chore: update WPT (#4214)

Co-authored-by: Uzlopak <5059100+Uzlopak@users.noreply.github.com>

Author: github-actions[bot]

test/fixtures/wpt/fetch/api/request/WEB_FEATURES.yml

@@ -0,0 +1,4 @@
+features:
+- name: fetch-priority
+  files:
+  - request-init-priority.any.js

test/fixtures/wpt/fetch/http-cache/no-vary-search.tentative.any.js

@@ -6,12 +6,15 @@
 // META: script=http-cache.js
 /*
 NOTE for testing No-Vary-Search-Header:
-If `params` is set to true, `expect=("dispatch" "uuid")` must be specified.
-Otherwise:
-- The same HTTP Cache will be used by other tests, which are supposed
-  to be distinguished by uuid.
-- The test utility cannot get the server's states because UA will use the HTTP
-  Cache instead of sending a new request to server to ask for the latest state.
+- If `params` is set to true, `expect=("dispatch" "uuid")` must be specified.
+  Otherwise:
+  - The same HTTP Cache will be used by other tests, which are supposed
+    to be distinguished by uuid.
+  - The test utility cannot get the server's states because UA will use the HTTP
+    Cache instead of sending a new request to server to ask for the latest state.
+- Do not test not_cached cases and cached cases within one test. Test infra
+  checks the number of requests and responses without considering if the
+  previous responses should be served from cache or not.
 */
 var tests = [
   {
@@ -28,6 +31,61 @@ var tests = [
         expected_type: "cached"
       }
     ]
+  },
+  {
+    name: "Ground truth: When key-order is not set, URLs should be compared in an order-sensitive way.",
+    requests: [
+      {
+        url_params: "a=1&b=2",
+        response_headers: [
+          ["Cache-Control", "max-age=10000"],
+        ],
+      },
+      {
+        url_params: "b=2&a=1",
+        expected_type: "not_cached"
+      }
+    ]
+  },
+  {
+    name: "When key-order is set , URLs should be compared in an order-insensitive way. Matched cases:",
+    requests: [
+      {
+        url_params: "a=1&b=2",
+        response_headers: [
+          ["Cache-Control", "max-age=10000"],
+          ["No-Vary-Search", "key-order"],
+        ],
+      },
+      {
+        url_params: "b=2&a=1",
+        expected_type: "cached"
+      }
+    ]
+  },
+  {
+    name: "When key-order is set , URLs should be compared in an order-insensitive way. Not matched cases",
+    requests: [
+      {
+        url_params: "a=1&b=2",
+        response_headers: [
+          ["Cache-Control", "max-age=10000"],
+          ["No-Vary-Search", "key-order"],
+        ],
+      },
+      {
+        url_params: "b=2",
+        expected_type: "not_cached"
+      },
+      {
+        url_params: "a=2&b=2",
+        expected_type: "not_cached"
+      },
+      {
+        url_params: "a=1&b=2&c=3",
+        expected_type: "not_cached"
+      }
+    ]
   }
 ];
 run_tests(tests);

test/fixtures/wpt/fetch/http-cache/pragma-no-cache-with-cache-control.html

@@ -0,0 +1,28 @@
+<!DOCTYPE html>
+<meta charset="utf-8">
+<title>HTTP Cache: Cache-Control with Pragma: no-cache</title>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<body>
+<script>
+promise_test(async t => {
+  // According to https://www.rfc-editor.org/rfc/rfc9111.html#name-pragma
+  // the pragma header is deprecated.
+  // When there's a mismatch between pragma and Cache-Control then the latter
+  // should be respected, and the resource should be cached.
+  const url = 'resources/cached_pragma_rand.py'
+
+  // First fetch to populate the cache
+  const response1 = await fetch(url, { cache: 'default' });
+  assert_true(response1.ok, 'First fetch should succeed');
+  const text1 = await response1.text();
+
+  // Second fetch should be served from cache
+  const response2 = await fetch(url, { cache: 'default' });
+  assert_true(response2.ok, 'Second fetch should succeed');
+  const text2 = await response2.text();
+
+  assert_equals(text1, text2, 'Responses should be identical, indicating caching');
+}, 'Response with Cache-Control: max-age=2592000, public and Pragma: no-cache should be cached');
+</script>
+</body>

