[Delegate-CH] (1) Add support to chromium

This adds support for the delegate-ch meta tag. It works like the accept-ch meta tag, except it uses the same syntax as the allow iframe attribute. WICG/client-hints-infrastructure#108 This CL is part of a series: (1) Add support to chromium (2) Add tests to devtools Commit: false Bug: 1334152 Change-Id: I19ce426da8a0aa158aad1fde24f3bd4f19581c52
web-platform-tests · Jun 30, 2022 · bf6d638 · bf6d638
1 parent 6ce3bac
commit bf6d638
Show file tree

Hide file tree

Showing 24 changed files with 321 additions and 18 deletions.
diff --git a/...accept-ch-stickiness/meta-equiv-delegate-ch-cross-origin-iframe-with-hints.https.sub.html b/...accept-ch-stickiness/meta-equiv-delegate-ch-cross-origin-iframe-with-hints.https.sub.html
@@ -0,0 +1,18 @@
+<!doctype html>
+<meta name="timeout" content="long">
+<meta http-equiv="Delegate-CH" content="sec-ch-device-memory https://www1.{{host}}:{{ports[https][0]}}/; device-memory https://www1.{{host}}:{{ports[https][0]}}/">
+<title>Meta-equiv Delegate-CH cross origin iframe with hints</title>
+<body>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/common/get-host-info.sub.js"></script>
+<script src="resources/accept-ch-test.js"></script>
+
+<script>
+verify_iframe_state(
+  host_info.HTTPS_REMOTE_ORIGIN + "/client-hints/accept-ch-stickiness/resources/do-expect-received.py",
+  "meta-equiv cross origin iframe with hints");
+</script>
+</body>
+</html>
+
diff --git a/...ept-ch-stickiness/meta-equiv-delegate-ch-cross-origin-iframe-without-hints.https.sub.html b/...ept-ch-stickiness/meta-equiv-delegate-ch-cross-origin-iframe-without-hints.https.sub.html
@@ -0,0 +1,18 @@
+<!doctype html>
+<meta name="timeout" content="long">
+<meta http-equiv="Delegate-CH" content="sec-ch-device-memory https://{{host}}:{{ports[https][0]}}/; device-memory https://{{host}}:{{ports[https][0]}}/">
+<title>Meta-equiv Delegate-CH cross origin iframe without hints</title>
+<body>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/common/get-host-info.sub.js"></script>
+<script src="resources/accept-ch-test.js"></script>
+
+<script>
+verify_iframe_state(
+  host_info.HTTPS_REMOTE_ORIGIN + "/client-hints/accept-ch-stickiness/resources/do-not-expect-received.py",
+  "meta-equiv cross origin iframe without hints");
+</script>
+</body>
+</html>
+
diff --git a/...t-ch-stickiness/meta-equiv-delegate-ch-cross-origin-subresource-with-hints.https.sub.html b/...t-ch-stickiness/meta-equiv-delegate-ch-cross-origin-subresource-with-hints.https.sub.html
@@ -0,0 +1,18 @@
+<!doctype html>
+<meta name="timeout" content="long">
+<meta http-equiv="Delegate-CH" content="sec-ch-device-memory https://www1.{{host}}:{{ports[https][0]}}/; device-memory https://www1.{{host}}:{{ports[https][0]}}/">
+<title>Meta-equiv Delegate-CH cross origin subresource with hints</title>
+<body>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/common/get-host-info.sub.js"></script>
+<script src="resources/accept-ch-test.js"></script>
+
+<script>
+verify_subresource_state(
+  host_info.HTTPS_REMOTE_ORIGIN + "/client-hints/accept-ch-stickiness/resources/do-expect-received.py",
+  "meta-equiv cross origin subresource with hints");
+</script>
+</body>
+</html>
+
diff --git a/...h-stickiness/meta-equiv-delegate-ch-cross-origin-subresource-without-hints.https.sub.html b/...h-stickiness/meta-equiv-delegate-ch-cross-origin-subresource-without-hints.https.sub.html
@@ -0,0 +1,18 @@
+<!doctype html>
+<meta name="timeout" content="long">
+<meta http-equiv="Delegate-CH" content="sec-ch-device-memory https://{{host}}:{{ports[https][0]}}/; device-memory https://{{host}}:{{ports[https][0]}}/">
+<title>Meta-equiv Delegate-CH cross origin subresource without hints</title>
+<body>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/common/get-host-info.sub.js"></script>
+<script src="resources/accept-ch-test.js"></script>
+
+<script>
+verify_subresource_state(
+  host_info.HTTPS_REMOTE_ORIGIN + "/client-hints/accept-ch-stickiness/resources/do-not-expect-received.py",
+  "meta-equiv cross origin subresource without hints");
+</script>
+</body>
+</html>
+
diff --git a/...s-origin-iframe-with-hints.https.sub.html → ...s-origin-iframe-with-hints.https.sub.html b/...s-origin-iframe-with-hints.https.sub.html → ...s-origin-iframe-with-hints.https.sub.html
@@ -1,7 +1,7 @@
 <!doctype html>
 <meta name="timeout" content="long">
 <meta name="Accept-CH" content="sec-ch-device-memory=( https://www1.{{host}}:{{ports[https][0]}}/ ), device-memory=( https://www1.{{host}}:{{ports[https][0]}}/ )">
-<title>Meta-name cross origin iframe with hints</title>
+<title>Meta-name Accept-CH cross origin iframe with hints</title>
 <body>
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>

