Add a runtime flag to restrict AppCache to secure contexts.

This patch adjusts the `SecureContext` IDL attribute to take an argument, as we need to restrict the relevant bits and pieces to secure contexts iff a specific flag is set. We'll unfortunately need to keep that in place until and unless we decide that we can reasonably remove an enterprise opt-out. Intent to Deprecate/Remove: https://groups.google.com/a/chromium.org/d/msg/blink-dev/ANnafFBhReY/1Xdr53KxBAAJ Spec bug: whatwg/html#3440 Bug: 588931 Cq-Include-Trybots: master.tryserver.chromium.linux:linux_layout_tests_layout_ng Change-Id: I5bedd2ca6f420a88ddbcff65e4223fad224ac0a7 Reviewed-on: https://chromium-review.googlesource.com/982625 Reviewed-by: Yoav Weiss <yoav@yoav.ws> Reviewed-by: Yuki Shiino <yukishiino@chromium.org> Reviewed-by: Hitoshi Yoshida <peria@chromium.org> Commit-Queue: Mike West <mkwst@chromium.org> Cr-Commit-Position: refs/heads/master@{#548391}
marcosholgado · Apr 5, 2018 · ce6b149 · ce6b149
1 parent ee8a87b
commit ce6b149
Show file tree

Hide file tree

Showing 61 changed files with 918 additions and 118 deletions.
diff --git a/chrome/test/data/extensions/api_test/activity_log_private/friend/reply.js b/chrome/test/data/extensions/api_test/activity_log_private/friend/reply.js
@@ -112,7 +112,7 @@ function doWebRequestModifications() {
       headers = [];
     }
     headers = headers.filter(
-        function(x) {return x['name'] != 'Cache-Control'});
+        function(x) {return x['name'] != 'Cache-Control';});
     headers.push({'name': 'X-Test-Response-Header',
                   'value': 'Inserted'});
     headers.push({'name': 'Set-Cookie',
@@ -316,9 +316,6 @@ function executeDOMChangesOnTabUpdated() {
           'store.removeItem("foo"); ' +
           'store.clear();';
 
-  // Accesses the HTML5 ApplicationCache API from inside a content script.
-  code += 'var appCache = window.applicationCache;';
-
   // Accesses the HTML5 WebDatabase API from inside a content script.
   code += 'var db = openDatabase("testdb", "1.0", "test database", ' +
           '                      1024 * 1024);';
@@ -379,7 +376,7 @@ function executeDOMFullscreen() {
   appendCompleted('Switching to fullscreen...');
   $('status').webkitRequestFullscreen();
   setTimeout(
-      function() {document.webkitExitFullscreen(); window.close()}, 100);
+      function() {document.webkitExitFullscreen(); window.close();}, 100);
 }
 
 // Opens the extensions options page and then runs the executeDOMFullscreen
@@ -435,7 +432,7 @@ if (window.location.pathname !== '/options.html') {
 
 // Convenience functions for the manual run mode.
 function $(o) {
-  return document.getElementById(o);
+  return document.querySelector('#' + o);
 }
 
 var completed = 0;

diff --git a/chrome/test/data/extensions/api_test/activity_log_private/test/test.js b/chrome/test/data/extensions/api_test/activity_log_private/test/test.js
@@ -271,8 +271,6 @@ var domExpectedActivity = [
     'Storage.getItem',
     'Storage.removeItem',
     'Storage.clear',
-    // Cache access
-    'Window.applicationCache',
     // Web database access
     'Window.openDatabase',
     // Canvas access

