[Private Network Access] Web Platform Tests for redirects.

Bug: chromium:1293891
Change-Id: Ia22fe59ff99246db94cbbab99192597e716692d6
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3439867
Auto-Submit: Titouan Rigoudy 
Reviewed-by: Arthur Hemery 
Commit-Queue: Titouan Rigoudy 
Cr-Commit-Position: refs/heads/main@{#967321}

Author: letitz

fetch/private-network-access/redirect.https.window.js

@@ -0,0 +1,232 @@
+// META: script=/common/utils.js
+// META: script=resources/support.sub.js
+//
+// Spec: https://wicg.github.io/private-network-access/#integration-fetch
+//
+// This test verifies that Private Network Access checks are applied to all
+// the endpoints in a redirect chain, relative to the same client context.
+
+// local -> private -> public
+//
+// Request 1 (local -> private): no preflight.
+// Request 2 (local -> public): no preflight.
+
+promise_test(t => fetchTest(t, {
+  source: { server: Server.HTTPS_LOCAL },
+  target: {
+    server: Server.HTTPS_PRIVATE,
+    behavior: {
+      response: ResponseBehavior.allowCrossOrigin(),
+      redirect: preflightUrl({
+        server: Server.HTTPS_PUBLIC,
+        behavior: { response: ResponseBehavior.allowCrossOrigin() },
+      }),
+    }
+  },
+  expected: FetchTestResult.SUCCESS,
+}), "local to private to public: success.");
+
+// local -> private -> local
+//
+// Request 1 (local -> private): no preflight.
+// Request 2 (local -> local): no preflight.
+//
+// This checks that the client for the second request is still the initial
+// context, not the redirector.
+
+promise_test(t => fetchTest(t, {
+  source: { server: Server.HTTPS_LOCAL },
+  target: {
+    server: Server.HTTPS_PRIVATE,
+    behavior: {
+      response: ResponseBehavior.allowCrossOrigin(),
+      redirect: preflightUrl({
+        server: Server.HTTPS_LOCAL,
+        behavior: { response: ResponseBehavior.allowCrossOrigin() },
+      }),
+    }
+  },
+  expected: FetchTestResult.SUCCESS,
+}), "local to private to local: success.");
+
+// private -> private -> local
+//
+// Request 1 (private -> private): no preflight.
+// Request 2 (private -> local): preflight required.
+//
+// This verifies that PNA checks are applied after redirects.
+
+promise_test(t => fetchTest(t, {
+  source: { server: Server.HTTPS_PRIVATE },
+  target: {
+    server: Server.HTTPS_PRIVATE,
+    behavior: {
+      redirect: preflightUrl({
+        server: Server.HTTPS_LOCAL,
+        behavior: { response: ResponseBehavior.allowCrossOrigin() },
+      }),
+    }
+  },
+  expected: FetchTestResult.FAILURE,
+}), "private to private to local: failed preflight.");
+
+promise_test(t => fetchTest(t, {
+  source: { server: Server.HTTPS_PRIVATE },
+  target: {
+    server: Server.HTTPS_PRIVATE,
+    behavior: {
+      redirect: preflightUrl({
+        server: Server.HTTPS_LOCAL,
+        behavior: {
+          preflight: PreflightBehavior.success(token()),
+          response: ResponseBehavior.allowCrossOrigin(),
+        },
+      }),
+    }
+  },
+  expected: FetchTestResult.SUCCESS,
+}), "private to private to local: success.");
+
+promise_test(t => fetchTest(t, {
+  source: { server: Server.HTTPS_PRIVATE },
+  target: {
+    server: Server.HTTPS_PRIVATE,
+    behavior: {
+      redirect: preflightUrl({
+        server: Server.HTTPS_LOCAL,
+        behavior: { preflight: PreflightBehavior.success(token()) },
+      }),
+    }
+  },
+  fetchOptions: { mode: "no-cors" },
+  expected: FetchTestResult.OPAQUE,
+}), "private to private to local: no-cors success.");
+
+// private -> local -> private
+//
+// Request 1 (private -> local): preflight required.
+// Request 2 (private -> private): no preflight.
+//
+// This verifies that PNA checks are applied independently to every step in a
