Implement W3C Secure Contexts Draft Specification
authordbates@webkit.org <dbates@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 12 Jun 2017 23:55:04 +0000 (23:55 +0000)
committerdbates@webkit.org <dbates@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 12 Jun 2017 23:55:04 +0000 (23:55 +0000)
https://bugs.webkit.org/show_bug.cgi?id=158121
<rdar://problem/26012994>

Reviewed by Ryosuke Niwa.

Part 3

LayoutTests/imported/w3c:

Import the Secure Contexts Web Platform Tests.

* resources/import-expectations.json:
* resources/resource-files.json:
* web-platform-tests/secure-contexts/basic-dedicated-worker.html: Added.
* web-platform-tests/secure-contexts/basic-dedicated-worker.https.html: Added.
* web-platform-tests/secure-contexts/basic-popup-and-iframe-tests-expected.txt: Added.
* web-platform-tests/secure-contexts/basic-popup-and-iframe-tests.html: Added.
* web-platform-tests/secure-contexts/basic-popup-and-iframe-tests.https-expected.txt: Added.
* web-platform-tests/secure-contexts/basic-popup-and-iframe-tests.https.html: Added.
* web-platform-tests/secure-contexts/basic-popup-and-iframe-tests.https.js: Added.
(LoadType):
(LoadTarget):
(LoadTarget.prototype.open):
(LoadTarget.prototype.close):
(LoadTarget.prototype.load_and_get_result_for):
(run_next_test.):
(run_next_test):
(begin):
* web-platform-tests/secure-contexts/basic-shared-worker.html: Added.
* web-platform-tests/secure-contexts/basic-shared-worker.https.html: Added.
* web-platform-tests/secure-contexts/postMessage-helper.html: Added.
* web-platform-tests/secure-contexts/postMessage-helper.https.html: Added.
* web-platform-tests/secure-contexts/server-locations.sub.js: Added.
* web-platform-tests/secure-contexts/shared-worker-insecure-first.https.html: Added.
* web-platform-tests/secure-contexts/shared-worker-secure-first.https.html: Added.
* web-platform-tests/secure-contexts/support/dedicated-worker-script.js: Added.
* web-platform-tests/secure-contexts/support/https-subframe-dedicated.html: Added.
* web-platform-tests/secure-contexts/support/https-subframe-shared.html: Added.
* web-platform-tests/secure-contexts/support/parent-dedicated-worker-script.js: Added.
(w.onmessage):
* web-platform-tests/secure-contexts/support/parent-shared-worker-script.js: Added.
(w.onmessage):
* web-platform-tests/secure-contexts/support/shared-worker-insecure-popup.html: Added.
* web-platform-tests/secure-contexts/support/shared-worker-script.js: Added.
* web-platform-tests/secure-contexts/support/w3c-import.log: Added.
* web-platform-tests/secure-contexts/w3c-import.log: Added.

LayoutTests:

Skip tests that exercise Shared Workers as WebKit does not support them. With the exception
of web-platform-tests/secure-contexts/basic-popup-and-iframe-tests.html all other tests are
skipped because they time out. The following sub-tests in web-platform-tests/secure-contexts/basic-popup-and-iframe-tests.html
are expected to fail:
    - "Test Window.isSecureContext for HTTP creator"
        Reason: Sub-test must be run from non-localhost server
    - "Test Window.isSecureContext in an iframe loading an http"
        Reason: Sub-test must be run from non-localhost server
    - "Test Window.isSecureContext in a sandboxed iframe loading an http"
        Reason: We do not implement the allow-secure-context flag
    - "Test Window.isSecureContext in a popup loading about:blank"
        Reason: Times out; further investigation needed.

We will investigate the test failures and fix them in subsequent commits.

* TestExpectations:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@218155 268f45cc-cd09-0410-ab3c-d52691b4dbfc

28 files changed:
LayoutTests/ChangeLog
LayoutTests/TestExpectations
LayoutTests/imported/w3c/ChangeLog
LayoutTests/imported/w3c/resources/import-expectations.json
LayoutTests/imported/w3c/resources/resource-files.json
LayoutTests/imported/w3c/web-platform-tests/secure-contexts/basic-dedicated-worker.html [new file with mode: 0644]
LayoutTests/imported/w3c/web-platform-tests/secure-contexts/basic-dedicated-worker.https.html [new file with mode: 0644]
LayoutTests/imported/w3c/web-platform-tests/secure-contexts/basic-popup-and-iframe-tests-expected.txt [new file with mode: 0644]
LayoutTests/imported/w3c/web-platform-tests/secure-contexts/basic-popup-and-iframe-tests.html [new file with mode: 0644]
LayoutTests/imported/w3c/web-platform-tests/secure-contexts/basic-popup-and-iframe-tests.https-expected.txt [new file with mode: 0644]
LayoutTests/imported/w3c/web-platform-tests/secure-contexts/basic-popup-and-iframe-tests.https.html [new file with mode: 0644]
LayoutTests/imported/w3c/web-platform-tests/secure-contexts/basic-popup-and-iframe-tests.https.js [new file with mode: 0644]
LayoutTests/imported/w3c/web-platform-tests/secure-contexts/basic-shared-worker.html [new file with mode: 0644]
LayoutTests/imported/w3c/web-platform-tests/secure-contexts/basic-shared-worker.https.html [new file with mode: 0644]
LayoutTests/imported/w3c/web-platform-tests/secure-contexts/postMessage-helper.html [new file with mode: 0644]
LayoutTests/imported/w3c/web-platform-tests/secure-contexts/postMessage-helper.https.html [new file with mode: 0644]
LayoutTests/imported/w3c/web-platform-tests/secure-contexts/server-locations.sub.js [new file with mode: 0644]
LayoutTests/imported/w3c/web-platform-tests/secure-contexts/shared-worker-insecure-first.https.html [new file with mode: 0644]
LayoutTests/imported/w3c/web-platform-tests/secure-contexts/shared-worker-secure-first.https.html [new file with mode: 0644]
LayoutTests/imported/w3c/web-platform-tests/secure-contexts/support/dedicated-worker-script.js [new file with mode: 0644]
LayoutTests/imported/w3c/web-platform-tests/secure-contexts/support/https-subframe-dedicated.html [new file with mode: 0644]
LayoutTests/imported/w3c/web-platform-tests/secure-contexts/support/https-subframe-shared.html [new file with mode: 0644]
LayoutTests/imported/w3c/web-platform-tests/secure-contexts/support/parent-dedicated-worker-script.js [new file with mode: 0644]
LayoutTests/imported/w3c/web-platform-tests/secure-contexts/support/parent-shared-worker-script.js [new file with mode: 0644]
LayoutTests/imported/w3c/web-platform-tests/secure-contexts/support/shared-worker-insecure-popup.html [new file with mode: 0644]
LayoutTests/imported/w3c/web-platform-tests/secure-contexts/support/shared-worker-script.js [new file with mode: 0644]
LayoutTests/imported/w3c/web-platform-tests/secure-contexts/support/w3c-import.log [new file with mode: 0644]
LayoutTests/imported/w3c/web-platform-tests/secure-contexts/w3c-import.log [new file with mode: 0644]

index 268651e..bb82c12 100644 (file)
@@ -1,3 +1,30 @@
+2017-06-12  Daniel Bates  <dabates@apple.com>
+
+        Implement W3C Secure Contexts Draft Specification
+        https://bugs.webkit.org/show_bug.cgi?id=158121
+        <rdar://problem/26012994>
+
+        Reviewed by Ryosuke Niwa.
+
+        Part 3
+
+        Skip tests that exercise Shared Workers as WebKit does not support them. With the exception
+        of web-platform-tests/secure-contexts/basic-popup-and-iframe-tests.html all other tests are
+        skipped because they time out. The following sub-tests in web-platform-tests/secure-contexts/basic-popup-and-iframe-tests.html
+        are expected to fail:
+            - "Test Window.isSecureContext for HTTP creator"
+                Reason: Sub-test must be run from non-localhost server
+            - "Test Window.isSecureContext in an iframe loading an http"
+                Reason: Sub-test must be run from non-localhost server
+            - "Test Window.isSecureContext in a sandboxed iframe loading an http"
+                Reason: We do not implement the allow-secure-context flag
+            - "Test Window.isSecureContext in a popup loading about:blank"
+                Reason: Times out; further investigation needed.
+
+        We will investigate the test failures and fix them in subsequent commits.
+
+        * TestExpectations:
+
 2017-06-12  Chris Dumez  <cdumez@apple.com>
 
