Bug 1882620 [wpt PR 44838] - [FedCM] Add CORS support in WPTs as well as a no CORS test, a=testonly

Automatic update from web-platform-tests
[FedCM] Add CORS support in WPTs as well as a no CORS test

The no CORS test fails right now but will pass once the CORS flag is
enabled by default

Bug: 40284123
Change-Id: Iaa864b2d94b4fff5c6258dfc1ba5aa78bce70180
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5332937
Commit-Queue: Nicolás Peña <npm@chromium.org>
Reviewed-by: Christian Biesinger <cbiesinger@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1266696}

--

wpt-commits: a0038b4dd3636b518fe268ba097a92b9ad558842
wpt-pr: 44838

testing/web-platform/tests/credential-management/fedcm-identity-assertion-nocors.https.html

@@ -0,0 +1,29 @@
+<!DOCTYPE html>
+<title>Federated Credential Management API test with no CORS identity assertion.</title>
+<link rel="help" href="https://fedidcg.github.io/FedCM">
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/resources/testdriver.js"></script>
+<script src="/resources/testdriver-vendor.js"></script>
+
+<script type="module">
+import {request_options_with_mediation_required,
+        fedcm_test,
+        select_manifest,
+        mark_signed_in,
+        fedcm_get_dialog_type_promise,
+        fedcm_get_and_select_first_account} from './support/fedcm-helper.sub.js';
+
+fedcm_test(async t => {
+  await mark_signed_in();
+  let test_options = request_options_with_mediation_required("manifest-token-nocors.json");
+  await select_manifest(t, test_options);
+  try {
+    const cred = await fedcm_get_and_select_first_account(t, test_options);
+    assert_unreached("An IdentityCredentialError exception should be thrown.");
+  } catch (e) {
+    assert_true(e instanceof DOMException);
+    assert_equals(e.name, "IdentityCredentialError");
+  }
+}, 'Test that promise is rejected if identity assertion does not use CORS');
+</script>

testing/web-platform/tests/credential-management/support/fedcm/manifest-token-nocors.json

@@ -0,0 +1,7 @@
+{
+  "accounts_endpoint": "accounts.py",
+  "client_metadata_endpoint": "client_metadata.py",
+  "id_assertion_endpoint": "token.py?nocors=1",
+  "disconnect_endpoint": "disconnect.py",
+  "login_url": "login.html"
+}

testing/web-platform/tests/credential-management/support/fedcm/request-params-check.py

@@ -80,6 +80,8 @@ def tokenCheck(request):
     return (544, [], "Missing 'account_id' POST parameter")
   if not request.POST.get(b"disclosure_text_shown"):
     return (545, [], "Missing 'disclosure_text_shown' POST parameter")
+  if not request.headers.get(b"Origin"):
+    return (540, [], "Missing Origin")
 
 def revokeCheck(request):
   common_error = commonCheck(request, b"cors")

testing/web-platform/tests/credential-management/support/fedcm/token.py

@@ -7,5 +7,8 @@ def main(request, response):
     return request_error
 
   response.headers.set(b"Content-Type", b"application/json")
+  if b"nocors" not in request.GET:
+    response.headers.set(b"Access-Control-Allow-Origin", request.headers.get(b"Origin"))
+    response.headers.set(b"Access-Control-Allow-Credentials", "true")
 
   return "{\"token\": \"token\"}"