+// redirect chain.
+
+promise_test(t => fetchTest(t, {
+  source: { server: Server.HTTPS_PRIVATE },
+  target: {
+    server: Server.HTTPS_LOCAL,
+    behavior: {
+      response: ResponseBehavior.allowCrossOrigin(),
+      redirect: preflightUrl({
+        server: Server.HTTPS_PRIVATE,
+      }),
+    }
+  },
+  expected: FetchTestResult.FAILURE,
+}), "private to local to private: failed preflight.");
+
+promise_test(t => fetchTest(t, {
+  source: { server: Server.HTTPS_PRIVATE },
+  target: {
+    server: Server.HTTPS_LOCAL,
+    behavior: {
+      preflight: PreflightBehavior.success(token()),
+      response: ResponseBehavior.allowCrossOrigin(),
+      redirect: preflightUrl({
+        server: Server.HTTPS_PRIVATE,
+        behavior: { response: ResponseBehavior.allowCrossOrigin() },
+      }),
+    }
+  },
+  expected: FetchTestResult.SUCCESS,
+}), "private to local to private: success.");
+
+promise_test(t => fetchTest(t, {
+  source: { server: Server.HTTPS_PRIVATE },
+  target: {
+    server: Server.HTTPS_LOCAL,
+    behavior: {
+      preflight: PreflightBehavior.success(token()),
+      redirect: preflightUrl({ server: Server.HTTPS_PRIVATE }),
+    }
+  },
+  fetchOptions: { mode: "no-cors" },
+  expected: FetchTestResult.OPAQUE,
+}), "private to local to private: no-cors success.");
+
+// public -> private -> local
+//
+// Request 1 (public -> private): preflight required.
+// Request 2 (public -> local): preflight required.
+//
+// This verifies that PNA checks are applied to every step in a redirect chain.
+
+promise_test(t => fetchTest(t, {
+  source: { server: Server.HTTPS_PUBLIC },
+  target: {
+    server: Server.HTTPS_PRIVATE,
+    behavior: {
+      response: ResponseBehavior.allowCrossOrigin(),
+      redirect: preflightUrl({
+        server: Server.HTTPS_LOCAL,
+        behavior: {
+          preflight: PreflightBehavior.success(token()),
+          response: ResponseBehavior.allowCrossOrigin(),
+        },
+      }),
+    }
+  },
+  expected: FetchTestResult.FAILURE,
+}), "public to private to local: failed first preflight.");
+
+promise_test(t => fetchTest(t, {
+  source: { server: Server.HTTPS_PUBLIC },
+  target: {
+    server: Server.HTTPS_PRIVATE,
+    behavior: {
+      preflight: PreflightBehavior.success(token()),
+      response: ResponseBehavior.allowCrossOrigin(),
+      redirect: preflightUrl({
+        server: Server.HTTPS_LOCAL,
+        behavior: {
+          response: ResponseBehavior.allowCrossOrigin(),
+        },
+      }),
+    }
+  },
+  expected: FetchTestResult.FAILURE,
+}), "public to private to local: failed second preflight.");
+
+promise_test(t => fetchTest(t, {
+  source: { server: Server.HTTPS_PUBLIC },
+  target: {
+    server: Server.HTTPS_PRIVATE,
+    behavior: {
+      preflight: PreflightBehavior.success(token()),
+      response: ResponseBehavior.allowCrossOrigin(),
+      redirect: preflightUrl({
+        server: Server.HTTPS_LOCAL,
+        behavior: {
+          preflight: PreflightBehavior.success(token()),
+          response: ResponseBehavior.allowCrossOrigin(),
+        },
+      }),
+    }
+  },
+  expected: FetchTestResult.SUCCESS,
+}), "public to private to local: success.");
+
+promise_test(t => fetchTest(t, {
+  source: { server: Server.HTTPS_PUBLIC },
+  target: {
+    server: Server.HTTPS_PRIVATE,
+    behavior: {
+      preflight: PreflightBehavior.success(token()),
+      redirect: preflightUrl({
+        server: Server.HTTPS_LOCAL,
+        behavior: { preflight: PreflightBehavior.success(token()) },
+      }),
+    }
+  },
+  fetchOptions: { mode: "no-cors" },
+  expected: FetchTestResult.OPAQUE,
+}), "public to private to local: no-cors success.");

