Changeset 292595 in webkit

Timestamp:

Apr 8, 2022 1:30:55 AM (3 months ago)

Author:

commit-queue@webkit.org

Message:

Incorrect CORP/COEP check in 304 responses
​https://bugs.webkit.org/show_bug.cgi?id=238238
<rdar://problem/90706510>

Patch by Carlos Garcia Campos <​cgarcia@igalia.com> on 2022-04-08
Reviewed by Youenn Fablet.

LayoutTests/imported/w3c:

Sync cross-origin-embedder-policy tests to include the new test require-corp-revalidated-images.https.html.

• web-platform-tests/html/cross-origin-embedder-policy/block-local-documents-inheriting-none.https.html:
• web-platform-tests/html/cross-origin-embedder-policy/credentialless/cache-storage.https.window.html: Added.
• web-platform-tests/html/cross-origin-embedder-policy/credentialless/cache-storage.https.window.js: Renamed from LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/cache-storage.tentative.https.window.js.
• web-platform-tests/html/cross-origin-embedder-policy/credentialless/cache.window.html: Added.
• web-platform-tests/html/cross-origin-embedder-policy/credentialless/cache.window.js: Renamed from LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/cache.tentative.window.js.
• web-platform-tests/html/cross-origin-embedder-policy/credentialless/dedicated-worker.https.window.html: Added.
• web-platform-tests/html/cross-origin-embedder-policy/credentialless/dedicated-worker.https.window.js: Renamed from LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/dedicated-worker.tentative.https.window.js.
• web-platform-tests/html/cross-origin-embedder-policy/credentialless/fetch.https.window.html: Added.
• web-platform-tests/html/cross-origin-embedder-policy/credentialless/fetch.https.window.js: Renamed from LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/fetch.tentative.https.window.js.
• web-platform-tests/html/cross-origin-embedder-policy/credentialless/iframe-coep-credentialless.https.window.html: Added.
• web-platform-tests/html/cross-origin-embedder-policy/credentialless/iframe-coep-credentialless.https.window.js: Renamed from LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/iframe-coep-credentialless.tentative.https.window.js.
• web-platform-tests/html/cross-origin-embedder-policy/credentialless/iframe-coep-none.https.window.html: Added.
• web-platform-tests/html/cross-origin-embedder-policy/credentialless/iframe-coep-none.https.window.js: Renamed from LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/iframe-coep-none.tentative.https.window.js.
• web-platform-tests/html/cross-origin-embedder-policy/credentialless/iframe-coep-require-corp.https.window.html: Added.
• web-platform-tests/html/cross-origin-embedder-policy/credentialless/iframe-coep-require-corp.https.window.js: Renamed from LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/iframe-coep-require-corp.tentative.https.window.js.
• web-platform-tests/html/cross-origin-embedder-policy/credentialless/iframe.window.html: Added.
• web-platform-tests/html/cross-origin-embedder-policy/credentialless/iframe.window.js: Renamed from LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/iframe.tentative.window.js.
• web-platform-tests/html/cross-origin-embedder-policy/credentialless/image.https.window.html: Added.
• web-platform-tests/html/cross-origin-embedder-policy/credentialless/image.https.window.js: Renamed from LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/image.tentative.https.window.js.
• web-platform-tests/html/cross-origin-embedder-policy/credentialless/link.https.window.html: Added.
• web-platform-tests/html/cross-origin-embedder-policy/credentialless/link.https.window.js: Renamed from LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/link.tentative.https.window.js.
• web-platform-tests/html/cross-origin-embedder-policy/credentialless/redirect.window.html: Added.
• web-platform-tests/html/cross-origin-embedder-policy/credentialless/redirect.window.js: Renamed from LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/redirect.tentative.window.js.
• web-platform-tests/html/cross-origin-embedder-policy/credentialless/reporting-navigation.https.window.html: Added.
• web-platform-tests/html/cross-origin-embedder-policy/credentialless/reporting-navigation.https.window.js: Renamed from LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/reporting-navigation.tentative.https.window.js.
• web-platform-tests/html/cross-origin-embedder-policy/credentialless/reporting-subresource-corp.https.window.html: Added.
• web-platform-tests/html/cross-origin-embedder-policy/credentialless/reporting-subresource-corp.https.window.js: Renamed from LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/reporting-subresource-corp.tentative.https.window.js.
• web-platform-tests/html/cross-origin-embedder-policy/credentialless/script.https.window.html: Added.
• web-platform-tests/html/cross-origin-embedder-policy/credentialless/script.https.window.js: Renamed from LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/script.tentative.https.window.js.
• web-platform-tests/html/cross-origin-embedder-policy/credentialless/service-worker-coep-credentialless-proxy.https.window.html: Added.
• web-platform-tests/html/cross-origin-embedder-policy/credentialless/service-worker-coep-credentialless-proxy.https.window.js: Renamed from LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/service-worker-coep-credentialless-proxy.tentative.https.window.js.
• web-platform-tests/html/cross-origin-embedder-policy/credentialless/service-worker-coep-none-proxy.https.window.html: Added.
• web-platform-tests/html/cross-origin-embedder-policy/credentialless/service-worker-coep-none-proxy.https.window.js: Renamed from LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/service-worker-coep-none-proxy.tentative.https.window.js.
• web-platform-tests/html/cross-origin-embedder-policy/credentialless/service-worker.https.window.html: Added.
• web-platform-tests/html/cross-origin-embedder-policy/credentialless/service-worker.https.window.js: Renamed from LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/service-worker.tentative.https.window.js.
• web-platform-tests/html/cross-origin-embedder-policy/credentialless/shared-worker.https.window.html: Added.
• web-platform-tests/html/cross-origin-embedder-policy/credentialless/shared-worker.https.window.js: Renamed from LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/shared-worker.tentative.https.window.js.
• web-platform-tests/html/cross-origin-embedder-policy/credentialless/video.https.window.html: Added.
• web-platform-tests/html/cross-origin-embedder-policy/credentialless/video.https.window.js: Renamed from LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/video.tentative.https.window.js.
• web-platform-tests/html/cross-origin-embedder-policy/credentialless/video.https.window.js.headers: Renamed from LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/video.tentative.https.window.js.headers.
• web-platform-tests/html/cross-origin-embedder-policy/credentialless/w3c-import.log:
• web-platform-tests/html/cross-origin-embedder-policy/dedicated-worker.https-expected.txt:
• web-platform-tests/html/cross-origin-embedder-policy/dedicated-worker.https.html:
• web-platform-tests/html/cross-origin-embedder-policy/reporting-to-endpoint.https.html:
• web-platform-tests/html/cross-origin-embedder-policy/reporting-to-endpoint.https.html.headers:
• web-platform-tests/html/cross-origin-embedder-policy/require-corp-cached-images.https-expected.txt:
• web-platform-tests/html/cross-origin-embedder-policy/require-corp-cached-images.https.html:
• web-platform-tests/html/cross-origin-embedder-policy/require-corp-revalidated-images.https-expected.txt: Added.
• web-platform-tests/html/cross-origin-embedder-policy/require-corp-revalidated-images.https.html: Added.
• web-platform-tests/html/cross-origin-embedder-policy/resources/corp-image.py:

(main):

• web-platform-tests/html/cross-origin-embedder-policy/resources/fetch-and-create-url.html: Added.
• web-platform-tests/html/cross-origin-embedder-policy/resources/load-corp-images.html:
• web-platform-tests/html/cross-origin-embedder-policy/resources/w3c-import.log:
• web-platform-tests/html/cross-origin-embedder-policy/resources/worker-support.js: Added.

(setCoep):
(resolveUrl):
(async withIframe):
(waitForMessage):
(async createLocalUrl):

• web-platform-tests/html/cross-origin-embedder-policy/shared-workers.https-expected.txt:
• web-platform-tests/html/cross-origin-embedder-policy/shared-workers.https.html:
• web-platform-tests/html/cross-origin-embedder-policy/w3c-import.log:

Source/WebKit:

Add CORP header to the 304 response if previously set to avoid being blocked by load checker due to COEP.