         Add Arabic Kasra to list of blacklisted characters when puny-decoding URL
index b263289..367dfcd 100644 (file)
@@ -109,6 +109,12 @@ fast/visual-viewport/rubberbanding-viewport-rects-header-footer.html  [ Skip ]
 # DataDetectors tests only make sense on Mac
 fast/events/do-not-drag-and-drop-data-detectors-link.html [ Skip ]
 
+# Shared Workers are unsupported
+imported/w3c/web-platform-tests/secure-contexts/basic-shared-worker.html [ Skip ]
+imported/w3c/web-platform-tests/secure-contexts/basic-shared-worker.https.html [ Skip ]
+imported/w3c/web-platform-tests/secure-contexts/shared-worker-insecure-first.https.html [ Skip ]
+imported/w3c/web-platform-tests/secure-contexts/shared-worker-secure-first.https.html [ Skip ]
+
 #//////////////////////////////////////////////////////////////////////////////////////////
 # End platform-specific tests.
 #//////////////////////////////////////////////////////////////////////////////////////////
@@ -1331,6 +1337,11 @@ webkit.org/b/172099 imported/w3c/web-platform-tests/FileAPI/url/url_xmlhttpreque
 http/tests/media/modern-media-controls [ Skip ]
 media/modern-media-controls [ Skip ]
 
+# Secure Contexts tests that timeout
+imported/w3c/web-platform-tests/secure-contexts/basic-dedicated-worker.html [ Skip ]
+imported/w3c/web-platform-tests/secure-contexts/basic-dedicated-worker.https.html [ Skip ]
+imported/w3c/web-platform-tests/secure-contexts/basic-popup-and-iframe-tests.https.html [ Skip ]
+
 ### END OF -disabled tests
 ########################################
 
index 2598107..577c5de 100644 (file)
@@ -1,3 +1,51 @@
+2017-06-12  Daniel Bates  <dabates@apple.com>
+
+        Implement W3C Secure Contexts Draft Specification
+        https://bugs.webkit.org/show_bug.cgi?id=158121
+        <rdar://problem/26012994>
+
+        Reviewed by Ryosuke Niwa.
+
+        Part 3
+
+        Import the Secure Contexts Web Platform Tests.
+
+        * resources/import-expectations.json:
+        * resources/resource-files.json:
+        * web-platform-tests/secure-contexts/basic-dedicated-worker.html: Added.
+        * web-platform-tests/secure-contexts/basic-dedicated-worker.https.html: Added.
+        * web-platform-tests/secure-contexts/basic-popup-and-iframe-tests-expected.txt: Added.
+        * web-platform-tests/secure-contexts/basic-popup-and-iframe-tests.html: Added.
+        * web-platform-tests/secure-contexts/basic-popup-and-iframe-tests.https-expected.txt: Added.
+        * web-platform-tests/secure-contexts/basic-popup-and-iframe-tests.https.html: Added.
+        * web-platform-tests/secure-contexts/basic-popup-and-iframe-tests.https.js: Added.
+        (LoadType):
+        (LoadTarget):
+        (LoadTarget.prototype.open):
+        (LoadTarget.prototype.close):
+        (LoadTarget.prototype.load_and_get_result_for):
+        (run_next_test.):
+        (run_next_test):
+        (begin):
+        * web-platform-tests/secure-contexts/basic-shared-worker.html: Added.
+        * web-platform-tests/secure-contexts/basic-shared-worker.https.html: Added.
+        * web-platform-tests/secure-contexts/postMessage-helper.html: Added.
+        * web-platform-tests/secure-contexts/postMessage-helper.https.html: Added.
+        * web-platform-tests/secure-contexts/server-locations.sub.js: Added.
+        * web-platform-tests/secure-contexts/shared-worker-insecure-first.https.html: Added.
+        * web-platform-tests/secure-contexts/shared-worker-secure-first.https.html: Added.
+        * web-platform-tests/secure-contexts/support/dedicated-worker-script.js: Added.
+        * web-platform-tests/secure-contexts/support/https-subframe-dedicated.html: Added.
+        * web-platform-tests/secure-contexts/support/https-subframe-shared.html: Added.
+        * web-platform-tests/secure-contexts/support/parent-dedicated-worker-script.js: Added.
+        (w.onmessage):
+        * web-platform-tests/secure-contexts/support/parent-shared-worker-script.js: Added.
+        (w.onmessage):
+        * web-platform-tests/secure-contexts/support/shared-worker-insecure-popup.html: Added.
+        * web-platform-tests/secure-contexts/support/shared-worker-script.js: Added.
+        * web-platform-tests/secure-contexts/support/w3c-import.log: Added.
+        * web-platform-tests/secure-contexts/w3c-import.log: Added.
+
 2017-06-12  Sam Weinig  <sam@webkit.org>
 