diff --git a/...rigin-iframe-without-hints.https.sub.html → ...rigin-iframe-without-hints.https.sub.html b/...rigin-iframe-without-hints.https.sub.html → ...rigin-iframe-without-hints.https.sub.html
@@ -1,7 +1,7 @@
 <!doctype html>
 <meta name="timeout" content="long">
 <meta name="Accept-CH" content="sec-ch-device-memory=( https://{{host}}:{{ports[https][0]}}/ ), device-memory=( https://{{host}}:{{ports[https][0]}}/ )">
-<title>Meta-name cross origin iframe without hints</title>
+<title>Meta-name Accept-CH cross origin iframe without hints</title>
 <body>
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>

diff --git a/...gin-subresource-with-hints.https.sub.html → ...gin-subresource-with-hints.https.sub.html b/...gin-subresource-with-hints.https.sub.html → ...gin-subresource-with-hints.https.sub.html
@@ -1,7 +1,7 @@
 <!doctype html>
 <meta name="timeout" content="long">
 <meta name="Accept-CH" content="sec-ch-device-memory=( https://www1.{{host}}:{{ports[https][0]}}/ ), device-memory=( https://www1.{{host}}:{{ports[https][0]}}/ )">
-<title>Meta-name cross origin subresource with hints</title>
+<title>Meta-name Accept-CH cross origin subresource with hints</title>
 <body>
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>

diff --git a/...-subresource-without-hints.https.sub.html → ...-subresource-without-hints.https.sub.html b/...-subresource-without-hints.https.sub.html → ...-subresource-without-hints.https.sub.html
@@ -1,7 +1,7 @@
 <!doctype html>
 <meta name="timeout" content="long">
 <meta name="Accept-CH" content="sec-ch-device-memory=( https://{{host}}:{{ports[https][0]}}/ ), device-memory=( https://{{host}}:{{ports[https][0]}}/ )">
-<title>Meta-name cross origin subresource without hints</title>
+<title>Meta-name Accept-CH cross origin subresource without hints</title>
 <body>
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>

diff --git a/...s/accept-ch-stickiness/meta-name-cross-origin-iframe-not-setting-other-origins.https.html b/...s/accept-ch-stickiness/meta-name-cross-origin-iframe-not-setting-other-origins.https.html
@@ -1,18 +1,23 @@
 <!doctype html>
 <meta name="timeout" content="long">
-<title>Meta-name cross origin iframe not setting other origins</title>
+<title>Meta cross origin iframe not setting other origins</title>
 <body>
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
 <script src="/common/get-host-info.sub.js"></script>
 <script src="resources/accept-ch-test.js"></script>
 