Test: imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/require-corp-revalidated-images.https.html

• NetworkProcess/NetworkResourceLoader.cpp:

(WebKit::NetworkResourceLoader::didReceiveResponse):

LayoutTests:

Mark some tests with DumpJSConsoleLogInStdErr modifier.

• TestExpectations:

Location:

trunk

Files:

• LayoutTests/ChangeLog (modified) (1 diff)
• LayoutTests/TestExpectations (modified) (1 diff)
• LayoutTests/imported/w3c/ChangeLog (modified) (1 diff)
• LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/block-local-documents-inheriting-none.https.html (modified) (5 diffs)
• LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/cache-storage.https.window.html (added)
• LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/cache-storage.https.window.js (moved) (moved from trunk/LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/cache-storage.tentative.https.window.js)
• LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/cache.window.html (added)
• LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/cache.window.js (moved) (moved from trunk/LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/cache.tentative.window.js)
• LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/dedicated-worker.https.window.html (added)
• LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/dedicated-worker.https.window.js (moved) (moved from trunk/LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/dedicated-worker.tentative.https.window.js)
• LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/fetch.https.window.html (added)
• LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/fetch.https.window.js (moved) (moved from trunk/LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/fetch.tentative.https.window.js)
• LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/iframe-coep-credentialless.https.window.html (added)
• LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/iframe-coep-credentialless.https.window.js (moved) (moved from trunk/LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/iframe-coep-credentialless.tentative.https.window.js)
• LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/iframe-coep-none.https.window.html (added)
• LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/iframe-coep-none.https.window.js (moved) (moved from trunk/LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/iframe-coep-none.tentative.https.window.js)
• LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/iframe-coep-require-corp.https.window.html (added)
• LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/iframe-coep-require-corp.https.window.js (moved) (moved from trunk/LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/iframe-coep-require-corp.tentative.https.window.js)
• LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/iframe.window.html (added)
• LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/iframe.window.js (moved) (moved from trunk/LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/iframe.tentative.window.js)
• LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/image.https.window.html (added)
• LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/image.https.window.js (moved) (moved from trunk/LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/image.tentative.https.window.js)
• LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/link.https.window.html (added)
• LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/link.https.window.js (moved) (moved from trunk/LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/link.tentative.https.window.js)
• LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/redirect.window.html (added)
• LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/redirect.window.js (moved) (moved from trunk/LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/redirect.tentative.window.js)
• LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/reporting-navigation.https.window.html (added)
• LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/reporting-navigation.https.window.js (moved) (moved from trunk/LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/reporting-navigation.tentative.https.window.js)
• LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/reporting-subresource-corp.https.window.html (added)
• LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/reporting-subresource-corp.https.window.js (moved) (moved from trunk/LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/reporting-subresource-corp.tentative.https.window.js)
• LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/script.https.window.html (added)
• LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/script.https.window.js (moved) (moved from trunk/LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/script.tentative.https.window.js)
• LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/service-worker-coep-credentialless-proxy.https.window.html (added)
• LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/service-worker-coep-credentialless-proxy.https.window.js (moved) (moved from trunk/LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/service-worker-coep-credentialless-proxy.tentative.https.window.js)
• LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/service-worker-coep-none-proxy.https.window.html (added)
• LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/service-worker-coep-none-proxy.https.window.js (moved) (moved from trunk/LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/service-worker-coep-none-proxy.tentative.https.window.js)
• LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/service-worker.https.window.html (added)
• LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/service-worker.https.window.js (moved) (moved from trunk/LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/service-worker.tentative.https.window.js)
• LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/shared-worker.https.window.html (added)
• LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/shared-worker.https.window.js (moved) (moved from trunk/LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/shared-worker.tentative.https.window.js)
• LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/video.https.window.html (added)
• LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/video.https.window.js (moved) (moved from trunk/LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/video.tentative.https.window.js)
• LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/video.https.window.js.headers (moved) (moved from trunk/LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/video.tentative.https.window.js.headers)
• LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/w3c-import.log (modified) (1 diff)
• LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/dedicated-worker.https-expected.txt (modified) (2 diffs)
• LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/dedicated-worker.https.html (modified) (8 diffs)
• LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/reporting-to-endpoint.https.html (modified) (7 diffs)
• LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/reporting-to-endpoint.https.html.headers (modified) (1 diff)
• LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/require-corp-cached-images.https-expected.txt (modified) (1 diff)
• LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/require-corp-cached-images.https.html (modified) (4 diffs)
• LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/require-corp-revalidated-images.https-expected.txt (added)
• LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/require-corp-revalidated-images.https.html (added)
• LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/resources/corp-image.py (modified) (1 diff)
• LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/resources/fetch-and-create-url.html (added)
• LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/resources/load-corp-images.html (modified) (3 diffs)
• LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/resources/w3c-import.log (modified) (2 diffs)
• LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/resources/worker-support.js (added)
• LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/shared-workers.https-expected.txt (modified) (1 diff)
• LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/shared-workers.https.html (modified) (4 diffs)
• LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/w3c-import.log (modified) (1 diff)
• Source/WebKit/ChangeLog (modified) (1 diff)
• Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp (modified) (1 diff)

trunk/LayoutTests/ChangeLog

@@ +1 @@
+2022-04-08  Carlos Garcia Campos  <cgarcia@igalia.com>
+
+        Incorrect CORP/COEP check in 304 responses
+        https://bugs.webkit.org/show_bug.cgi?id=238238
+        <rdar://problem/90706510>
+
+        Reviewed by Youenn Fablet.
+
+        Mark some tests with DumpJSConsoleLogInStdErr modifier.
+
+        * TestExpectations:
+
 2022-04-07  Matteo Flores  <matteo_flores@apple.com>
 

trunk/LayoutTests/TestExpectations

@@ -438 +438 @@
 imported/w3c/web-platform-tests/html/browsers/sandboxing/sandbox-disallow-popups.html [ DumpJSConsoleLogInStdErr ]
 imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/blob.https.html [ DumpJSConsoleLogInStdErr ]
+imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/require-corp-cached-images.https.html [ DumpJSConsoleLogInStdErr ]
+imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/require-corp-revalidated-images.https.html [ DumpJSConsoleLogInStdErr ]
 imported/w3c/web-platform-tests/html/cross-origin-opener-policy/coop-csp-sandbox.https.html [ DumpJSConsoleLogInStdErr ]
 imported/w3c/web-platform-tests/html/cross-origin-opener-policy/coop-navigated-history-popup.https.html [ DumpJSConsoleLogInStdErr ]