         [WebIDL] Re-implement GetOwnPropertySlot[ByIndex] generation to more closely follow WebIDL
index 9dd18c3..9a90e97 100644 (file)
     "web-platform-tests/remote-playback": "skip", 
     "web-platform-tests/resource-timing": "import", 
     "web-platform-tests/screen-orientation": "skip", 
-    "web-platform-tests/secure-contexts": "skip", 
+    "web-platform-tests/secure-contexts": "import", 
     "web-platform-tests/secure_context": "skip", 
     "web-platform-tests/selection": "skip", 
     "web-platform-tests/selectors": "skip", 
index 348199a..5b7f188 100644 (file)
         "web-platform-tests/html/webappapis/scripting/events/onerroreventhandler-frame.html",
         "web-platform-tests/mathml/relations/html5-tree/unique-identifier-1-iframe.html",
         "web-platform-tests/resource-timing/iframe-setdomain.sub.html",
+        "web-platform-tests/secure-contexts/postMessage-helper.html",
+        "web-platform-tests/secure-contexts/postMessage-helper.https.html",
+        "web-platform-tests/secure-contexts/support/https-subframe-dedicated.html",
+        "web-platform-tests/secure-contexts/support/https-subframe-shared.html",
+        "web-platform-tests/secure-contexts/support/shared-worker-insecure-popup.html",
         "web-platform-tests/test_keys_wdspec.html",
         "web-platform-tests/upgrade-insecure-requests/support/post-origin-to-parent.html"
     ]
diff --git a/LayoutTests/imported/w3c/web-platform-tests/secure-contexts/basic-dedicated-worker.html b/LayoutTests/imported/w3c/web-platform-tests/secure-contexts/basic-dedicated-worker.html
new file mode 100644 (file)
index 0000000..737f31b
--- /dev/null
@@ -0,0 +1,83 @@
+<!doctype html>
+<html>
+  <head>
+    <meta charset=utf-8>
+    <title>Test WorkerGlobalScope.isSecureContext for HTTP creator</title>
+    <meta name="help" href="https://w3c.github.io/webappsec-secure-contexts/#monkey-patching-global-object">
+    <script src=/resources/testharness.js></script>
+    <script src=/resources/testharnessreport.js></script>
+    <script src="server-locations.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      var t1 = async_test("HTTP worker");
+      var t2 = async_test("HTTPS worker");
+      var t3 = async_test("HTTP nested worker");
+      var t4 = async_test("HTTPS nested worker");
+      var t5 = async_test("HTTP worker from HTTPS subframe");
+      var t6 = async_test("HTTPS worker from HTTPS subframe");
+
+      var w1 = new Worker(http_dir + "support/dedicated-worker-script.js");
+      w1.onmessage = t1.step_func_done(function(e) {
+        assert_false(e.data);
+      });
+      w1.onerror = t1.step_func_done(function(e) {
+        assert_unreached("isSecureContext should be supported");
+      });
+
+      var w2 = new Worker(https_dir + "support/dedicated-worker-script.js");
+      w2.onmessage = t2.step_func_done(function(e) {
+        assert_unreached("cross-origin workers should not be loaded");
+      });
+      w2.onerror = t2.step_func_done(function(e) {
+        e.preventDefault();
+      });
+
+      var w3 = new Worker(http_dir + "support/parent-dedicated-worker-script.js");
+      w3.onmessage = t3.step_func_done(function(e) {
+        assert_false(e.data);
+      });
+      w3.onerror = t3.step_func_done(function(e) {
+        assert_unreached("isSecureContext should be supported");
+      });
+
+      var w4 = new Worker(https_dir + "support/parent-dedicated-worker-script.js");
+      w4.onmessage = t4.step_func_done(function(e) {
+        assert_unreached("cross-origin workers should not be loaded");
+      });
+      w4.onerror = t4.step_func_done(function(e) {
+        e.preventDefault();
+      });
+
+      onmessage = function(e) {
+        var data = e.data;
+        if (data.type == "http") {
+          t5.step(function() {
+            assert_true(data.error);
+          });
+          t5.done();
+        } else if (data.type == "https") {
+          t6.step(function() {
+            assert_false(data.error);
+            assert_false(data.isSecureContext);
+          });
+          t6.done();
+        } else {
+          t5.step(function() {
+            assert_unreached("Unknown message");
+          });
+          t5.done();
+          t6.step(function() {
+            assert_unreached("Unknown message");
+          });
+          t6.done();
+        }
+      }
+
+      var ifr = document.createElement("iframe");
+      ifr.src = https_dir + "support/https-subframe-dedicated.html";
+      document.body.appendChild(ifr);
+    </script>
+  </body>
+</html>
+
diff --git a/LayoutTests/imported/w3c/web-platform-tests/secure-contexts/basic-dedicated-worker.https.html b/LayoutTests/imported/w3c/web-platform-tests/secure-contexts/basic-dedicated-worker.https.html
new file mode 100644 (file)
index 0000000..012c7b1
--- /dev/null
@@ -0,0 +1,83 @@
+<!doctype html>
+<html>
+  <head>
+    <meta charset=utf-8>
+    <title>Test WorkerGlobalScope.isSecureContext for HTTPS creator</title>
+    <meta name="help" href="https://w3c.github.io/webappsec-secure-contexts/#monkey-patching-global-object">
+    <script src=/resources/testharness.js></script>
+    <script src=/resources/testharnessreport.js></script>
+    <script src="server-locations.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      var t1 = async_test("HTTP worker");
+      var t2 = async_test("HTTPS worker");
+      var t3 = async_test("HTTP nested worker");
+      var t4 = async_test("HTTPS nested worker");
+      var t5 = async_test("HTTP worker from HTTPS subframe");
+      var t6 = async_test("HTTPS worker from HTTPS subframe");
+
+      var w1 = new Worker(http_dir + "support/dedicated-worker-script.js");
+      w1.onmessage = t1.step_func_done(function(e) {
+        assert_unreached("cross-origin workers should not be loaded");
+      });
+      w1.onerror = t1.step_func_done(function(e) {
+        e.preventDefault();
+      });
+
+      var w2 = new Worker(https_dir + "support/dedicated-worker-script.js");
+      w2.onmessage = t2.step_func_done(function(e) {
+        assert_true(e.data);
+      });
+      w2.onerror = t2.step_func_done(function(e) {
+        assert_unreached("isSecureContext should be supported");
+      });
+
+      var w3 = new Worker(http_dir + "support/parent-dedicated-worker-script.js");
+      w3.onmessage = t3.step_func_done(function(e) {
+        assert_unreached("cross-origin workers should not be loaded");
+      });
+      w3.onerror = t3.step_func_done(function(e) {
+        e.preventDefault();
+      });
+
+      var w4 = new Worker(https_dir + "support/parent-dedicated-worker-script.js");
+      w4.onmessage = t4.step_func_done(function(e) {
+        assert_true(e.data);
+      });
+      w4.onerror = t4.step_func_done(function(e) {
+        assert_unreached("isSecureContext should be supported");
+      });
+
+      onmessage = function(e) {
+        var data = e.data;
+        if (data.type == "http") {
+          t5.step(function() {
+            assert_true(data.error);
+          });
+          t5.done();
+        } else if (data.type == "https") {
+          t6.step(function() {
+            assert_false(data.error);
+            assert_true(data.isSecureContext);
+          });
+          t6.done();
+        } else {
+          t5.step(function() {
+            assert_unreached("Unknown message");
+          });
+          t5.done();
+          t6.step(function() {
+            assert_unreached("Unknown message");
+          });
+          t6.done();
+        }
+      }
+
+      var ifr = document.createElement("iframe");
+      ifr.src = https_dir + "support/https-subframe-dedicated.html";
+      document.body.appendChild(ifr);
+    </script>