 <script>
-run_test({ name: "meta-name cross origin iframe not setting other origins",
+run_test({ name: "meta-name accept-ch cross origin iframe not setting other origins",
     initial_url: echo,
     accept_url: host_info.HTTPS_REMOTE_ORIGIN + metaname_accept,
     expect_url: do_not_expect,
     type: "iframe" });
+run_test({ name: "meta-equiv delegate-ch cross origin iframe not setting other origins",
+    initial_url: echo,
+    accept_url: host_info.HTTPS_REMOTE_ORIGIN + metaequiv_delegate,
+    expect_url: do_not_expect,
+    type: "iframe" });
 </script>
 </body>
 </html>

diff --git a/...ints/accept-ch-stickiness/meta-name-cross-origin-iframe-not-setting-own-origin.https.html b/...ints/accept-ch-stickiness/meta-name-cross-origin-iframe-not-setting-own-origin.https.html
@@ -1,18 +1,23 @@
 <!doctype html>
 <meta name="timeout" content="long">
-<title>Meta-name cross origin iframe not setting own origin</title>
+<title>Meta cross origin iframe not setting own origin</title>
 <body>
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
 <script src="/common/get-host-info.sub.js"></script>
 <script src="resources/accept-ch-test.js"></script>
 
 <script>
-run_test({ name: "meta-name cross origin iframe not setting own origin",
+run_test({ name: "meta-name accept-ch cross origin iframe not setting own origin",
     initial_url: host_info.HTTPS_REMOTE_ORIGIN + echo,
     accept_url: host_info.HTTPS_REMOTE_ORIGIN + metaname_accept,
     expect_url: host_info.HTTPS_REMOTE_ORIGIN + do_not_expect,
     type: "iframe" });
+run_test({ name: "meta-equiv delegate-ch cross origin iframe not setting own origin",
+    initial_url: host_info.HTTPS_REMOTE_ORIGIN + echo,
+    accept_url: host_info.HTTPS_REMOTE_ORIGIN + metaequiv_delegate,
+    expect_url: host_info.HTTPS_REMOTE_ORIGIN + do_not_expect,
+    type: "iframe" });
 </script>
 </body>
 </html>

diff --git a/client-hints/accept-ch-stickiness/meta-name-cross-origin-navigation.https.html b/client-hints/accept-ch-stickiness/meta-name-cross-origin-navigation.https.html
@@ -1,18 +1,23 @@
 <!doctype html>
 <meta name="timeout" content="long">
-<title>Meta-name cross origin navigation</title>
+<title>Meta cross origin navigation</title>
 <body>
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
 <script src="/common/get-host-info.sub.js"></script>
 <script src="resources/accept-ch-test.js"></script>
 
 <script>
-run_test({ name: "meta-name cross origin navigation",
+run_test({ name: "meta-name accept-ch cross origin navigation",
     initial_url: echo,
     accept_url: host_info.HTTPS_REMOTE_ORIGIN + metaname_accept,
     expect_url: host_info.HTTPS_REMOTE_ORIGIN + do_not_expect,
     type: "navigation" });
+run_test({ name: "meta-equiv delegate-ch cross origin navigation",
+    initial_url: echo,
+    accept_url: host_info.HTTPS_REMOTE_ORIGIN + metaequiv_delegate,
+    expect_url: host_info.HTTPS_REMOTE_ORIGIN + do_not_expect,
+    type: "navigation" });
 </script>
 </body>
 </html>

diff --git a/client-hints/accept-ch-stickiness/meta-name-cross-origin-subresource.https.html b/client-hints/accept-ch-stickiness/meta-name-cross-origin-subresource.https.html
@@ -1,18 +1,23 @@
 <!doctype html>
 <meta name="timeout" content="long">
-<title>Meta-name cross origin subresource</title>
+<title>Meta cross origin subresource</title>
 <body>
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
 <script src="/common/get-host-info.sub.js"></script>
 <script src="resources/accept-ch-test.js"></script>
 
 <script>
-run_test({ name: "meta-name cross origin subresource",
+run_test({ name: "meta-name accept-ch cross origin subresource",
     initial_url: host_info.HTTPS_REMOTE_ORIGIN + echo,
     accept_url: host_info.HTTPS_REMOTE_ORIGIN + metaname_accept,
     expect_url: host_info.HTTPS_REMOTE_ORIGIN + do_not_expect,
     type: "subresource" });
+run_test({ name: "meta-equiv delegate-ch cross origin subresource",
+    initial_url: host_info.HTTPS_REMOTE_ORIGIN + echo,
+    accept_url: host_info.HTTPS_REMOTE_ORIGIN + metaequiv_delegate,
+    expect_url: host_info.HTTPS_REMOTE_ORIGIN + do_not_expect,
+    type: "subresource" });
 </script>
 </body>
 </html>

diff --git a/client-hints/accept-ch-stickiness/meta-name-same-origin-iframe.https.html b/client-hints/accept-ch-stickiness/meta-name-same-origin-iframe.https.html
@@ -1,18 +1,23 @@
 <!doctype html>
 <!-- <meta name="timeout" content="long"> -->
-<title>Meta-name same origin iframe</title>
+<title>Meta same origin iframe</title>
 <body>
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
 <script src="/common/get-host-info.sub.js"></script>
 <script src="resources/accept-ch-test.js"></script>
 