diff --git a/third_party/WebKit/LayoutTests/FlagExpectations/enable-blink-features=LayoutNG b/third_party/WebKit/LayoutTests/FlagExpectations/enable-blink-features=LayoutNG
@@ -990,7 +990,7 @@ crbug.com/591099 external/wpt/html-media-capture/capture_image_cancel-manual.htm
 crbug.com/591099 external/wpt/html-media-capture/capture_video_cancel-manual.html [ Failure ]
 crbug.com/591099 external/wpt/html/browsers/windows/noreferrer-window-name.html [ Timeout ]
 crbug.com/591099 external/wpt/html/dom/documents/dom-tree-accessors/Document.currentScript.html [ Pass ]
-crbug.com/591099 external/wpt/html/dom/interfaces.html [ Timeout ]
+crbug.com/591099 external/wpt/html/dom/interfaces.https.html [ Timeout ]
 crbug.com/591099 external/wpt/html/infrastructure/urls/resolving-urls/query-encoding/utf-16be.html [ Timeout ]
 crbug.com/591099 external/wpt/html/infrastructure/urls/resolving-urls/query-encoding/utf-16le.html [ Timeout ]
 crbug.com/591099 external/wpt/html/infrastructure/urls/resolving-urls/query-encoding/utf-8.html [ Timeout ]
@@ -2157,8 +2157,8 @@ crbug.com/591099 http/tests/origin_trials/sample-api-workers.html [ Pass ]
 crbug.com/591099 http/tests/permissions/test-api-surface.html [ Pass ]
 crbug.com/591099 http/tests/security/contentSecurityPolicy/directive-parsing-03.html [ Failure ]
 crbug.com/591099 http/tests/security/contentSecurityPolicy/source-list-parsing-04.html [ Failure ]
-crbug.com/591099 http/tests/security/cors-rfc1918/addressspace-document-appcache.html [ Crash Failure ]
-crbug.com/591099 http/tests/security/cors-rfc1918/addressspace-document-csp-appcache.html [ Crash Failure Pass ]
+crbug.com/591099 http/tests/security/cors-rfc1918/addressspace-document-appcache.https.html [ Crash Failure ]
+crbug.com/591099 http/tests/security/cors-rfc1918/addressspace-document-csp-appcache.https.html [ Crash Failure Pass ]
 crbug.com/591099 http/tests/security/setDomainRelaxationForbiddenForURLScheme.html [ Crash ]
 crbug.com/591099 http/tests/security/shape-image-cors-allow-origin.html [ Failure ]
 crbug.com/591099 http/tests/security/shape-image-cors-data-url.html [ Failure ]

diff --git a/third_party/WebKit/LayoutTests/NeverFixTests b/third_party/WebKit/LayoutTests/NeverFixTests
@@ -773,13 +773,13 @@ external/wpt/geolocation-API/getCurrentPosition_permission_allow-manual.html [ W
 external/wpt/geolocation-API/getCurrentPosition_permission_deny-manual.html [ WontFix ]
 external/wpt/geolocation-API/getCurrentPosition_permission-manual.html [ WontFix ]
 external/wpt/geolocation-API/watchPosition_permission-manual.html [ WontFix ]
-external/wpt/html/browsers/offline/browser-state/navigator_online_event-manual.html [ WontFix ]
-external/wpt/html/browsers/offline/manifest_main_empty-manual.html [ WontFix ]
-external/wpt/html/browsers/offline/manifest_notchanged_online-manual.html [ WontFix ]
-external/wpt/html/browsers/offline/manifest_section_empty-manual.html [ WontFix ]
-external/wpt/html/browsers/offline/manifest_section_many-manual.html [ WontFix ]
-external/wpt/html/browsers/offline/section_network_offline-manual.html [ WontFix ]
-external/wpt/html/browsers/offline/section_network_online-manual.html [ WontFix ]
+external/wpt/html/browsers/offline/browser-state/navigator_online_event-manual.https.html [ WontFix ]
+external/wpt/html/browsers/offline/manifest_main_empty-manual.https.html [ WontFix ]
+external/wpt/html/browsers/offline/manifest_notchanged_online-manual.https.html [ WontFix ]
+external/wpt/html/browsers/offline/manifest_section_empty-manual.https.html [ WontFix ]
+external/wpt/html/browsers/offline/manifest_section_many-manual.https.html [ WontFix ]
+external/wpt/html/browsers/offline/section_network_offline-manual.https.html [ WontFix ]
+external/wpt/html/browsers/offline/section_network_online-manual.https.html [ WontFix ]
 external/wpt/html/browsers/windows/noreferrer-cross-origin-close-manual.sub.html [ WontFix ]
 external/wpt/html/browsers/windows/noreferrer-cross-origin-manual.html [ WontFix ]
 external/wpt/html/browsers/windows/noreferrer-cross-origin-window-name-manual.sub.html [ WontFix ]

