[WPT] Move/merge COEP/COOP dispatcher framework to /common

To reduce duplication and prepare for using this framework for BFCache
(#28950),
this CL merges two sets of dispatcher/executor files under COEP and COOP
and move them to `/common`.

Most of the changes are simple path renaming, except for:

- Service worker's scope is also moved to
  `/common/dispatcher/` in:
  /wpt/html/cross-origin-embedder-policy/credentialless/service-worker-coep-credentialless-proxy.tentative.https.html
  /wpt/html/cross-origin-embedder-policy/credentialless/service-worker-coep-none-proxy.tentative.https.html
  because the service workers should control executors.
- Diffs between COEP and COOP dispatchers are merged, but are trivial
  (e.g. some functionality exists only one of them, like
  6 concurrent accesses to the server, retrying on failure,
  timeout in receive(),
  Access-Control-Allow-Credentials in dispatcher, etc.).
- README.md about the dispatcher is moved and added.
- /wpt/html/cross-origin-embedder-policy/credentialless/resources/cacheable-response.py
  is also merged into dispatcher.py, because
  they should access the same stash and already have common code.
- Stash paths are moved to '/common/dispatcher'.
- `executer.js` and `sw_executer.js` are moved to
  `executer-worker.js` and `executer-service-worker.js`, respectively,
  to clarify they are worker scripts, rather than helpers.

Bug: 1107415
Change-Id: I0d28e7f4b4cca6599562ac4766a326880139028d

Author: hiroshige-g

common/dispatcher/README.md

@@ -0,0 +1,33 @@
+# Message passing API
+
+`dispatcher.js` (and its server-side backend `dispatcher.py`) provide
+a universal queue-based message passing API.
+Each queue is identified by a UUID, and accessed via the following APIs:
+
+- `send()` pushes a string.
+- `receive()` pops the first item.
+- `showRequestHeaders()` and `cacheableShowRequestHeaders()` return URLs,
+  that push request headers upon fetching.
+- `reportToHeaders()` and `receiveReport()` for reporting API.
+
+It works cross-origin, and even access different browser context groups.
+
+Messages are queued, this means one doesn't need to wait for the receiver to
+listen, before sending the first message
+(but still need to wait for the resolution of the promise returned by `send()`
+to ensure the order between `send()`s).
+
+# Executor framework
+
+The message passing API can be used for sending arbitrary javascript to be
+evaluated in another page or worker (the "executor").
+
+`executor.html` (as a Document) or `executor.js` (as a Web Worker) are examples
+of executors.
+Test can send arbitrary javascript to these executors to evaluate in its
+execution context.
+
+This is universal and avoids introducing many specific `XXX-helper.html`
+resources.
+Moreover, tests are easier to read,
+because the whole logic of the test can be defined in a single file.

html/cross-origin-embedder-policy/credentialless/resources/dispatcher.js renamed to common/dispatcher/dispatcher.js

@@ -1,7 +1,7 @@
 // Define an universal message passing API. It works cross-origin and across
 // browsing context groups.
-const dispatcher_path =
-  "/html/cross-origin-embedder-policy/credentialless/resources/dispatcher.py";
+// It can also be used to receive reports.
+const dispatcher_path = "/common/dispatcher/dispatcher.py";
 const dispatcher_url = new URL(dispatcher_path, location.href).href;
 
 // Return a promise, limiting the number of concurrent accesses to a shared
@@ -56,8 +56,10 @@ const send = async function(uuid, message) {
   });
 }
 
-const receive = async function(uuid) {
-  while(1) {
+const receive = async function(uuid, maybe_timeout) {
+  const timeout = maybe_timeout || Infinity;
+  let start = performance.now();
+  while(performance.now() - start < timeout) {
     let data = "not ready";
     try {
       data = await limiter(async () => {
@@ -73,11 +75,57 @@ const receive = async function(uuid) {
 
     return data;
   }
+  return "timeout";
 }
 
 // Returns an URL. When called, the server sends toward the `uuid` queue the
 // request headers. Useful for determining if something was requested with
 // Cookies.
-const showRequestHeaders= function(origin, uuid) {
+const showRequestHeaders = function(origin, uuid) {
   return origin + dispatcher_path + `?uuid=${uuid}&show-headers`;
 }
+
+// Same as above, except for the response is cacheable.
+const cacheableShowRequestHeaders = function(origin, uuid) {
+  return origin + dispatcher_path + `?uuid=${uuid}&cacheable&show-headers`;
+}
+
+const receiveReport = async function(uuid, type) {
+  while(true) {
+    let reports = await receive(uuid);
+    if (reports == "timeout")
+      return "timeout";
+    reports = JSON.parse(reports);
+
+    for(report of reports) {
+      if (report?.body?.type == type)
+        return report;
+    }
+  }
+}
+
+// Build a set of headers to tests the reporting API. This defines a set of
+// matching 'Report-To', 'Cross-Origin-Opener-Policy' and
+// 'Cross-Origin-Opener-Policy-Report-Only' headers.
+const reportToHeaders = function(uuid) {
+  const report_endpoint_url = dispatcher_path + `?uuid=${uuid}`;
+  let reportToJSON = {
+    'group': `${uuid}`,
+    'max_age': 3600,
+    'endpoints': [
+      {'url': report_endpoint_url.toString()},
+    ]
+  };
+  reportToJSON = JSON.stringify(reportToJSON)
+                     .replace(/,/g, '\\,')
+                     .replace(/\(/g, '\\\(')
+                     .replace(/\)/g, '\\\)=');
+
+  return {
+    header: `|header(report-to,${reportToJSON})`,
+    coopSameOriginHeader: `|header(Cross-Origin-Opener-Policy,same-origin%3Breport-to="${uuid}")`,
+    coopSameOriginAllowPopupsHeader: `|header(Cross-Origin-Opener-Policy,same-origin-allow-popups%3Breport-to="${uuid}")`,
+    coopReportOnlySameOriginHeader: `|header(Cross-Origin-Opener-Policy-Report-Only,same-origin%3Breport-to="${uuid}")`,
+    coopReportOnlySameOriginAllowPopupsHeader: `|header(Cross-Origin-Opener-Policy-Report-Only,same-origin-allow-popups%3Breport-to="${uuid}")`,
+  };
+};

