jugglinmike/sw-migration-insecure-parent.diff Secret

## sw-migration-insecure-parent.diff
commit afbf7cbe87e9abf53230b755953e2a4bc110550a
Author: Mike Pennisi <mike@mikepennisi.com>
Date:   Tue May 9 12:04:08 2017 -0400

    Upstream Service Worker window test to WPT

    The Chromium infrastructure runs tests through the `localhost` address,
    allowing tests there to include insecure iframe resources without
    triggering "mixed content" errors. The WPT infrastructure executes tests
    via an aliased host name, precluding this approach.

    Re-factor the test to create insecure browsing contexts as new windows
    since windows are not subject to the same constraints. Update the
    inter-context messaging protocol to account for this change.

    Update the `claim-worker.js` "resource" script to extend worker
    lifecycle until the asynchronous operation is complete. Remove
    Chromium's copy of that script as there are no further tests that
    reference it.

    BUG=688116
    R=mek@chromium.org

diff --git a/third_party/WebKit/LayoutTests/http/tests/serviceworker/insecure-parent-frame.html b/third_party/WebKit/LayoutTests/external/wpt/service-workers/service-worker/insecure-parent-frame.https.html
similarity index 39%
rename from third_party/WebKit/LayoutTests/http/tests/serviceworker/insecure-parent-frame.html
rename to third_party/WebKit/LayoutTests/external/wpt/service-workers/service-worker/insecure-parent-frame.https.html
index 98cdf66..e9f6e3f 100644
--- a/third_party/WebKit/LayoutTests/http/tests/serviceworker/insecure-parent-frame.html
+++ b/third_party/WebKit/LayoutTests/external/wpt/service-workers/service-worker/insecure-parent-frame.https.html
@@ -1,9 +1,9 @@
 <!DOCTYPE html>
 <meta charset="utf-8">
-<script src="../resources/testharness.js"></script>
-<script src="../resources/testharnessreport.js"></script>
-<script src="../resources/get-host-info.js?pipe=sub"></script>
-<script src="resources/test-helpers.js"></script>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/common/get-host-info.sub.js"></script>
+<script src="resources/test-helpers.sub.js"></script>
 <title>Insecure parent frame test</title>
 <body></body>
 <script>
@@ -21,43 +21,62 @@ function wait_for_claim(worker) {
     });
 }

-// Asks |frame| whether it has a controller. Returns a promise that resolves
-// if controller was null.
-function assert_no_controller(frame, description) {
+// Asks |win| whether it has a controller. Returns a promise that resolves if
+// controller was null.
+function assert_no_controller(win, description) {
   var saw_message = new Promise(resolve => {
       window.onmessage = (e => resolve(e.data));
-      frame.contentWindow.postMessage('', '*');
+      win.postMessage('', '*');
     });

   return saw_message.then(data => assert_equals(data, 'PASS', description));
 }

-// This test creates https iframes inside insecure http iframes. It registers a
+function with_window(url) {
+  return new Promise(function(resolve) {
+      var win = open(url);
+      window.addEventListener('message', function onLoad(event) {
+          if (event.source !== win) {
+            return;
+          }
+
+          window.removeEventListener('message', onload);
+          // Reference must be boxed so that internal Promise mechanism does
+          // not trigger error when referencing the `then` property of the
+          // resolution value.
+          resolve([win]);
+        }, false);
+    });
+}
+
+// This test creates HTTPS iframes inside insecure HTTP windows. It registers a
 // service worker that should not control the in-scope iframes. The iframes
-// communicate whether they have a controller to the top-level frame.
+// communicate whether they have a controller to their parent, which forwards
+// the message to the top-level test document.
 promise_test(t => {
     var script = 'resources/claim-worker.js';
     var scope = 'resources/insecure-inscope';
     var registration;
     var insecure_url = get_host_info().UNAUTHENTICATED_ORIGIN +
-              '/serviceworker/resources/insecure-parent.html';
-    var pre_registration_frame;
-    var post_registration_frame;
+              '/service-workers/service-worker/resources/insecure-parent.html';
+    var pre_registration_window;
+    var post_registration_window;

     return navigator.serviceWorker.getRegistration(scope)
       // Unregister.
       .then(reg => {
-          if (reg)
+          if (reg) {
             return reg.unregister();
+          }
         })