trunk/LayoutTests/imported/w3c/ChangeLog

@@ +1 @@
+2022-04-08  Carlos Garcia Campos  <cgarcia@igalia.com>
+
+        Incorrect CORP/COEP check in 304 responses
+        https://bugs.webkit.org/show_bug.cgi?id=238238
+        <rdar://problem/90706510>
+
+        Reviewed by Youenn Fablet.
+
+        Sync cross-origin-embedder-policy tests to include the new test require-corp-revalidated-images.https.html.
+
+        * web-platform-tests/html/cross-origin-embedder-policy/block-local-documents-inheriting-none.https.html:
+        * web-platform-tests/html/cross-origin-embedder-policy/credentialless/cache-storage.https.window.html: Added.
+        * web-platform-tests/html/cross-origin-embedder-policy/credentialless/cache-storage.https.window.js: Renamed from LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/cache-storage.tentative.https.window.js.
+        * web-platform-tests/html/cross-origin-embedder-policy/credentialless/cache.window.html: Added.
+        * web-platform-tests/html/cross-origin-embedder-policy/credentialless/cache.window.js: Renamed from LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/cache.tentative.window.js.
+        * web-platform-tests/html/cross-origin-embedder-policy/credentialless/dedicated-worker.https.window.html: Added.
+        * web-platform-tests/html/cross-origin-embedder-policy/credentialless/dedicated-worker.https.window.js: Renamed from LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/dedicated-worker.tentative.https.window.js.
+        * web-platform-tests/html/cross-origin-embedder-policy/credentialless/fetch.https.window.html: Added.
+        * web-platform-tests/html/cross-origin-embedder-policy/credentialless/fetch.https.window.js: Renamed from LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/fetch.tentative.https.window.js.
+        * web-platform-tests/html/cross-origin-embedder-policy/credentialless/iframe-coep-credentialless.https.window.html: Added.
+        * web-platform-tests/html/cross-origin-embedder-policy/credentialless/iframe-coep-credentialless.https.window.js: Renamed from LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/iframe-coep-credentialless.tentative.https.window.js.
+        * web-platform-tests/html/cross-origin-embedder-policy/credentialless/iframe-coep-none.https.window.html: Added.
+        * web-platform-tests/html/cross-origin-embedder-policy/credentialless/iframe-coep-none.https.window.js: Renamed from LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/iframe-coep-none.tentative.https.window.js.
+        * web-platform-tests/html/cross-origin-embedder-policy/credentialless/iframe-coep-require-corp.https.window.html: Added.
+        * web-platform-tests/html/cross-origin-embedder-policy/credentialless/iframe-coep-require-corp.https.window.js: Renamed from LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/iframe-coep-require-corp.tentative.https.window.js.
+        * web-platform-tests/html/cross-origin-embedder-policy/credentialless/iframe.window.html: Added.
+        * web-platform-tests/html/cross-origin-embedder-policy/credentialless/iframe.window.js: Renamed from LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/iframe.tentative.window.js.
+        * web-platform-tests/html/cross-origin-embedder-policy/credentialless/image.https.window.html: Added.
+        * web-platform-tests/html/cross-origin-embedder-policy/credentialless/image.https.window.js: Renamed from LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/image.tentative.https.window.js.
+        * web-platform-tests/html/cross-origin-embedder-policy/credentialless/link.https.window.html: Added.
+        * web-platform-tests/html/cross-origin-embedder-policy/credentialless/link.https.window.js: Renamed from LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/link.tentative.https.window.js.
+        * web-platform-tests/html/cross-origin-embedder-policy/credentialless/redirect.window.html: Added.
+        * web-platform-tests/html/cross-origin-embedder-policy/credentialless/redirect.window.js: Renamed from LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/redirect.tentative.window.js.
+        * web-platform-tests/html/cross-origin-embedder-policy/credentialless/reporting-navigation.https.window.html: Added.
+        * web-platform-tests/html/cross-origin-embedder-policy/credentialless/reporting-navigation.https.window.js: Renamed from LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/reporting-navigation.tentative.https.window.js.
+        * web-platform-tests/html/cross-origin-embedder-policy/credentialless/reporting-subresource-corp.https.window.html: Added.
+        * web-platform-tests/html/cross-origin-embedder-policy/credentialless/reporting-subresource-corp.https.window.js: Renamed from LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/reporting-subresource-corp.tentative.https.window.js.
+        * web-platform-tests/html/cross-origin-embedder-policy/credentialless/script.https.window.html: Added.
+        * web-platform-tests/html/cross-origin-embedder-policy/credentialless/script.https.window.js: Renamed from LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/script.tentative.https.window.js.
+        * web-platform-tests/html/cross-origin-embedder-policy/credentialless/service-worker-coep-credentialless-proxy.https.window.html: Added.
+        * web-platform-tests/html/cross-origin-embedder-policy/credentialless/service-worker-coep-credentialless-proxy.https.window.js: Renamed from LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/service-worker-coep-credentialless-proxy.tentative.https.window.js.
+        * web-platform-tests/html/cross-origin-embedder-policy/credentialless/service-worker-coep-none-proxy.https.window.html: Added.
+        * web-platform-tests/html/cross-origin-embedder-policy/credentialless/service-worker-coep-none-proxy.https.window.js: Renamed from LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/service-worker-coep-none-proxy.tentative.https.window.js.
+        * web-platform-tests/html/cross-origin-embedder-policy/credentialless/service-worker.https.window.html: Added.
+        * web-platform-tests/html/cross-origin-embedder-policy/credentialless/service-worker.https.window.js: Renamed from LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/service-worker.tentative.https.window.js.
+        * web-platform-tests/html/cross-origin-embedder-policy/credentialless/shared-worker.https.window.html: Added.
+        * web-platform-tests/html/cross-origin-embedder-policy/credentialless/shared-worker.https.window.js: Renamed from LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/shared-worker.tentative.https.window.js.
+        * web-platform-tests/html/cross-origin-embedder-policy/credentialless/video.https.window.html: Added.
+        * web-platform-tests/html/cross-origin-embedder-policy/credentialless/video.https.window.js: Renamed from LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/video.tentative.https.window.js.
+        * web-platform-tests/html/cross-origin-embedder-policy/credentialless/video.https.window.js.headers: Renamed from LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/video.tentative.https.window.js.headers.
+        * web-platform-tests/html/cross-origin-embedder-policy/credentialless/w3c-import.log:
+        * web-platform-tests/html/cross-origin-embedder-policy/dedicated-worker.https-expected.txt:
+        * web-platform-tests/html/cross-origin-embedder-policy/dedicated-worker.https.html:
+        * web-platform-tests/html/cross-origin-embedder-policy/reporting-to-endpoint.https.html:
+        * web-platform-tests/html/cross-origin-embedder-policy/reporting-to-endpoint.https.html.headers:
+        * web-platform-tests/html/cross-origin-embedder-policy/require-corp-cached-images.https-expected.txt:
+        * web-platform-tests/html/cross-origin-embedder-policy/require-corp-cached-images.https.html:
+        * web-platform-tests/html/cross-origin-embedder-policy/require-corp-revalidated-images.https-expected.txt: Added.
+        * web-platform-tests/html/cross-origin-embedder-policy/require-corp-revalidated-images.https.html: Added.
+        * web-platform-tests/html/cross-origin-embedder-policy/resources/corp-image.py:
+        (main):
+        * web-platform-tests/html/cross-origin-embedder-policy/resources/fetch-and-create-url.html: Added.
+        * web-platform-tests/html/cross-origin-embedder-policy/resources/load-corp-images.html:
+        * web-platform-tests/html/cross-origin-embedder-policy/resources/w3c-import.log:
+        * web-platform-tests/html/cross-origin-embedder-policy/resources/worker-support.js: Added.
+        (setCoep):
+        (resolveUrl):
+        (async withIframe):
+        (waitForMessage):
+        (async createLocalUrl):
+        * web-platform-tests/html/cross-origin-embedder-policy/shared-workers.https-expected.txt:
+        * web-platform-tests/html/cross-origin-embedder-policy/shared-workers.https.html:
+        * web-platform-tests/html/cross-origin-embedder-policy/w3c-import.log:
+
 2022-04-07  Antti Koivisto  <antti@apple.com>
 

trunk/LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/block-local-documents-inheriting-none.https.html

@@ -3 +3 @@
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="/common/dispatcher/dispatcher.js"></script>
 <script src="/common/get-host-info.sub.js"></script>
 <script src="/common/utils.js"></script>
@@ -59 +58 @@
   // This initial navigation is required because it uses the parent frame as the
   // initiator. That is first_iframe is the initiator, while we want top to be
-  // the initiator for this test, which will be done in step 3 with a second
+  // the initiator for this test, which will be done in step 4 with a second
   // navigation from that blank.html document to the local scheme one.
   const nested_frames = {};
@@ -75 +74 @@
   await Promise.all(nested_frames_promises);
 
-  // 3. Navigate nested frames to a local scheme document.
+  // 3. Navigate a dummy frame. This is required because some browsers (Chrome)
+  // might consider the first navigation in 4. as a redirect otherwise.
+  const dummy_Frame = document.createElement("iframe");
+  t.add_cleanup( () => dummy_Frame.remove() );
+  dummy_Frame.src = "/common/blank.html";
+  iframe_load_promise = new Promise( resolve => dummy_Frame.addEventListener("load", resolve) );
+  document.body.append(dummy_Frame);
+  await iframe_load_promise;
+
+  // 4. Navigate nested frames to a local scheme document.
   // COEP should be inherited from the initiator or blobURL's creator (top in both
   // cases), this results in COEP being none and the documents not being allowed
@@ -88 +96 @@
   });
 