diff --git a/third_party/WebKit/LayoutTests/TestExpectations b/third_party/WebKit/LayoutTests/TestExpectations
@@ -1445,7 +1445,7 @@ crbug.com/788042 virtual/threaded/animations/animation-ready-reject-script-forbi
 crbug.com/749492 external/wpt/html/browsers/browsing-the-web/navigating-across-documents/008.html [ Skip ]
 crbug.com/749492 external/wpt/html/browsers/browsing-the-web/navigating-across-documents/009.html [ Skip ]
 crbug.com/749492 external/wpt/html/browsers/browsing-the-web/navigating-across-documents/010.html [ Skip ]
-crbug.com/490511 external/wpt/html/browsers/offline/application-cache-api/api_update.html [ Failure Pass ]
+crbug.com/490511 external/wpt/html/browsers/offline/application-cache-api/api_update.https.html [ Failure Pass ]
 crbug.com/490511 [ Linux Win ] external/wpt/html/rendering/bindings/the-input-element-as-a-text-entry-widget/unrecognized-type-should-fallback-as-text-type.html [ Failure ]
 crbug.com/108417 external/wpt/html/rendering/non-replaced-elements/tables/table-border-1.html [ Failure ]
 crbug.com/490511 external/wpt/html/rendering/non-replaced-elements/the-hr-element-0/color.html [ Failure ]

diff --git a/...ine/appcache/workers/appcache-worker.html → ...pcache/workers/appcache-worker.https.html b/...ine/appcache/workers/appcache-worker.html → ...pcache/workers/appcache-worker.https.html
diff --git a/...pplication-cache-api/api_status_idle.html → ...tion-cache-api/api_status_idle.https.html b/...pplication-cache-api/api_status_idle.html → ...tion-cache-api/api_status_idle.https.html
diff --git a/...cation-cache-api/api_status_uncached.html → ...-cache-api/api_status_uncached.https.html b/...cation-cache-api/api_status_uncached.html → ...-cache-api/api_status_uncached.https.html
diff --git a/...cation-cache-api/api_swapcache_error.html → ...-cache-api/api_swapcache_error.https.html b/...cation-cache-api/api_swapcache_error.html → ...-cache-api/api_swapcache_error.https.html
diff --git a/...ication-cache-api/api_update-expected.txt → ...n-cache-api/api_update.https-expected.txt b/...ication-cache-api/api_update-expected.txt → ...n-cache-api/api_update.https-expected.txt
diff --git a/...ine/application-cache-api/api_update.html → ...plication-cache-api/api_update.https.html b/...ine/application-cache-api/api_update.html → ...plication-cache-api/api_update.https.html
diff --git a/...plication-cache-api/api_update_error.html → ...ion-cache-api/api_update_error.https.html b/...plication-cache-api/api_update_error.html → ...ion-cache-api/api_update_error.https.html
diff --git a/.../LayoutTests/external/wpt/html/browsers/offline/application-cache-api/secure_context.html b/.../LayoutTests/external/wpt/html/browsers/offline/application-cache-api/secure_context.html
@@ -0,0 +1,23 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <script src="/resources/testharness.js"></script>
+  <script src="/resources/testharnessreport.js"></script>
+  <script>
+    test(t => {
+      assert_false('applicationCache' in window);
+      assert_equals(window.applicationCache, undefined);
+    }, "window.applicationCache does not exist in non-secure contexts.");
+
+    test(t => {
+      assert_false('ApplicationCache' in window);
+      assert_equals(typeof ApplicationCache, "undefined");
+    }, "ApplicationCache interface does not exist in non-secure contexts.");
+
+    test(t => {
+      assert_false('ApplicationCacheErrorEvent' in window);
+      assert_equals(typeof ApplicationCacheErrorEvent, "undefined");
+    }, "ApplicationCacheErrorEvent interface does not exist in non-secure contexts.");
+  </script>
+</head>
+</html>
diff --git a/...-state/navigator_online_event-manual.html → .../navigator_online_event-manual.https.html b/...-state/navigator_online_event-manual.html → .../navigator_online_event-manual.https.html
diff --git a/...rowser-state/navigator_online_online.html → ...-state/navigator_online_online.https.html b/...rowser-state/navigator_online_online.html → ...-state/navigator_online_online.https.html
diff --git a/.../offline/introduction-4/event_cached.html → ...ne/introduction-4/event_cached.https.html b/.../offline/introduction-4/event_cached.html → ...ne/introduction-4/event_cached.https.html
diff --git a/...ffline/introduction-4/event_checking.html → .../introduction-4/event_checking.https.html b/...ffline/introduction-4/event_checking.html → .../introduction-4/event_checking.https.html
diff --git a/...ffline/introduction-4/event_noupdate.html → .../introduction-4/event_noupdate.https.html b/...ffline/introduction-4/event_noupdate.html → .../introduction-4/event_noupdate.https.html
diff --git a/...ffline/introduction-4/event_progress.html → .../introduction-4/event_progress.https.html b/...ffline/introduction-4/event_progress.html → .../introduction-4/event_progress.https.html
diff --git a/...s/offline/manifest_main_empty-manual.html → ...ine/manifest_main_empty-manual.https.html b/...s/offline/manifest_main_empty-manual.html → ...ine/manifest_main_empty-manual.https.html
diff --git a/...ne/manifest_notchanged_online-manual.html → ...ifest_notchanged_online-manual.https.html b/...ne/manifest_notchanged_online-manual.html → ...ifest_notchanged_online-manual.https.html
diff --git a/...ffline/manifest_section_empty-manual.html → .../manifest_section_empty-manual.https.html b/...ffline/manifest_section_empty-manual.html → .../manifest_section_empty-manual.https.html
diff --git a/...offline/manifest_section_many-manual.html → ...e/manifest_section_many-manual.https.html b/...offline/manifest_section_many-manual.html → ...e/manifest_section_many-manual.https.html
diff --git a/.../browsers/offline/manifest_url_check.html → ...fline/manifest_url_check.https.https.html b/.../browsers/offline/manifest_url_check.html → ...fline/manifest_url_check.https.https.html
diff --git a/...ppcache-in-shared-workers-historical.html → ...e-in-shared-workers-historical.https.html b/...ppcache-in-shared-workers-historical.html → ...e-in-shared-workers-historical.https.html
diff --git a/...fline/section_network_offline-manual.html → ...section_network_offline-manual.https.html b/...fline/section_network_offline-manual.html → ...section_network_offline-manual.https.html
diff --git a/...ffline/section_network_online-manual.html → .../section_network_online-manual.https.html b/...ffline/section_network_online-manual.html → .../section_network_online-manual.https.html
diff --git a/...urity-window/window-security-expected.txt → ...window/window-security.https-expected.txt b/...urity-window/window-security-expected.txt → ...window/window-security.https-expected.txt
@@ -1,5 +1,4 @@
 This is a testharness.js-based test.
-Found 126 tests; 125 PASS, 1 FAIL, 0 TIMEOUT, 0 NOTRUN.
 PASS Window Security testing
 PASS A SecurityError exception must be thrown when window.applicationCache is accessed from a different origin.
 PASS A SecurityError exception must be thrown when window.devicePixelRatio is accessed from a different origin.