+  </body>
+</html>
+
diff --git a/LayoutTests/imported/w3c/web-platform-tests/secure-contexts/basic-popup-and-iframe-tests-expected.txt b/LayoutTests/imported/w3c/web-platform-tests/secure-contexts/basic-popup-and-iframe-tests-expected.txt
new file mode 100644 (file)
index 0000000..d141c3f
--- /dev/null
@@ -0,0 +1,21 @@
+
+Harness Error (TIMEOUT), message = null
+
+FAIL Test Window.isSecureContext for HTTP creator assert_false: http: creator should not be a Secure Context expected false got true
+FAIL Test Window.isSecureContext in an iframe loading an http: URI assert_false: an http: URI in an iframe should not create a Secure Context expected false got true
+PASS Test Window.isSecureContext in an iframe loading an https: URI 
+PASS Test Window.isSecureContext in an iframe loading a blob: URI 
+PASS Test Window.isSecureContext in an iframe loading a srcdoc 
+PASS Test Window.isSecureContext in an iframe loading a javascript: URI 
+PASS Test Window.isSecureContext in an iframe loading about:blank 
+PASS Test Window.isSecureContext in an iframe loading initial about:blank 
+FAIL Test Window.isSecureContext in a sandboxed iframe loading an http: URI assert_false: an http: URI in a sandboxed iframe should not create a Secure Context expected false got true
+PASS Test Window.isSecureContext in a sandboxed iframe loading an https: URI 
+PASS Test Window.isSecureContext in a sandboxed iframe loading a blob: URI 
+PASS Test Window.isSecureContext in a sandboxed iframe loading a srcdoc 
+FAIL Test Window.isSecureContext in a popup loading an http: URI assert_false: an http: URI in a popup should not create a Secure Context expected false got true
+PASS Test Window.isSecureContext in a popup loading an https: URI 
+PASS Test Window.isSecureContext in a popup loading a blob: URI 
+PASS Test Window.isSecureContext in a popup loading a javascript: URI 
+TIMEOUT Test Window.isSecureContext in a popup loading about:blank Test timed out
+
diff --git a/LayoutTests/imported/w3c/web-platform-tests/secure-contexts/basic-popup-and-iframe-tests.html b/LayoutTests/imported/w3c/web-platform-tests/secure-contexts/basic-popup-and-iframe-tests.html
new file mode 100644 (file)
index 0000000..ab3c443
--- /dev/null
@@ -0,0 +1,25 @@
+<!doctype html>
+<html>
+  <head>
+    <meta charset=utf-8>
+    <title>Test Window.isSecureContext for HTTP creator</title>
+    <meta name="help" href="https://w3c.github.io/webappsec-secure-contexts/#monkey-patching-global-object">
+    <meta name="author" title="Jonathan Watt" href="https://jwatt.org/">
+    <script src=/resources/testharness.js></script>
+    <script src=/resources/testharnessreport.js></script>
+    <script src="server-locations.sub.js"></script>
+    <script>
+
+// This file is the equivasent of the https version, but rather than
+// having a copy of its script file we figure out the URI of the script on the
+// https server and load it here.
+let script = document.createElement("script");
+script.setAttribute("src", https_dir + "basic-popup-and-iframe-tests.https.js");
+document.head.appendChild(script);
+
+    </script>
+  </head>
+  <body onload="begin();">
+  </body>
+</html>
+
diff --git a/LayoutTests/imported/w3c/web-platform-tests/secure-contexts/basic-popup-and-iframe-tests.https-expected.txt b/LayoutTests/imported/w3c/web-platform-tests/secure-contexts/basic-popup-and-iframe-tests.https-expected.txt
new file mode 100644 (file)
index 0000000..a81b688
--- /dev/null
@@ -0,0 +1,3 @@
+#PID UNRESPONSIVE - com.apple.WebKit.WebContent.Development (pid 55133)
+FAIL: Timed out waiting for notifyDone to be called
+
diff --git a/LayoutTests/imported/w3c/web-platform-tests/secure-contexts/basic-popup-and-iframe-tests.https.html b/LayoutTests/imported/w3c/web-platform-tests/secure-contexts/basic-popup-and-iframe-tests.https.html
new file mode 100644 (file)
index 0000000..a9c7f3c
--- /dev/null
@@ -0,0 +1,16 @@
+<!doctype html>
+<html>
+  <head>
+    <meta charset=utf-8>
+    <title>Test Window.isSecureContext for HTTPS creator</title>
+    <meta name="help" href="https://w3c.github.io/webappsec-secure-contexts/#monkey-patching-global-object">
+    <meta name="author" title="Jonathan Watt" href="https://jwatt.org/">
+    <script src=/resources/testharness.js></script>
+    <script src=/resources/testharnessreport.js></script>
+    <script src="server-locations.sub.js"></script>
+    <script src="basic-popup-and-iframe-tests.https.js"></script>
+  </head>
+  <body onload="begin();">
+  </body>
+</html>
+
diff --git a/LayoutTests/imported/w3c/web-platform-tests/secure-contexts/basic-popup-and-iframe-tests.https.js b/LayoutTests/imported/w3c/web-platform-tests/secure-contexts/basic-popup-and-iframe-tests.https.js
new file mode 100644 (file)
index 0000000..ebc9f2b
--- /dev/null
@@ -0,0 +1,279 @@
+
+/**
+ * This test checks the Secure Context state of documents for various
+ * permutations of document URI types and loading methods.
+ *
+ * The hierarchy that is tested is:
+ *
+ *   creator-doc > createe-doc
+ *
+ * The creator-doc is one of:
+ *
+ *   http:
+ *   https:
+ *
+ * The createe-doc is loaded as either a:
+ *
+ *   popup
+ *   iframe
+ *   sandboxed-iframe
+ *
+ * into which we load and test:
+ *
+ *   http:
+ *   https:
+ *   blob:
+ *   javascript:
+ *   about:blank
+ *   initial about:blank
+ *   srcdoc
+ *
+ * TODO once web-platform-tests supports it:
+ *   - test http://localhost
+ *   - test file:
+ *
+ * TODO once https://github.com/w3c/webappsec-secure-contexts/issues/26 is resolved
+ *   - test data:
+ */
+
+
+setup({explicit_done:true});
+
+
+const host_and_dirname = location.host +
+                         location.pathname.substr(0, location.pathname.lastIndexOf("/") + 1);
+
+
+// Flags to indicate where document types should be loaded for testing:
+const eLoadInPopup             = (1 << 0);
+const eLoadInUnsandboxedIframe = (1 << 1);
+const eLoadInSandboxedIframe   = (1 << 2);
+const eLoadInEverything        = eLoadInPopup | eLoadInUnsandboxedIframe | eLoadInSandboxedIframe;
+
+// Flags indicating if a document type is expected to be a Secure Context:
+const eSecureNo              = 1;
+const eSecureIfCreatorSecure = 2;
+
+// Flags indicating how the result of a test is obtained:
+const eResultFromPostMessage       = 1;
+const eResultFromExaminationOnLoad = 2;
+const eResultFromExaminationSync   = 3;
+
+
+const loadTypes = [
+  new LoadType("an http: URI",
+               eLoadInEverything,
+               http_dir + "postMessage-helper.html",
+               eSecureNo,
+               eResultFromPostMessage),
+  new LoadType("an https: URI",
+               eLoadInEverything,
+               https_dir + "postMessage-helper.https.html",
+               eSecureIfCreatorSecure,
+               eResultFromPostMessage),
+  new LoadType("a blob: URI",
+               eLoadInEverything,
+               URL.createObjectURL(new Blob(["<script>(opener||parent).postMessage(isSecureContext, '*')</script>"], {type: "text/html"})),
+               eSecureIfCreatorSecure,
+               eResultFromPostMessage),
+  new LoadType("a srcdoc",
+               // popup not relevant:
+               eLoadInUnsandboxedIframe | eLoadInSandboxedIframe,
+               "<script>(opener||parent).postMessage(isSecureContext, '*')</script>",
+               eSecureIfCreatorSecure,
+               eResultFromPostMessage),
+  new LoadType("a javascript: URI",
+               // can't load in sandbox:
+               eLoadInUnsandboxedIframe | eLoadInPopup,
+               "javascript:(opener||parent).postMessage(isSecureContext, '*')",
+               eSecureIfCreatorSecure,
+               eResultFromPostMessage),
+  new LoadType("about:blank",
