nodejs
diff --git a/‎test/fixtures/wpt/common/get-host-info.sub.js‎
Lines changed: 2 additions & 0 deletions b/‎test/fixtures/wpt/common/get-host-info.sub.js‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎test/fixtures/wpt/eventsource/WEB_FEATURES.yml‎
Lines changed: 3 additions & 0 deletions b/‎test/fixtures/wpt/eventsource/WEB_FEATURES.yml‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎test/fixtures/wpt/fetch/fetch-later/quota/accumulated-oversized-payload.tentative.https.window.js‎
Lines changed: 2 additions & 2 deletions b/‎test/fixtures/wpt/fetch/fetch-later/quota/accumulated-oversized-payload.tentative.https.window.js‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎test/fixtures/wpt/fetch/fetch-later/quota/max-payload.tentative.https.window.js‎
Lines changed: 10 additions & 9 deletions b/‎test/fixtures/wpt/fetch/fetch-later/quota/max-payload.tentative.https.window.js‎
Lines changed: 10 additions & 9 deletions
diff --git a/‎test/fixtures/wpt/fetch/fetch-later/quota/oversized-payload.tentative.https.window.js‎
Lines changed: 10 additions & 10 deletions b/‎test/fixtures/wpt/fetch/fetch-later/quota/oversized-payload.tentative.https.window.js‎
Lines changed: 10 additions & 10 deletions
diff --git a/‎test/fixtures/wpt/fetch/fetch-later/resources/fetch-later.html‎
Lines changed: 0 additions & 6 deletions b/‎test/fixtures/wpt/fetch/fetch-later/resources/fetch-later.html‎
Lines changed: 0 additions & 6 deletions
diff --git a/‎test/fixtures/wpt/fetch/local-network-access/README.md‎
Lines changed: 2 additions & 2 deletions b/‎test/fixtures/wpt/fetch/local-network-access/README.md‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎test/fixtures/wpt/fetch/local-network-access/iframe.tentative.https.window.js‎
Lines changed: 199 additions & 0 deletions b/‎test/fixtures/wpt/fetch/local-network-access/iframe.tentative.https.window.js‎
Lines changed: 199 additions & 0 deletions
@@ -20,6 +20,7 @@ function get_host_info() {
   var REMOTE_HOST = (ORIGINAL_HOST === 'localhost') ? '127.0.0.1' : ('www1.' + ORIGINAL_HOST);
   var OTHER_HOST = '{{domains[www2]}}';
   var NOTSAMESITE_HOST = (ORIGINAL_HOST === 'localhost') ? '127.0.0.1' : ('{{hosts[alt][]}}');
+  var OTHER_NOTSAMESITE_HOST = '{{hosts[alt][www2]}}';
 
   return {
     HTTP_PORT: HTTP_PORT,
@@ -45,6 +46,7 @@ function get_host_info() {
     HTTPS_REMOTE_ORIGIN: 'https://' + REMOTE_HOST + HTTPS_PORT_ELIDED,
     HTTPS_REMOTE_ORIGIN_WITH_CREDS: 'https://foo:bar@' + REMOTE_HOST + HTTPS_PORT_ELIDED,
     HTTPS_NOTSAMESITE_ORIGIN: 'https://' + NOTSAMESITE_HOST + HTTPS_PORT_ELIDED,
+    HTTPS_OTHER_NOTSAMESITE_ORIGIN: 'https://' + OTHER_NOTSAMESITE_HOST + HTTPS_PORT_ELIDED,
     UNAUTHENTICATED_ORIGIN: 'http://' + OTHER_HOST + HTTP_PORT_ELIDED,
     AUTHENTICATED_ORIGIN: 'https://' + OTHER_HOST + HTTPS_PORT_ELIDED
   };
 
@@ -0,0 +1,3 @@
+features:
+- name: server-sent-events
+  files: "**"
@@ -37,15 +37,15 @@ test(
 
       // Makes the 2nd call (POST) to the same reporting origin that sends
       // max bytes, which should be rejected.
-      assert_throws_dom('QuotaExceededError', () => {
+      assert_throws_quotaexceedederror(() => {
         fetchLater(requestUrl, {
           method: 'POST',
           signal: controller.signal,
           body: makeBeaconData(generatePayload(quota), dataType),
           // Required, as the size of referrer also take up quota.
           referrer: '',
         });
-      });
+      }, null, null);
 
       // Makes the 3rd call (GET) to the same reporting origin, where its
       // request size is len(requestUrl) + headers, which should be accepted.
 
