[WPT] Move/merge COEP/COOP dispatcher framework to /common

To reduce duplication and prepare for using this framework for BFCache
(#28950),
this CL merges two sets of dispatcher/executor files under COEP and COOP
and move them to `/common`.

Relevant discussion is also in
web-platform-tests/rfcs#89.

Most of the changes are simple path renaming, except for:

- Service worker's scope is also moved to
  `/common/dispatcher/` in:
  /wpt/html/cross-origin-embedder-policy/credentialless/service-worker-coep-credentialless-proxy.tentative.https.html
  /wpt/html/cross-origin-embedder-policy/credentialless/service-worker-coep-none-proxy.tentative.https.html
  /wpt/html/cross-origin-opener-policy/popup-coop-by-sw.https.html
  because the service workers should control executors.
- Diffs between COEP and COOP dispatchers are merged, but are trivial
  (e.g. some functionality exists only one of them, like
  6 concurrent accesses to the server, retrying on failure,
  Access-Control-Allow-Credentials in dispatcher, etc.).
- Reporting-related part of `dispatcher.js` is moved to
  /wpt/html/cross-origin-opener-policy/reporting/resources/reporting-common.js.
- README.md about the dispatcher is moved and added.
- /wpt/html/cross-origin-embedder-policy/credentialless/resources/cacheable-response.py
  is also merged into dispatcher.py, because
  they should access the same stash and already have common code.
- Stash paths are moved to '/common/dispatcher'.
- `executer.js` and `sw_executer.js` are moved to
  `executer-worker.js` and `executer-service-worker.js`, respectively,
  to clarify they are worker scripts, rather than helpers.
- Timeout in receive() is removed because no one uses that parameter.
- Duplicated/unused const declarations are removed.

Bug: 1107415
Change-Id: I0d28e7f4b4cca6599562ac4766a326880139028d

Author: hiroshige-g

common/dispatcher/README.md

@@ -0,0 +1,33 @@
+# Message passing API
+
+`dispatcher.js` (and its server-side backend `dispatcher.py`) provides a
+universal queue-based message passing API.
+Each queue is identified by a UUID, and accessed via the following APIs:
+
+-   `send(uuid, message)` pushes a string `message` to the queue `uuid`.
+-   `receive(uuid)` pops the first item from the queue `uuid`.
+-   `showRequestHeaders(origin, uuid)` and
+    `cacheableShowRequestHeaders(origin, uuid)` return URLs, that push request
+    headers to the queue `uuid` upon fetching.
+
+It works cross-origin, and even access different browser context groups.
+
+Messages are queued, this means one doesn't need to wait for the receiver to
+listen, before sending the first message
+(but still need to wait for the resolution of the promise returned by `send()`
+to ensure the order between `send()`s).
+
+# Executor framework
+
+The message passing API can be used for sending arbitrary javascript to be
+evaluated in another page or worker (the "executor").
+
+`executor.html` (as a Document), `executor-worker.js` (as a Web Worker), and
+`executor-service-worker.js` (as a Service Worker) are examples of executors.
+Tests can send arbitrary javascript to these executors to evaluate in its
+execution context.
+
+This is universal and avoids introducing many specific `XXX-helper.html`
+resources.
+Moreover, tests are easier to read, because the whole logic of the test can be
+defined in a single file.

html/cross-origin-embedder-policy/credentialless/resources/dispatcher.js renamed to common/dispatcher/dispatcher.js

@@ -1,7 +1,6 @@
 // Define an universal message passing API. It works cross-origin and across
 // browsing context groups.
-const dispatcher_path =
-  "/html/cross-origin-embedder-policy/credentialless/resources/dispatcher.py";
+const dispatcher_path = "/common/dispatcher/dispatcher.py";
 const dispatcher_url = new URL(dispatcher_path, location.href).href;
 
 // Return a promise, limiting the number of concurrent accesses to a shared
@@ -78,6 +77,11 @@ const receive = async function(uuid) {
 // Returns an URL. When called, the server sends toward the `uuid` queue the
 // request headers. Useful for determining if something was requested with
 // Cookies.
-const showRequestHeaders= function(origin, uuid) {
+const showRequestHeaders = function(origin, uuid) {
   return origin + dispatcher_path + `?uuid=${uuid}&show-headers`;
 }
+
+// Same as above, except for the response is cacheable.
+const cacheableShowRequestHeaders = function(origin, uuid) {
+  return origin + dispatcher_path + `?uuid=${uuid}&cacheable&show-headers`;
+}

html/cross-origin-embedder-policy/credentialless/resources/dispatcher.py renamed to common/dispatcher/dispatcher.py

