diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 09:22:09 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 09:22:09 +0000 |
commit | 43a97878ce14b72f0981164f87f2e35e14151312 (patch) | |
tree | 620249daf56c0258faa40cbdcf9cfba06de2a846 /testing/web-platform/tests/signed-exchange/reporting | |
parent | Initial commit. (diff) | |
download | firefox-upstream.tar.xz firefox-upstream.zip |
Adding upstream version 110.0.1.upstream/110.0.1upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'testing/web-platform/tests/signed-exchange/reporting')
28 files changed, 1773 insertions, 0 deletions
diff --git a/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-cert_fetch_error-downgraded.tentative.html b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-cert_fetch_error-downgraded.tentative.html new file mode 100644 index 0000000000..ce20c4726e --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-cert_fetch_error-downgraded.tentative.html @@ -0,0 +1,64 @@ +<!DOCTYPE html> +<title>SXG reporting test of sxg.failed downgraded from sxg.cert_fetch_error for navigation</title> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/common/get-host-info.sub.js"></script> +<script src="/network-error-logging/support/nel.sub.js"></script> +<script src="../resources/sxg-util.js"></script> +<body> +<script> +const alt_origin = get_host_info().HTTPS_NOTSAMESITE_ORIGIN; +const test_origin = get_host_info().HTTPS_ORIGIN; + +nel_iframe_test(async t => { + await loadResourceWithBasicPolicyInIframe(); + const sxg_url = + alt_origin + '/signed-exchange/resources/sxg/sxg-cert-not-found.sxg?navigation'; + const cert_url = test_origin + '/signed-exchange/resources/not_found_certfile.cbor'; + const message = await openSXGInIframeAndWaitForMessage(t, sxg_url); + assert_equals(message.location, + innerURLOrigin() + '/signed-exchange/resources/inner-url.html'); + assert_true(message.is_fallback); + assert_true(await reportsExist([ + { + url: sxg_url, + user_agent: navigator.userAgent, + type: "network-error", + body: { + phase: "sxg", + // The origin of this SXG's certURL is different from the reporting + // origin. So the report must be downgraded. + type: "sxg.failed", + elapsed_time: 0, + status_code: 200, + referrer: location.origin + '/', + sxg: { + outer_url: sxg_url, + inner_url: + innerURLOrigin() + '/signed-exchange/resources/inner-url.html', + cert_url: [cert_url] + } + }, + metadata: { + content_type: "application/reports+json", + }, + }, + { + url: sxg_url, + user_agent: navigator.userAgent, + type: "network-error", + body: { + phase: "application", + type: "ok", + status_code: 200, + referrer: location.origin + '/', + }, + metadata: { + content_type: "application/reports+json", + }, + }, + ])); +}, 'SXG reporting test of sxg.failed downgraded from sxg.cert_fetch_error for' + + ' navigation.'); +</script> +</body> diff --git a/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-cert_fetch_error.tentative.html b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-cert_fetch_error.tentative.html new file mode 100644 index 0000000000..15a7176e74 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-cert_fetch_error.tentative.html @@ -0,0 +1,76 @@ +<!DOCTYPE html> +<title>SXG reporting test of sxg.cert_fetch_error for navigation</title> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/common/get-host-info.sub.js"></script> +<script src="/network-error-logging/support/nel.sub.js"></script> +<script src="../resources/sxg-util.js"></script> +<body> +<script> +const alt_origin = get_host_info().HTTPS_NOTSAMESITE_ORIGIN; + +nel_iframe_test(async t => { + await loadResourceWithBasicPolicyInIframe(); + const sxg_url = + alt_origin + + '/signed-exchange/resources/sxg/sxg-cert-not-found-on-alt-origin.sxg?navigation'; + const cert_url = + alt_origin + '/signed-exchange/resources/not_found_certfile.cbor'; + const message = await openSXGInIframeAndWaitForMessage(t, sxg_url); + assert_equals(message.location, + innerURLOrigin() + '/signed-exchange/resources/inner-url.html'); + assert_true(message.is_fallback); + assert_true(await reportsExist([ + { + url: sxg_url, + user_agent: navigator.userAgent, + type: "network-error", + body: { + phase: "sxg", + // The origin of this SXG's certURL is same as the reporting origin. So + // the report must not be downgraded. + type: "sxg.cert_fetch_error", + status_code: 200, + referrer: location.origin + '/', + sxg: { + outer_url: sxg_url, + inner_url: + innerURLOrigin() + '/signed-exchange/resources/inner-url.html', + cert_url: [cert_url] + } + }, + metadata: { + content_type: "application/reports+json", + }, + }, + { + url: sxg_url, + user_agent: navigator.userAgent, + type: "network-error", + body: { + phase: "application", + type: "ok", + status_code: 200, + referrer: location.origin + '/', + }, + metadata: { + content_type: "application/reports+json", + }, + }, + { + url: cert_url, + user_agent: navigator.userAgent, + type: "network-error", + body: { + phase: "application", + type: "http.error", + status_code: 404, + }, + metadata: { + content_type: "application/reports+json", + }, + }, + ])); +}, 'SXG reporting test of sxg.cert_fetch_error for navigation.'); +</script> +</body> diff --git a/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-cert_parse_error-downgraded.tentative.html b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-cert_parse_error-downgraded.tentative.html new file mode 100644 index 0000000000..e6cdad035e --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-cert_parse_error-downgraded.tentative.html @@ -0,0 +1,65 @@ +<!DOCTYPE html> +<title>SXG reporting test of sxg.failed downgraded from sxg.cert_parse_error for navigation</title> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/common/get-host-info.sub.js"></script> +<script src="/network-error-logging/support/nel.sub.js"></script> +<script src="../resources/sxg-util.js"></script> +<body> +<script> +const alt_origin = get_host_info().HTTPS_NOTSAMESITE_ORIGIN; +const test_origin = get_host_info().HTTPS_ORIGIN; + +nel_iframe_test(async t => { + await loadResourceWithBasicPolicyInIframe(); + const sxg_url = + alt_origin + + '/signed-exchange/resources/sxg/sxg-invalid-cert-format.sxg?navigation'; + const cert_url = + test_origin + '/signed-exchange/resources/invalid-cert-format.cbor'; + const message = await openSXGInIframeAndWaitForMessage(t, sxg_url); + assert_equals(message.location, + innerURLOrigin() + '/signed-exchange/resources/inner-url.html'); + assert_true(message.is_fallback); + assert_true(await reportsExist([ + { + url: sxg_url, + user_agent: navigator.userAgent, + type: "network-error", + body: { + phase: "sxg", + // The origin of this SXG's certURL is different from the reporting + // origin. So the report must be downgraded. + type: "sxg.failed", + elapsed_time: 0, + status_code: 200, + referrer: location.origin + '/', + sxg: { + outer_url: sxg_url, + inner_url: + innerURLOrigin() + '/signed-exchange/resources/inner-url.html', + cert_url: [cert_url] + } + }, + metadata: { + content_type: "application/reports+json", + }, + }, + { + url: sxg_url, + user_agent: navigator.userAgent, + type: "network-error", + body: { + phase: "application", + type: "ok", + status_code: 200, + referrer: location.origin + '/', + }, + metadata: { + content_type: "application/reports+json", + }, + }, + ])); +}, 'SXG reporting test of sxg.failed