diff --git a/...ject/security-window/window-security.html → ...ecurity-window/window-security.https.html b/...ject/security-window/window-security.html → ...ecurity-window/window-security.https.html
@@ -195,7 +195,7 @@
   var frame = document.createElement('iframe');
   frame.id = "fr";
   frame.setAttribute("style", "display:none");
-  frame.setAttribute('src', get_host_info().HTTP_REMOTE_ORIGIN + "/");
+  frame.setAttribute('src', get_host_info().HTTPS_REMOTE_ORIGIN + "/");
   frame.setAttribute("onload", "fr_load()");
   document.body.appendChild(frame);
 }

diff --git a/...dow-object/window-properties-expected.txt → ...ject/window-properties.https-expected.txt b/...dow-object/window-properties-expected.txt → ...ject/window-properties.https-expected.txt
@@ -1,5 +1,4 @@
 This is a testharness.js-based test.
-Found 166 tests; 157 PASS, 9 FAIL, 0 TIMEOUT, 0 NOTRUN.
 PASS Value Properties of the Global Object
 PASS Value Property: NaN
 PASS Value Property: Infinity

diff --git a/.../the-window-object/window-properties.html → ...indow-object/window-properties.https.html b/.../the-window-object/window-properties.html → ...indow-object/window-properties.https.html
diff --git a/...opening-the-input-stream/009-expected.txt → ...g-the-input-stream/009.https-expected.txt b/...opening-the-input-stream/009-expected.txt → ...g-the-input-stream/009.https-expected.txt
diff --git a/...sertion/opening-the-input-stream/009.html → ...n/opening-the-input-stream/009.https.html b/...sertion/opening-the-input-stream/009.html → ...n/opening-the-input-stream/009.https.html
diff --git a/...rnal/wpt/html/dom/interfaces-expected.txt → ...pt/html/dom/interfaces.https-expected.txt b/...rnal/wpt/html/dom/interfaces-expected.txt → ...pt/html/dom/interfaces.https-expected.txt
@@ -1,5 +1,4 @@
 This is a testharness.js-based test.
-Found 6700 tests; 6601 PASS, 99 FAIL, 0 TIMEOUT, 0 NOTRUN.
 PASS Test driver
 PASS Document interface: attribute domain
 PASS Unscopable handled correctly for domain property on Document
@@ -6365,32 +6364,32 @@ PASS WebSocket interface: operation send(ArrayBuffer)
 PASS Unscopable handled correctly for send(ArrayBuffer) on WebSocket
 PASS WebSocket interface: operation send(ArrayBufferView)
 PASS Unscopable handled correctly for send(ArrayBufferView) on WebSocket
-PASS WebSocket must be primary interface of new WebSocket("ws://foo")
-PASS Stringification of new WebSocket("ws://foo")
-PASS WebSocket interface: new WebSocket("ws://foo") must inherit property "url" with the proper type
-PASS WebSocket interface: new WebSocket("ws://foo") must inherit property "CONNECTING" with the proper type
-PASS WebSocket interface: new WebSocket("ws://foo") must inherit property "OPEN" with the proper type
-PASS WebSocket interface: new WebSocket("ws://foo") must inherit property "CLOSING" with the proper type
-PASS WebSocket interface: new WebSocket("ws://foo") must inherit property "CLOSED" with the proper type
-PASS WebSocket interface: new WebSocket("ws://foo") must inherit property "readyState" with the proper type
-PASS WebSocket interface: new WebSocket("ws://foo") must inherit property "bufferedAmount" with the proper type
-PASS WebSocket interface: new WebSocket("ws://foo") must inherit property "onopen" with the proper type
-PASS WebSocket interface: new WebSocket("ws://foo") must inherit property "onerror" with the proper type
-PASS WebSocket interface: new WebSocket("ws://foo") must inherit property "onclose" with the proper type
-PASS WebSocket interface: new WebSocket("ws://foo") must inherit property "extensions" with the proper type
-PASS WebSocket interface: new WebSocket("ws://foo") must inherit property "protocol" with the proper type
-PASS WebSocket interface: new WebSocket("ws://foo") must inherit property "close(unsigned short, USVString)" with the proper type
-PASS WebSocket interface: calling close(unsigned short, USVString) on new WebSocket("ws://foo") with too few arguments must throw TypeError
-PASS WebSocket interface: new WebSocket("ws://foo") must inherit property "onmessage" with the proper type