+               // can't obtain state if sandboxed:
+               eLoadInUnsandboxedIframe | eLoadInPopup,
+               "about:blank",
+               eSecureIfCreatorSecure,
+               eResultFromExaminationOnLoad),
+  new LoadType("initial about:blank",
+               // can't obtain state if sandboxed:
+               eLoadInUnsandboxedIframe | eLoadInPopup,
+               "about:blank", // we don't wait for this to load, so whatever
+               eSecureIfCreatorSecure,
+               eResultFromExaminationSync),
+];
+
+const loadTargets = [
+  new LoadTarget("an iframe",          eLoadInUnsandboxedIframe),
+  new LoadTarget("a sandboxed iframe", eLoadInSandboxedIframe),
+  new LoadTarget("a popup",            eLoadInPopup),
+];
+
+
+function LoadType(description, loadInFlags, uri, expectedSecureFlag, resultFrom) {
+  this.desc = description;
+  this.loadInFlags = loadInFlags;
+  this.uri = uri;
+  this.expectedSecureFlag = expectedSecureFlag;
+  this.resultFrom = resultFrom;
+}
+
+
+function LoadTarget(description, loadInFlag) {
+  this.desc = description;
+  this.loadInFlag = loadInFlag;
+}
+
+LoadTarget.prototype.open = function(loadType) {
+  let loadTarget = this;
+  this.currentTest.step(function() {
+    assert_true((loadTarget.loadInFlag & loadType.loadInFlags) != 0,
+                loadType.desc + " cannot be tested in " + loadTarget.desc);
+  });
+  if (this.loadInFlag == eLoadInUnsandboxedIframe) {
+    let iframe = document.createElement("iframe");
+    document.body.appendChild(iframe);
+    iframe[loadType.desc == "a srcdoc" ? "srcdoc" : "src"] = loadType.uri;
+    return iframe;
+  }
+  if (this.loadInFlag == eLoadInSandboxedIframe) {
+    let iframe = document.body.appendChild(document.createElement("iframe"));
+    iframe.setAttribute("sandbox", "allow-scripts");
+    iframe[loadType.desc == "a srcdoc" ? "srcdoc" : "src"] = loadType.uri;
+    return iframe;
+  }
+  if (this.loadInFlag == eLoadInPopup) {
+    return window.open(loadType.uri);
+  }
+  this.currentTest.step(function() {
+    assert_unreached("Unknown load type flag: " + loadInFlags);
+  });
+  return null;
+}
+
+LoadTarget.prototype.close = function(domTarget) {
+  if (this.loadInFlag == eLoadInUnsandboxedIframe ||
+      this.loadInFlag == eLoadInSandboxedIframe) {
+    domTarget.remove();
+    return;
+  }
+  if (this.loadInFlag == eLoadInPopup) {
+    domTarget.close();
+    return;
+  }
+  this.currentTest.step(function() {
+    assert_unreached("Unknown load type flag: " + loadInFlags);
+  });
+}
+
+LoadTarget.prototype.load_and_get_result_for = function(loadType) {
+  if (!(loadType.loadInFlags & this.loadInFlag)) {
+    return Promise.reject("not applicable");
+  }
+  if (!(this.loadInFlag & eLoadInPopup) &&
+      location.protocol == "https:" &&
+      loadType.uri.substr(0,5) == "http:") {
+    // Mixed content blocker will prevent this load
+    return Promise.reject("not applicable");
+  }
+  this.currentTest = async_test("Test Window.isSecureContext in " + this.desc +
+                                " loading " + loadType.desc)
+  if (loadType.resultFrom == eResultFromExaminationSync) {
+    let domTarget = this.open(loadType);
+    let result = domTarget instanceof Window ?
+          domTarget.isSecureContext : domTarget.contentWindow.isSecureContext;
+    this.close(domTarget);
+    return Promise.resolve(result);
+  }
+  let target = this;
+  if (loadType.resultFrom == eResultFromExaminationOnLoad) {
+    return new Promise(function(resolve, reject) {
+      function handleLoad(event) {
+        let result = domTarget instanceof Window ?
+              domTarget.isSecureContext : domTarget.contentWindow.isSecureContext;
+        domTarget.removeEventListener("load", handleLoad);
+        target.close(domTarget);
+        resolve(result);
+      }
+      let domTarget = target.open(loadType);
+      domTarget.addEventListener("load", handleLoad, false);
+    });
+  }
+  if (loadType.resultFrom == eResultFromPostMessage) {
+    return new Promise(function(resolve, reject) {
+      function handleMessage(event) {
+        window.removeEventListener("message", handleMessage);
+        target.close(domTarget);
+        resolve(event.data);
+      }
+      window.addEventListener("message", handleMessage, false);
+      let domTarget = target.open(loadType);
+   });
+  }
+  return Promise.reject("unexpected 'result from' type");
+}
+
+
+let current_type_index = -1;
+let current_target_index = 0;
+
+function run_next_test() {
+  current_type_index++;
+  if (current_type_index >= loadTypes.length) {
+    current_type_index = 0;
+    current_target_index++;
+    if (current_target_index >= loadTargets.length) {
+      done();
+      return; // all test permutations complete
+    }
+  }
+  let loadTarget = loadTargets[current_target_index];
+  let loadType = loadTypes[current_type_index];
+  loadTarget.load_and_get_result_for(loadType).then(
+    function(value) {
+      run_next_test_soon();
+      loadTarget.currentTest.step(function() {
+        if (loadType.expectedSecureFlag == eSecureNo) {
+          assert_false(value, loadType.desc + " in " + loadTarget.desc + " should not create a Secure Context");
+        } else if (loadType.expectedSecureFlag == eSecureIfCreatorSecure) {
+          if (!window.isSecureContext) {
+            assert_false(value, loadType.desc + " in " + loadTarget.desc + " should not create a Secure Context when its creator is not a Secure Context.");
+          } else {
+            assert_true(value, loadType.desc + " in " + loadTarget.desc + " should create a Secure Context when its creator is a Secure Context");
+          }
+        } else {
+          assert_unreached(loadType.desc + " - unknown expected secure flag: " + expectedSecureFlag);
+        }
+        loadTarget.currentTest.done();
+      });
+    },
+    function(failReason) {
+      run_next_test_soon();
+      if (failReason == "not applicable") {
+        return;
+      }
+      loadTarget.currentTest.step(function() {
+        assert_unreached(loadType.desc + " - got unexpected rejected promise");
+      });
+    }
+  );
+}
+
+function run_next_test_soon() {
+  setTimeout(run_next_test, 0);
+}
+
+function begin() {
+  test(function() {
+    if (location.protocol == "http:") {
+      assert_false(isSecureContext,
+                   "http: creator should not be a Secure Context");
+    } else if (location.protocol == "https:") {
+      assert_true(isSecureContext,
+                  "https: creator should be a Secure Context");
+    } else {
+      assert_unreached("Unknown location.protocol");
+    }
+  });
+  run_next_test();
+}
+
diff --git a/LayoutTests/imported/w3c/web-platform-tests/secure-contexts/basic-shared-worker.html b/LayoutTests/imported/w3c/web-platform-tests/secure-contexts/basic-shared-worker.html
new file mode 100644 (file)
index 0000000..76c28a3
--- /dev/null
@@ -0,0 +1,69 @@
+<!doctype html>
+<html>
+  <head>
+    <meta charset=utf-8>
+    <title>Test SharedWorkerGlobalScope.isSecureContext for HTTP creator</title>
+    <meta name="help" href="https://w3c.github.io/webappsec-secure-contexts/#monkey-patching-global-object">
+    <script src=/resources/testharness.js></script>
+    <script src=/resources/testharnessreport.js></script>
+    <script src="server-locations.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      var t1 = async_test("Shared worker");
+      var t2 = async_test("Nested worker in shared worker");
+      var t3 = async_test("Shared worker from https subframe");
+      var t4 = async_test("Nested worker from shared worker from https subframe");
+      // Tests for SharedWorkers used from other workers (not supported right