downgraded from sxg.cert_parse_error for navigation.'); +</script> +</body> diff --git a/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-cert_parse_error.tentative.html b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-cert_parse_error.tentative.html new file mode 100644 index 0000000000..a0cc607bf5 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-cert_parse_error.tentative.html @@ -0,0 +1,76 @@ +<!DOCTYPE html> +<title>SXG reporting test of sxg.cert_parse_error for navigation</title> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/common/get-host-info.sub.js"></script> +<script src="/network-error-logging/support/nel.sub.js"></script> +<script src="../resources/sxg-util.js"></script> +<body> +<script> +const alt_origin = get_host_info().HTTPS_NOTSAMESITE_ORIGIN; + +nel_iframe_test(async t => { + await loadResourceWithBasicPolicyInIframe(); + const sxg_url = + alt_origin + + '/signed-exchange/resources/sxg/sxg-invalid-cert-format-on-alt-origin.sxg?navigation'; + const cert_url = + alt_origin + '/signed-exchange/resources/invalid-cert-format.cbor'; + const message = await openSXGInIframeAndWaitForMessage(t, sxg_url); + assert_equals(message.location, + innerURLOrigin() + '/signed-exchange/resources/inner-url.html'); + assert_true(message.is_fallback); + assert_true(await reportsExist([ + { + url: sxg_url, + user_agent: navigator.userAgent, + type: "network-error", + body: { + phase: "sxg", + // The origin of this SXG's certURL is same as the reporting origin. So + // the report must not be downgraded. + type: "sxg.cert_parse_error", + status_code: 200, + referrer: location.origin + '/', + sxg: { + outer_url: sxg_url, + inner_url: + innerURLOrigin() + '/signed-exchange/resources/inner-url.html', + cert_url: [cert_url] + } + }, + metadata: { + content_type: "application/reports+json", + }, + }, + { + url: sxg_url, + user_agent: navigator.userAgent, + type: "network-error", + body: { + phase: "application", + type: "ok", + status_code: 200, + referrer: location.origin + '/', + }, + metadata: { + content_type: "application/reports+json", + }, + }, + { + url: cert_url, + user_agent: navigator.userAgent, + type: "network-error", + body: { + phase: "application", + type: "ok", + status_code: 200, + }, + metadata: { + content_type: "application/reports+json", + }, + }, + ])); +}, 'SXG reporting test of sxg.cert_parse_error for navigation.'); +</script> +</body> diff --git a/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-cert_verification_error-downgraded.tentative.html b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-cert_verification_error-downgraded.tentative.html new file mode 100644 index 0000000000..d3ad4204f2 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-cert_verification_error-downgraded.tentative.html @@ -0,0 +1,65 @@ +<!DOCTYPE html> +<title>SXG reporting test of sxg.failed downgraded from sxg.cert_verification_error for navigation</title> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/common/get-host-info.sub.js"></script> +<script src="/network-error-logging/support/nel.sub.js"></script> +<script src="../resources/sxg-util.js"></script> +<body> +<script> +const alt_origin = get_host_info().HTTPS_NOTSAMESITE_ORIGIN; +const test_origin = get_host_info().HTTPS_ORIGIN; + +nel_iframe_test(async t => { + await loadResourceWithBasicPolicyInIframe(); + const sxg_url = + alt_origin + + '/signed-exchange/resources/sxg/sxg-validity-period-too-long.sxg?navigation'; + const cert_url = test_origin + '/signed-exchange/resources/127.0.0.1.sxg.pem.cbor'; + const message = await openSXGInIframeAndWaitForMessage(t, sxg_url); + assert_equals(message.location, + innerURLOrigin() + '/signed-exchange/resources/inner-url.html', 'location'); + assert_true(message.is_fallback, 'is_fallback'); + assert_true(await reportsExist([ + { + url: sxg_url, + user_agent: navigator.userAgent, + type: "network-error", + body: { + phase: "sxg", + // The origin of this SXG's certURL is different from the reporting + // origin. So the report must be downgraded. + type: "sxg.failed", + elapsed_time: 0, + status_code: 200, + referrer: location.origin + '/', + sxg: { + outer_url: sxg_url, + inner_url: + innerURLOrigin() + '/signed-exchange/resources/inner-url.html', + cert_url: [cert_url] + } + }, + metadata: { + content_type: "application/reports+json", + }, + }, + { + url: sxg_url, + user_agent: navigator.userAgent, + type: "network-error", + body: { + phase: "application", + type: "ok", + status_code: 200, + referrer: location.origin + '/', + }, + metadata: { + content_type: "application/reports+json", + }, + }, + ])); +}, 'SXG reporting test of sxg.failed downgraded from ' + + 'sxg.cert_verification_error for navigation.'); +</script> +</body> diff --git a/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-cert_verification_error.tentative.html b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-cert_verification_error.tentative.html new file mode 100644 index 0000000000..04fd0e785c --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-cert_verification_error.tentative.html @@ -0,0 +1,60 @@ +<!DOCTYPE html> +<title>SXG reporting test of sxg.cert_verification_error for navigation</title> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/common/get-host-info.sub.js"></script> +<script src="/network-error-logging/support/nel.sub.js"></script> +<script src="../resources/sxg-util.js"></script> +<body> +<script> +const alt_origin = get_host_info().HTTPS_NOTSAMESITE_ORIGIN; + +nel_iframe_test(async t => { + await loadResourceWithBasicPolicyInIframe(); + const sxg_url = + alt_origin + + '/signed-exchange/resources/sxg/sxg-validity-period-too-long-cert-on-alt-origin.sxg?navigation'; + const cert_url = alt_origin + '/signed-exchange/resources/127.0.0.1.sxg.pem.cbor'; + const message = await openSXGInIframeAndWaitForMessage(t, sxg_url); + assert_equals(message.location, + innerURLOrigin() + '/signed-exchange/resources/inner-url.html'); + assert_true(message.is_fallback); + assert_true(await reportsExist([ + { + url: sxg_url, + user_agent: navigator.userAgent, + type: "network-error", + body: { + phase: "sxg", + type: "sxg.cert_verification_error", + status_code: 200, + referrer: location.origin + '/', + sxg: { + outer_url: sxg_url, + inner_url: + innerURLOrigin() + '/signed-exchange/resources/inner-url.html', + cert_url: [cert_url] + } + }, + metadata: { + content_type: "application/reports+json", + }, + }, + { + url: sxg_url, + user_agent: navigator.userAgent, + type: "network-error", + body: { + phase: "application", + type: "ok", + status_code: 200, + referrer: location.origin + '/', + }, + metadata: { + content_type: "application/reports+json", + }, + }, + ])); +}, 'SXG reporting test of sxg.cert_verification_error for navigation.'); +</script> +</body> diff --git a/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-failed-zero-success-fraction.tentative.html b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-failed-zero-success-fraction.tentative.html new file mode 100644 index 0000000000..a92735f714 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-failed-zero-success-fraction.tentative.html @@ -0,0 +1,69 @@ +<!DOCTYPE html> +<title>SXG reporting test of sxg.failed for navigation (zero success fraction)</title> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/common/get-host-info.sub.js"></script> +<script