-      // Create an iframe prior to registration.
-      .then(() => with_iframe(insecure_url))
+      // Create a window prior to registration.
+      .then(() => with_window(insecure_url))

       // Register.
-      .then(frame => {
-          pre_registration_frame = frame;
-          add_result_callback(() => pre_registration_frame.remove());
+      .then(boxed_window => {
+          pre_registration_window = boxed_window[0];
+          t.add_cleanup(() => pre_registration_window.close());
           return navigator.serviceWorker.register(script, {scope:scope});
         })
       .then(reg => {
@@ -65,21 +84,23 @@ promise_test(t => {
           return wait_for_state(t, registration.installing, 'activated');
         })

-      // Create an iframe after registration.
-      .then(() => with_iframe(insecure_url))
-      .then(frame => post_registration_frame = frame)
-
-      // Check that no frame is controlled.
-      .then(() => assert_no_controller(pre_registration_frame,
-                      'pre_registration_frame should not be controlled'))
-      .then(() => assert_no_controller(post_registration_frame,
-                      'post_registration_frame should not be controlled'))
+      // Create a window after registration.
+      .then(() => with_window(insecure_url))
+      .then(boxed_window => {
+          post_registration_window = boxed_window[0];
+          t.add_cleanup(() => post_registration_window.close());
+        })
+      // Check that no window is controlled.
+      .then(() => assert_no_controller(pre_registration_window,
+                      'pre_registration_window should not be controlled'))
+      .then(() => assert_no_controller(post_registration_window,
+                      'post_registration_window should not be controlled'))

-      // Attempt to claim. The iframes should still have no controllers.
+      // Attempt to claim. The windows should still have no controllers.
       .then(() => wait_for_claim(registration.active))
-      .then(() => assert_no_controller(pre_registration_frame,
-                      'pre_registration_frame should not be claimed'))
-      .then(() => assert_no_controller(post_registration_frame,
-                      'post_registration_frame should not be claimed'));
-  }, 'Service worker does not control a subframe of an insecure frame');
+      .then(() => assert_no_controller(pre_registration_window,
+                      'pre_registration_window should not be claimed'))
+      .then(() => assert_no_controller(post_registration_window,
+                      'post_registration_window should not be claimed'));
+  }, 'Service worker does not control a subframe of an insecure window');
 </script>
diff --git a/third_party/WebKit/LayoutTests/external/wpt/service-workers/service-worker/resources/claim-worker.js b/third_party/WebKit/LayoutTests/external/wpt/service-workers/service-worker/resources/claim-worker.js
index 53f210c..50a4a5d 100644
--- a/third_party/WebKit/LayoutTests/external/wpt/service-workers/service-worker/resources/claim-worker.js
+++ b/third_party/WebKit/LayoutTests/external/wpt/service-workers/service-worker/resources/claim-worker.js
@@ -1,5 +1,5 @@
 self.addEventListener('message', function(event) {
-    self.clients.claim()
+    event.waitUntil(self.clients.claim()
       .then(function(result) {
           if (result !== undefined) {
               event.data.port.postMessage(
@@ -10,7 +10,7 @@ self.addEventListener('message', function(event) {
         })
       .catch(function(error) {
           event.data.port.postMessage('FAIL: exception: ' + error.name);
-        });
+        }));
   });