+      // now) would go here.
+
+      t1.step(function() {
+        var w = new SharedWorker("support/shared-worker-script.js");
+        w.port.onmessage = t1.step_func_done(function(e) {
+          assert_false(e.data);
+        });
+        w.port.start();
+      });
+
+      t2.step(function() {
+        var w = new SharedWorker("support/parent-shared-worker-script.js");
+        w.port.onmessage = t2.step_func_done(function(e) {
+          assert_false(e.data);
+        });
+        w.port.start();
+      });
+
+      onmessage = function(e) {
+        var data = e.data;
+        if (data.type == "shared") {
+          t3.step(function() {
+            assert_false(data.exception);
+            assert_false(data.error);
+            assert_false(data.isSecureContext);
+          });
+          t3.done();
+        } else if (data.type == "nested") {
+          t4.step(function() {
+            assert_false(data.exception);
+            assert_false(data.error);
+            assert_false(data.isSecureContext);
+          });
+          t4.done();
+        } else {
+          t3.step(function() {
+            assert_unreached("Unknown message");
+          });
+          t3.done();
+          t4.step(function() {
+            assert_unreached("Unknown message");
+          });
+          t4.done();
+        }
+      }
+
+      var ifr = document.createElement("iframe");
+      ifr.src = https_dir2 + "support/https-subframe-shared.html";
+      document.body.appendChild(ifr);
+    </script>
+  </body>
+</html>
diff --git a/LayoutTests/imported/w3c/web-platform-tests/secure-contexts/basic-shared-worker.https.html b/LayoutTests/imported/w3c/web-platform-tests/secure-contexts/basic-shared-worker.https.html
new file mode 100644 (file)
index 0000000..e7c7838
--- /dev/null
@@ -0,0 +1,67 @@
+<!doctype html>
+<html>
+  <head>
+    <meta charset=utf-8>
+    <title>Test SharedWorkerGlobalScope.isSecureContext for HTTP creator</title>
+    <meta name="help" href="https://w3c.github.io/webappsec-secure-contexts/#monkey-patching-global-object">
+    <script src=/resources/testharness.js></script>
+    <script src=/resources/testharnessreport.js></script>
+    <script src="server-locations.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      var t1 = async_test("Shared worker");
+      var t2 = async_test("Nested worker in shared worker");
+      var t3 = async_test("Shared worker from https subframe");
+      var t4 = async_test("Nested worker from shared worker from https subframe");
+
+      t1.step(function() {
+        var w = new SharedWorker("support/shared-worker-script.js");
+        w.port.onmessage = t1.step_func_done(function(e) {
+          assert_true(e.data);
+        });
+        w.port.start();
+      });
+
+      t2.step(function() {
+        var w = new SharedWorker("support/parent-shared-worker-script.js");
+        w.port.onmessage = t2.step_func_done(function(e) {
+          assert_true(e.data);
+        });
+        w.port.start();
+      });
+
+      onmessage = function(e) {
+        var data = e.data;
+        if (data.type == "shared") {
+          t3.step(function() {
+            assert_false(data.exception);
+            assert_false(data.error);
+            assert_true(data.isSecureContext);
+          });
+          t3.done();
+        } else if (data.type == "nested") {
+          t4.step(function() {
+            assert_false(data.exception);
+            assert_false(data.error);
+            assert_true(data.isSecureContext);
+          });
+          t4.done();
+        } else {
+          t3.step(function() {
+            assert_unreached("Unknown message");
+          });
+          t3.done();
+          t4.step(function() {
+            assert_unreached("Unknown message");
+          });
+          t4.done();
+        }
+      }
+
+      var ifr = document.createElement("iframe");
+      ifr.src = https_dir3 + "support/https-subframe-shared.html";
+      document.body.appendChild(ifr);
+    </script>
+  </body>
+</html>
diff --git a/LayoutTests/imported/w3c/web-platform-tests/secure-contexts/postMessage-helper.html b/LayoutTests/imported/w3c/web-platform-tests/secure-contexts/postMessage-helper.html
new file mode 100644 (file)
index 0000000..8971c86
--- /dev/null
@@ -0,0 +1 @@
+<script>(opener||parent).postMessage(isSecureContext, '*')</script>
diff --git a/LayoutTests/imported/w3c/web-platform-tests/secure-contexts/postMessage-helper.https.html b/LayoutTests/imported/w3c/web-platform-tests/secure-contexts/postMessage-helper.https.html
new file mode 100644 (file)
index 0000000..8971c86
--- /dev/null
@@ -0,0 +1 @@
+<script>(opener||parent).postMessage(isSecureContext, '*')</script>
diff --git a/LayoutTests/imported/w3c/web-platform-tests/secure-contexts/server-locations.sub.js b/LayoutTests/imported/w3c/web-platform-tests/secure-contexts/server-locations.sub.js
new file mode 100644 (file)
index 0000000..6b29c53
--- /dev/null
@@ -0,0 +1,17 @@
+var https_dir = "https://{{location[hostname]}}:{{ports[https][0]}}{{location[path]}}";
+https_dir = https_dir.substr(0, https_dir.lastIndexOf("/") + 1);
+
+var http_dir = "http://{{location[hostname]}}:{{ports[http][0]}}{{location[path]}}";
+http_dir = http_dir.substr(0, http_dir.lastIndexOf("/") + 1);
+
+var https_dir2 = "https://{{domains[www]}}:{{ports[https][0]}}{{location[path]}}";
+https_dir2 = https_dir2.substr(0, https_dir2.lastIndexOf("/") + 1);
+
+var https_dir3 = "https://{{domains[www1]}}:{{ports[https][0]}}{{location[path]}}";
+https_dir3 = https_dir3.substr(0, https_dir3.lastIndexOf("/") + 1);
+
+var https_dir4 = "https://{{domains[www2]}}:{{ports[https][0]}}{{location[path]}}";
+https_dir4 = https_dir4.substr(0, https_dir4.lastIndexOf("/") + 1);
+
+var https_dir5 = "https://{{domains[élève]}}:{{ports[https][0]}}{{location[path]}}";
+https_dir5 = https_dir5.substr(0, https_dir5.lastIndexOf("/") + 1);
diff --git a/LayoutTests/imported/w3c/web-platform-tests/secure-contexts/shared-worker-insecure-first.https.html b/LayoutTests/imported/w3c/web-platform-tests/secure-contexts/shared-worker-insecure-first.https.html
new file mode 100644 (file)
index 0000000..074b21c
--- /dev/null
@@ -0,0 +1,111 @@
+<!doctype html>
+<html>
+  <head>
+    <meta charset=utf-8>
+    <title>Test SharedWorkerGlobalScope.isSecureContext for HTTP creator</title>
+    <meta name="help" href="https://w3c.github.io/webappsec-secure-contexts/#monkey-patching-global-object">
+    <script src=/resources/testharness.js></script>
+    <script src=/resources/testharnessreport.js></script>
+    <script src="server-locations.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      /*
+       * The goal of this test is to check that we do the right thing if the
+       * same SharedWorker is used first from an insecure context and then from
+       * a secure context.
+       *
+       * To do this, we first open an insecure (http) popup, which loads a
+       * subframe that is same-origin with us but not a secure context, since
+       * its parent is http, not https.  Then this subframe loads a SharedWorker
+       * and communicates back to us whether that worker and a child dedicated
+       * worker it spawns think they are secure contexts.  Async tests t3 and t4
+       * track these two workers.
+       *
+       * After we have heard from both workers in the popup, we directly load
+       * the same exact subframe ourselves and see what the workers in it
+       * report.  Async tests t1 and t2 track these two workers.
+       */
+      var t1 = async_test("Shared worker in subframe");
+      var t2 = async_test("Nested worker in shared worker in subframe");