src="/network-error-logging/support/nel.sub.js"></script> +<script src="../resources/sxg-util.js"></script> +<body> +<script> +const alt_origin = get_host_info().HTTPS_NOTSAMESITE_ORIGIN; +const test_origin = get_host_info().HTTPS_ORIGIN; + +nel_iframe_test(async t => { + await loadResourceWithZeroSuccessFractionPolicyInIframe(); + const sxg_url = + alt_origin + '/signed-exchange/resources/sxg/sxg-cert-not-found.sxg?navigation'; + const cert_url = test_origin + '/signed-exchange/resources/not_found_certfile.cbor'; + const message = await openSXGInIframeAndWaitForMessage(t, sxg_url); + assert_equals(message.location, + innerURLOrigin() + '/signed-exchange/resources/inner-url.html'); + assert_true(message.is_fallback); + assert_true(await reportExists( + { + url: sxg_url, + user_agent: navigator.userAgent, + type: "network-error", + body: { + phase: "sxg", + // The origin of this SXG's certURL is different from the reporting + // origin. So the report must be downgraded. + type: "sxg.failed", + elapsed_time: 0, + status_code: 200, + referrer: location.origin + '/', + sxg: { + outer_url: sxg_url, + inner_url: + innerURLOrigin() + '/signed-exchange/resources/inner-url.html', + cert_url: cert_url + } + }, + metadata: { + content_type: "application/reports+json", + }, + } + ), 'SXG error reporting must be downgraded when the cert URL is different ' + + 'from the reporting origin'); + assert_false(await reportExists( + { + url: sxg_url, + user_agent: navigator.userAgent, + type: "network-error", + body: { + phase: "application", + type: "ok", + status_code: 200, + referrer: location.origin + '/', + }, + metadata: { + content_type: "application/reports+json", + }, + } + ), 'Succeeded normal NEL report should not be sent when success fraction ' + + 'is zero.'); +}, 'SXG error report must be downgraded when the cert URL is different from ' + + 'the reporting origin. And succeeded normal NEL report should not be sent ' + + ' when success fraction is zero.'); +</script> +</body> diff --git a/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-invalid_integrity_header.tentative.html b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-invalid_integrity_header.tentative.html new file mode 100644 index 0000000000..3e00d9dbe3 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-invalid_integrity_header.tentative.html @@ -0,0 +1,61 @@ +<!DOCTYPE html> +<title>SXG reporting test of sxg.invalid_integrity_header for navigation</title> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/common/get-host-info.sub.js"></script> +<script src="/network-error-logging/support/nel.sub.js"></script> +<script src="../resources/sxg-util.js"></script> +<body> +<script> +const alt_origin = get_host_info().HTTPS_NOTSAMESITE_ORIGIN; +const test_origin = get_host_info().HTTPS_ORIGIN; + +nel_iframe_test(async t => { + await loadResourceWithBasicPolicyInIframe(); + const sxg_url = + alt_origin + + '/signed-exchange/resources/sxg/sxg-invalid-integrity-header.sxg?navigation'; + const cert_url = test_origin + '/signed-exchange/resources/127.0.0.1.sxg.pem.cbor'; + const message = await openSXGInIframeAndWaitForMessage(t, sxg_url); + assert_equals(message.location, + innerURLOrigin() + '/signed-exchange/resources/inner-url.html'); + assert_true(message.is_fallback); + assert_true(await reportsExist([ + { + url: sxg_url, + user_agent: navigator.userAgent, + type: "network-error", + body: { + phase: "sxg", + type: "sxg.invalid_integrity_header", + status_code: 200, + referrer: location.origin + '/', + sxg: { + outer_url: sxg_url, + inner_url: + innerURLOrigin() + '/signed-exchange/resources/inner-url.html', + cert_url: [cert_url] + } + }, + metadata: { + content_type: "application/reports+json", + }, + }, + { + url: sxg_url, + user_agent: navigator.userAgent, + type: "network-error", + body: { + phase: "application", + type: "ok", + status_code: 200, + referrer: location.origin + '/', + }, + metadata: { + content_type: "application/reports+json", + }, + }, + ])); +}, 'SXG reporting test of sxg.invalid_integrity_header for navigation.'); +</script> +</body> diff --git a/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-mi_error.tentative.html b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-mi_error.tentative.html new file mode 100644 index 0000000000..b6d7ba3b1a --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-mi_error.tentative.html @@ -0,0 +1,68 @@ +<!DOCTYPE html> +<title>SXG reporting test of sxg.mi_error for navigation</title> +<meta name="timeout" content="long"> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/common/get-host-info.sub.js"></script> +<script src="/network-error-logging/support/nel.sub.js"></script> +<script src="../resources/sxg-util.js"></script> +<body> +<script> +const alt_origin = get_host_info().HTTPS_NOTSAMESITE_ORIGIN; +const test_origin = get_host_info().HTTPS_ORIGIN; + +nel_iframe_test(async t => { + await loadResourceWithBasicPolicyInIframe(); + const sxg_url = + alt_origin + + '/signed-exchange/resources/sxg/sxg-merkle-integrity-error.sxg?navigation'; + const cert_url = test_origin + '/signed-exchange/resources/127.0.0.1.sxg.pem.cbor'; + try { + const message = await openSXGInIframeAndWaitForMessage(t, sxg_url); + if (message.is_fallback) { + assert_unreached('Fallback redirect should not have happened'); + } else { + assert_unreached('SXG should not have loaded'); + } + } catch (e) { + assert_equals(e, 'timeout'); + } + assert_true(await reportsExist([ + { + url: sxg_url, + user_agent: navigator.userAgent, + type: "network-error", + body: { + phase: "sxg", + type: "sxg.mi_error", + status_code: 200, + referrer: location.origin + '/', + sxg: { + outer_url: sxg_url, + inner_url: + innerURLOrigin() + '/signed-exchange/resources/inner-url.html', + cert_url: [cert_url] + } + }, + metadata: { + content_type: "application/reports+json", + }, + }, + { + url: sxg_url, + user_agent: navigator.userAgent, + type: "network-error", + body: { + phase: "application", + type: "ok", + status_code: 200, + referrer: location.origin + '/', + }, + metadata: { + content_type: "application/reports+json", + }, + } + ])); +}, 'SXG reporting test of sxg.mi_error for navigation.'); +</script> +</body> diff --git a/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-ok-no-referrer.tentative.html b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-ok-no-referrer.tentative.html new file mode 100644 index 0000000000..b6cadbca50 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-ok-no-referrer.tentative.html @@ -0,0 +1,59 @@ +<!DOCTYPE html> +<title>SXG reporting test of ok for navigation with no-referrer</title> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/common/get-host-info.sub.js"></script> +<script src="/network-error-logging/support/nel.sub.js"></script> +<script src="../resources/sxg-util.js"></script> +<body> +<script> +const alt_origin = get_host_info().HTTPS_NOTSAMESITE_ORIGIN; +const test_origin = get_host_info().HTTPS_ORIGIN; + +nel_iframe_test(async t => { + await loadResourceWithBasicPolicyInIframe(); + const sxg_url = alt_origin + '/signed-exchange/resources/sxg/sxg-location.sxg?navigation'; + const cert_url = test_origin + '/signed-exchange/resources/127.0.0.1.sxg.pem.cbor'; + const message = await openSXGInIframeAndWaitForMessage(t, sxg_url, 