-PASS WebSocket interface: new WebSocket("ws://foo") must inherit property "binaryType" with the proper type
-PASS WebSocket interface: new WebSocket("ws://foo") must inherit property "send(USVString)" with the proper type
-PASS WebSocket interface: calling send(USVString) on new WebSocket("ws://foo") with too few arguments must throw TypeError
-PASS WebSocket interface: new WebSocket("ws://foo") must inherit property "send(Blob)" with the proper type
-PASS WebSocket interface: calling send(Blob) on new WebSocket("ws://foo") with too few arguments must throw TypeError
-PASS WebSocket interface: new WebSocket("ws://foo") must inherit property "send(ArrayBuffer)" with the proper type
-PASS WebSocket interface: calling send(ArrayBuffer) on new WebSocket("ws://foo") with too few arguments must throw TypeError
-PASS WebSocket interface: new WebSocket("ws://foo") must inherit property "send(ArrayBufferView)" with the proper type
-PASS WebSocket interface: calling send(ArrayBufferView) on new WebSocket("ws://foo") with too few arguments must throw TypeError
+PASS WebSocket must be primary interface of new WebSocket("wss://foo")
+PASS Stringification of new WebSocket("wss://foo")
+PASS WebSocket interface: new WebSocket("wss://foo") must inherit property "url" with the proper type
+PASS WebSocket interface: new WebSocket("wss://foo") must inherit property "CONNECTING" with the proper type
+PASS WebSocket interface: new WebSocket("wss://foo") must inherit property "OPEN" with the proper type
+PASS WebSocket interface: new WebSocket("wss://foo") must inherit property "CLOSING" with the proper type
+PASS WebSocket interface: new WebSocket("wss://foo") must inherit property "CLOSED" with the proper type
+PASS WebSocket interface: new WebSocket("wss://foo") must inherit property "readyState" with the proper type
+PASS WebSocket interface: new WebSocket("wss://foo") must inherit property "bufferedAmount" with the proper type
+PASS WebSocket interface: new WebSocket("wss://foo") must inherit property "onopen" with the proper type
+PASS WebSocket interface: new WebSocket("wss://foo") must inherit property "onerror" with the proper type
+PASS WebSocket interface: new WebSocket("wss://foo") must inherit property "onclose" with the proper type
+PASS WebSocket interface: new WebSocket("wss://foo") must inherit property "extensions" with the proper type
+PASS WebSocket interface: new WebSocket("wss://foo") must inherit property "protocol" with the proper type
+PASS WebSocket interface: new WebSocket("wss://foo") must inherit property "close(unsigned short, USVString)" with the proper type
+PASS WebSocket interface: calling close(unsigned short, USVString) on new WebSocket("wss://foo") with too few arguments must throw TypeError
+PASS WebSocket interface: new WebSocket("wss://foo") must inherit property "onmessage" with the proper type
+PASS WebSocket interface: new WebSocket("wss://foo") must inherit property "binaryType" with the proper type
+PASS WebSocket interface: new WebSocket("wss://foo") must inherit property "send(USVString)" with the proper type
+PASS WebSocket interface: calling send(USVString) on new WebSocket("wss://foo") with too few arguments must throw TypeError
+PASS WebSocket interface: new WebSocket("wss://foo") must inherit property "send(Blob)" with the proper type
+PASS WebSocket interface: calling send(Blob) on new WebSocket("wss://foo") with too few arguments must throw TypeError
+PASS WebSocket interface: new WebSocket("wss://foo") must inherit property "send(ArrayBuffer)" with the proper type
+PASS WebSocket interface: calling send(ArrayBuffer) on new WebSocket("wss://foo") with too few arguments must throw TypeError
+PASS WebSocket interface: new WebSocket("wss://foo") must inherit property "send(ArrayBufferView)" with the proper type
+PASS WebSocket interface: calling send(ArrayBufferView) on new WebSocket("wss://foo") with too few arguments must throw TypeError
 PASS CloseEvent interface: existence and properties of interface object
 PASS CloseEvent interface object length
 PASS CloseEvent interface object name