 <script>
-run_test({ name: "meta-name same origin iframe",
+run_test({ name: "meta-name accept-ch same origin iframe",
     initial_url: echo,
     accept_url: metaname_accept,
     expect_url: do_not_expect,
     type: "iframe" });
+run_test({ name: "meta-equiv delegate-ch same origin iframe",
+    initial_url: echo,
+    accept_url: metaequiv_delegate,
+    expect_url: do_not_expect,
+    type: "iframe" });
 </script>
 </body>
 </html>

diff --git a/client-hints/accept-ch-stickiness/meta-name-same-origin-navigation.https.html b/client-hints/accept-ch-stickiness/meta-name-same-origin-navigation.https.html
@@ -1,18 +1,23 @@
 <!doctype html>
 <meta name="timeout" content="long">
-<title>Meta-name same origin navigation</title>
+<title>Meta same origin navigation</title>
 <body>
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
 <script src="/common/get-host-info.sub.js"></script>
 <script src="resources/accept-ch-test.js"></script>
 
 <script>
-run_test({ name: "meta-name same origin navigation",
+run_test({ name: "meta-name accept-ch same origin navigation",
     initial_url: echo,
     accept_url: metaname_accept,
     expect_url: do_not_expect,
     type: "navigation" });
+run_test({ name: "meta-equiv delegate-ch same origin navigation",
+    initial_url: echo,
+    accept_url: metaequiv_delegate,
+    expect_url: do_not_expect,
+    type: "navigation" });
 </script>
 </body>
 </html>

diff --git a/client-hints/accept-ch-stickiness/meta-name-same-origin-subresource.https.html b/client-hints/accept-ch-stickiness/meta-name-same-origin-subresource.https.html
@@ -1,18 +1,23 @@
 <!doctype html>
 <meta name="timeout" content="long">
-<title>Meta-name same origin subresource</title>
+<title>Meta same origin subresource</title>
 <body>
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
 <script src="/common/get-host-info.sub.js"></script>
 <script src="resources/accept-ch-test.js"></script>
 
 <script>
-run_test({ name: "meta-name same origin subresource",
+run_test({ name: "meta-name accept-ch same origin subresource",
     initial_url: echo,
     accept_url: metaname_accept,
     expect_url: do_not_expect,
     type: "subresource" });
+run_test({ name: "meta-equiv delegate-ch same origin subresource",
+    initial_url: echo,
+    accept_url: metaequiv_delegate,
+    expect_url: do_not_expect,
+    type: "subresource" });
 </script>
 </body>
 </html>

diff --git a/client-hints/accept-ch-stickiness/resources/accept-ch-test.js b/client-hints/accept-ch-stickiness/resources/accept-ch-test.js
@@ -4,6 +4,7 @@ const accept_blank = "/client-hints/accept-ch-stickiness/resources/accept-ch-bla
 const no_accept = "/client-hints/accept-ch-stickiness/resources/no-accept-ch.html";
 const httpequiv_accept = "/client-hints/accept-ch-stickiness/resources/http-equiv-accept-ch.html";
 const metaname_accept = "/client-hints/accept-ch-stickiness/resources/meta-name-accept-ch.html";
+const metaequiv_delegate = "/client-hints/accept-ch-stickiness/resources/meta-equiv-delegate-ch.html";
 const expect = "/client-hints/accept-ch-stickiness/resources/expect-client-hints-headers.html"
 const do_not_expect = "/client-hints/accept-ch-stickiness/resources/do-not-expect-client-hints-headers.html"
 