-  // 4. Wait and validate reports.
+  // 5. Wait and validate reports.
   const reports = await reportPromise;
   assert_equals(reports.length, test_cases.length);
@@ -100 +108 @@
   // Also verify that no message was sent by the nested frames and stored in
   // received_events.
-  assert_equals([], received_events.sort());
+  assert_equals(received_events.length, 0);
 }, "Prevent local scheme documents from loading within a COEP: require-corp iframe if they inherit COEP: none");
 </script>

trunk/LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/w3c-import.log

@@ -17 +17 @@
 /LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/META.yml
 /LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/README.md
-/LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/cache-storage.tentative.https.window.js
-/LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/cache.tentative.window.js
+/LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/cache-storage.https.window.js
+/LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/cache.window.js
 /LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/cross-origin-isolated.window.js
-/LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/dedicated-worker.tentative.https.window.js
-/LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/fetch.tentative.https.window.js
-/LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/iframe-coep-credentialless.tentative.https.window.js
-/LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/iframe-coep-none.tentative.https.window.js
-/LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/iframe-coep-require-corp.tentative.https.window.js
-/LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/iframe.tentative.window.js
-/LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/image.tentative.https.window.js
-/LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/link.tentative.https.window.js
-/LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/redirect.tentative.window.js
-/LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/reporting-navigation.tentative.https.window.js
-/LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/reporting-subresource-corp.tentative.https.window.js
-/LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/script.tentative.https.window.js
-/LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/service-worker-coep-credentialless-proxy.tentative.https.window.js
-/LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/service-worker-coep-none-proxy.tentative.https.window.js
-/LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/service-worker.tentative.https.window.js
-/LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/shared-worker.tentative.https.window.js
-/LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/video.tentative.https.window.js
-/LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/video.tentative.https.window.js.headers
+/LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/dedicated-worker.https.window.js
+/LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/fetch.https.window.js
+/LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/iframe-coep-credentialless.https.window.js
+/LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/iframe-coep-none.https.window.js
+/LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/iframe-coep-require-corp.https.window.js
+/LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/iframe.window.js
+/LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/image.https.window.js
+/LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/link.https.window.js
+/LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/redirect.window.js
+/LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/reporting-navigation.https.window.js
+/LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/reporting-subresource-corp.https.window.js
+/LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/script.https.window.js
+/LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/service-worker-coep-credentialless-proxy.https.window.js
+/LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/service-worker-coep-none-proxy.https.window.js
+/LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/service-worker.https.window.js
+/LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/shared-worker.https.window.js
+/LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/video.https.window.js
+/LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/video.https.window.js.headers

trunk/LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/dedicated-worker.https-expected.txt

@@ -7 +7 @@
 CONSOLE MESSAGE: Worker load was blocked by Cross-Origin-Embedder-Policy
 CONSOLE MESSAGE: Cannot load https://localhost:9443/html/cross-origin-embedder-policy/resources/dedicated-worker.js due to access control checks.
+CONSOLE MESSAGE: Cancelled load to https://127.0.0.1:9443/common/blank.html because it violates the resource's Cross-Origin-Resource-Policy response header.
+CONSOLE MESSAGE: Cancelled load to https://127.0.0.1:9443/common/blank.html because it violates the resource's Cross-Origin-Resource-Policy response header.
 CONSOLE MESSAGE: Cancelled load to https://127.0.0.1:9443/common/blank.html because it violates the resource's Cross-Origin-Resource-Policy response header.
 CONSOLE MESSAGE: Cancelled load to https://127.0.0.1:9443/common/blank.html because it violates the resource's Cross-Origin-Resource-Policy response header.
@@ -18 +20 @@
 PASS COEP: require-corp module worker in COEP: none frame
 PASS COEP: require-corp module worker in COEP: require-corp frame
+PASS COEP: worker inherits COEP for blob URL.
+PASS COEP: worker inherits COEP from blob URL creator, not owner.
+FAIL COEP: worker inherits COEP for data URL. assert_equals: expected "FAILED" but got "LOADED"
+PASS COEP: worker inherits COEP from owner, not data URL creator.
+FAIL COEP: worker inherits COEP for filesystem URL. assert_equals: url creation error expected (undefined) undefined but got (string) "unimplemented"
+FAIL COEP: worker inherits COEP from filesystem URL creator, not owner. assert_equals: url creation error expected (undefined) undefined but got (string) "unimplemented"
 

trunk/LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/dedicated-worker.https.html

@@ -4 +4 @@
 <script src=/resources/testharnessreport.js></script>
 <script src="/common/get-host-info.sub.js"></script>
+<script src="resources/worker-support.js"></script>
 <body>
 <script>
-const HOST = get_host_info();
-const FETCH_URL = `${HOST.REMOTE_ORIGIN}/common/blank.html`;
-const WORKER_URL = new URL('resources/dedicated-worker.js', location).href;
-const WITH_COEP = '?pipe=header(cross-origin-embedder-policy,require-corp)';
-
-async function createWorker(t, frameHasCoep, workerHasCoep, workerOptions) {
-  const frame = document.createElement("iframe");
-  t.add_cleanup(() => frame.remove());
-  frame.src = '/common/blank.html';
-  if (frameHasCoep) {
-    frame.src += WITH_COEP;
-  }
-  document.body.append(frame);
-
-  await new Promise(resolve => {
-    frame.addEventListener('load', resolve, {once: true})
-  });
-  const worker = new frame.contentWindow.Worker(
-    workerHasCoep ? WORKER_URL + WITH_COEP : WORKER_URL, workerOptions);
-
-  return worker;
+
+const targetUrl = resolveUrl("/common/blank.html", {
+    host: get_host_info().REMOTE_HOST,
+}).href;
+
+function workerUrl(options) {
+  return resolveUrl("resources/dedicated-worker.js", options);
 }
 
-function waitForMessage(target) {
-  return new Promise(resolve => {
-    target.addEventListener('message', resolve, {once: true});
-  });
+async function createWorker(t, url, options) {
+  const { ownerCoep, workerOptions } = options || {};
+
+  const frameUrl = resolveUrl("/common/blank.html", {
+    coep: ownerCoep,
+  });
+  const frame = await withIframe(t, frameUrl);
+
+  return new frame.contentWindow.Worker(url, workerOptions);
 }
 
 promise_test(async (t) => {
-  const worker = await createWorker(t, false, false, {});
-  worker.onerror = t.unreached_func('Worker.onerror should not be called');
-
-  worker.postMessage(FETCH_URL);
+  const worker = await createWorker(t, workerUrl());
+  worker.onerror = t.unreached_func('Worker.onerror should not be called');
+
+  worker.postMessage(targetUrl);
 
   const result = await waitForMessage(worker);
@@ -46 +38 @@
 
 promise_test(async (t) => {
-  const worker = await createWorker(t, true, false, {});
+  const worker = await createWorker(t, workerUrl(), {
+    ownerCoep: "require-corp",
+  });
   await new Promise(resolve => {
     worker.onerror = resolve;
@@ -53 +47 @@
 
 promise_test(async (t) => {
-  const worker = await createWorker(t, false, true, {});
-  worker.onerror = t.unreached_func('Worker.onerror should not be called');
-
-  worker.postMessage(FETCH_URL);
+  const worker = await createWorker(t, workerUrl({ coep: "require-corp" }));
+  worker.onerror = t.unreached_func('Worker.onerror should not be called');
+
+  worker.postMessage(targetUrl);
 
   const result = await waitForMessage(worker);
@@ -63 +57 @@
 
 promise_test(async (t) => {
-  const worker = await createWorker(t, true, true, {});
-  worker.onerror = t.unreached_func('Worker.onerror should not be called');
-
-  worker.postMessage(FETCH_URL);
+  const worker = await createWorker(t, workerUrl({ coep: "require-corp" }), {
+    ownerCoep: "require-corp",
+  });
+  worker.onerror = t.unreached_func('Worker.onerror should not be called');
+
+  worker.postMessage(targetUrl);
 