diff --git a/...sts/external/wpt/html/dom/interfaces.html → ...ternal/wpt/html/dom/interfaces.https.html b/...sts/external/wpt/html/dom/interfaces.html → ...ternal/wpt/html/dom/interfaces.https.html
@@ -197,7 +197,7 @@ <h1>HTML IDL tests</h1>
     PeerConnection: [],
     MediaStreamEvent: [],
     ErrorEvent: [],
-    WebSocket: ['new WebSocket("ws://foo")'],
+    WebSocket: ['new WebSocket("wss://foo")'],
     CloseEvent: ['new CloseEvent("close")'],
     AbstractWorker: [],
     Worker: [],

diff --git a/...c1918/addressspace-document-appcache.html → ...addressspace-document-appcache.https.html b/...c1918/addressspace-document-appcache.html → ...addressspace-document-appcache.https.html
@@ -4,24 +4,24 @@
 <script src="./resources/addressspace-test.js"></script>
 <script>
     window.onload = function () {
-        addressSpaceTest("http://localhost:8000", "document+appcache", "local",
+        addressSpaceTest("https://localhost:8443", "document+appcache", "local",
             // If we request the same resources again, we should load them from the
             // memory cache with the same properties.
             function () {
-                addressSpaceTest("http://localhost:8000", "document+appcache", "local", null, " repeat");
+                addressSpaceTest("https://localhost:8443", "document+appcache", "local", null, " repeat");
             });
-        addressSpaceTest("http://127.0.0.1:8000", "document", "local",
+        addressSpaceTest("https://127.0.0.1:8443", "document+appcache", "local",
             // If we request the same resources again, we should load them from the
             // memory cache with the same properties.
             function () {
-                addressSpaceTest("http://127.0.0.1:8000", "document+appcache", "local", null, " repeat");
+                addressSpaceTest("https://127.0.0.1:8443", "document+appcache", "local", null, " repeat");
             });
 