@@ -9,9 +9,13 @@ def main(request, response):
     response.headers.set(b"Access-Control-Allow-Credentials", b"true")
     response.headers.set(b'Access-Control-Allow-Methods', b'OPTIONS, GET, POST')
     response.headers.set(b'Access-Control-Allow-Headers', b'Content-Type')
-    response.headers.set(b'Cache-Control', b'no-cache, no-store, must-revalidate')
     response.headers.set(b"Access-Control-Allow-Origin", request.headers.get(b"origin") or '*')
 
+    if b"cacheable" in request.GET:
+        response.headers.set(b"Cache-Control", b"max-age=31536000")
+    else:
+        response.headers.set(b'Cache-Control', b'no-cache, no-store, must-revalidate')
+
     # CORS preflight
     if request.method == u'OPTIONS':
         return b''
@@ -22,7 +26,7 @@ def main(request, response):
     # The stash is accessed concurrently by many clients. A lock is used to
     # avoid unterleaved read/write from different clients.
     with stash.lock:
-        queue = stash.take(uuid, '/coep-credentialless') or [];
+        queue = stash.take(uuid, '/common/dispatcher') or [];
 
         # Push into the |uuid| queue, the requested headers.
         if b"show-headers" in request.GET:
@@ -45,5 +49,5 @@ def main(request, response):
             else:
                 ret = queue.pop(0)
 
-        stash.put(uuid, queue, '/coep-credentialless')
+        stash.put(uuid, queue, '/common/dispatcher')
     return ret;

html/cross-origin-embedder-policy/credentialless/resources/sw_executor.js renamed to common/dispatcher/executor-service-worker.js

@@ -5,8 +5,10 @@
 const uuid = params.get('uuid');
 
 let executeOrders = async function() {
-  while(true)
-    eval(await receive(uuid));
+  while(true) {
+    let task = await receive(uuid);
+    eval(`(async () => {${task}})()`);
+  }
 };
 executeOrders();
 

html/cross-origin-embedder-policy/credentialless/resources/executor.js renamed to common/dispatcher/executor-worker.js

@@ -4,8 +4,8 @@
 <script src="/resources/testharnessreport.js"></script>
 <script src="/common/get-host-info.sub.js"></script>
 <script src="/common/utils.js"></script>
+<script src="/common/dispatcher/dispatcher.js"></script>
 <script src="../credentialless/resources/common.js"></script>
-<script src="../credentialless/resources/dispatcher.js"></script>
 <body>
 <script>
 const {ORIGIN, REMOTE_ORIGIN} = get_host_info();

html/cross-origin-opener-policy/resources/executor.html renamed to common/dispatcher/executor.html

@@ -2,8 +2,8 @@
 <script src="/resources/testharnessreport.js"></script>
 <script src="/common/get-host-info.sub.js"></script>
 <script src="/common/utils.js"></script>
+<script src="/common/dispatcher/dispatcher.js"></script>
 <script src="../credentialless/resources/common.js"></script>
-<script src="../credentialless/resources/dispatcher.js"></script>
 <script src="./resources/common.js"></script>
 <script>
 

html/cross-origin-embedder-policy/anonymous-iframe/anonymous-iframe-popup.tentative.https.html

@@ -2,8 +2,8 @@
 <script src="/resources/testharnessreport.js"></script>
 <script src="/common/get-host-info.sub.js"></script>
 <script src="/common/utils.js"></script>
+<script src="/common/dispatcher/dispatcher.js"></script>
 <script src="../credentialless/resources/common.js"></script>
-<script src="../credentialless/resources/dispatcher.js"></script>
 <script src="./resources/common.js"></script>
 <script>
 

html/cross-origin-embedder-policy/anonymous-iframe/cookie.tentative.https.html

@@ -1,15 +1,3 @@
-# Helper files:
-
-- `resources/dispatcher.js` provides `send()` and `receive()`. This is an
-  universal message passing API. It works cross-origin, and even access
-  different browser context groups. Messages are queued, this means one doesn't
-  need to wait for the receiver to listen, before sending the first message.
-
-- `resources/executor.html` is a document. Test can send arbitrary javascript to evaluate
-  in its execution context. This is universal and avoids introducing many
-  specific `XXX-helper.html` resources. Moreover, tests are easier to read,
-  because the whole logic of the test can be defined in a single file.
-
 # Related documents:
 - https://github.com/mikewest/credentiallessness/
 - https://github.com/w3ctag/design-reviews/issues/582