   const result = await waitForMessage(worker);
@@ -73 +69 @@
 
 promise_test(async (t) => {
-  const worker = await createWorker(t, false, false, {type: 'module'});
-  worker.onerror = t.unreached_func('Worker.onerror should not be called');
-
-  worker.postMessage(FETCH_URL);
+  const worker = await createWorker(t, workerUrl(), {
+    workerOptions: { type: 'module' },
+  });
+  worker.onerror = t.unreached_func('Worker.onerror should not be called');
+
+  worker.postMessage(targetUrl);
 
   const result = await waitForMessage(worker);
@@ -83 +81 @@
 
 promise_test(async (t) => {
-  const worker = await createWorker(t, true, false, {type: 'module'});
+  const worker = await createWorker(t, workerUrl(), {
+    ownerCoep: "require-corp",
+    workerOptions: { type: 'module' },
+  });
   await new Promise(resolve => {
     worker.onerror = resolve;
@@ -90 +91 @@
 
 promise_test(async (t) => {
-  const worker = await createWorker(t, false, true, {type: 'module'});
-  worker.onerror = t.unreached_func('Worker.onerror should not be called');
-
-  worker.postMessage(FETCH_URL);
+  const worker = await createWorker(t, workerUrl({ coep: "require-corp" }), {
+    workerOptions: { type: 'module' },
+  });
+  worker.onerror = t.unreached_func('Worker.onerror should not be called');
+
+  worker.postMessage(targetUrl);
 
   const result = await waitForMessage(worker);
@@ -100 +103 @@
 
 promise_test(async (t) => {
-  const worker = await createWorker(t, true, true, {type: 'module'});
-  worker.onerror = t.unreached_func('Worker.onerror should not be called');
-
-  worker.postMessage(FETCH_URL);
+  const worker = await createWorker(t, workerUrl({ coep: "require-corp" }), {
+    ownerCoep: "require-corp",
+    workerOptions: { type: 'module' },
+  });
+  worker.onerror = t.unreached_func('Worker.onerror should not be called');
+
+  worker.postMessage(targetUrl);
 
   const result = await waitForMessage(worker);
   assert_equals(result.data, 'FAILED');
 }, 'COEP: require-corp module worker in COEP: require-corp frame');
+
+promise_test(async (t) => {
+  const url = await createLocalUrl(t, {
+    url: workerUrl(),
+    creatorCoep: "require-corp",
+    scheme: "blob",
+  });
+
+  const worker = await createWorker(t, url, { ownerCoep: "require-corp" });
+  worker.onerror = t.unreached_func('Worker.onerror should not be called');
+
+  worker.postMessage(targetUrl);
+
+  const result = await waitForMessage(worker);
+  assert_equals(result.data, 'FAILED');
+}, "COEP: worker inherits COEP for blob URL.");
+
+promise_test(async (t) => {
+  const url = await createLocalUrl(t, {
+    url: workerUrl(),
+    creatorCoep: "require-corp",
+    scheme: "blob",
+  });
+
+  const worker = await createWorker(t, url);
+  worker.onerror = t.unreached_func('Worker.onerror should not be called');
+
+  worker.postMessage(targetUrl);
+
+  const result = await waitForMessage(worker);
+  assert_equals(result.data, 'FAILED');
+}, "COEP: worker inherits COEP from blob URL creator, not owner.");
+
+promise_test(async (t) => {
+  const url = await createLocalUrl(t, {
+    url: workerUrl(),
+    creatorCoep: "require-corp",
+    scheme: "data",
+  });
+
+  const worker = await createWorker(t, url, { ownerCoep: "require-corp" });
+  worker.onerror = t.unreached_func('Worker.onerror should not be called');
+
+  worker.postMessage(targetUrl);
+
+  const result = await waitForMessage(worker);
+  assert_equals(result.data, 'FAILED');
+}, "COEP: worker inherits COEP for data URL.");
+
+promise_test(async (t) => {
+  const url = await createLocalUrl(t, {
+    url: workerUrl(),
+    creatorCoep: "require-corp",
+    scheme: "data",
+  });
+
+  const worker = await createWorker(t, url);
+  worker.onerror = t.unreached_func('Worker.onerror should not be called');
+
+  worker.postMessage(targetUrl);
+
+  const result = await waitForMessage(worker);
+  assert_equals(result.data, 'LOADED');
+}, "COEP: worker inherits COEP from owner, not data URL creator.");
+
+promise_test(async (t) => {
+  const url = await createLocalUrl(t, {
+    url: workerUrl(),
+    creatorCoep: "require-corp",
+    scheme: "filesystem",
+  });
+
+  const worker = await createWorker(t, url, { ownerCoep: "require-corp" });
+  worker.onerror = t.unreached_func('Worker.onerror should not be called');
+
+  worker.postMessage(targetUrl);
+
+  const result = await waitForMessage(worker);
+  assert_equals(result.data, 'FAILED');
+}, "COEP: worker inherits COEP for filesystem URL.");
+
+promise_test(async (t) => {
+  const url = await createLocalUrl(t, {
+    url: workerUrl(),
+    creatorCoep: "require-corp",
+    scheme: "filesystem",
+  });
+
+  const worker = await createWorker(t, url);
+  worker.onerror = t.unreached_func('Worker.onerror should not be called');
+
+  worker.postMessage(targetUrl);
+
+  const result = await waitForMessage(worker);
+  assert_equals(result.data, 'FAILED');
+}, "COEP: worker inherits COEP from filesystem URL creator, not owner.");
 
 </script>

trunk/LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/reporting-to-endpoint.https.html

@@ -20 +20 @@
 //  - cache-storage-reporting*.https.html
 // .
+
 const { REMOTE_ORIGIN } = get_host_info();
 const BASE = new URL("resources", location).pathname
@@ -28 +29 @@
   '?pipe=header(cross-origin-embedder-policy,require-corp;report-to="endpoint")' +
   `|header(cross-origin-embedder-policy-report-only,require-corp;report-to="report-only-endpoint")`;
+const REPORT_UUID = "4d8b6d86-c9a8-47c1-871b-111169a8f79c";
+const REPORT_ONLY_UUID = "5d7c1e33-ef88-43c2-9ca3-c67ff300b8c2";
 
 function wait(ms) {
@@ -103 +106 @@
   iframe.contentWindow.fetch(url, init).catch(() => {});
 
-  await checkCorpReportExistence('endpoint', url, iframe.src, '', 'enforce');
-  await checkCorpReportExistence(
-      'report-only-endpoint', url, iframe.src, '', 'reporting');
+  await checkCorpReportExistence(REPORT_UUID, url, iframe.src, '', 'enforce');
+  await checkCorpReportExistence(
+      REPORT_ONLY_UUID, url, iframe.src, '', 'reporting');
 }, 'subresource CORP');
 
@@ -132 +135 @@
 
   await checkCorpReportExistence(
-      'endpoint', url, iframe.src, 'iframe', 'enforce');
-  await checkCorpReportExistence(
-      'report-only-endpoint', url, iframe.src, 'iframe', 'reporting');
+      REPORT_UUID, url, iframe.src, 'iframe', 'enforce');
+  await checkCorpReportExistence(
+      REPORT_ONLY_UUID, url, iframe.src, 'iframe', 'reporting');
 }, 'navigation CORP');
 
@@ -153 +156 @@
 
   await checkNavigationReportExistence(
-      'endpoint', targetUrl, iframe.src, 'enforce');
-  await checkNavigationReportExistence(
-    'report-only-endpoint', targetUrl, iframe.src, 'reporting');
+      REPORT_UUID, targetUrl, iframe.src, 'enforce');
+  await checkNavigationReportExistence(
+      REPORT_ONLY_UUID, targetUrl, iframe.src, 'reporting');
 }, 'COEP violation on nested frame navigation');
 