html/cross-origin-embedder-policy/credentialless/resources/dispatcher.py renamed to common/dispatcher/dispatcher.py

@@ -9,9 +9,13 @@ def main(request, response):
     response.headers.set(b"Access-Control-Allow-Credentials", b"true")
     response.headers.set(b'Access-Control-Allow-Methods', b'OPTIONS, GET, POST')
     response.headers.set(b'Access-Control-Allow-Headers', b'Content-Type')
-    response.headers.set(b'Cache-Control', b'no-cache, no-store, must-revalidate')
     response.headers.set(b"Access-Control-Allow-Origin", request.headers.get(b"origin") or '*')
 
+    if b"cacheable" in request.GET:
+        response.headers.set(b"Cache-Control", b"max-age=31536000")
+    else:
+        response.headers.set(b'Cache-Control', b'no-cache, no-store, must-revalidate')
+
     # CORS preflight
     if request.method == u'OPTIONS':
         return b''
@@ -22,7 +26,7 @@ def main(request, response):
     # The stash is accessed concurrently by many clients. A lock is used to
     # avoid unterleaved read/write from different clients.
     with stash.lock:
-        queue = stash.take(uuid, '/coep-credentialless') or [];
+        queue = stash.take(uuid, '/common/dispatcher') or [];
 
         # Push into the |uuid| queue, the requested headers.
         if b"show-headers" in request.GET:
@@ -45,5 +49,5 @@ def main(request, response):
             else:
                 ret = queue.pop(0)
 
-        stash.put(uuid, queue, '/coep-credentialless')
+        stash.put(uuid, queue, '/common/dispatcher')
     return ret;

html/cross-origin-embedder-policy/credentialless/resources/sw_executor.js renamed to common/dispatcher/executor-service-worker.js

@@ -5,8 +5,10 @@
 const uuid = params.get('uuid');
 
 let executeOrders = async function() {
-  while(true)
-    eval(await receive(uuid));
+  while(true) {
+    let task = await receive(uuid);
+    eval(`(async () => {${task}})()`);
+  }
 };
 executeOrders();
 

html/cross-origin-embedder-policy/credentialless/resources/executor.js renamed to common/dispatcher/executor-worker.js

@@ -2,8 +2,8 @@
 <script src="/resources/testharnessreport.js"></script>
 <script src="/common/get-host-info.sub.js"></script>
 <script src="/common/utils.js"></script>
+<script src="/common/dispatcher/dispatcher.js"></script>
 <script src="../credentialless/resources/common.js"></script>
-<script src="../credentialless/resources/dispatcher.js"></script>
 <script src="./resources/common.js"></script>
 <script>
 

html/cross-origin-opener-policy/resources/executor.html renamed to common/dispatcher/executor.html

@@ -2,8 +2,8 @@
 <script src="/resources/testharnessreport.js"></script>
 <script src="/common/get-host-info.sub.js"></script>
 <script src="/common/utils.js"></script>
+<script src="/common/dispatcher/dispatcher.js"></script>
 <script src="../credentialless/resources/common.js"></script>
-<script src="../credentialless/resources/dispatcher.js"></script>
 <script src="./resources/common.js"></script>
 <script>
 

html/cross-origin-embedder-policy/anonymous-iframe/cookie.tentative.https.html

@@ -1,15 +1,3 @@
-# Helper files:
-
-- `resources/dispatcher.js` provides `send()` and `receive()`. This is an
-  universal message passing API. It works cross-origin, and even access
-  different browser context groups. Messages are queued, this means one doesn't
-  need to wait for the receiver to listen, before sending the first message.
-
-- `resources/executor.html` is a document. Test can send arbitrary javascript to evaluate
-  in its execution context. This is universal and avoids introducing many
-  specific `XXX-helper.html` resources. Moreover, tests are easier to read,
-  because the whole logic of the test can be defined in a single file.
-
 # Related documents:
 - https://github.com/mikewest/credentiallessness/
 - https://github.com/w3ctag/design-reviews/issues/582

html/cross-origin-embedder-policy/anonymous-iframe/local-storage.tentative.https.html

@@ -7,8 +7,8 @@
 <script src=/resources/testharnessreport.js></script>
 <script src="/common/get-host-info.sub.js"></script>
 <script src="/common/utils.js"></script>
+<script src="/common/dispatcher/dispatcher.js"></script>
 <script src="./resources/common.js"></script>
-<script src="./resources/dispatcher.js"></script>
 <script>
 
 // Fetch a resource and store it into CacheStorage from |storer| context. Then