Bug 1728523 [wpt PR 30281] - Add Content-Security-Policy WPTs for WebTransport, a=testonly

Automatic update from web-platform-tests
Add Content-Security-Policy WPTs for WebTransport

This CL adds two test cases:
- when connect-src is set to none, the WebTransport connection fails
- when connect-src is set to the page destination, the WebTransport
connection is established successfully

Furthermore, the custom-reponse server handler is also added in this CL,
which will be used in some follow-up CLs to respond to CONNECT requests.

The test expectations have also been updated in this CL, by skipping
these WebTransport WPTs for the timebeing until the server is added.

Bug: 1201569
Change-Id: I4c0c1b947751e71accda69682769c3f461c7fb6d
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3134999
Commit-Queue: Nidhi Jaju <nidhijaju@chromium.org>
Reviewed-by: Yutaka Hirano <yhirano@chromium.org>
Cr-Commit-Position: refs/heads/main@{#917597}

--

wpt-commits: 679b01b186186215fdd3cbdb54039d8a31b8bc15
wpt-pr: 30281

testing/web-platform/tests/webtransport/csp-fail.sub.window.js

@@ -0,0 +1,22 @@
+// META: global=window,worker
+// META: script=/common/get-host-info.sub.js
+
+const HOST = get_host_info().ORIGINAL_HOST;
+const PORT = '{{ports[webtransport-h3][0]}}';
+const BASE = `https://${HOST}:${PORT}`;
+
+function set_csp(destination) {
+  let meta = document.createElement("meta");
+  meta.httpEquiv = "Content-Security-Policy";
+  meta.content = `connect-src ${destination}`;
+  return meta;
+}
+
+promise_test(async t => {
+  let meta = set_csp("'none'");
+  document.head.appendChild(meta);
+
+  let wt = new WebTransport(`${BASE}/handlers/custom-response.py?:status=200`);
+  await promise_rejects_dom(t, 'SecurityError', wt.ready, 'ready promise should be rejected');
+  await promise_rejects_dom(t, 'SecurityError', wt.closed, 'closed promise should be rejected');
+}, "WebTransport connection should fail when CSP connect-src is set to none and reject the promises");

testing/web-platform/tests/webtransport/csp-pass.sub.window.js

@@ -0,0 +1,21 @@
+// META: global=window,worker
+// META: script=/common/get-host-info.sub.js
+
+const HOST = get_host_info().ORIGINAL_HOST;
+const PORT = '{{ports[webtransport-h3][0]}}';
+const BASE = `https://${HOST}:${PORT}`;
+
+function set_csp(destination) {
+  let meta = document.createElement("meta");
+  meta.httpEquiv = "Content-Security-Policy";
+  meta.content = `connect-src ${destination}`;
+  return meta;
+}
+
+promise_test(async t => {
+ let meta = set_csp(`${BASE}`);
+ document.head.appendChild(meta);
+
+  let wt = new WebTransport(`${BASE}/webtransport/handlers/custom-response.py?:status=200`);
+  await wt.ready;
+}, "WebTransport connection should succeed when CSP connect-src destination is set to the page");

testing/web-platform/tests/webtransport/handlers/custom-response.py

@@ -0,0 +1,13 @@
+from urllib.parse import urlsplit, parse_qsl
+
+def connect_received(request_headers, response_headers):
+  for data in request_headers:
+    if data[0] == b':path':
+      path = data[1].decode('utf-8')
+
+      qs = dict(parse_qsl(urlsplit(path).query))
+      for key, value in qs.items():
+        response_headers.append((key.encode('utf-8'), value.encode('utf-8')))
+
+      break
+  return