From 4f95565b889a281780af332d9f641c5bd5b1eec8 Mon Sep 17 00:00:00 2001
From: Blink WPT Bot <blink-w3c-test-autoroller@chromium.org>
Date: Wed, 8 May 2024 16:30:34 +0000
Subject: [PATCH] Bug 1890696 [wpt PR 45638] - Subresource Integrity support
 for ES modules, using importmaps, a=testonly

Automatic update from web-platform-tests
Subresource Integrity support for ES modules, using importmaps (#45638)

SRI support for ES modules enables using them in documents that require
SRI for certain scripts for security reasons, as well as with the move
overarching require-sri-for CSP directive.

This CL implements https://github.com/whatwg/html/pull/10269
based on https://github.com/guybedford/import-maps-extensions#integrity

I2P: https://groups.google.com/a/chromium.org/g/blink-dev/c/O2UR3kb-HcI/m/7Jh7_GYsAAAJ?utm_medium=email&utm_source=footer

Change-Id: Ida563334048d013ffc658f9783f9401930dd4689
Bug: 334251999
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5441822
Reviewed-by: Domenic Denicola <domenic@chromium.org>
Commit-Queue: Yoav Weiss (@Shopify) <yoavweiss@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1297376}

Co-authored-by: Yoav Weiss <yoavweiss@chromium.org>
--

wpt-commits: 7daf23a6329f4577bc3723d5e25eae8eae26e710
wpt-pr: 45638
---
 .../tests/import-maps/dynamic-integrity.html  |  87 ++++++++++
 ...no-referencing-script-integrity-valid.html |  37 ++++
 .../no-referencing-script-integrity.html      |  34 ++++
 .../import-maps/nonimport-integrity.html      | 161 ++++++++++++++++++
 .../tests/import-maps/static-integrity.html   |  68 ++++++++
 .../fetch-request-resources.https.html        |  75 +++++++-
 .../fetch-request-resources-iframe.https.html |  43 ++++-
 7 files changed, 502 insertions(+), 3 deletions(-)
 create mode 100644 testing/web-platform/tests/import-maps/dynamic-integrity.html
 create mode 100644 testing/web-platform/tests/import-maps/no-referencing-script-integrity-valid.html
 create mode 100644 testing/web-platform/tests/import-maps/no-referencing-script-integrity.html
 create mode 100644 testing/web-platform/tests/import-maps/nonimport-integrity.html
 create mode 100644 testing/web-platform/tests/import-maps/static-integrity.html