'no-referrer'); + assert_equals(message.location, + innerURLOrigin() + '/signed-exchange/resources/inner-url.html'); + assert_false(message.is_fallback); + assert_true(await reportsExist([ + { + url: sxg_url, + user_agent: navigator.userAgent, + type: "network-error", + body: { + phase: "sxg", + type: "ok", + status_code: 200, + referrer: '', + sxg: { + outer_url: sxg_url, + inner_url: + innerURLOrigin() + '/signed-exchange/resources/inner-url.html', + cert_url: [cert_url] + } + }, + metadata: { + content_type: "application/reports+json", + }, + }, + { + url: sxg_url, + user_agent: navigator.userAgent, + type: "network-error", + body: { + phase: "application", + type: "ok", + status_code: 200, + referrer: '', + }, + metadata: { + content_type: "application/reports+json", + }, + }, + ])); +}, 'SXG reporting test of ok for navigation with no-referrer.'); +</script> +</body> diff --git a/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-ok-origin-referrer.tentative.html b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-ok-origin-referrer.tentative.html new file mode 100644 index 0000000000..351ad92782 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-ok-origin-referrer.tentative.html @@ -0,0 +1,59 @@ +<!DOCTYPE html> +<title>SXG reporting test of ok for navigation with origin referrer</title> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/common/get-host-info.sub.js"></script> +<script src="/network-error-logging/support/nel.sub.js"></script> +<script src="../resources/sxg-util.js"></script> +<body> +<script> +const alt_origin = get_host_info().HTTPS_NOTSAMESITE_ORIGIN; +const test_origin = get_host_info().HTTPS_ORIGIN; + +nel_iframe_test(async t => { + await loadResourceWithBasicPolicyInIframe(); + const sxg_url = alt_origin + '/signed-exchange/resources/sxg/sxg-location.sxg?navigation'; + const cert_url = test_origin + '/signed-exchange/resources/127.0.0.1.sxg.pem.cbor'; + const message = await openSXGInIframeAndWaitForMessage(t, sxg_url, 'origin'); + assert_equals(message.location, + innerURLOrigin() + '/signed-exchange/resources/inner-url.html'); + assert_false(message.is_fallback); + assert_true(await reportsExist([ + { + url: sxg_url, + user_agent: navigator.userAgent, + type: "network-error", + body: { + phase: "sxg", + type: "ok", + status_code: 200, + referrer: document.location.origin + '/', + sxg: { + outer_url: sxg_url, + inner_url: + innerURLOrigin() + '/signed-exchange/resources/inner-url.html', + cert_url: [cert_url] + } + }, + metadata: { + content_type: "application/reports+json", + }, + }, + { + url: sxg_url, + user_agent: navigator.userAgent, + type: "network-error", + body: { + phase: "application", + type: "ok", + status_code: 200, + referrer: document.location.origin + '/', + }, + metadata: { + content_type: "application/reports+json", + }, + }, + ])); +}, 'SXG reporting test of ok for navigation with origin referrer.'); +</script> +</body> diff --git a/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-ok.tentative.html b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-ok.tentative.html new file mode 100644 index 0000000000..0afa626d09 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-ok.tentative.html @@ -0,0 +1,59 @@ +<!DOCTYPE html> +<title>SXG reporting test of ok for navigation</title> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/common/get-host-info.sub.js"></script> +<script src="/network-error-logging/support/nel.sub.js"></script> +<script src="../resources/sxg-util.js"></script> +<body> +<script> +const alt_origin = get_host_info().HTTPS_NOTSAMESITE_ORIGIN; +const test_origin = get_host_info().HTTPS_ORIGIN; + +nel_iframe_test(async t => { + await loadResourceWithBasicPolicyInIframe(); + const sxg_url = alt_origin + '/signed-exchange/resources/sxg/sxg-location.sxg?navigation'; + const cert_url = test_origin + '/signed-exchange/resources/127.0.0.1.sxg.pem.cbor'; + const message = await openSXGInIframeAndWaitForMessage(t, sxg_url); + assert_equals(message.location, + innerURLOrigin() + '/signed-exchange/resources/inner-url.html'); + assert_false(message.is_fallback); + assert_true(await reportsExist([ + { + url: sxg_url, + user_agent: navigator.userAgent, + type: "network-error", + body: { + phase: "sxg", + type: "ok", + status_code: 200, + referrer: location.origin + '/', + sxg: { + outer_url: sxg_url, + inner_url: + innerURLOrigin() + '/signed-exchange/resources/inner-url.html', + cert_url: [cert_url] + } + }, + metadata: { + content_type: "application/reports+json", + }, + }, + { + url: sxg_url, + user_agent: navigator.userAgent, + type: "network-error", + body: { + phase: "application", + type: "ok", + status_code: 200, + referrer: location.origin + '/', + }, + metadata: { + content_type: "application/reports+json", + }, + }, + ])); +}, 'SXG success report must be sent for navigation.'); +</script> +</body> diff --git a/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-parse_error.tentative.html b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-parse_error.tentative.html new file mode 100644 index 0000000000..95cd140cea --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-parse_error.tentative.html @@ -0,0 +1,65 @@ +<!DOCTYPE html> +<title>SXG reporting test of sxg.parse_error for navigation</title> +<meta name="timeout" content="long"> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/common/get-host-info.sub.js"></script> +<script src="/network-error-logging/support/nel.sub.js"></script> +<script src="../resources/sxg-util.js"></script> +<body> +<script> +const alt_origin = get_host_info().HTTPS_NOTSAMESITE_ORIGIN; + +nel_iframe_test(async t => { + await loadResourceWithBasicPolicyInIframe(); + const sxg_url = + alt_origin + + '/signed-exchange/resources/sxg/sxg-invalid-format.sxg?navigation'; + try { + const message = await openSXGInIframeAndWaitForMessage(t, sxg_url); + if (message.is_fallback) { + assert_unreached('Fallback redirect should not have happened'); + } else { + assert_unreached('SXG should not have loaded'); + } + } catch (e) { + assert_equals(e, 'timeout'); + } + + assert_true(await reportsExist([ + { + url: sxg_url, + user_agent: navigator.userAgent, + type: "network-error", + body: { + phase: "sxg", + type: "sxg.parse_error", + status_code: 200, + referrer: location.origin + '/', + sxg: { + outer_url: sxg_url, + cert_url: [] + } + }, + metadata: { + content_type: "application/reports+json", + }, + }, + { + url: sxg_url, + user_agent: navigator.userAgent, + type: "network-error", + body: { + phase: "application", + type: "ok", + status_code: 200, + referrer: location.origin + '/', + }, + metadata: { + content_type: "application/reports+json", + }, + }, + ])); +}, 'SXG reporting test of sxg.parse_error for navigation.'); +</script> +</body> diff --git a/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-signature_verification_error-downgraded.tentative.html b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-signature_verification_error-downgraded.tentative.html new file mode 100644 index 0000000000..2679ae5a6c --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-signature_verification_error-downgraded.tentative.html @@ -0,0 +1,65 @@ +<!DOCTYPE html> +<title>SXG reporting test of sxg.failed downgraded from sxg.signature_verification_error for navigation</title> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/common/get-host-info.sub.js"></script> +<script src="/network-error-logging/support/nel.sub.js"></script> +<script