 self.addEventListener('fetch', function(event) {
diff --git a/third_party/WebKit/LayoutTests/http/tests/serviceworker/resources/insecure-inscope.html b/third_party/WebKit/LayoutTests/external/wpt/service-workers/service-worker/resources/insecure-inscope.html
similarity index 54%
rename from third_party/WebKit/LayoutTests/http/tests/serviceworker/resources/insecure-inscope.html
rename to third_party/WebKit/LayoutTests/external/wpt/service-workers/service-worker/resources/insecure-inscope.html
index 7fd97f2..e2b0ce9 100644
--- a/third_party/WebKit/LayoutTests/http/tests/serviceworker/resources/insecure-inscope.html
+++ b/third_party/WebKit/LayoutTests/external/wpt/service-workers/service-worker/resources/insecure-inscope.html
@@ -4,9 +4,10 @@
 <script>
 // The top window messages us when it wants to check for a controller.
 window.onmessage = (e => {
-    if (navigator.serviceWorker.controller === null)
-      window.top.postMessage('PASS', '*');
-    else
-      window.top.postMessage('FAIL', '*');
+    if (navigator.serviceWorker.controller === null) {
+      window.parent.postMessage('PASS', '*');
+    } else {
+      window.parent.postMessage('FAIL', '*');
+    }
   });
 </script>
diff --git a/third_party/WebKit/LayoutTests/http/tests/serviceworker/resources/insecure-parent.html b/third_party/WebKit/LayoutTests/external/wpt/service-workers/service-worker/resources/insecure-parent.html
similarity index 50%
rename from third_party/WebKit/LayoutTests/http/tests/serviceworker/resources/insecure-parent.html
rename to third_party/WebKit/LayoutTests/external/wpt/service-workers/service-worker/resources/insecure-parent.html
index 52a066a..3e1d273 100644
--- a/third_party/WebKit/LayoutTests/http/tests/serviceworker/resources/insecure-parent.html
+++ b/third_party/WebKit/LayoutTests/external/wpt/service-workers/service-worker/resources/insecure-parent.html
@@ -1,16 +1,21 @@
 <!DOCTYPE html>
 <meta charset="utf-8">
-<script src="../../resources/get-host-info.js?pipe=sub"></script>
+<script src="/common/get-host-info.sub.js"></script>
 <title>Page Title</title>
 <body></body>
 <script>
 var iframe = document.createElement('iframe');
 iframe.src = get_host_info().HTTP_ORIGIN +
-    '/serviceworker/resources/insecure-inscope.html';
+    '/service-workers/service-worker/resources/insecure-inscope.html';
 document.body.appendChild(iframe);

+window.addEventListener('load', function() {
+    opener.postMessage('loaded', '*');
+  });
+
 // The top frame messages us to message the subframe.
 window.addEventListener('message', e => {
-    iframe.contentWindow.postMessage(e.data, '*');
+    var target = e.source === opener ? iframe.contentWindow : opener;
+    target.postMessage(e.data, '*');
   });
 </script>
diff --git a/third_party/WebKit/LayoutTests/http/tests/serviceworker/resources/claim-worker.js b/third_party/WebKit/LayoutTests/http/tests/serviceworker/resources/claim-worker.js
deleted file mode 100644
index a0e1ac8..0000000
--- a/third_party/WebKit/LayoutTests/http/tests/serviceworker/resources/claim-worker.js
+++ /dev/null
@@ -1,14 +0,0 @@
-self.addEventListener('message', function(event) {
-    event.waitUntil(self.clients.claim()
-      .then(function(result) {
-          if (result !== undefined) {
-              event.data.port.postMessage(
-                  'FAIL: claim() should be resolved with undefined');
-              return;
-          }
-          event.data.port.postMessage('PASS');
-        })
-      .catch(function(error) {
-          event.data.port.postMessage('FAIL: exception: ' + error.name);
-        }));
-  });
	commit afbf7cbe87e9abf53230b755953e2a4bc110550a
	Author: Mike Pennisi <mike@mikepennisi.com>
	Date: Tue May 9 12:04:08 2017 -0400

	Upstream Service Worker window test to WPT

	The Chromium infrastructure runs tests through the `localhost` address,
	allowing tests there to include insecure iframe resources without
	triggering "mixed content" errors. The WPT infrastructure executes tests
	via an aliased host name, precluding this approach.