fetch/private-network-access/resources/preflight.py

@@ -36,6 +36,8 @@
 #
 # The following parameters only affect non-preflight responses:
 #
+# - redirect: If set, the response code is set to 301 and the `Location`
+#   response header is set to this value.
 # - mime-type: If set, the `Content-Type` response header is set to this value.
 # - file: Specifies a path (relative to this file's directory) to a file. If
 #   set, the response body is copied from this file.
@@ -123,6 +125,11 @@ def _handle_final_request(request, response):
     mode = request.GET.get(b"final-headers")
     headers = _get_response_headers(request.method, mode)
 
+  redirect = request.GET.get(b"redirect")
+  if redirect is not None:
+    headers.append(("Location", redirect))
+    return (301, headers, b"")
+
   mime_type = request.GET.get(b"mime-type")
   if mime_type is not None:
     headers.append(("Content-Type", mime_type),)

fetch/private-network-access/resources/support.sub.js

@@ -128,22 +128,27 @@ function sourceResolveOptions({ server, treatAsPublic }) {
   return options;
 }
 
-// Computes options to pass to `resolveUrl()` for `resources/preflight.py`.
+// Computes the URL of a preflight handler configured with the given options.
 //
 // `server` identifies the server from which to load the resource.
 // `behavior` specifies the behavior of the target server. It may contain:
 //   - `preflight`: The result of calling one of `PreflightBehavior`'s methods.
 //   - `response`: The result of calling one of `ResponseBehavior`'s methods.
-function targetResolveOptions({ server, behavior }) {
+//   - `redirect`: A URL to which the target should redirect GET requests.
+function preflightUrl({ server, behavior }) {
   const options = {...server};
   if (behavior) {
-    const { preflight, response } = behavior;
+    const { preflight, response, redirect } = behavior;
     options.searchParams = {
       ...preflight,
       ...response,
     };
+    if (redirect !== undefined) {
+      options.searchParams.redirect = redirect;
+    }
   }
-  return options;
+
+  return resolveUrl("resources/preflight.py", options);
 }
 
 // Methods generate behavior specifications for how `resources/preflight.py`
@@ -206,7 +211,7 @@ const FetchTestResult = {
 //     // Optional. Passed to `sourceResolveOptions()`.
 //     source,
 //
-//     // Optional. Passed to `targetResolveOptions()`.
+//     // Optional. Passed to `preflightUrl()`.
 //     target,
 //
 //     // Optional. Passed to `fetch()`.
@@ -220,8 +225,7 @@ async function fetchTest(t, { source, target, fetchOptions, expected }) {
   const sourceUrl =
       resolveUrl("resources/fetcher.html", sourceResolveOptions(source));
 
-  const targetUrl =
-      resolveUrl("resources/preflight.py", targetResolveOptions(target));
+  const targetUrl = preflightUrl(target);
 
   const iframe = await appendIframe(t, document, sourceUrl);
   const reply = futureMessage();
@@ -264,7 +268,7 @@ const XhrTestResult = {
 //     // Optional. Passed to `sourceResolveOptions()`.
 //     source,
 //
-//     // Optional. Passed to `targetResolveOptions()`.
+//     // Optional. Passed to `preflightUrl()`.
 //     target,
 //
 //     // Optional. Method to use when sending the request. Defaults to "GET".
@@ -278,8 +282,7 @@ async function xhrTest(t, { source, target, method, expected }) {
   const sourceUrl =
       resolveUrl("resources/xhr-sender.html", sourceResolveOptions(source));
 