@@ -175 +178 @@
 
   await checkNavigationReportExistence(
-      'endpoint', targetUrl, iframe.src, 'enforce');
-  await checkNavigationReportExistence(
-    'report-only-endpoint', targetUrl, iframe.src, 'reporting');
+      REPORT_UUID, targetUrl, iframe.src, 'enforce');
+  await checkNavigationReportExistence(
+      REPORT_ONLY_UUID, targetUrl, iframe.src, 'reporting');
 
 }, 'Two COEP headers, split inside report-to value');
@@ -199 +202 @@
 
   await checkCorpReportExistence(
-      'endpoint', targetUrl, WORKER_URL, 'iframe', 'enforce');
-  await checkCorpReportExistence(
-      'report-only-endpoint', targetUrl, WORKER_URL, 'iframe', 'reporting');
+      REPORT_UUID, targetUrl, WORKER_URL, 'iframe', 'enforce');
+  await checkCorpReportExistence(
+      REPORT_ONLY_UUID, targetUrl, WORKER_URL, 'iframe', 'reporting');
 }, 'Shared worker fetch');
 

trunk/LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/reporting-to-endpoint.https.html.headers

@@ -1 @@
-report-to: { "group": "endpoint", "max_age": 10886400, "endpoints": [{ "url": "/html/cross-origin-embedder-policy/resources/report.py?endpoint=endpoint" }] }, { "group": "report-only-endpoint", "max_age": 10886400, "endpoints": [{ "url": "/html/cross-origin-embedder-policy/resources/report.py?endpoint=report-only-endpoint" }] }
+Reporting-Endpoints: endpoint="https://{{host}}:{{ports[https][0]}}//html/cross-origin-embedder-policy/resources/report.py?endpoint=4d8b6d86-c9a8-47c1-871b-111169a8f79c", report-only-endpoint="/html/cross-origin-embedder-policy/resources/report.py?endpoint=5d7c1e33-ef88-43c2-9ca3-c67ff300b8c2"

trunk/LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/require-corp-cached-images.https-expected.txt

@@ -1 @@
-CONSOLE MESSAGE: Cancelled load to https://127.0.0.1:9443/html/cross-origin-embedder-policy/resources/corp-image.py because it violates the resource's Cross-Origin-Resource-Policy response header.
-CONSOLE MESSAGE: Cannot load image https://127.0.0.1:9443/html/cross-origin-embedder-policy/resources/corp-image.py due to access control checks.
-CONSOLE MESSAGE: Cancelled load to https://127.0.0.1:9443/html/cross-origin-embedder-policy/resources/corp-image.py because it violates the resource's Cross-Origin-Resource-Policy response header.
-CONSOLE MESSAGE: Cannot load image https://127.0.0.1:9443/html/cross-origin-embedder-policy/resources/corp-image.py due to access control checks.
 
 
-PASS NETWORK-https://127.0.0.1:9443/html/cross-origin-embedder-policy/resources/corp-image.py
-PASS NETWORK-https://127.0.0.1:9443/html/cross-origin-embedder-policy/resources/corp-image.py?corp-cross-origin=1
-PASS CACHED-https://127.0.0.1:9443/html/cross-origin-embedder-policy/resources/corp-image.py
-PASS CACHED-https://127.0.0.1:9443/html/cross-origin-embedder-policy/resources/corp-image.py?corp-cross-origin=1
+PASS NETWORK - No CORP image
+PASS NETWORK - CORP image
+PASS CACHED - No CORP image
+PASS CACHED - CORP image
 PASS main_test
 

trunk/LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/require-corp-cached-images.https.html

@@ -5 +5 @@
 <script src="/resources/testharnessreport.js"></script>
 <script src="/common/get-host-info.sub.js"></script>
+<script src="/common/utils.js"></script>
 <script>
 
@@ -13 +14 @@
 
 //
-// This test loads a same-orign iframe resources/load_corp_images.html with
+// This test loads a same-origin iframe resources/load-corp-images.html with
 // Cross-Origin-Embedder-Policy: require-corp
 // The iframe loads two cross origin images, one with a
@@ -23 +24 @@
 //
 
-const image_path = "/html/cross-origin-embedder-policy/resources/corp-image.py";
+const RUNS = ["NETWORK", "CACHED"];
+const RESOURCE_DESC = ["No CORP image", "CORP image"];
 
 let EXPECTED_LOADS = {
-  [`NETWORK-${remote(image_path)}`]: false,
-  [`NETWORK-${remote(image_path)}?corp-cross-origin=1`]: true,
-  [`CACHED-${remote(image_path)}`]: false,
-  [`CACHED-${remote(image_path)}?corp-cross-origin=1`]: true,
+  [`${RUNS[0]} - ${RESOURCE_DESC[0]}`]: false,
+  [`${RUNS[0]} - ${RESOURCE_DESC[1]}`]: true,
+  [`${RUNS[1]} - ${RESOURCE_DESC[0]}`]: false,
+  [`${RUNS[1]} - ${RESOURCE_DESC[1]}`]: true,
 }
 
@@ -38 +40 @@
 
 window.addEventListener("load", async () => {
-  let iframe = document.createElement("iframe");
-  let firstRun = true;
-  let t = async_test("main_test");
-  await new Promise((resolve, reject) => {
-    iframe.src = "resources/load-corp-images.html";
-    iframe.onload = () => { resolve() };
-    iframe.onerror = (e) => { reject(); };
-    window.addEventListener("message", (event) => {
-      // After the first done event we reload the iframe.
-      if (event.data.done) {
-        if (firstRun) {
-          firstRun = false;
-          iframe.contentWindow.location.reload();
-        } else {
-          // After the second done event the test is finished.
-          t.done();
-        }
+  const t = async_test("main_test");
+  const iframe = document.createElement("iframe");
+  // The token attribute is used to ensure the resource has never been seen by
+  // the HTTP cache. This can be useful if the cache isn't properly flushed in
+  // between two tests.
+  iframe.src = `resources/load-corp-images.html?revalidate=false&token=${token()}`;
+  let runCount = 0;
+  window.addEventListener("message", (event) => {
+    // After the first done event we reload the iframe.
+    if (event.data.done) {
+      ++runCount;
+      if (runCount < RUNS.length) {
+        iframe.contentWindow.location.reload();
       } else {
-        // Check that each image either loads or doesn't based on the expectations
-        let testName = `${firstRun ? "NETWORK-" : "CACHED-"}${event.data.src}`;
-        let test = TESTS[testName];
-        test.step(() => {
-          assert_equals(event.data.loaded, EXPECTED_LOADS[testName], `${firstRun ? "NETWORK" : "CACHED"} load of ${event.data.src} should ${EXPECTED_LOADS[testName] ? "" : "not"} succeed`);
-        });
-        test.done();
+        // After the second done event the test is finished.
+        t.done();
       }
-    }, false);
-    document.body.appendChild(iframe);
-  })
+      return;
+    }
+
+    // Check that each image either loads or doesn't based on the expectations
+    let testName = `${RUNS[runCount]} - ${event.data.corp ? RESOURCE_DESC[1] : RESOURCE_DESC[0]}`;
+    let test = TESTS[testName];
+    test.step(() => {
+      assert_equals(event.data.loaded, EXPECTED_LOADS[testName], `${testName} should ${EXPECTED_LOADS[testName] ? "" : "not"} succeed`);
+    });
+    test.done();
+  }, false);
+  document.body.appendChild(iframe);
 });
-
 
 </script>

trunk/LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/resources/corp-image.py

@@ -11 +11 @@
     response.headers.set(b'Access-Control-Allow-Headers', b'Content-Type')
 
-    response.headers.set(b"Cache-Control", b"max-age=3600");
     # CORS preflight
     if request.method == u'OPTIONS':
         return u''
 
-    if b'some-etag' == request.headers.get(b"If-None-Match", None):
+    if b'true' == request.GET.get(b'revalidate', None):
+        response.headers.set(b'Cache-Control', b'max-age=0, must-revalidate')
+    else:
+        response.headers.set(b'Cache-Control', b'max-age=3600');
+
+    if b'some-etag' == request.headers.get(b'If-None-Match', None):
         response.status = 304
         return u''
 