src="../resources/sxg-util.js"></script> +<body> +<script> +const alt_origin = get_host_info().HTTPS_NOTSAMESITE_ORIGIN; +const test_origin = get_host_info().HTTPS_ORIGIN; + +nel_iframe_test(async t => { + await loadResourceWithBasicPolicyInIframe(); + const sxg_url = + alt_origin + + '/signed-exchange/resources/sxg/sxg-invalid-cert-sha256.sxg?navigation'; + const cert_url = test_origin + '/signed-exchange/resources/127.0.0.1.sxg.pem.cbor'; + const message = await openSXGInIframeAndWaitForMessage(t, sxg_url); + assert_equals(message.location, + innerURLOrigin() + '/signed-exchange/resources/inner-url.html'); + assert_true(message.is_fallback); + assert_true(await reportsExist([ + { + url: sxg_url, + user_agent: navigator.userAgent, + type: "network-error", + body: { + phase: "sxg", + // The origin of this SXG's certURL is different from the reporting + // origin. So the report must be downgraded. + type: "sxg.failed", + elapsed_time: 0, + status_code: 200, + referrer: location.origin + '/', + sxg: { + outer_url: sxg_url, + inner_url: + innerURLOrigin() + '/signed-exchange/resources/inner-url.html', + cert_url: [cert_url] + } + }, + metadata: { + content_type: "application/reports+json", + }, + }, + { + url: sxg_url, + user_agent: navigator.userAgent, + type: "network-error", + body: { + phase: "application", + type: "ok", + status_code: 200, + referrer: location.origin + '/', + }, + metadata: { + content_type: "application/reports+json", + }, + }, + ])); +}, 'SXG reporting test of sxg.failed downgraded from ' + + 'sxg.signature_verification_error for navigation.'); +</script> +</body> diff --git a/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-signature_verification_error.tentative.html b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-signature_verification_error.tentative.html new file mode 100644 index 0000000000..f3e0b8f0e6 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-navigation-signature_verification_error.tentative.html @@ -0,0 +1,60 @@ +<!DOCTYPE html> +<title>SXG reporting test of sxg.signature_verification_error for navigation</title> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/common/get-host-info.sub.js"></script> +<script src="/network-error-logging/support/nel.sub.js"></script> +<script src="../resources/sxg-util.js"></script> +<body> +<script> +const alt_origin = get_host_info().HTTPS_NOTSAMESITE_ORIGIN; + +nel_iframe_test(async t => { + await loadResourceWithBasicPolicyInIframe(); + const sxg_url = + alt_origin + + '/signed-exchange/resources/sxg/sxg-invalid-cert-sha256-cert-on-alt-origin.sxg?navigation'; + const cert_url = alt_origin + '/signed-exchange/resources/127.0.0.1.sxg.pem.cbor'; + const message = await openSXGInIframeAndWaitForMessage(t, sxg_url); + assert_equals(message.location, + innerURLOrigin() + '/signed-exchange/resources/inner-url.html'); + assert_true(message.is_fallback); + assert_true(await reportsExist([ + { + url: sxg_url, + user_agent: navigator.userAgent, + type: "network-error", + body: { + phase: "sxg", + type: "sxg.signature_verification_error", + status_code: 200, + referrer: location.origin + '/', + sxg: { + outer_url: sxg_url, + inner_url: + innerURLOrigin() + '/signed-exchange/resources/inner-url.html', + cert_url: [cert_url] + } + }, + metadata: { + content_type: "application/reports+json", + }, + }, + { + url: sxg_url, + user_agent: navigator.userAgent, + type: "network-error", + body: { + phase: "application", + type: "ok", + status_code: 200, + referrer: location.origin + '/', + }, + metadata: { + content_type: "application/reports+json", + }, + }, + ])); +}, 'SXG reporting test of sxg.signature_verification_error for navigation.'); +</script> +</body> diff --git a/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-cert_fetch_error-downgraded.tentative.html b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-cert_fetch_error-downgraded.tentative.html new file mode 100644 index 0000000000..82b5d8f11e --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-cert_fetch_error-downgraded.tentative.html @@ -0,0 +1,62 @@ +<!DOCTYPE html> +<title>SXG reporting test of sxg.failed downgraded from sxg.cert_fetch_error for prefetch</title> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/common/get-host-info.sub.js"></script> +<script src="/network-error-logging/support/nel.sub.js"></script> +<script src="../resources/sxg-util.js"></script> +<body> +<script> +const alt_origin = get_host_info().HTTPS_NOTSAMESITE_ORIGIN; +const test_origin = get_host_info().HTTPS_ORIGIN; + +nel_test(async t => { + await fetchResourceWithBasicPolicy(); + const sxg_url = + alt_origin + '/signed-exchange/resources/sxg/sxg-cert-not-found.sxg?prefetch'; + const cert_url = + test_origin + '/signed-exchange/resources/not_found_certfile.cbor'; + addPrefetch(sxg_url); + assert_true(await reportsExist([ + { + url: sxg_url, + user_agent: navigator.userAgent, + type: "network-error", + body: { + phase: "sxg", + // The origin of this SXG's certURL is different from the reporting + // origin. So the report must be downgraded. + type: "sxg.failed", + elapsed_time: 0, + status_code: 200, + referrer: location.origin + '/', + sxg: { + outer_url: sxg_url, + inner_url: + innerURLOrigin() + '/signed-exchange/resources/inner-url.html', + cert_url: [cert_url] + } + }, + metadata: { + content_type: "application/reports+json", + }, + }, + { + url: sxg_url, + user_agent: navigator.userAgent, + type: "network-error", + body: { + phase: "application", + type: "ok", + status_code: 200, + referrer: location.origin + '/', + }, + metadata: { + content_type: "application/reports+json", + }, + }, + ])); +}, 'SXG reporting test of sxg.failed downgraded from ' + + 'sxg.cert_fetch_error for prefetch.'); +</script> +</body> diff --git a/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-cert_fetch_error.tentative.html b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-cert_fetch_error.tentative.html new file mode 100644 index 0000000000..32e3cad1b0 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-cert_fetch_error.tentative.html @@ -0,0 +1,73 @@ +<!DOCTYPE html> +<title>SXG reporting test of sxg.cert_fetch_error for prefetch</title> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/common/get-host-info.sub.js"></script> +<script src="/network-error-logging/support/nel.sub.js"></script> +<script src="../resources/sxg-util.js"></script> +<body> +<script> +const alt_origin = get_host_info().HTTPS_NOTSAMESITE_ORIGIN; + +nel_test(async t => { + await fetchResourceWithBasicPolicy(); + const sxg_url = + alt_origin + + '/signed-exchange/resources/sxg/sxg-cert-not-found-on-alt-origin.sxg?prefetch'; + const cert_url = + alt_origin + '/signed-exchange/resources/not_found_certfile.cbor'; + addPrefetch(sxg_url); + assert_true(await reportsExist([ + { + url: sxg_url, + user_agent: navigator.userAgent, + type: "network-error", + body: { + phase: "sxg", + // The origin of this SXG's certURL is same as the reporting origin. So + // the report must not be downgraded. + type: "sxg.cert_fetch_error", + status_code: 200, + referrer: location.origin + '/', + sxg: { + outer_url: sxg_url, + inner_url: + innerURLOrigin() + '/signed-exchange/resources/inner-url.html', + cert_url: [cert_url] + } + }, + metadata: { + content_type: "application/reports+json", + }, + }, + { + url: sxg_url, + user_agent: navigator.userAgent, + type: "network-error", + body: { + phase: "application", + type: "ok", + status_code: 200, + referrer: location.origin + '/', + }, + metadata: { + content_type: "application/reports+json", + }, + }, + { + url: cert_url, + user_agent: navigator.userAgent, + type: "network-error", + body: { + phase: "application", + type: "http.error", + status_code: 404, + }, + metadata: { + content_type: "application/reports+json", + }, + }, + ])); +}, 'SXG reporting test of sxg.cert_fetch_error for prefetch.'); +</script> +</body> diff --git a/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-cert_parse_error-downgraded.tentative.html b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-cert_parse_error-downgraded.tentative.html new file mode 100644 index 0000000000..bbad6032e2 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-cert_parse_error-downgraded.tentative.html @@ -0,0 +1,63 @@ +<!DOCTYPE html> +<title>SXG reporting test of sxg.failed downgraded from sxg.cert_parse_error for prefetch</title> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/common/get-host-info.sub.js"></script> +<script src="/network-error-logging/support/nel.sub.js"></script> +<script src="../resources/sxg-util.js"></script> +<body> +<script> +const alt_origin = get_host_info().HTTPS_NOTSAMESITE_ORIGIN; +const test_origin = get_host_info().HTTPS_ORIGIN; + +nel_test(async t => { + await fetchResourceWithBasicPolicy(); + const sxg_url = + alt_origin + + '/signed-exchange/resources/sxg/sxg-invalid-cert-format.sxg?prefetch'; + const cert_url = + test_origin + '/signed-exchange/resources/invalid-cert-format.cbor'; + addPrefetch(sxg_url); + assert_true(await reportsExist([ + { + url: sxg_url, + user_agent: navigator.userAgent, + type: "network-error", + body: { + phase: "sxg", + // The origin of this SXG's certURL is different from the reporting + // origin. So the report must be downgraded. + type: "sxg.failed", + elapsed_time: 0, + status_code: 200, + referrer: location.origin + '/', + sxg: { + outer_url: sxg_url, + inner_url: + innerURLOrigin() + '/signed-exchange/resources/inner-url.html', + cert_url: [cert_url] + } + }, + metadata: { + content_type: "application/reports+json", + }, + }, + { + url: sxg_url, + user_agent: navigator.userAgent, + type: "network-error", + body: { + phase: "application", + type: "ok", + status_code: 200, + referrer: location.origin + '/', + }, + metadata: { + content_type: "application/reports+json", + }, + }, + ])); +}, 'SXG reporting test of sxg.failed downgraded from sxg.cert_parse_error for' + + ' prefetch.'); +</script> +</body> diff --git a/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-cert_parse_error.tentative.html b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-cert_parse_error.tentative.html new file mode 100644 index 0000000000..a6ea9e4eed --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-cert_parse_error.tentative.html @@ -0,0 +1,73 @@ +<!DOCTYPE html> +<title>SXG reporting test of sxg.cert_parse_error for prefetch</title> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/common/get-host-info.sub.js"></script> +<script src="/network-error-logging/support/nel.sub.js"></script> +<script src="../resources/sxg-util.js"></script> +<body> +<script> +const alt_origin = get_host_info().HTTPS_NOTSAMESITE_ORIGIN; + +nel_test(async t => { + await fetchResourceWithBasicPolicy(); + const sxg_url = + alt_origin + + '/signed-exchange/resources/sxg/sxg-invalid-cert-format-on-alt-origin.sxg?prefetch'; + const cert_url = + alt_origin + '/signed-exchange/resources/invalid-cert-format.cbor'; + addPrefetch(sxg_url); + assert_true(await reportsExist([ + { + url: sxg_url, + user_agent: navigator.userAgent, + type: "network-error", + body: { + phase: "sxg", + // The origin of this SXG's certURL is same as the reporting origin. So + // the report must not be downgraded. + type: "sxg.cert_parse_error", + status_code: 200, + referrer: location.origin + '/', + sxg: { + outer_url: sxg_url, + inner_url: + innerURLOrigin() + '/signed-exchange/resources/inner-url.html', + cert_url: [cert_url] + } + }, + metadata: { + content_type: "application/reports+json", + }, + }, + { + url: sxg_url, + user_agent: navigator.userAgent, + type: "network-error", + body: { + phase: "application", + type: "ok", + status_code: 200, + referrer: location.origin + '/', + }, + metadata: { + content_type: "application/reports+json", + }, + }, + { + url: cert_url, + user_agent: navigator.userAgent, + type: "network-error", + body: { + phase: "application", + type: "ok", + status_code: 200, + }, + metadata: { + content_type: "application/reports+json", + }, + }, + ])); +}, 'SXG reporting test of sxg.cert_parse_error for prefetch.'); +</script> +</body> diff --git a/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-cert_verification_error-downgraded.tentative.html b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-cert_verification_error-downgraded.tentative.html new file mode 100644 index 0000000000..b25bf491da --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-cert_verification_error-downgraded.tentative.html @@ -0,0 +1,62 @@ +<!DOCTYPE html> +<title>SXG reporting test of sxg.failed downgraded from sxg.cert_verification_error for prefetch</title> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/common/get-host-info.sub.js"></script> +<script src="/network-error-logging/support/nel.sub.js"></script> +<script src="../resources/sxg-util.js"></script> +<body> +<script> +const alt_origin = get_host_info().HTTPS_NOTSAMESITE_ORIGIN; +const test_origin = get_host_info().HTTPS_ORIGIN; + +nel_test(async t => { + await fetchResourceWithBasicPolicy(); + const sxg_url = + alt_origin + + '/signed-exchange/resources/sxg/sxg-validity-period-too-long.sxg?prefetch'; + const cert_url = test_origin + '/signed-exchange/resources/127.0.0.1.sxg.pem.cbor'; + addPrefetch(sxg_url); + assert_true(await reportsExist([ + { + url: sxg_url, + user_agent: navigator.userAgent, + type: "network-error", + body: { + phase: "sxg", + // The origin of this SXG's certURL is different from the reporting + // origin. So the report must be downgraded. + type: "sxg.failed", + elapsed_time: 0, + status_code: 200, + referrer: location.origin + '/', + sxg: { + outer_url: sxg_url, + inner_url: + innerURLOrigin() + '/signed-exchange/resources/inner-url.html', + cert_url: [cert_url] + } + }, + metadata: { + content_type: "application/reports+json", + }, + }, + { + url: sxg_url, + user_agent: navigator.userAgent, + type: "network-error", + body: { + phase: "application", + type: "ok", + status_code: 200, + referrer: location.origin + '/', + }, + metadata: { + content_type: "application/reports+json", + }, + }, + ])); +}, 'SXG reporting test of sxg.failed downgraded from ' + + 'sxg.cert_verification_error for prefetch.'); +</script> +</body> diff --git a/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-cert_verification_error.tentative.html b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-cert_verification_error.tentative.html new file mode 100644 index 0000000000..f31a4c49d4 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-cert_verification_error.tentative.