@@ -36,13 +36,14 @@ promise_test(async _ => {
 test(_ => {
   const uuid = token();
   const requestUrl = generateSetBeaconURL(uuid, {host: HTTPS_ORIGIN});
-  assert_throws_dom(
-      'QuotaExceededError',
-      () => fetchLater(requestUrl, {
-        activateAfter: 0,
-        method: 'POST',
-        body: generatePayload(
-            getRemainingQuota(QUOTA_PER_ORIGIN, requestUrl, headers) + 1,
-            dataType),
-      }));
+
+  assert_throws_quotaexceedederror(() => {
+    fetchLater(requestUrl, {
+          activateAfter: 0,
+          method: 'POST',
+          body: generatePayload(
+              getRemainingQuota(QUOTA_PER_ORIGIN, requestUrl, headers) + 1,
+              dataType),
+        });
+  }, null, null);
 }, `fetchLater() rejects max+1 payload in a POST request body of ${dataType}.`);
@@ -9,16 +9,16 @@ const OVERSIZED_REQUEST_BODY_SIZE = QUOTA_PER_ORIGIN + 1;
 for (const dataType in BeaconDataType) {
   // Test making a POST request with oversized payload, which should be rejected
   // by fetchLater API.
-  test(
-      () => assert_throws_dom(
-          'QuotaExceededError',
-          () => fetchLater('/', {
-            activateAfter: 0,
-            method: 'POST',
-            body: makeBeaconData(
-                generatePayload(OVERSIZED_REQUEST_BODY_SIZE), dataType),
-          })),
-      `fetchLater() does not accept payload[size=${
+  test(() => {
+    assert_throws_quotaexceedederror(() => {
+      fetchLater('/', {
+        activateAfter: 0,
+        method: 'POST',
+        body: makeBeaconData(
+            generatePayload(OVERSIZED_REQUEST_BODY_SIZE), dataType),
+      });
+    }, null, null);
+  }, `fetchLater() does not accept payload[size=${
           OVERSIZED_REQUEST_BODY_SIZE}] exceeding per-origin quota in a POST request body of ${
           dataType}.`);
 }
@@ -30,12 +30,6 @@
       fetchLater(TARGET_URL, REQUEST_INIT);
       postMessageBack({type: FetchLaterIframeMessageType.DONE});
     } catch (e) {
-      if (e.name == "QuotaExceededError" &&
-          e instanceof DOMException) {
-        // PostMessage is unable to serialize the QuotExceededError object.
-        // Therefore do basic checks here and pass error name if successful.
-        e = {name: e.name};
-      }
       postMessageBack({type: FetchLaterIframeMessageType.ERROR, error: e});
     }
   </script>
 
@@ -5,7 +5,7 @@ the Fetch specification.
 
 See also:
 
-* [Explainer](https://github.com/explainers-by-googlers/local-network-access)
+* [Spec](https://wicg.github.io/local-network-access/)
 
