Bug 1638165 [wpt PR 23620] - [ua-ch] Apply FP to UA and UA-Mobile, a=testonly

Automatic update from web-platform-tests [ua-ch] Apply FP to UA and UA-Mobile Currently FeaturePolicy isn't applied to hints that are sent by default: Sec-CH-UA and Sec-CH-UA-Mobile. That's wrong, as it doesn't allow sites to e.g. block those headers on their own origin or on third-party origins. This CL fixes that. Bug: 1082252 Change-Id: Ia924b5539fb78fa664d90e7fdc8c7e79f19c657d Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2203057 Commit-Queue: Yoav Weiss <yoavweiss@chromium.org> Reviewed-by: Aaron Tagliaboschi <aarontag@chromium.org> Cr-Commit-Position: refs/heads/master@{#769088} -- wpt-commits: f9d12a5f8f0e7b0fbe067f01e6d71fd60bbe285d wpt-pr: 23620
2020-05-21 10:20:25 +00:00 · 2020-05-21 10:20:25 +00:00 · b0c7fd5b19
--- a/testing/web-platform/tests/client-hints/accept-ch-feature-policy-navigation.https.html
+++ b/testing/web-platform/tests/client-hints/accept-ch-feature-policy-navigation.https.html
@ -8,12 +8,12 @@
 (async () => {
  await test_frame(
    "HTTPS_REMOTE_ORIGIN",
-    "device-memory=true&dpr=false&viewport-width=false",
+    "device-memory=true&dpr=false&viewport-width=false&sec-ch-ua=false&sec-ch-ua-mobile=false",
    "",
    "Client hints loaded on cross-origin iframe request with feature policy.");
  await test_frame(
    "HTTPS_ORIGIN",
-    "device-memory=true&dpr=false&viewport-width=true",
+    "device-memory=true&dpr=false&viewport-width=true&sec-ch-ua=true&sec-ch-ua-mobile=false",
    "",
    "Client hints loaded on same-origin iframe request with feature policy.");
  await test_frame(
@ -23,7 +23,7 @@
    "Iframe trying to set Accept-CH-Lifetime.", "/client-hints/resources/iframe-accept-ch-lifetime.html");
  await test_frame(
    "HTTPS_REMOTE_ORIGIN",
-    "device-memory=true&dpr=false&viewport-width=false",
+    "device-memory=true&dpr=false&viewport-width=false&sec-ch-ua=false&sec-ch-ua-mobile=false",
    "",
    "Client hints loaded on cross-origin iframe request with feature policy after attempting to set independently.");
 })();
--- a/testing/web-platform/tests/client-hints/accept-ch-feature-policy-navigation.https.html.headers
+++ b/testing/web-platform/tests/client-hints/accept-ch-feature-policy-navigation.https.html.headers
@ -1,3 +1,3 @@
 Accept-CH: Device-Memory, DPR, Viewport-Width
 Accept-CH-Lifetime: 1
-Feature-Policy: ch-device-memory *; ch-dpr 'none'; ch-viewport-width 'self'; ch-lang 'none'
+Feature-Policy: ch-device-memory *; ch-dpr 'none'; ch-viewport-width 'self'; ch-lang 'none'; ch-ua 'self'; ch-ua-mobile 'none'
--- a/testing/web-platform/tests/client-hints/accept-ch-no-feature-policy-navigation.https.html
+++ b/testing/web-platform/tests/client-hints/accept-ch-no-feature-policy-navigation.https.html
@ -8,12 +8,12 @@
 (async () => {
  await test_frame(
    "HTTPS_REMOTE_ORIGIN",
-    "device-memory=false&dpr=false&viewport-width=false",
+    "device-memory=false&dpr=false&viewport-width=false&sec-ch-ua=true&sec-ch-ua-mobile=true",
    "",
    "Client hints not loaded on cross-origin iframe request with no feature policy.");
  await test_frame(
    "HTTPS_ORIGIN",
-    "device-memory=true&dpr=true&viewport-width=true",
+    "device-memory=true&dpr=true&viewport-width=true&sec-ch-ua=true&sec-ch-ua-mobile=true",
    "",
    "Client hints loaded on same-origin iframe request with no feature policy.");
 })();
--- a/testing/web-platform/tests/client-hints/resources/expect-client-hints-headers-iframe.py
+++ b/testing/web-platform/tests/client-hints/resources/expect-client-hints-headers-iframe.py
@ -3,7 +3,7 @@ def main(request, response):
    Simple handler that returns an HTML response that passes when the required
    Client Hints are received as request headers.
    """
-    values = [ "Device-Memory", "DPR", "Viewport-Width" ]
+    values = [ "Device-Memory", "DPR", "Viewport-Width", "Sec-CH-UA", "Sec-CH-UA-Mobile" ]

    result = "PASS"
    log = ""