test/fixtures/wpt/fetch/http-cache/resources/cached_pragma_rand.py

@@ -0,0 +1,14 @@
+def main(request, response):
+    # Disable non-standard XSS protection
+    response.headers.set(b"X-XSS-Protection", b"0")
+    response.headers.set(b"Content-Type", b"text/html")
+
+    # Set caching headers
+    # According to rfc9111 Pragma: no-cache is deprecated, so we expect
+    # Cache-Control to take precedence when there's a mismatch.
+    response.headers.set(b"Cache-Control", b"max-age=2592000, public")
+    response.headers.set(b"Pragma", b"no-cache")
+
+    # Include a timestamp to verify caching behavior
+    import time
+    response.content = f"Timestamp: {time.time()}".encode('utf-8')

test/fixtures/wpt/fetch/local-network-access/META.yml

@@ -0,0 +1,5 @@
+spec: https://wicg.github.io/local-network-access/
+suggested_reviewers:
+  - cthomp
+  - camillelamy
+  - hchao

test/fixtures/wpt/fetch/local-network-access/README.md

@@ -0,0 +1,11 @@
+# Local Network Access tests
+
+This directory contains tests for Local Network Access' integration with
+the Fetch specification.
+
+See also:
+
+* [Explainer](https://github.com/explainers-by-googlers/local-network-access)
+
+Local Network Access replaced [Private Network
+Access](https://wicg.github.io/local-network-access/).

test/fixtures/wpt/fetch/local-network-access/fetch.tentative.https.html

@@ -0,0 +1,87 @@
+<!DOCTYPE html>
+<meta charset="utf-8">
+<title>LNA Fetch tests: HTTPS </title>
+<body>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/resources/testdriver.js"></script>
+<script src="/resources/testdriver-vendor.js"></script>
+<script src="resources/support.sub.js"></script>
+<script>
+  "use strict";
+
+  promise_test(t => {
+    const sourceUrl = resolveUrl("resources/fetch-private.html",
+        sourceResolveOptions({ server: Server.HTTPS_PUBLIC }));
+
+    function checkResult(evt) {
+      checkTestResult(evt.data, FetchTestResult.SUCCESS);
+      t.done();
+    }
+
+    const promise = new Promise((resolve) => {
+                      window.addEventListener('message', resolve, {once: true});
+                    }).then(checkResult);
+    const popup = window.open(sourceUrl);
+    t.add_cleanup(() => popup.close());
+
+    return promise;
+  }, 'LNA Public to private with permission');
+
+  promise_test(t => {
+    // TODO(crbug.com/406991278): consider moving permission url param into
+    // options
+    const sourceUrl = resolveUrl("resources/fetch-private.html?permission=denied",
+        sourceResolveOptions({ server: Server.HTTPS_PUBLIC }));
+
+    function checkResult(evt) {
+      checkTestResult(evt.data, FetchTestResult.FAILURE);
+      t.done();
+    }
+
+    const promise = new Promise((resolve) => {
+                      window.addEventListener('message', resolve, {once: true});
+                    }).then(checkResult);
+    const popup = window.open(sourceUrl);
+    t.add_cleanup(() => popup.close());
+
+    return promise;
+  }, 'LNA Public to private with permission denied');
+
+  promise_test(t => {
+    const sourceUrl = resolveUrl("resources/fetch-private-http.html",
+        sourceResolveOptions({ server: Server.HTTPS_PUBLIC }));
+
+    function checkResult(evt) {
+      checkTestResult(evt.data, FetchTestResult.SUCCESS);
+      t.done();
+    }
+
+    const promise = new Promise((resolve) => {
+                      window.addEventListener('message', resolve, {once: true});
+                    }).then(checkResult);
+    const popup = window.open(sourceUrl);
+    t.add_cleanup(() => popup.close());
+
+    return promise;
+  }, 'LNA Public to private http mixed content bypass');
+
+  promise_test(t => {
+    const sourceUrl = resolveUrl("resources/fetch-public-http-wrong-address-space.html",
+        sourceResolveOptions({ server: Server.HTTPS_PUBLIC }));
+
+    function checkResult(evt) {
+      checkTestResult(evt.data, FetchTestResult.FAILURE);
+      t.done();
+    }
+
+    const promise = new Promise((resolve) => {
+                      window.addEventListener('message', resolve, {once: true});
+                    }).then(checkResult);
+    const popup = window.open(sourceUrl);
+    t.add_cleanup(() => popup.close());
+
+    return promise;
+  }, 'LNA Public to public http mixed content bypass failure');
+</script>
+</body>

