert_url]
+ }
+ },
+ metadata: {
+ content_type: "application/reports+json",
+ },
+ },
+ {
+ url: sxg_url,
+ user_agent: navigator.userAgent,
+ type: "network-error",
+ body: {
+ phase: "application",
+ type: "ok",
+ status_code: 200,
+ referrer: location.origin + '/',
+ },
+ metadata: {
+ content_type: "application/reports+json",
+ },
+ },
+ ]));
+}, 'SXG reporting test of sxg.failed downgraded from ' +
+ 'sxg.signature_verification_error for prefetch.');
+</script>
+</body>
diff --git a/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-signature_verification_error.tentative.html b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-signature_verification_error.tentative.html
new file mode 100644
index 0000000000..f3805ad693
--- /dev/null
+++ b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-signature_verification_error.tentative.html
@@ -0,0 +1,57 @@
+<!DOCTYPE html>
+<title>SXG reporting test of sxg.signature_verification_error for prefetch</title>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/common/get-host-info.sub.js"></script>
+<script src="/network-error-logging/support/nel.sub.js"></script>
+<script src="../resources/sxg-util.js"></script>
+<body>
+<script>
+const alt_origin = get_host_info().HTTPS_NOTSAMESITE_ORIGIN;
+
+nel_test(async t => {
+ await fetchResourceWithBasicPolicy();
+ const sxg_url =
+ alt_origin +
+ '/signed-exchange/resources/sxg/sxg-invalid-cert-sha256-cert-on-alt-origin.sxg?prefetch';
+ const cert_url = alt_origin + '/signed-exchange/resources/127.0.0.1.sxg.pem.cbor';
+ addPrefetch(sxg_url);
+ assert_true(await reportsExist([
+ {
+ url: sxg_url,
+ user_agent: navigator.userAgent,
+ type: "network-error",
+ body: {
+ phase: "sxg",
+ type: "sxg.signature_verification_error",
+ status_code: 200,
+ referrer: location.origin + '/',
+ sxg: {
+ outer_url: sxg_url,
+ inner_url:
+ innerURLOrigin() + '/signed-exchange/resources/inner-url.html',
+ cert_url: [cert_url]
+ }
+ },
+ metadata: {
+ content_type: "application/reports+json",
+ },
+ },
+ {
+ url: sxg_url,
+ user_agent: navigator.userAgent,
+ type: "network-error",
+ body: {
+ phase: "application",
+ type: "ok",
+ status_code: 200,
+ referrer: location.origin + '/',
+ },
+ metadata: {
+ content_type: "application/reports+json",
+ },
+ },
+ ]));
+}, 'SXG reporting test of sxg.signature_verification_error for prefetch.');
+</script>
+</body>