 Local Network Access replaced [Private Network
-Access](https://wicg.github.io/local-network-access/).
+Access](https://wicg.github.io/private-network-access/).
@@ -0,0 +1,199 @@
+// META: script=/common/subset-tests-by-key.js
+// META: script=/common/dispatcher/dispatcher.js
+// META: script=/common/utils.js
+// META: script=/resources/testdriver.js
+// META: script=/resources/testdriver-vendor.js
+// META: script=resources/support.sub.js
+// META: timeout=long
+// META: variant=?include=from-loopback
+// META: variant=?include=from-local
+// META: variant=?include=from-public
+// META: variant=?include=from-treat-as-public
+//
+// Spec: https://wicg.github.io/local-network-access/#integration-fetch
+//
+// These tests verify that secure contexts can navigate iframes to less-public
+// address spaces iff the initiating document has been granted the LNA
+// permission.
+//
+// This file covers only those tests that must execute in a secure context.
+
+setup(() => {
+  assert_true(window.isSecureContext);
+});
+
+// Source: secure loopback context.
+//
+// All iframe navigations unaffected by Local Network Access.
+
+subsetTestByKey(
+    'from-loopback', promise_test, t => iframeTest(t, {
+                                     source: Server.HTTP_LOOPBACK,
+                                     target: Server.HTTPS_LOOPBACK,
+                                     expected: NavigationTestResult.SUCCESS,
+                                   }),
+    'loopback to loopback: no permission required.');
+
+subsetTestByKey(
+    'from-loopback', promise_test, t => iframeTest(t, {
+                                     source: Server.HTTP_LOOPBACK,
+                                     target: Server.HTTPS_LOCAL,
+                                     expected: NavigationTestResult.SUCCESS,
+                                   }),
+    'loopback to local: no permission required.');
+
+subsetTestByKey(
+    'from-loopback', promise_test, t => iframeTest(t, {
+                                     source: Server.HTTP_LOOPBACK,
+                                     target: Server.HTTPS_PUBLIC,
+                                     expected: NavigationTestResult.SUCCESS,
+                                   }),
+    'loopback to public: no permission required.');
+
+// Source: local secure context.
+//
+// All iframe navigations unaffected by Local Network Access.
+
+// Requests from the `local` address space to the `loopback` address space
+// are not yet restricted by LNA.
+subsetTestByKey(
+    'from-local', promise_test, t => iframeTest(t, {
+                                  source: Server.HTTP_LOCAL,
+                                  target: Server.HTTPS_LOOPBACK,
+                                  expected: NavigationTestResult.SUCCESS,
+                                }),
+    'local to loopback: no permission required.');
+
+subsetTestByKey(
+    'from-local', promise_test, t => iframeTest(t, {
+                                  source: Server.HTTP_LOCAL,
+                                  target: Server.HTTPS_LOCAL,
+                                  expected: NavigationTestResult.SUCCESS,
+                                }),
+    'local to local: no permission required.');
+
+subsetTestByKey(
+    'from-local', promise_test, t => iframeTest(t, {
+                                  source: Server.HTTP_LOCAL,
+                                  target: Server.HTTPS_PUBLIC,
+                                  expected: NavigationTestResult.SUCCESS,
+                                }),
+    'local to public: no permission required.');
+
+
+// Generates tests of permission behavior for a single (source, target) pair.
+//
+// Scenarios:
+//
+// - parent (source) navigates child (target):
+//   - parent has been denied the LNA permission (failure)
+//   - parent has been granted the LNA permission (success)
+//
+function makePermissionTests({
+  key,
+  sourceName,
+  sourceServer,
+  sourceTreatAsPublic,
+  targetName,
+  targetServer,
+}) {
+  const prefix = `${sourceName} to ${targetName}: `;
+
+  const source = {
+    server: sourceServer,
+    treatAsPublic: sourceTreatAsPublic,
+  };
+
+  promise_test(
+      t => iframeTest(t, {
+        source,
+        target: {
+          server: targetServer,
+        },
+        expected: NavigationTestResult.FAILURE,
+        permission: 'denied',
+      }),
+      prefix + 'permission denied.');
+
+  promise_test(
+      t => iframeTest(t, {
+        source,
+        target: {
+          server: targetServer,
+        },
+        expected: NavigationTestResult.SUCCESS,
+        permission: 'granted',
+      }),
+      prefix + 'success.');
+}
+
+
+// Source: public secure context.
+//
+// iframe navigations to the loopback and local address spaces require the LNA
+// permission.
+
+subsetTestByKey('from-public', makePermissionTests, {
+  sourceServer: Server.HTTPS_PUBLIC,
+  sourceName: 'public',
+  targetServer: Server.HTTPS_LOOPBACK,
+  targetName: 'loopback',
+});
+
+subsetTestByKey('from-public', makePermissionTests, {
+  sourceServer: Server.HTTPS_PUBLIC,
+  sourceName: 'public',
+  targetServer: Server.HTTPS_LOCAL,
+  targetName: 'local',
+});
+
+subsetTestByKey(
+    'from-public', promise_test, t => iframeTest(t, {
+                                   source: Server.HTTPS_PUBLIC,
+                                   target: Server.HTTPS_PUBLIC,
+                                   expected: NavigationTestResult.SUCCESS,
+                                 }),
+    'public to public: no permission required.');
+
+// The following tests verify that `CSP: treat-as-public-address` makes
+// documents behave as if they had been served from a public IP address.
+
+subsetTestByKey('from-treat-as-public', makePermissionTests, {
+  sourceServer: Server.HTTPS_LOOPBACK,
+  sourceTreatAsPublic: true,
+  sourceName: 'treat-as-public-address',
+  targetServer: Server.OTHER_HTTPS_LOOPBACK,
+  targetName: 'loopback',
+});
+
+subsetTestByKey(
+    'from-treat-as-public', promise_test,
+    t => iframeTest(t, {
+      source: {
+        server: Server.HTTPS_LOOPBACK,
+        treatAsPublic: true,
+      },
+      target: Server.HTTPS_LOOPBACK,
+      expected: NavigationTestResult.SUCCESS,
+    }),
+    'treat-as-public-address to local (same-origin): no permission required.');
+
+subsetTestByKey('from-treat-as-public', makePermissionTests, {
+  sourceServer: Server.HTTPS_LOOPBACK,
+  sourceTreatAsPublic: true,
+  sourceName: 'treat-as-public-address',
+  targetServer: Server.HTTPS_LOCAL,
+  targetName: 'local',
+});
+
+subsetTestByKey(
+    'from-treat-as-public', promise_test,
+    t => iframeTest(t, {
+      source: {
+        server: Server.HTTPS_LOOPBACK,
+        treatAsPublic: true,
+      },
+      target: Server.HTTPS_PUBLIC,
+      expected: NavigationTestResult.SUCCESS,
+    }),
+    'treat-as-public-address to public: no permission required.');
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+features:`
	`2`	`+- name: server-sent-events`
	`3`	`+ files: "**"`