-    if request.GET.first(b"corp-cross-origin", default=b""):
+    if request.GET.get(b'corp-cross-origin', None):
         response.headers.set(b'Cross-Origin-Resource-Policy', b'cross-origin')
 

trunk/LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/resources/load-corp-images.html

@@ -9 +9 @@
 }
 
-const image_path = "/html/cross-origin-embedder-policy/resources/corp-image.py";
+let params = new URLSearchParams(location.search);
+let token = params.get('token');
+let revalidate = params.get('revalidate');
+
+let image_path = `/html/cross-origin-embedder-policy/resources/corp-image.py?token=${token}&revalidate=${revalidate}`;
 
 window.addEventListener("load", async () => {
@@ -15 +19 @@
     let img = document.createElement("img");
     img.src = remote(image_path);
-    img.onload = () => { window.parent.postMessage({loaded: true, src: img.src}, "*"); resolve(); };
-    img.onerror = (e) => { window.parent.postMessage({loaded: false, src: img.src}, "*"); resolve(); };
+    img.onload = () => { window.parent.postMessage({corp: false, loaded: true}, "*"); resolve(); };
+    img.onerror = (e) => { window.parent.postMessage({corp: false, loaded: false}, "*"); resolve(); };
     document.body.appendChild(img);
   });
@@ -22 +26 @@
   await new Promise(resolve => {
     let img = document.createElement("img");
-    img.src = remote(image_path + "?corp-cross-origin=1");
-    img.onload = () => { window.parent.postMessage({loaded: true, src: img.src}, "*"); resolve(); };
-    img.onerror = (e) => { window.parent.postMessage({loaded: false, src: img.src}, "*"); resolve(); };
+    img.src = remote(image_path + "&corp-cross-origin=1");
+    img.onload = () => { window.parent.postMessage({corp: true, loaded: true}, "*"); resolve(); };
+    img.onerror = (e) => { window.parent.postMessage({corp: true, loaded: false}, "*"); resolve(); };
     document.body.appendChild(img);
   });

trunk/LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/resources/w3c-import.log

@@ -25 +25 @@
 /LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/resources/dedicated-worker.js
 /LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/resources/empty-coep.py
+/LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/resources/fetch-and-create-url.html
 /LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/resources/fetch-in-dedicated-worker.js
 /LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/resources/iframe.html
@@ -55 +56 @@
 /LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/resources/worker-owner-frame.html
 /LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/resources/worker-owner.js
+/LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/resources/worker-support.js

trunk/LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/shared-workers.https-expected.txt

@@ -5 +5 @@
 PASS "require-corp" (derived from response)
 PASS default policy (derived from owner set due to use of local scheme - blob URL)
+PASS require-corp (derived from blob URL creator)
 FAIL "require-corp" (derived from owner set due to use of local scheme - blob URL) assert_equals: expected "failure" but got "success"
 PASS default policy (derived from owner set due to use of local scheme - data URL)
+PASS default policy (not derived from data URL creator)
 FAIL "require-corp" (derived from owner set due to use of local scheme - data URL) assert_equals: expected "failure" but got "success"
+FAIL default policy (derived from owner set due to use of local scheme - filesystem URL) assert_equals: url creation error expected (undefined) undefined but got (string) "unimplemented"
+FAIL require-corp (derived from filesystem URL creator) assert_equals: url creation error expected (undefined) undefined but got (string) "unimplemented"
+FAIL "require-corp" (derived from owner set due to use of local scheme - filesystem URL) assert_equals: url creation error expected (undefined) undefined but got (string) "unimplemented"
 

trunk/LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/shared-workers.https.html

@@ -6 +6 @@
 <script src="/resources/testharnessreport.js"></script>
 <script src="/common/get-host-info.sub.js"></script>
+<script src="resources/worker-support.js"></script>
 <body>
 <p>Verify the Cross-Origin Embedder Policy for Shared Workers by performing a
@@ -14 +15 @@
 'use strict';
 
-const {ORIGIN, REMOTE_ORIGIN} = get_host_info();
-const BASE = new URL("resources", location).pathname
-const testUrl = `${REMOTE_ORIGIN}${BASE}/empty-coep.py`;
-const workerHttpUrl = `${ORIGIN}${BASE}/shared-worker-fetch.js.py`;
-let workerBlobUrl;
-let workerDataUrl;
-
-promise_setup(() => {
-  return fetch(workerHttpUrl)
-    .then((response) => response.text())
-    .then((text) => {
-      workerDataUrl = 'data:text/javascript;base64,' + btoa(text);
-      workerBlobUrl = URL.createObjectURL(
-        new Blob([text], { 'Content-Type': 'text/javascript' })
-      );
-    });
-});
+const testUrl = resolveUrl("resources/empty-coep.py", {
+  host: get_host_info().REMOTE_HOST,
+}).href;
+
+function makeWorkerUrl(options) {
+  return resolveUrl("resources/shared-worker-fetch.js.py", options);
+}
 
 /**
@@ -37 +28 @@
  * @param {object} t - a testharness.js subtest instance (used to reset global
  *                     state)
- * @param {string} ownerCoep - the Cross-Origin Embedder Policy of the iframe
- * @param {string} workerUrl - the URL from which the Shared Worker should be
- *                             created
+ * @param {string} url - the URL from which the Shared Worker should be
+ *                       created
+ * @param {string} options.ownerCoep - the Cross-Origin Embedder Policy of the
+                                       iframe
  */
-function create(t, ownerCoep, workerUrl) {
-  const iframe = document.createElement('iframe');
-  iframe.src = 'resources/empty-coep.py' +
-    (ownerCoep ? '?value=' + ownerCoep : '');
-
-  return new Promise((resolve, reject) => {
-      document.body.appendChild(iframe);
-      t.add_cleanup(() => iframe.remove());
-      iframe.onload = () => resolve(iframe);
-    })
-    .then((iframe) => {
-      const sw = new iframe.contentWindow.SharedWorker(workerUrl);
-
-      return new Promise((resolve) => {
-        sw.port.addEventListener('message', () => resolve(sw), { once: true });
-        sw.port.start();
-      });
-    });
+async function createWorker(t, url, options) {
+  const { ownerCoep } = options || {};
+  const frameUrl = resolveUrl("/common/blank.html", { coep: ownerCoep });
+
+  const iframe = await withIframe(t, frameUrl);
+
+  const sw = new iframe.contentWindow.SharedWorker(url);
+  sw.onerror = t.unreached_func('SharedWorker.onerror should not be called');
+
+  await new Promise((resolve) => {
+    sw.port.addEventListener('message', resolve, { once: true });
+    sw.port.start();
+  });
+
+  return sw;
 }
 
@@ -77 +66 @@
 };
 
-promise_test((t) => {
-  return create(t, null, workerHttpUrl)
-    .then((worker) => fetchFromWorker(worker, testUrl))
-    .then((result) => assert_equals(result, 'success'));
+promise_test(async (t) => {
+  const worker = await createWorker(t, makeWorkerUrl());
+  const result = await fetchFromWorker(worker, testUrl);
+  assert_equals(result, 'success');
 }, 'default policy (derived from response)');
 
-promise_test((t) => {
-  return create(t, null, workerHttpUrl + '?value=require-corp')
-    .then((worker) => fetchFromWorker(worker, testUrl))
-    .then((result) => assert_equals(result, 'failure'));
+promise_test(async (t) => {
+  const worker = await createWorker(t, makeWorkerUrl({ coep: 'require-corp' }));
+  const result = await fetchFromWorker(worker, testUrl);
+  assert_equals(result, 'failure');
 }, '"require-corp" (derived from response)');
 