-        addressSpaceTest("http://example.test:8000", "document+appcache", "private",
+        addressSpaceTest("https://example.test:8443", "document+appcache", "private",
             // If we request the same resources again, we should load them from the
             // memory cache with the same properties.
             function () {
-                addressSpaceTest("http://example.test:8000", "document+appcache", "private", null, " repeat");
+                addressSpaceTest("https://example.test:8443", "document+appcache", "private", null, " repeat");
             });
     };
 </script>
diff --git a/...8/addressspace-document-csp-appcache.html → ...essspace-document-csp-appcache.https.html b/...8/addressspace-document-csp-appcache.html → ...essspace-document-csp-appcache.https.html
@@ -4,24 +4,24 @@
 <script src="./resources/addressspace-test.js"></script>
 <script>
     window.onload = function () {
-        addressSpaceTest("http://localhost:8000", "document+appcache+csp", "public",
+        addressSpaceTest("https://localhost:8443", "document+appcache+csp", "public",
             // If we request the same resources again, we should load them from the
             // memory cache with the same properties.
             function () {
-                addressSpaceTest("http://localhost:8000", "document+appcache+csp", "public", null, " repeat");
+                addressSpaceTest("https://localhost:8443", "document+appcache+csp", "public", null, " repeat");
             });
-        addressSpaceTest("http://127.0.0.1:8000", "document+appcache+csp", "public",
+        addressSpaceTest("https://127.0.0.1:8443", "document+appcache+csp", "public",
             // If we request the same resources again, we should load them from the
             // memory cache with the same properties.
             function () {
-                addressSpaceTest("http://127.0.0.1:8000", "document+appcache+csp", "public", null, " repeat");
+                addressSpaceTest("https://127.0.0.1:8443", "document+appcache+csp", "public", null, " repeat");
             });
 
-        addressSpaceTest("http://example.test:8000", "document+appcache+csp", "public",
+        addressSpaceTest("https://example.test:8443", "document+appcache+csp", "public",
             // If we request the same resources again, we should load them from the
             // memory cache with the same properties.
             function () {
-                addressSpaceTest("http://example.test:8000", "document+appcache+csp", "public", null, " repeat");
+                addressSpaceTest("https://example.test:8443", "document+appcache+csp", "public", null, " repeat");
             });
     };
 </script>
diff --git a/...ecurity/powerfulFeatureRestrictions/old-powerful-features-on-insecure-origin-expected.txt b/...ecurity/powerfulFeatureRestrictions/old-powerful-features-on-insecure-origin-expected.txt
@@ -1,4 +1,4 @@
-CONSOLE WARNING: Use of the Application Cache is deprecated on insecure origins. Support will be removed in the future. You should consider switching your application to a secure origin, such as HTTPS. See https://goo.gl/rStTGz for more details.
+CONSOLE WARNING: Application Cache is deprecated in non-secure contexts, and will be restricted to secure contexts in M69, around September 2018. Please consider migrating your application to HTTPS, and eventually shifting over to Service Workers. See https://goo.gl/rStTGz for more details.
 CONSOLE WARNING: line 26: The devicemotion event is deprecated on insecure origins, and support will be removed in the future. You should consider switching your application to a secure origin, such as HTTPS. See https://goo.gl/rStTGz for more details.
 CONSOLE WARNING: line 31: The deviceorientation event is deprecated on insecure origins, and support will be removed in the future. You should consider switching your application to a secure origin, such as HTTPS. See https://goo.gl/rStTGz for more details.
 CONSOLE WARNING: line 36: getCurrentPosition() and watchPosition() no longer work on insecure origins. To use this feature, you should consider switching your application to a secure origin, such as HTTPS. See https://goo.gl/rStTGz for more details.
@@ -10,7 +10,6 @@ PASS getCurrentPosition
 PASS watchPosition
 PASS navigator.webkitGetUserMedia
 PASS navigator.mediaDevices.getUserMedia
-PASS appcache
 PASS requestMediaKeySystemAccess
 Harness: the test ran to completion.