+      var t3 = async_test("Shared worker in popup");
+      var t4 = async_test("Nested worker from shared worker in popup");
+
+      var messageCount = 0;
+      var popup = null;
+      onmessage = function(e) {
+        ++messageCount;
+        // Make sure to not close the popup until we've run the iframe part of
+        // the test!  We need to keep those shared workers alive.
+        if (messageCount == 4 && popup) {
+          popup.close();
+        }
+        var data = e.data;
+        if (data.type == "shared") {
+          // This is a message from our shared worker; check whether it's the
+          // one in the popup or in our subframe.
+          if (data.fromPopup) {
+            t3.step(function() {
+              assert_false(data.exception);
+              assert_false(data.error);
+              assert_false(data.isSecureContext);
+            });
+            t3.done();
+          } else {
+            t1.step(function() {
+              assert_false(data.exception);
+              assert_true(data.error);
+            });
+            t1.done();
+          }
+        } else if (data.type == "nested") {
+          // This is a message from our shared worker's nested dedicated worker;
+          // check whether it's the one in the popup or in our subframe.
+          if (data.fromPopup) {
+            t4.step(function() {
+              assert_false(data.exception);
+              assert_false(data.error);
+              assert_false(data.isSecureContext);
+            });
+            t4.done();
+          } else {
+            t2.step(function() {
+              assert_false(data.exception);
+              assert_true(data.error);
+            });
+            t2.done();
+          }
+        } else {
+          if (popup) {
+            popup.close();
+          }
+          t1.step(function() {
+            assert_unreached("Unknown message");
+          });
+          t1.done();
+          t2.step(function() {
+            assert_unreached("Unknown message");
+          });
+          t2.done();
+          t3.step(function() {
+            assert_unreached("Unknown message");
+          });
+          t3.done();
+          t4.step(function() {
+            assert_unreached("Unknown message");
+          });
+          t4.done();
+        }
+
+        if (messageCount == 2) {
+          // Got both messages from our popup; time to create our child.
+          var ifr = document.createElement("iframe");
+          ifr.src = https_dir5 + "support/https-subframe-shared.html";
+          document.body.appendChild(ifr);
+        }
+      }
+
+      popup = window.open(http_dir + "support/shared-worker-insecure-popup.html?https_dir5");
+    </script>
+  </body>
+</html>
diff --git a/LayoutTests/imported/w3c/web-platform-tests/secure-contexts/shared-worker-secure-first.https.html b/LayoutTests/imported/w3c/web-platform-tests/secure-contexts/shared-worker-secure-first.https.html
new file mode 100644 (file)
index 0000000..27697d6
--- /dev/null
@@ -0,0 +1,111 @@
+<!doctype html>
+<html>
+  <head>
+    <meta charset=utf-8>
+    <title>Test SharedWorkerGlobalScope.isSecureContext for HTTP creator</title>
+    <meta name="help" href="https://w3c.github.io/webappsec-secure-contexts/#monkey-patching-global-object">
+    <script src=/resources/testharness.js></script>
+    <script src=/resources/testharnessreport.js></script>
+    <script src="server-locations.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      /*
+       * The goal of this test is to check that we do the right thing if the
+       * same SharedWorker is used first from an secure context and then from
+       * an insecure context.
+       *
+       * To do this, we load a subframe which loads a SharedWorker
+       * and communicates back to us whether that worker and a child dedicated
+       * worker it spawns think they are secure contexts. Async tests t1 and t2
+       * track these two workers.
+       *
+       * After we have heard from both workers in the subframe, we open an
+       * insecure (http) popup, which loads the same exact subframe.  This
+       * subframe is still is same-origin with
+       * us but not a secure context, since its parent is http, not https.  Then
+       * we wait to hear about the status of the workers in the popup's
+       * subframe.  Async tests t3 and t4 track these two workers.
+       *
+       */
+      var t1 = async_test("Shared worker in subframe");
+      var t2 = async_test("Nested worker in shared worker in subframe");
+      var t3 = async_test("Shared worker in popup");
+      var t4 = async_test("Nested worker from shared worker in popup");
+
+      var messageCount = 0;
+      var popup = null;
+      onmessage = function(e) {
+        ++messageCount;
+        if (messageCount == 4 && popup) {
+          popup.close();
+        }
+        var data = e.data;
+        if (data.type == "shared") {
+          // This is a message from our shared worker; check whether it's the
+          // one in the popup or in our subframe.
+          if (data.fromPopup) {
+            t3.step(function() {
+              assert_false(data.exception);
+              assert_true(data.error);
+            });
+            t3.done();
+          } else {
+            t1.step(function() {
+              assert_false(data.exception);
+              assert_false(data.error);
+              assert_true(data.isSecureContext);
+            });
+            t1.done();
+          }
+        } else if (data.type == "nested") {
+          // This is a message from our shared worker's nested dedicated worker;
+          // check whether it's the one in the popup or in our subframe.
+          if (data.fromPopup) {
+            t4.step(function() {
+              assert_false(data.exception);
+              assert_true(data.error);
+            });
+            t4.done();
+          } else {
+            t2.step(function() {
+              assert_false(data.exception);
+              assert_false(data.error);
+              assert_true(data.isSecureContext);
+            });
+            t2.done();
+          }
+        } else {
+          if (popup) {
+            popup.close();
+          }
+          t1.step(function() {
+            assert_unreached("Unknown message");
+          });
+          t1.done();
+          t2.step(function() {
+            assert_unreached("Unknown message");
+          });
+          t2.done();
+          t3.step(function() {
+            assert_unreached("Unknown message");
+          });
+          t3.done();
+          t4.step(function() {
+            assert_unreached("Unknown message");
+          });
+          t4.done();
+        }
+
+        if (messageCount == 2) {
+          // Got both messages from our child; time to open our popup
+          popup = window.open(http_dir + "support/shared-worker-insecure-popup.html?https_dir4");
+        }
+      }
+
+      var ifr = document.createElement("iframe");
+      ifr.src = https_dir4 + "support/https-subframe-shared.html";
+      document.body.appendChild(ifr);
+    </script>
+  </body>
+</html>
diff --git a/LayoutTests/imported/w3c/web-platform-tests/secure-contexts/support/dedicated-worker-script.js b/LayoutTests/imported/w3c/web-platform-tests/secure-contexts/support/dedicated-worker-script.js
new file mode 100644 (file)
index 0000000..69ffdf3
--- /dev/null
@@ -0,0 +1 @@
+postMessage(isSecureContext);
diff --git a/LayoutTests/imported/w3c/web-platform-tests/secure-contexts/support/https-subframe-dedicated.html b/LayoutTests/imported/w3c/web-platform-tests/secure-contexts/support/https-subframe-dedicated.html
new file mode 100644 (file)