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<title>SXG reporting test of sxg.cert_verification_error for prefetch</title> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/common/get-host-info.sub.js"></script> +<script src="/network-error-logging/support/nel.sub.js"></script> +<script src="../resources/sxg-util.js"></script> +<body> +<script> +const alt_origin = get_host_info().HTTPS_NOTSAMESITE_ORIGIN; + +nel_test(async t => { + await fetchResourceWithBasicPolicy(); + const sxg_url = + alt_origin + + '/signed-exchange/resources/sxg/sxg-validity-period-too-long-cert-on-alt-origin.sxg?prefetch'; + const cert_url = alt_origin + '/signed-exchange/resources/127.0.0.1.sxg.pem.cbor'; + addPrefetch(sxg_url); + assert_true(await reportsExist([ + { + url: sxg_url, + user_agent: navigator.userAgent, + type: "network-error", + body: { + phase: "sxg", + type: "sxg.cert_verification_error", + status_code: 200, + referrer: location.origin + '/', + sxg: { + outer_url: sxg_url, + inner_url: + innerURLOrigin() + '/signed-exchange/resources/inner-url.html', + cert_url: [cert_url] + } + }, + metadata: { + content_type: "application/reports+json", + }, + }, + { + url: sxg_url, + user_agent: navigator.userAgent, + type: "network-error", + body: { + phase: "application", + type: "ok", + status_code: 200, + referrer: location.origin + '/', + }, + metadata: { + content_type: "application/reports+json", + }, + }, + ])); +}, 'SXG reporting test of sxg.cert_verification_error for prefetch.'); +</script> +</body> diff --git a/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-failed-zero-success-feaction.tentative.html b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-failed-zero-success-feaction.tentative.html new file mode 100644 index 0000000000..faa02bc0eb --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-failed-zero-success-feaction.tentative.html @@ -0,0 +1,67 @@ +<!DOCTYPE html> +<title>SXG reporting test of sxg.failed for prefetch (zero success fraction)</title> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/common/get-host-info.sub.js"></script> +<script src="/network-error-logging/support/nel.sub.js"></script> +<script src="../resources/sxg-util.js"></script> +<body> +<script> +const alt_origin = get_host_info().HTTPS_NOTSAMESITE_ORIGIN; +const test_origin = get_host_info().HTTPS_ORIGIN; + +nel_test(async t => { + await fetchResourceWithZeroSuccessFractionPolicy(); + const sxg_url = + alt_origin + '/signed-exchange/resources/sxg/sxg-cert-not-found.sxg?prefetch'; + const cert_url = + test_origin + '/signed-exchange/resources/not_found_certfile.cbor'; + addPrefetch(sxg_url); + assert_true(await reportExists( + { + url: sxg_url, + user_agent: navigator.userAgent, + type: "network-error", + body: { + phase: "sxg", + // The origin of this SXG's certURL is different from the reporting + // origin. So the report must be downgraded. + type: "sxg.failed", + elapsed_time: 0, + status_code: 200, + referrer: location.origin + '/', + sxg: { + outer_url: sxg_url, + inner_url: + innerURLOrigin() + '/signed-exchange/resources/inner-url.html', + cert_url: [cert_url] + } + }, + metadata: { + content_type: "application/reports+json", + }, + }, + ), 'SXG error reporting must be downgraded when the cert URL is different ' + + 'from the reporting origin'); + assert_false(await reportExists( + { + url: sxg_url, + user_agent: navigator.userAgent, + type: "network-error", + body: { + phase: "application", + type: "ok", + status_code: 200, + referrer: location.origin + '/', + }, + metadata: { + content_type: "application/reports+json", + }, + } + ), 'Succeeded normal NEL report should not be sent when success fraction ' + + 'is zero.'); +}, 'SXG error report must be downgraded when the cert URL is different from ' + + 'the reporting origin. And succeeded normal NEL report should not be sent ' + + ' when success fraction is zero.'); +</script> +</body> diff --git a/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-invalid_integrity_header.tentative.html b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-invalid_integrity_header.tentative.html new file mode 100644 index 0000000000..990b4a387e --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-invalid_integrity_header.tentative.html @@ -0,0 +1,58 @@ +<!DOCTYPE html> +<title>SXG reporting test of sxg.invalid_integrity_header for prefetch</title> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/common/get-host-info.sub.js"></script> +<script src="/network-error-logging/support/nel.sub.js"></script> +<script src="../resources/sxg-util.js"></script> +<body> +<script> +const alt_origin = get_host_info().HTTPS_NOTSAMESITE_ORIGIN; +const test_origin = get_host_info().HTTPS_ORIGIN; + +nel_test(async t => { + await fetchResourceWithBasicPolicy(); + const sxg_url = + alt_origin + + '/signed-exchange/resources/sxg/sxg-invalid-integrity-header.sxg?prefetch'; + const cert_url = test_origin + '/signed-exchange/resources/127.0.0.1.sxg.pem.cbor'; + addPrefetch(sxg_url); + assert_true(await reportsExist([ + { + url: sxg_url, + user_agent: navigator.userAgent, + type: "network-error", + body: { + phase: "sxg", + type: "sxg.invalid_integrity_header", + status_code: 200, + referrer: location.origin + '/', + sxg: { + outer_url: sxg_url, + inner_url: + innerURLOrigin() + '/signed-exchange/resources/inner-url.html', + cert_url: [cert_url] + } + }, + metadata: { + content_type: "application/reports+json", + }, + }, + { + url: sxg_url, + user_agent: navigator.userAgent, + type: "network-error", + body: { + phase: "application", + type: "ok", + status_code: 200, + referrer: location.origin + '/', + }, + metadata: { + content_type: "application/reports+json", + }, + }, + ])); +}, 'SXG reporting test of sxg.invalid_integrity_header for prefetch.'); +</script> +</body> diff --git a/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-mi_error.tentative.html b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-mi_error.tentative.html new file mode 100644 index 0000000000..f265a92058 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-mi_error.tentative.html @@ -0,0 +1,58 @@ +<!DOCTYPE html> +<title>SXG reporting test of sxg.mi_error for prefetch</title> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/common/get-host-info.sub.js"></script> +<script src="/network-error-logging/support/nel.sub.js"></script> +<script src="../resources/sxg-util.js"></script> +<body> +<script> +const alt_origin = get_host_info().HTTPS_NOTSAMESITE_ORIGIN; +const test_origin = get_host_info().HTTPS_ORIGIN; + +nel_test(async t => { + await fetchResourceWithBasicPolicy(); + const sxg_url = + alt_origin + + '/signed-exchange/resources/sxg/sxg-merkle-integrity-error.sxg?prefetch'; + const cert_url = test_origin + '/signed-exchange/resources/127.0.0.1.sxg.pem.cbor'; + addPrefetch(sxg_url); + assert_true(await reportsExist([ + { + url: sxg_url, + user_agent: navigator.userAgent, + type: "network-error", + body: { + phase: "sxg", + type: "sxg.mi_error", + status_code: 200, + referrer: location.origin + '/', + sxg: { + outer_url: sxg_url, + inner_url: + innerURLOrigin() + '/signed-exchange/resources/inner-url.html', + cert_url: [cert_url] + } + }, + metadata: { + content_type: "application/reports+json", + }, + }, + { + url: sxg_url, + user_agent: navigator.userAgent, + type: "network-error", + body: { + phase: "application", + type: "ok", + status_code: 200, + referrer: location.origin + '/', + }, + metadata: { + content_type: "application/reports+json", + }, + } + ])); +}, 'SXG reporting test of sxg.mi_error for