[WPT/mixed-content] Add tests for HTTPS->HTTP redirects

This CL adds HTTPS->HTTP direct cases for mixed-content tests.
The requests are rejected not in initial requests,
but during redirect handling.

The added tests expose the following issues on Chromium:

Issue 1048619:
  - gen/top.http-rp/opt-in/sharedworker-import-data/cross-https.swap-scheme.https.html
  - gen/top.http-rp/opt-in/sharedworker-import-data/same-https.swap-scheme.https.html

Issue 1050826:
  Requests are blocked as expected but no events are fired,
  causing test timeout.
  - gen/top.http-rp/opt-in/object-tag/cross-https.swap-scheme.https.html
  - gen/top.http-rp/opt-in/object-tag/same-https.swap-scheme.https.html

Bug: 1048619, 1050826, 906850
Change-Id: I0aaa88788a28a20cd95b3dbfb078481c20786bd0
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2047823
Reviewed-by: Kenichi Ishibashi <bashi@chromium.org>
Reviewed-by: Hiroki Nakagawa <nhiroki@chromium.org>
Commit-Queue: Hiroshige Hayashizaki <hiroshige@chromium.org>
Cr-Commit-Position: refs/heads/master@{#740792}

mixed-content/gen/top.http-rp/opt-in/audio-tag/cross-https.swap-scheme.https.html

@@ -0,0 +1,34 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+  <head>
+    <title>Mixed-Content: Optionally-blockable content</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="Test behavior of optionally-blockable content">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable">
+    <meta name="assert" content="Mixed-Content: Expects blocked for audio-tag to cross-https origin and swap-scheme redirection from https context.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "blocked",
+          "origin": "cross-https",
+          "redirection": "swap-scheme",
+          "source_context_list": [],
+          "source_scheme": "https",
+          "subresource": "audio-tag",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>

mixed-content/gen/top.http-rp/opt-in/audio-tag/cross-https.swap-scheme.https.html.headers

@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content

mixed-content/gen/top.http-rp/opt-in/audio-tag/same-https.swap-scheme.https.html

@@ -0,0 +1,34 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+  <head>
+    <title>Mixed-Content: Optionally-blockable content</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="Test behavior of optionally-blockable content">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable">
+    <meta name="assert" content="Mixed-Content: Expects blocked for audio-tag to same-https origin and swap-scheme redirection from https context.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "blocked",
+          "origin": "same-https",
+          "redirection": "swap-scheme",
+          "source_context_list": [],
+          "source_scheme": "https",
+          "subresource": "audio-tag",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>

mixed-content/gen/top.http-rp/opt-in/audio-tag/same-https.swap-scheme.https.html.headers

@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content

mixed-content/gen/top.http-rp/opt-in/beacon/cross-https.swap-scheme.https.html

@@ -0,0 +1,34 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+  <head>
+    <title>Mixed-Content: Blockable content</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="Test behavior of blockable content.">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+    <meta name="assert" content="Mixed-Content: Expects blocked for beacon to cross-https origin and swap-scheme redirection from https context.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "blocked",
+          "origin": "cross-https",
+          "redirection": "swap-scheme",
+          "source_context_list": [],
+          "source_scheme": "https",
+          "subresource": "beacon",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>

mixed-content/gen/top.http-rp/opt-in/beacon/cross-https.swap-scheme.https.html.headers

@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content

mixed-content/gen/top.http-rp/opt-in/beacon/same-https.swap-scheme.https.html

@@ -0,0 +1,34 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+  <head>
+    <title>Mixed-Content: Blockable content</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="Test behavior of blockable content.">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+    <meta name="assert" content="Mixed-Content: Expects blocked for beacon to same-https origin and swap-scheme redirection from https context.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "blocked",
+          "origin": "same-https",
+          "redirection": "swap-scheme",
+          "source_context_list": [],
+          "source_scheme": "https",
+          "subresource": "beacon",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>

mixed-content/gen/top.http-rp/opt-in/beacon/same-https.swap-scheme.https.html.headers