-promise_test((t) => {
-  return Promise.all([
-      create(t, null, workerBlobUrl),
-      create(t, null, workerBlobUrl),
-      create(t, null, workerBlobUrl)
-    ])
-    .then((workers) => fetchFromWorker(workers[0], testUrl))
-    .then((result) => assert_equals(result, 'success'));
+promise_test(async (t) => {
+  const blobUrl = await createLocalUrl(t, {
+    url: makeWorkerUrl(),
+    scheme: "blob",
+  });
+
+  const workers = await Promise.all([
+    createWorker(t, blobUrl),
+    createWorker(t, blobUrl),
+    createWorker(t, blobUrl),
+  ]);
+
+  const result = await fetchFromWorker(workers[0], testUrl);
+  assert_equals(result, 'success');
 }, 'default policy (derived from owner set due to use of local scheme - blob URL)');
 
-promise_test((t) => {
-  return Promise.all([
-      create(t, null, workerBlobUrl),
-      create(t, 'require-corp', workerBlobUrl),
-      create(t, null, workerBlobUrl)
-    ])
-    .then((workers) => fetchFromWorker(workers[0], testUrl))
-    .then((result) => assert_equals(result, 'failure'));
+promise_test(async (t) => {
+  const blobUrl = await createLocalUrl(t, {
+    url: makeWorkerUrl(),
+    creatorCoep: "require-corp",
+    scheme: "blob",
+  });
+
+  const workers = await Promise.all([
+    createWorker(t, blobUrl),
+    createWorker(t, blobUrl),
+    createWorker(t, blobUrl),
+  ]);
+
+  const result = await fetchFromWorker(workers[0], testUrl);
+  assert_equals(result, 'failure');
+}, 'require-corp (derived from blob URL creator)');
+
+promise_test(async (t) => {
+  const blobUrl = await createLocalUrl(t, {
+    url: makeWorkerUrl(),
+    scheme: "blob",
+  });
+
+  const workers = await Promise.all([
+    createWorker(t, blobUrl),
+    createWorker(t, blobUrl, { ownerCoep: 'require-corp' }),
+    createWorker(t, blobUrl),
+  ]);
+
+  const result = await fetchFromWorker(workers[0], testUrl);
+  assert_equals(result, 'failure');
 }, '"require-corp" (derived from owner set due to use of local scheme - blob URL)');
 
-promise_test((t) => {
-  return Promise.all([
-      create(t, null, workerDataUrl),
-      create(t, null, workerDataUrl),
-      create(t, null, workerDataUrl)
-    ])
-    .then((workers) => fetchFromWorker(workers[0], testUrl))
-    .then((result) => assert_equals(result, 'success'));
+promise_test(async (t) => {
+  const dataUrl = await createLocalUrl(t, {
+    url: makeWorkerUrl(),
+    scheme: "data",
+  });
+
+  const workers = await Promise.all([
+    createWorker(t, dataUrl),
+    createWorker(t, dataUrl),
+    createWorker(t, dataUrl),
+  ]);
+
+  const result = await fetchFromWorker(workers[0], testUrl);
+  assert_equals(result, 'success');
 }, 'default policy (derived from owner set due to use of local scheme - data URL)');
 
-promise_test((t) => {
-  return Promise.all([
-      create(t, null, workerDataUrl),
-      create(t, 'require-corp', workerDataUrl),
-      create(t, null, workerDataUrl)
-    ])
-    .then((workers) => fetchFromWorker(workers[0], testUrl))
-    .then((result) => assert_equals(result, 'failure'));
+promise_test(async (t) => {
+  const dataUrl = await createLocalUrl(t, {
+    url: makeWorkerUrl(),
+    creatorCoep: "require-corp",
+    scheme: "data",
+  });
+
+  const workers = await Promise.all([
+    createWorker(t, dataUrl),
+    createWorker(t, dataUrl),
+    createWorker(t, dataUrl),
+  ]);
+
+  const result = await fetchFromWorker(workers[0], testUrl);
+  assert_equals(result, 'success');
+}, 'default policy (not derived from data URL creator)');
+
+promise_test(async (t) => {
+  const dataUrl = await createLocalUrl(t, {
+    url: makeWorkerUrl(),
+    scheme: "data",
+  });
+
+  const workers = await Promise.all([
+    createWorker(t, dataUrl),
+    createWorker(t, dataUrl, { ownercoep: 'require-corp' }),
+    createWorker(t, dataUrl),
+  ]);
+
+  const result = await fetchFromWorker(workers[0], testUrl);
+  assert_equals(result, 'failure');
 }, '"require-corp" (derived from owner set due to use of local scheme - data URL)');
+
+promise_test(async (t) => {
+  const filesystemUrl = await createLocalUrl(t, {
+    url: makeWorkerUrl(),
+    scheme: "filesystem",
+  });
+
+  const workers = await Promise.all([
+    createWorker(t, filesystemUrl),
+    createWorker(t, filesystemUrl),
+    createWorker(t, filesystemUrl),
+  ]);
+
+  const result = await fetchFromWorker(workers[0], testUrl);
+  assert_equals(result, 'success');
+}, 'default policy (derived from owner set due to use of local scheme - filesystem URL)');
+
+promise_test(async (t) => {
+  const filesystemUrl = await createLocalUrl(t, {
+    url: makeWorkerUrl(),
+    creatorCoep: "require-corp",
+    scheme: "filesystem",
+  });
+
+  const workers = await Promise.all([
+    createWorker(t, filesystemUrl),
+    createWorker(t, filesystemUrl),
+    createWorker(t, filesystemUrl),
+  ]);
+
+  const result = await fetchFromWorker(workers[0], testUrl);
+  assert_equals(result, 'failure');
+}, 'require-corp (derived from filesystem URL creator)');
+
+promise_test(async (t) => {
+  const filesystemUrl = await createLocalUrl(t, {
+    url: makeWorkerUrl(),
+    scheme: "filesystem",
+  });
+
+  const workers = await Promise.all([
+    createWorker(t, filesystemUrl),
+    createWorker(t, filesystemUrl, { ownerCoep: 'require-corp' }),
+    createWorker(t, filesystemUrl),
+  ]);
+
+  const result = await fetchFromWorker(workers[0], testUrl);
+  assert_equals(result, 'failure');
+}, '"require-corp" (derived from owner set due to use of local scheme - filesystem URL)');
 </script>
 </body>

trunk/LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/w3c-import.log

@@ -66 +66 @@
 /LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/require-corp-load-from-cache-storage.https.html
 /LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/require-corp-load-from-cache-storage.https.html.headers
+/LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/require-corp-revalidated-images.https.html
 /LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/require-corp-sw-from-none.https.html
 /LayoutTests/imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/require-corp-sw-from-require-corp.https.html

trunk/Source/WebKit/ChangeLog

@@ +1 @@
+2022-04-08  Carlos Garcia Campos  <cgarcia@igalia.com>
+
+        Incorrect CORP/COEP check in 304 responses
+        https://bugs.webkit.org/show_bug.cgi?id=238238
+        <rdar://problem/90706510>
+
+        Reviewed by Youenn Fablet.
+
+        Add CORP header to the 304 response if previously set to avoid being blocked by load checker due to COEP.
+
+        Test: imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/require-corp-revalidated-images.https.html
+
+        * NetworkProcess/NetworkResourceLoader.cpp:
+        (WebKit::NetworkResourceLoader::didReceiveResponse):
+
 2022-04-07  J Pascoe  <j_pascoe@apple.com>
 

trunk/Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp

@@ -793 +793 @@
             m_cacheEntryForValidation = m_cache->update(originalRequest(), *m_cacheEntryForValidation, m_response, m_privateRelayed);
             // If the request was conditional then this revalidation was not triggered by the network cache and we pass the 304 response to WebCore.
-            if (originalRequest().isConditional())
+            if (originalRequest().isConditional()) {
+                // Add CORP header to the 304 response if previously set to avoid being blocked by load checker due to COEP.
+                auto crossOriginResourcePolicy = m_cacheEntryForValidation->response().httpHeaderField(HTTPHeaderName::CrossOriginResourcePolicy);
+                if (!crossOriginResourcePolicy.isEmpty())
+                    m_response.setHTTPHeaderField(HTTPHeaderName::CrossOriginResourcePolicy, crossOriginResourcePolicy);
                 m_cacheEntryForValidation = nullptr;
+            }
         } else
             m_cacheEntryForValidation = nullptr;