prefetch.'); +</script> +</body> diff --git a/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-ok.tentative.html b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-ok.tentative.html new file mode 100644 index 0000000000..e3c6a0eeea --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-ok.tentative.html @@ -0,0 +1,56 @@ +<!DOCTYPE html> +<title>SXG reporting test of ok for prefetch</title> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/common/get-host-info.sub.js"></script> +<script src="/network-error-logging/support/nel.sub.js"></script> +<script src="../resources/sxg-util.js"></script> +<body> +<script> +const alt_origin = get_host_info().HTTPS_NOTSAMESITE_ORIGIN; +const test_origin = get_host_info().HTTPS_ORIGIN; + +nel_test(async t => { + await fetchResourceWithBasicPolicy(); + const sxg_url = alt_origin + '/signed-exchange/resources/sxg/sxg-location.sxg?prefetch'; + const cert_url = test_origin + '/signed-exchange/resources/127.0.0.1.sxg.pem.cbor'; + addPrefetch(sxg_url); + assert_true(await reportsExist([ + { + url: sxg_url, + user_agent: navigator.userAgent, + type: "network-error", + body: { + phase: "sxg", + type: "ok", + status_code: 200, + referrer: location.origin + '/', + sxg: { + outer_url: sxg_url, + inner_url: + innerURLOrigin() + '/signed-exchange/resources/inner-url.html', + cert_url: [cert_url] + } + }, + metadata: { + content_type: "application/reports+json", + }, + }, + { + url: sxg_url, + user_agent: navigator.userAgent, + type: "network-error", + body: { + phase: "application", + type: "ok", + status_code: 200, + referrer: location.origin + '/', + }, + metadata: { + content_type: "application/reports+json", + }, + }, + ])); +}, 'SXG success report must be sent for prefetching.'); +</script> +</body> diff --git a/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-parse_error.tentative.html b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-parse_error.tentative.html new file mode 100644 index 0000000000..2e2b860e22 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-parse_error.tentative.html @@ -0,0 +1,54 @@ +<!DOCTYPE html> +<title>SXG reporting test of sxg.parse_error for prefetch</title> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/common/get-host-info.sub.js"></script> +<script src="/network-error-logging/support/nel.sub.js"></script> +<script src="../resources/sxg-util.js"></script> +<body> +<script> +const alt_origin = get_host_info().HTTPS_NOTSAMESITE_ORIGIN; + +nel_test(async t => { + await fetchResourceWithBasicPolicy(); + const sxg_url = + alt_origin + + '/signed-exchange/resources/sxg/sxg-invalid-format.sxg?prefetch'; + addPrefetch(sxg_url); + assert_true(await reportsExist([ + { + url: sxg_url, + user_agent: navigator.userAgent, + type: "network-error", + body: { + phase: "sxg", + type: "sxg.parse_error", + status_code: 200, + referrer: location.origin + '/', + sxg: { + outer_url: sxg_url, + cert_url: [] + } + }, + metadata: { + content_type: "application/reports+json", + }, + }, + { + url: sxg_url, + user_agent: navigator.userAgent, + type: "network-error", + body: { + phase: "application", + type: "ok", + status_code: 200, + referrer: location.origin + '/', + }, + metadata: { + content_type: "application/reports+json", + }, + }, + ])); +}, 'SXG reporting test of sxg.parse_error for prefetch.'); +</script> +</body> diff --git a/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-signature_verification_error-downgraded.tentative.html b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-signature_verification_error-downgraded.tentative.html new file mode 100644 index 0000000000..fbeaeecff9 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-signature_verification_error-downgraded.tentative.html @@ -0,0 +1,62 @@ +<!DOCTYPE html> +<title>SXG reporting test of sxg.failed downgraded from sxg.signature_verification_error for prefetch</title> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/common/get-host-info.sub.js"></script> +<script src="/network-error-logging/support/nel.sub.js"></script> +<script src="../resources/sxg-util.js"></script> +<body> +<script> +const alt_origin = get_host_info().HTTPS_NOTSAMESITE_ORIGIN; +const test_origin = get_host_info().HTTPS_ORIGIN; + +nel_test(async t => { + await fetchResourceWithBasicPolicy(); + const sxg_url = + alt_origin + + '/signed-exchange/resources/sxg/sxg-invalid-cert-sha256.sxg?prefetch'; + const cert_url = test_origin + '/signed-exchange/resources/127.0.0.1.sxg.pem.cbor'; + addPrefetch(sxg_url); + assert_true(await reportsExist([ + { + url: sxg_url, + user_agent: navigator.userAgent, + type: "network-error", + body: { + phase: "sxg", + // The origin of this SXG's certURL is different from the reporting + // origin. So the report must be downgraded. + type: "sxg.failed", + elapsed_time: 0, + status_code: 200, + referrer: location.origin + '/', + sxg: { + outer_url: sxg_url, + inner_url: + innerURLOrigin() + '/signed-exchange/resources/inner-url.html', + cert_url: [cert_url] + } + }, + metadata: { + content_type: "application/reports+json", + }, + }, + { + url: sxg_url, + user_agent: navigator.userAgent, + type: "network-error", + body: { + phase: "application", + type: "ok", + status_code: 200, + referrer: location.origin + '/', + }, + metadata: { + content_type: "application/reports+json", + }, + }, + ])); +}, 'SXG reporting test of sxg.failed downgraded from ' + + 'sxg.signature_verification_error for prefetch.'); +</script> +</body> diff --git a/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-signature_verification_error.tentative.html b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-signature_verification_error.tentative.html new file mode 100644 index 0000000000..f3805ad693 --- /dev/null +++ b/testing/web-platform/tests/signed-exchange/reporting/sxg-reporting-prefetch-signature_verification_error.tentative.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<title>SXG reporting test of sxg.signature_verification_error for prefetch</title> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/common/get-host-info.sub.js"></script> +<script src="/network-error-logging/support/nel.sub.js"></script> +<script src="../resources/sxg-util.js"></script> +<body> +<script> +const alt_origin = get_host_info().HTTPS_NOTSAMESITE_ORIGIN; + +nel_test(async t => { + await fetchResourceWithBasicPolicy(); + const sxg_url = + alt_origin + + '/signed-exchange/resources/sxg/sxg-invalid-cert-sha256-cert-on-alt-origin.sxg?prefetch'; + const cert_url = alt_origin + '/signed-exchange/resources/127.0.0.1.sxg.pem.cbor'; + addPrefetch(sxg_url); + assert_true(await reportsExist([ + { + url: sxg_url, + user_agent: navigator.userAgent, + type: "network-error", + body: { + phase: "sxg", + type: "sxg.signature_verification_error", + status_code: 200, + referrer: location.origin + '/', + sxg: { + outer_url: sxg_url, + inner_url: + innerURLOrigin() + '/signed-exchange/resources/inner-url.html', + cert_url: [cert_url] + } + }, + metadata: { + content_type: "application/reports+json", + }, + }, + { + url: sxg_url, + user_agent: navigator.userAgent, + type: "network-error", + body: { + phase: "application", + type: "ok", + status_code: 200, + referrer: location.origin + '/', + }, + metadata: { + content_type: "application/reports+json", + }, + }, + ])); +}, 'SXG reporting test of sxg.signature_verification_error for prefetch.'); +</script> +</body> |