	Re-factor the test to create insecure browsing contexts as new windows
	since windows are not subject to the same constraints. Update the
	inter-context messaging protocol to account for this change.

	Update the `claim-worker.js` "resource" script to extend worker
	lifecycle until the asynchronous operation is complete. Remove
	Chromium's copy of that script as there are no further tests that
	reference it.

	BUG=688116
	R=mek@chromium.org

	diff --git a/third_party/WebKit/LayoutTests/http/tests/serviceworker/insecure-parent-frame.html b/third_party/WebKit/LayoutTests/external/wpt/service-workers/service-worker/insecure-parent-frame.https.html
	similarity index 39%
	rename from third_party/WebKit/LayoutTests/http/tests/serviceworker/insecure-parent-frame.html
	rename to third_party/WebKit/LayoutTests/external/wpt/service-workers/service-worker/insecure-parent-frame.https.html
	index 98cdf66..e9f6e3f 100644
	--- a/third_party/WebKit/LayoutTests/http/tests/serviceworker/insecure-parent-frame.html
	+++ b/third_party/WebKit/LayoutTests/external/wpt/service-workers/service-worker/insecure-parent-frame.https.html
	@@ -1,9 +1,9 @@
	<!DOCTYPE html>
	<meta charset="utf-8">
	-<script src="../resources/testharness.js"></script>
	-<script src="../resources/testharnessreport.js"></script>
	-<script src="../resources/get-host-info.js?pipe=sub"></script>
	-<script src="resources/test-helpers.js"></script>
	+<script src="/resources/testharness.js"></script>
	+<script src="/resources/testharnessreport.js"></script>
	+<script src="/common/get-host-info.sub.js"></script>
	+<script src="resources/test-helpers.sub.js"></script>
	<title>Insecure parent frame test</title>
	<body></body>
	<script>
	@@ -21,43 +21,62 @@ function wait_for_claim(worker) {
	});
	}

	-// Asks \|frame\| whether it has a controller. Returns a promise that resolves
	-// if controller was null.
	-function assert_no_controller(frame, description) {
	+// Asks \|win\| whether it has a controller. Returns a promise that resolves if
	+// controller was null.
	+function assert_no_controller(win, description) {
	var saw_message = new Promise(resolve => {
	window.onmessage = (e => resolve(e.data));
	- frame.contentWindow.postMessage('', '*');
	+ win.postMessage('', '*');
	});

	return saw_message.then(data => assert_equals(data, 'PASS', description));
	}

	-// This test creates https iframes inside insecure http iframes. It registers a
	+function with_window(url) {
	+ return new Promise(function(resolve) {
	+ var win = open(url);
	+ window.addEventListener('message', function onLoad(event) {
	+ if (event.source !== win) {
	+ return;
	+ }
	+
	+ window.removeEventListener('message', onload);
	+ // Reference must be boxed so that internal Promise mechanism does
	+ // not trigger error when referencing the `then` property of the
	+ // resolution value.
	+ resolve([win]);
	+ }, false);
	+ });
	+}
	+
	+// This test creates HTTPS iframes inside insecure HTTP windows. It registers a
	// service worker that should not control the in-scope iframes. The iframes
	-// communicate whether they have a controller to the top-level frame.
	+// communicate whether they have a controller to their parent, which forwards
	+// the message to the top-level test document.
	promise_test(t => {
	var script = 'resources/claim-worker.js';
	var scope = 'resources/insecure-inscope';
	var registration;
	var insecure_url = get_host_info().UNAUTHENTICATED_ORIGIN +
	- '/serviceworker/resources/insecure-parent.html';
	- var pre_registration_frame;
	- var post_registration_frame;
	+ '/service-workers/service-worker/resources/insecure-parent.html';
	+ var pre_registration_window;
	+ var post_registration_window;

	return navigator.serviceWorker.getRegistration(scope)
	// Unregister.
	.then(reg => {
	- if (reg)
	+ if (reg) {
	return reg.unregister();
	+ }
	})