test/fixtures/wpt/fetch/local-network-access/resources/fetch-private-http.html

@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<meta charset="utf-8">
+<title>Fetch HTTP private with targetAddressSpace private </title>
+
+<script src="/resources/testdriver.js"></script>
+<script src="/resources/testdriver-vendor.js"></script>
+<script src="support.sub.js"></script>
+<script>
+"use strict";
+
+// Fetch a private address over HTTP. Fetch is annotated with a
+// targetAddressSpace of private to allow for mixed content check bypassing.
+//
+// TODO(crbug.com/406991278): consolidate with fetch-private.html adding
+// options to minimize # of resources needed.
+Promise.resolve().then(async () => {
+  test_driver.set_test_context(opener);
+  await test_driver.set_permission({ name: 'local-network-access' }, 'granted');
+
+  const target = {
+    server: Server.HTTP_PRIVATE,
+    behavior: { response: ResponseBehavior.allowCrossOrigin() },
+  };
+  const targetUrl = resolveTargetUrl(target);
+
+  // TODO(crbug.com/406991278): rename address space for LNA spec
+  fetch(targetUrl, {targetAddressSpace: 'private'})
+      .then(async function(response) {
+        const body = await response.text();
+        const message = {
+          ok: response.ok,
+          type: response.type,
+          body: body,
+        };
+        opener.postMessage(message, "*");
+      })
+      .catch(error => {
+        opener.postMessage({ error: error.toString() }, "*");
+      });
+});
+</script>

test/fixtures/wpt/fetch/local-network-access/resources/fetch-private.html

@@ -0,0 +1,52 @@
+<!DOCTYPE html>
+<meta charset="utf-8">
+<title>Fetch Private resource</title>
+
+<script src="/resources/testdriver.js"></script>
+<script src="/resources/testdriver-vendor.js"></script>
+<script src="support.sub.js"></script>
+<script>
+"use strict";
+
+// Set the 'local-network-access' permission then attempt to fetch a resource
+// in the private address space.
+//
+// By default, 'local-network-access' permission is set to 'granted'. This can
+// be changed by passing in a different value via the 'permission' URL parameter.
+// Valid values:
+//
+//    * granted
+//    * denied
+//    * prompt
+Promise.resolve().then(async () => {
+
+  const window_url = new URL(window.location.href);
+  let permission_value = 'granted';
+  if (window_url.searchParams.has('permission')) {
+     permission_value = window_url.searchParams.get('permission');
+  }
+
+  test_driver.set_test_context(opener);
+  await test_driver.set_permission({ name: 'local-network-access' }, permission_value);
+
+  const target = {
+    server: Server.HTTPS_PRIVATE,
+    behavior: { response: ResponseBehavior.allowCrossOrigin() },
+  };
+  const targetUrl = resolveTargetUrl(target);
+
+  fetch(targetUrl)
+      .then(async function(response) {
+        const body = await response.text();
+        const message = {
+          ok: response.ok,
+          type: response.type,
+          body: body,
+        };
+        opener.postMessage(message, "*");
+      })
+      .catch(error => {
+        opener.postMessage({ error: error.toString() }, "*");
+      });
+});
+</script>

test/fixtures/wpt/fetch/local-network-access/resources/fetch-public-http-wrong-address-space.html

@@ -0,0 +1,43 @@
+<!DOCTYPE html>
+<meta charset="utf-8">
+<title>Fetch HTTP public targetAddress private resource</title>
+
+<script src="/resources/testdriver.js"></script>
+<script src="/resources/testdriver-vendor.js"></script>
+<script src="support.sub.js"></script>
+<script>
+"use strict";
+
+// Fetch a public address over HTTP. Fetch is annotated with a
+// targetAddressSpace of private to try to bypass mixed content, but should
+// fail because the address space of the resource does not match the target
+// address space.
+//
+// TODO(crbug.com/406991278): consolidate with fetch-private.html adding
+// options to minimize # of resources needed.
+Promise.resolve().then(async () => {
+  test_driver.set_test_context(opener);
+  await test_driver.set_permission({ name: 'local-network-access' }, 'granted');
+
+  const target = {
+    server: Server.HTTP_PUBLIC,
+    behavior: { response: ResponseBehavior.allowCrossOrigin() },
+  };
+  const targetUrl = resolveTargetUrl(target);
+
+  // TODO(crbug.com/406991278): rename address space for LNA spec
+  fetch(targetUrl, {targetAddressSpace: 'private'})
+      .then(async function(response) {
+        const body = await response.text();
+        const message = {
+          ok: response.ok,
+          type: response.type,
+          body: body,
+        };
+        opener.postMessage(message, "*");
+      })
+      .catch(error => {
+        opener.postMessage({ error: error.toString() }, "*");
+      });
+});
+</script>