Background: We have a suite of tests in webexposed/ that enumerate all interfaces/methods/properties exposed to the web; when we add a new API it shows up there. Sign-off by the Blink API owners is needed for changes to the virtual/stable/webexposed so they can ensure that new APIs went through the "Intent to Ship" process. There's also a set of so-called "powerful features" that for various reasons we have decided to expose only in secure contexts (roughly: https:, file: or
http://localhost), and this set is growing.
Problem: The default webexposed/global-interface-listing* tests run in a secure context (file:) so interfaces/methods/attributes marked with [SecureContext] always appear. Put another way, adding or removing [SecureContext] on an interface doesn't cause such tests to fail, which is a bit of a surprise.
We can have API-specific tests, either along with the rest of the API's tests, or in http/tests/security/powerfulFeatureRestrictions/ but it seems like we should have general coverage to prevent accidents.
Discussion: This adds work to (1) anyone shipping new APIs and (2) the Blink API owners as now there's Yet Another set of tests to update. We'll end up with:
webexposed/
http/tests/webexposed/nonsecure
virtual/stable/webexposed/
virtual/stable/http/tests/webexposed/nonsecure
(There are also variants of this for service workers and worklets, although since both of those implicitly require secure contexts we don't need two copies.)
As an aside: my sense of symmetry makes me want to relocate webexposed/ to http/tests/webexposed/secure (bonus: the tests would run under http: rather than file: contexts, which more accurately matches the web, although I'm not aware of any differences.)
Feedback?