-  const targetUrl =
-      resolveUrl("resources/preflight.py", targetResolveOptions(target));
+  const targetUrl = preflightUrl(target);
 
   const iframe = await appendIframe(t, document, sourceUrl);
   const reply = futureMessage();
@@ -344,8 +347,7 @@ const WorkerScriptTestResult = {
 };
 
 function workerScriptUrl(target) {
-  const url =
-    resolveUrl("resources/preflight.py", targetResolveOptions(target));
+  const url = preflightUrl(target);
 
   url.searchParams.append("body", "postMessage({ loaded: true })")
   url.searchParams.append("mime-type", "application/javascript")
@@ -395,8 +397,7 @@ async function sharedWorkerScriptTest(t, { source, target, expected }) {
   const sourceUrl = resolveUrl("resources/shared-worker-fetcher.html",
                                sourceResolveOptions(source));
 
-  const targetUrl =
-      resolveUrl("resources/preflight.py", targetResolveOptions(target));
+  const targetUrl = preflightUrl(target);
   targetUrl.searchParams.append(
       "body", "onconnect = (e) => e.ports[0].postMessage({ loaded: true })")
 
@@ -418,8 +419,7 @@ const WorkerFetchTestResult = {
 };
 
 async function workerFetchTest(t, { source, target, expected }) {
-  const targetUrl =
-      resolveUrl("resources/preflight.py", targetResolveOptions(target));
+  const targetUrl = preflightUrl(target);
 
   const sourceUrl =
       resolveUrl("resources/fetcher.js", sourceResolveOptions(source));
@@ -439,8 +439,7 @@ async function workerFetchTest(t, { source, target, expected }) {
 }
 
 async function sharedWorkerFetchTest(t, { source, target, expected }) {
-  const targetUrl =
-      resolveUrl("resources/preflight.py", targetResolveOptions(target));
+  const targetUrl = preflightUrl(target);
 
   const sourceUrl =
       resolveUrl("resources/shared-fetcher.js", sourceResolveOptions(source));

fetch/private-network-access/service-worker-fetch.https.window.js

@@ -21,8 +21,7 @@ async function makeTest(t, { source, target, expected }) {
   const scriptUrl =
       resolveUrl("resources/service-worker.js", sourceResolveOptions(source));
 
-  const realTargetUrl =
-      resolveUrl("resources/preflight.py", targetResolveOptions(target));
+  const realTargetUrl = preflightUrl(target);
 
   // Fetch a URL within the service worker's scope, but tell it which URL to
   // really fetch.

fetch/private-network-access/service-worker-update.https.window.js

@@ -28,8 +28,7 @@ async function makeTest(t, { target, expected }) {
       "resources/service-worker-bridge.html",
       sourceResolveOptions({ server: target.server }));
 
-  const scriptUrl =
-      resolveUrl("resources/preflight.py", targetResolveOptions(target));
+  const scriptUrl = preflightUrl(target);
   scriptUrl.searchParams.append("treat-as-public-once", token());
   scriptUrl.searchParams.append("mime-type", "application/javascript");
   scriptUrl.searchParams.append("file", "service-worker.js");

fetch/private-network-access/service-worker.https.window.js

@@ -24,8 +24,7 @@ async function makeTest(t, { source, target, expected }) {
   const sourceUrl = resolveUrl("resources/service-worker-bridge.html",
                                sourceResolveOptions(source));
 
-  const targetUrl =
-      resolveUrl("resources/preflight.py", targetResolveOptions(target));
+  const targetUrl = preflightUrl(target);
   targetUrl.searchParams.append("body", "undefined");
   targetUrl.searchParams.append("mime-type", "application/javascript");