diff --git a/client-hints/accept-ch-stickiness/resources/meta-equiv-delegate-ch.html b/client-hints/accept-ch-stickiness/resources/meta-equiv-delegate-ch.html
@@ -0,0 +1,8 @@
+<html>
+<meta http-equiv="Delegate-CH" content="sec-ch-device-memory;device-memory">
+<body>
+<script>
+  window.top.opener.postMessage('Loaded', '*');
+</script>
+</body>
+</html>
diff --git a/client-hints/accept-ch-stickiness/resources/meta-equiv-delegate-ch.html.headers b/client-hints/accept-ch-stickiness/resources/meta-equiv-delegate-ch.html.headers
@@ -0,0 +1,2 @@
+Access-Control-Allow-Origin: *
+
diff --git a/client-hints/meta-equiv-delegate-ch-iframe.https.html b/client-hints/meta-equiv-delegate-ch-iframe.https.html
@@ -0,0 +1,25 @@
+<html>
+<meta http-equiv="Delegate-CH" content="Sec-CH-Device-Memory; Device-Memory; Sec-CH-DPR; DPR; Sec-CH-Viewport-Width; Viewport-Width">
+<title>Delegate-CH meta-equiv iframe test</title>
+<body>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/common/get-host-info.sub.js"></script>
+<script src="/client-hints/resources/export.js"></script>
+<script src="resources/feature-policy-navigation.js"></script>
+<script>
+(async () => {
+  await test_frame(
+    "HTTPS_ORIGIN",
+    meta_name_client_hints,
+    "",
+    "Client hints loaded on same-origin iframe include hints with a default permissions policy of self and *.");
+  await test_frame(
+    "HTTPS_REMOTE_ORIGIN",
+    expect_iframe_no_hints,
+    "",
+    "Client hints loaded on cross-origin iframe only include hints with a default permissions policy of *.");
+})();
+</script>
+</body>
+</html>
diff --git a/client-hints/meta-equiv-delegate-ch-injection.https.html b/client-hints/meta-equiv-delegate-ch-injection.https.html
@@ -0,0 +1,41 @@
+<html>
+<head>
+  <title>Delegate-CH meta-equiv injection test</title>
+  <meta http-equiv="Delegate-CH" content="">
+</head>
+<body>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+
+<script>
+// Even though the next line injects an "Delegate-CH" meta-equiv header, the
+// browser should NOT attach the specified client hints in the request headers
+// because javascript injected delegate-ch meta-equiv headers are not trusted.
+document.getElementsByTagName('meta')[0].setAttribute("content", "dpr;sec-ch-dpr;device-memory;sec-ch-device-memory;viewport-width;sec-ch-viewport-width;rtt;downlink;ect");
+document.head.outerHTML += '<meta http-equiv="Delegate-CH" content="sec-ch-ua-arch;sec-ch-ua-platform;sec-ch-ua-model">';
+document.head.innerHTML += '<meta http-equiv="Delegate-CH" content="sec-ch-ua-full-version;sec-ch-ua-bitness;sec-ch-ua-full-version-list">';
+document.write('<meta http-equiv="Delegate-CH" content="sec-ch-ua-platform-version;sec-ch-prefers-color-scheme;sec-ch-viewport-height">');
+
+// resources/echo-client-hints-received.py sets the response headers depending on the set
+// of client hints it receives in the request headers.
+promise_test(t => {
+  return fetch("/client-hints/resources/echo-client-hints-received.py").then(r => {
+    assert_equals(r.status, 200)
+    // Verify that the browser does not include client hints for javascript
+    // injected headers on the XHR.
+    assert_false(r.headers.has("device-memory-received"), "device-memory-received");
+    assert_false(r.headers.has("device-memory-deprecated-received"), "device-memory-deprecated-received");
+    assert_false(r.headers.has("dpr-received"), "dpr-received");
+    assert_false(r.headers.has("dpr-deprecated-received"), "dpr-deprecated-received");
+    assert_false(r.headers.has("viewport-width-received"), "viewport-width-received");
+    assert_false(r.headers.has("viewport-width-deprecated-received"), "viewport-width-deprecated-received");
+    assert_false(r.headers.has("rtt-received"), "rtt-received");
+    assert_false(r.headers.has("downlink-received"), "downlink-received");
+    assert_false(r.headers.has("ect-received"), "ect-received");
+    assert_false(r.headers.has("prefers-color-scheme-received"), "prefers-color-scheme-received");
+  });
+}, "Delegate-CH meta-equiv injection test");
+
+</script>
+</body>
+</html>