@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content

mixed-content/gen/top.http-rp/opt-in/fetch/cross-https.swap-scheme.https.html

@@ -0,0 +1,34 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+  <head>
+    <title>Mixed-Content: Blockable content</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="Test behavior of blockable content.">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+    <meta name="assert" content="Mixed-Content: Expects blocked for fetch to cross-https origin and swap-scheme redirection from https context.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "blocked",
+          "origin": "cross-https",
+          "redirection": "swap-scheme",
+          "source_context_list": [],
+          "source_scheme": "https",
+          "subresource": "fetch",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>

mixed-content/gen/top.http-rp/opt-in/fetch/cross-https.swap-scheme.https.html.headers

@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content

mixed-content/gen/top.http-rp/opt-in/fetch/same-https.swap-scheme.https.html

@@ -0,0 +1,34 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+  <head>
+    <title>Mixed-Content: Blockable content</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="Test behavior of blockable content.">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+    <meta name="assert" content="Mixed-Content: Expects blocked for fetch to same-https origin and swap-scheme redirection from https context.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "blocked",
+          "origin": "same-https",
+          "redirection": "swap-scheme",
+          "source_context_list": [],
+          "source_scheme": "https",
+          "subresource": "fetch",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>

mixed-content/gen/top.http-rp/opt-in/fetch/same-https.swap-scheme.https.html.headers

@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content

mixed-content/gen/top.http-rp/opt-in/img-tag/cross-https.swap-scheme.https.html

@@ -0,0 +1,34 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+  <head>
+    <title>Mixed-Content: Optionally-blockable content</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="Test behavior of optionally-blockable content">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable">
+    <meta name="assert" content="Mixed-Content: Expects blocked for img-tag to cross-https origin and swap-scheme redirection from https context.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "blocked",
+          "origin": "cross-https",
+          "redirection": "swap-scheme",
+          "source_context_list": [],
+          "source_scheme": "https",
+          "subresource": "img-tag",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>

mixed-content/gen/top.http-rp/opt-in/img-tag/cross-https.swap-scheme.https.html.headers

@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content

mixed-content/gen/top.http-rp/opt-in/img-tag/same-https.swap-scheme.https.html

@@ -0,0 +1,34 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+  <head>
+    <title>Mixed-Content: Optionally-blockable content</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="Test behavior of optionally-blockable content">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable">
+    <meta name="assert" content="Mixed-Content: Expects blocked for img-tag to same-https origin and swap-scheme redirection from https context.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "blocked",
+          "origin": "same-https",
+          "redirection": "swap-scheme",
+          "source_context_list": [],
+          "source_scheme": "https",
+          "subresource": "img-tag",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>

mixed-content/gen/top.http-rp/opt-in/img-tag/same-https.swap-scheme.https.html.headers

@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content

mixed-content/gen/top.http-rp/opt-in/link-css-tag/cross-https.swap-scheme.https.html

@@ -0,0 +1,34 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+  <head>
+    <title>Mixed-Content: Blockable content</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="Test behavior of blockable content.">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+    <meta name="assert" content="Mixed-Content: Expects blocked for link-css-tag to cross-https origin and swap-scheme redirection from https context.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "blocked",
+          "origin": "cross-https",
+          "redirection": "swap-scheme",
+          "source_context_list": [],
+          "source_scheme": "https",
+          "subresource": "link-css-tag",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>

mixed-content/gen/top.http-rp/opt-in/link-css-tag/cross-https.swap-scheme.https.html.headers

@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content

mixed-content/gen/top.http-rp/opt-in/link-css-tag/same-https.swap-scheme.https.html

@@ -0,0 +1,34 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+  <head>
+    <title>Mixed-Content: Blockable content</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="Test behavior of blockable content.">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+    <meta name="assert" content="Mixed-Content: Expects blocked for link-css-tag to same-https origin and swap-scheme redirection from https context.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "blocked",
+          "origin": "same-https",
+          "redirection": "swap-scheme",
+          "source_context_list": [],
+          "source_scheme": "https",
+          "subresource": "link-css-tag",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>

mixed-content/gen/top.http-rp/opt-in/link-css-tag/same-https.swap-scheme.https.html.headers

@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content