	- // Create an iframe prior to registration.
	- .then(() => with_iframe(insecure_url))
	+ // Create a window prior to registration.
	+ .then(() => with_window(insecure_url))

	// Register.
	- .then(frame => {
	- pre_registration_frame = frame;
	- add_result_callback(() => pre_registration_frame.remove());
	+ .then(boxed_window => {
	+ pre_registration_window = boxed_window[0];
	+ t.add_cleanup(() => pre_registration_window.close());
	return navigator.serviceWorker.register(script, {scope:scope});
	})
	.then(reg => {
	@@ -65,21 +84,23 @@ promise_test(t => {
	return wait_for_state(t, registration.installing, 'activated');
	})

	- // Create an iframe after registration.
	- .then(() => with_iframe(insecure_url))
	- .then(frame => post_registration_frame = frame)
	-
	- // Check that no frame is controlled.
	- .then(() => assert_no_controller(pre_registration_frame,
	- 'pre_registration_frame should not be controlled'))
	- .then(() => assert_no_controller(post_registration_frame,
	- 'post_registration_frame should not be controlled'))
	+ // Create a window after registration.
	+ .then(() => with_window(insecure_url))
	+ .then(boxed_window => {
	+ post_registration_window = boxed_window[0];
	+ t.add_cleanup(() => post_registration_window.close());
	+ })
	+ // Check that no window is controlled.
	+ .then(() => assert_no_controller(pre_registration_window,
	+ 'pre_registration_window should not be controlled'))
	+ .then(() => assert_no_controller(post_registration_window,
	+ 'post_registration_window should not be controlled'))

	- // Attempt to claim. The iframes should still have no controllers.
	+ // Attempt to claim. The windows should still have no controllers.
	.then(() => wait_for_claim(registration.active))
	- .then(() => assert_no_controller(pre_registration_frame,
	- 'pre_registration_frame should not be claimed'))
	- .then(() => assert_no_controller(post_registration_frame,
	- 'post_registration_frame should not be claimed'));
	- }, 'Service worker does not control a subframe of an insecure frame');
	+ .then(() => assert_no_controller(pre_registration_window,
	+ 'pre_registration_window should not be claimed'))
	+ .then(() => assert_no_controller(post_registration_window,
	+ 'post_registration_window should not be claimed'));
	+ }, 'Service worker does not control a subframe of an insecure window');
	</script>
	diff --git a/third_party/WebKit/LayoutTests/external/wpt/service-workers/service-worker/resources/claim-worker.js b/third_party/WebKit/LayoutTests/external/wpt/service-workers/service-worker/resources/claim-worker.js
	index 53f210c..50a4a5d 100644
	--- a/third_party/WebKit/LayoutTests/external/wpt/service-workers/service-worker/resources/claim-worker.js
	+++ b/third_party/WebKit/LayoutTests/external/wpt/service-workers/service-worker/resources/claim-worker.js
	@@ -1,5 +1,5 @@
	self.addEventListener('message', function(event) {
	- self.clients.claim()
	+ event.waitUntil(self.clients.claim()
	.then(function(result) {
	if (result !== undefined) {
	event.data.port.postMessage(
	@@ -10,7 +10,7 @@ self.addEventListener('message', function(event) {
	})
	.catch(function(error) {
	event.data.port.postMessage('FAIL: exception: ' + error.name);
	- });
	+ }));
	});