index 0000000..85005df
--- /dev/null
@@ -0,0 +1,21 @@
+<!DOCTYPE html>
+<script src="../server-locations.sub.js"></script>
+<script>
+  var w1 = new Worker(http_dir + "support/dedicated-worker-script.js");
+  w1.onmessage = function(e) {
+    parent.postMessage({ type: "http", error: false,
+                         isSecureContext: e.data }, "*");
+  };
+  w1.onerror = function(e) {
+    parent.postMessage({ type: "http", error: true }, "*");
+  };
+
+  var w2 = new Worker(https_dir + "support/dedicated-worker-script.js");
+  w2.onmessage = function(e) {
+    parent.postMessage({ type: "https", error: false,
+                         isSecureContext: e.data }, "*");
+  };
+  w2.onerror = function(e) {
+    parent.postMessage({ type: "https", error: true }, "*");
+  }
+</script>
diff --git a/LayoutTests/imported/w3c/web-platform-tests/secure-contexts/support/https-subframe-shared.html b/LayoutTests/imported/w3c/web-platform-tests/secure-contexts/support/https-subframe-shared.html
new file mode 100644 (file)
index 0000000..5ae7cde
--- /dev/null
@@ -0,0 +1,32 @@
+<!DOCTYPE html>
+<script>
+  try {
+    var w = new SharedWorker("shared-worker-script.js");
+    w.port.onmessage = function(e) {
+      parent.postMessage({ type: "shared", error: false, exception: false,
+                           isSecureContext: e.data }, "*");
+    };
+    w.onerror = function(e) {
+      parent.postMessage({ type: "shared", error: true, exception: false },
+                         "*");
+    }
+    w.port.start();
+  } catch (e) {
+    parent.postMessage({ type: "shared", exception: true }, "*");
+  }
+
+  try {
+    var w = new SharedWorker("parent-shared-worker-script.js");
+    w.port.onmessage = function(e) {
+      parent.postMessage({ type: "nested", error: false, exception: false,
+                           isSecureContext: e.data }, "*");
+    };
+    w.onerror = function(e) {
+      parent.postMessage({ type: "nested", error: true, exception: false },
+                         "*");
+    }
+    w.port.start();
+  } catch (e) {
+    parent.postMessage({ type: "nested", exception: true }, "*");
+  }
+</script>
diff --git a/LayoutTests/imported/w3c/web-platform-tests/secure-contexts/support/parent-dedicated-worker-script.js b/LayoutTests/imported/w3c/web-platform-tests/secure-contexts/support/parent-dedicated-worker-script.js
new file mode 100644 (file)
index 0000000..a844755
--- /dev/null
@@ -0,0 +1,4 @@
+var w = new Worker("dedicated-worker-script.js");
+w.onmessage = function (e) {
+  postMessage(e.data);
+}
diff --git a/LayoutTests/imported/w3c/web-platform-tests/secure-contexts/support/parent-shared-worker-script.js b/LayoutTests/imported/w3c/web-platform-tests/secure-contexts/support/parent-shared-worker-script.js
new file mode 100644 (file)
index 0000000..7f999f9
--- /dev/null
@@ -0,0 +1,8 @@
+addEventListener("connect", function (e) {
+  var port = e.ports[0];
+  port.start();
+  var w = new Worker("dedicated-worker-script.js");
+  w.onmessage = function (e) {
+    port.postMessage(e.data);
+  }
+});
diff --git a/LayoutTests/imported/w3c/web-platform-tests/secure-contexts/support/shared-worker-insecure-popup.html b/LayoutTests/imported/w3c/web-platform-tests/secure-contexts/support/shared-worker-insecure-popup.html
new file mode 100644 (file)
index 0000000..740679d
--- /dev/null
@@ -0,0 +1,15 @@
+<!DOCTYPE html>
+<script src="../server-locations.sub.js"></script>
+<body>
+  <script>
+    var url = self[location.search.substr(1)] + "support/https-subframe-shared.html";
+    onmessage = function(e) {
+      var data = e.data;
+      data.fromPopup = true;
+      opener.postMessage(data, "*");
+    }
+    var ifr = document.createElement("iframe");
+    ifr.src = url;
+    document.body.appendChild(ifr);
+  </script>
+</body>
diff --git a/LayoutTests/imported/w3c/web-platform-tests/secure-contexts/support/shared-worker-script.js b/LayoutTests/imported/w3c/web-platform-tests/secure-contexts/support/shared-worker-script.js
new file mode 100644 (file)
index 0000000..faed70a
--- /dev/null
@@ -0,0 +1,5 @@
+addEventListener("connect", function (e) {
+  var port = e.ports[0];
+  port.start();
+  port.postMessage(isSecureContext);
+});
diff --git a/LayoutTests/imported/w3c/web-platform-tests/secure-contexts/support/w3c-import.log b/LayoutTests/imported/w3c/web-platform-tests/secure-contexts/support/w3c-import.log
new file mode 100644 (file)
index 0000000..c429c9a
--- /dev/null
@@ -0,0 +1,23 @@
+The tests in this directory were imported from the W3C repository.
+Do NOT modify these tests directly in WebKit.
+Instead, create a pull request on the WPT github:
+       https://github.com/w3c/web-platform-tests
+
+Then run the Tools/Scripts/import-w3c-tests in WebKit to reimport
+
+Do NOT modify or remove this file.
+
+------------------------------------------------------------------------
+Properties requiring vendor prefixes:
+None
+Property values requiring vendor prefixes:
+None
+------------------------------------------------------------------------
+List of files:
+/LayoutTests/imported/w3c/web-platform-tests/secure-contexts/support/dedicated-worker-script.js
+/LayoutTests/imported/w3c/web-platform-tests/secure-contexts/support/https-subframe-dedicated.html
+/LayoutTests/imported/w3c/web-platform-tests/secure-contexts/support/https-subframe-shared.html
+/LayoutTests/imported/w3c/web-platform-tests/secure-contexts/support/parent-dedicated-worker-script.js
+/LayoutTests/imported/w3c/web-platform-tests/secure-contexts/support/parent-shared-worker-script.js
+/LayoutTests/imported/w3c/web-platform-tests/secure-contexts/support/shared-worker-insecure-popup.html
+/LayoutTests/imported/w3c/web-platform-tests/secure-contexts/support/shared-worker-script.js
diff --git a/LayoutTests/imported/w3c/web-platform-tests/secure-contexts/w3c-import.log b/LayoutTests/imported/w3c/web-platform-tests/secure-contexts/w3c-import.log
new file mode 100644 (file)
index 0000000..05a519c
--- /dev/null
@@ -0,0 +1,28 @@
+The tests in this directory were imported from the W3C repository.
+Do NOT modify these tests directly in WebKit.
+Instead, create a pull request on the WPT github:
+       https://github.com/w3c/web-platform-tests
+
+Then run the Tools/Scripts/import-w3c-tests in WebKit to reimport
+
+Do NOT modify or remove this file.
+
+------------------------------------------------------------------------
+Properties requiring vendor prefixes:
+None
+Property values requiring vendor prefixes:
+None
+------------------------------------------------------------------------
+List of files:
+/LayoutTests/imported/w3c/web-platform-tests/secure-contexts/basic-dedicated-worker.html
+/LayoutTests/imported/w3c/web-platform-tests/secure-contexts/basic-dedicated-worker.https.html
+/LayoutTests/imported/w3c/web-platform-tests/secure-contexts/basic-popup-and-iframe-tests.html
+/LayoutTests/imported/w3c/web-platform-tests/secure-contexts/basic-popup-and-iframe-tests.https.html
+/LayoutTests/imported/w3c/web-platform-tests/secure-contexts/basic-popup-and-iframe-tests.https.js
+/LayoutTests/imported/w3c/web-platform-tests/secure-contexts/basic-shared-worker.html
+/LayoutTests/imported/w3c/web-platform-tests/secure-contexts/basic-shared-worker.https.html
+/LayoutTests/imported/w3c/web-platform-tests/secure-contexts/postMessage-helper.html
+/LayoutTests/imported/w3c/web-platform-tests/secure-contexts/postMessage-helper.https.html
+/LayoutTests/imported/w3c/web-platform-tests/secure-contexts/server-locations.sub.js
+/LayoutTests/imported/w3c/web-platform-tests/secure-contexts/shared-worker-insecure-first.https.html
+/LayoutTests/imported/w3c/web-platform-tests/secure-contexts/shared-worker-secure-first.https.html