	self.addEventListener('fetch', function(event) {
	diff --git a/third_party/WebKit/LayoutTests/http/tests/serviceworker/resources/insecure-inscope.html b/third_party/WebKit/LayoutTests/external/wpt/service-workers/service-worker/resources/insecure-inscope.html
	similarity index 54%
	rename from third_party/WebKit/LayoutTests/http/tests/serviceworker/resources/insecure-inscope.html
	rename to third_party/WebKit/LayoutTests/external/wpt/service-workers/service-worker/resources/insecure-inscope.html
	index 7fd97f2..e2b0ce9 100644
	--- a/third_party/WebKit/LayoutTests/http/tests/serviceworker/resources/insecure-inscope.html
	+++ b/third_party/WebKit/LayoutTests/external/wpt/service-workers/service-worker/resources/insecure-inscope.html
	@@ -4,9 +4,10 @@
	<script>
	// The top window messages us when it wants to check for a controller.
	window.onmessage = (e => {
	- if (navigator.serviceWorker.controller === null)
	- window.top.postMessage('PASS', '*');
	- else
	- window.top.postMessage('FAIL', '*');
	+ if (navigator.serviceWorker.controller === null) {
	+ window.parent.postMessage('PASS', '*');
	+ } else {
	+ window.parent.postMessage('FAIL', '*');
	+ }
	});
	</script>
	diff --git a/third_party/WebKit/LayoutTests/http/tests/serviceworker/resources/insecure-parent.html b/third_party/WebKit/LayoutTests/external/wpt/service-workers/service-worker/resources/insecure-parent.html
	similarity index 50%
	rename from third_party/WebKit/LayoutTests/http/tests/serviceworker/resources/insecure-parent.html
	rename to third_party/WebKit/LayoutTests/external/wpt/service-workers/service-worker/resources/insecure-parent.html
	index 52a066a..3e1d273 100644
	--- a/third_party/WebKit/LayoutTests/http/tests/serviceworker/resources/insecure-parent.html
	+++ b/third_party/WebKit/LayoutTests/external/wpt/service-workers/service-worker/resources/insecure-parent.html
	@@ -1,16 +1,21 @@
	<!DOCTYPE html>
	<meta charset="utf-8">
	-<script src="../../resources/get-host-info.js?pipe=sub"></script>
	+<script src="/common/get-host-info.sub.js"></script>
	<title>Page Title</title>
	<body></body>
	<script>
	var iframe = document.createElement('iframe');
	iframe.src = get_host_info().HTTP_ORIGIN +
	- '/serviceworker/resources/insecure-inscope.html';
	+ '/service-workers/service-worker/resources/insecure-inscope.html';
	document.body.appendChild(iframe);

	+window.addEventListener('load', function() {
	+ opener.postMessage('loaded', '*');
	+ });
	+
	// The top frame messages us to message the subframe.
	window.addEventListener('message', e => {
	- iframe.contentWindow.postMessage(e.data, '*');
	+ var target = e.source === opener ? iframe.contentWindow : opener;
	+ target.postMessage(e.data, '*');
	});
	</script>
	diff --git a/third_party/WebKit/LayoutTests/http/tests/serviceworker/resources/claim-worker.js b/third_party/WebKit/LayoutTests/http/tests/serviceworker/resources/claim-worker.js
	deleted file mode 100644
	index a0e1ac8..0000000
	--- a/third_party/WebKit/LayoutTests/http/tests/serviceworker/resources/claim-worker.js
	+++ /dev/null
	@@ -1,14 +0,0 @@
	-self.addEventListener('message', function(event) {
	- event.waitUntil(self.clients.claim()
	- .then(function(result) {
	- if (result !== undefined) {
	- event.data.port.postMessage(
	- 'FAIL: claim() should be resolved with undefined');
	- return;
	- }
	- event.data.port.postMessage('PASS');
	- })
	- .catch(function(error) {
	- event.data.port.postMessage('FAIL: exception: ' + error.name);
	- }));
	- });