diff --git a/testing/web-platform/tests/import-maps/dynamic-integrity.html b/testing/web-platform/tests/import-maps/dynamic-integrity.html
new file mode 100644
index 0000000000000..7a6fed71086b2
--- /dev/null
+++ b/testing/web-platform/tests/import-maps/dynamic-integrity.html
@@ -0,0 +1,87 @@
+<!DOCTYPE html>
+<html>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script>
+let log;
+</script>
+<script type="importmap">
+{
+  "imports": {
+    "./resources/log.js?pipe=sub&name=ResolvesToBadHash": "./resources/log.js?pipe=sub&name=BadHash",
+    "./resources/log.js?pipe=sub&name=ResolvesToNoHash": "./resources/log.js?pipe=sub&name=NoHash",
+    "./resources/log.js?pipe=sub&name=GoodHash": "./resources/log.js?pipe=sub&name=GoodHash",
+    "bare": "./resources/log.js?pipe=sub&name=BareURL",
+    "bare2": "./resources/log.js?pipe=sub&name=F"
+  },
+  "integrity": {
+    "./resources/log.js?pipe=sub&name=BadHash": "sha384-foobar",
+    "./resources/log.js?pipe=sub&name=ResolvesToNoHash": "sha384-foobar",
+    "./resources/log.js?pipe=sub&name=GoodHash": "sha384-SwfgBqInhSlLziU454cYhGgwPpae+d3VHZcY+vjZIO/gxRGt2u3Jsfyvure/Ww0u",
+    "./resources/log.js?pipe=sub&name=InvalidExtra": "sha384-WsKk8nzJFPhk/4pWR4LYoPhEu3xaAc6PdIm4vmqoZVWqEgMYmZgOg9XJKxgD1+8v foobar-rOJN8igD0+jW6lwNN3+InhXTgQztVHlq/HJ0riswXp8kMoiIDx5JpmCwuVem6Ll9q2LFNSu1xq23bsBMMQk1rg==",
+    "./resources/log.js?pipe=sub&name=Suffix": "sha384-lbOWldbmji7sCHI/L8iVJ+elmFIMp41p+aYOLxqQfZMqtoFeHFVe/ASRA0IyZ1/9?foobar",
+    "./resources/log.js?pipe=sub&name=Multiple": "sha384-foobar sha512-rOJN8igD0+jW6lwNN3+InhXTgQztVHlq/HJ0riswXp8kMoiIDx5JpmCwuVem6Ll9q2LFNSu1xq23bsBMMQk1rg==",
+    "./resources/log.js?pipe=sub&name=BadHashWithNoImport": "sha384-foobar",
+    "./resources/log.js?pipe=sub&name=BareURL": "sha384-foobar",
+    "bare2": "sha384-foobar",
+    "resources/log.js?pipe=sub&name=Bare": "sha384-foobar"
+  }
+}
+</script>
+<script type="module">
+const test_not_loaded = (url, description) => {
+  promise_test(async t => {
+    log = [];
+    const promise = import(url);
+    await promise_rejects_js(t, TypeError, promise);
+    assert_array_equals(log, []);
+  }, description);
+};
+
+const test_loaded = (url, log_expectation, description) => {
+  promise_test(async t => {
+    log = [];
+    await import(url);
+    assert_array_equals(log, log_expectation);
+  }, description);
+};
+
+test_not_loaded("./resources/log.js?pipe=sub&name=ResolvesToBadHash",
+  'script was not loaded, as its resolved URL failed its integrity check');
+
+test_loaded("./resources/log.js?pipe=sub&name=ResolvesToNoHash", ["log:NoHash"],
+  'script was loaded, as its resolved URL had no integrity check, despite' +
+  ' its specifier having one');
+
+test_loaded("./resources/log.js?pipe=sub&name=GoodHash", ["log:GoodHash"],
+  'script was loaded, as its integrity check passed');
+
+test_not_loaded("./resources/log.js?pipe=sub&name=BadHashWithNoImport",
+  'Script with no import definition was not loaded, as it failed its' +
+  ' integrity check');
+
+test_not_loaded("bare",
+  'Bare specifier script was not loaded, as it failed its integrity check');
+
+test_loaded("bare2", ["log:F"],
+  'Bare specifier used for integrity loaded, as its definition should have' +
+  ' used the URL');
+
+test_loaded("./resources/log.js?pipe=sub&name=InvalidExtra",
+  ["log:InvalidExtra"],
+  'script was loaded, as its integrity check passed, despite having an extra' +
+  ' invalid hash');
+
+test_loaded("./resources/log.js?pipe=sub&name=Suffix", ["log:Suffix"],
+  'script was loaded, as its integrity check passed, despite having an' +
+  ' invalid suffix');
+
+test_loaded("./resources/log.js?pipe=sub&name=Multiple", ["log:Multiple"],
+  'script was loaded, as its integrity check passed given multiple hashes.' +
+  ' This also makes sure that the larger hash is picked.');
+
+test_loaded("./resources/log.js?pipe=sub&name=Bare",["log:Bare"],
+  'script was loaded, as its integrity check was ignored, as it was defined' +
+  ' using a URL that looks like a bare specifier');
+</script>
+
diff --git a/testing/web-platform/tests/import-maps/no-referencing-script-integrity-valid.html b/testing/web-platform/tests/import-maps/no-referencing-script-integrity-valid.html
new file mode 100644
index 0000000000000..2594459fcbfbc
--- /dev/null
+++ b/testing/web-platform/tests/import-maps/no-referencing-script-integrity-valid.html
@@ -0,0 +1,37 @@
+<!DOCTYPE html>
+<html>
+<head>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script>
+let log = [];
+</script>
+<script type="importmap">
+{
+  "integrity": {
+    "./resources/log.js?pipe=sub&name=NoReferencingScriptValidCheck": "sha384-5eRmXQSBE6H5ENdymdZxcyiIfJL1dxtH8p+hOelZY7Jzk+gt0gYyemrGY0cEaThF"
+  }
+}
+</script>
+<script>
+let promiseResolve;
+let promiseReject;
+let promise = new Promise((resolve, reject) => {
+  promiseResolve = resolve;
+  promiseReject = reject;
+});
+</script>
+</head>
+<body>
+<img src="/images/green.png?2"
+  onload="import('./resources/log.js?pipe=sub&name=NoReferencingScriptValidCheck').then(promiseResolve).catch(promiseReject)">
+<script>
+promise_test(async () => {
+  await promise;
+  assert_equals(log.length, 1);
+  assert_equals(log[0], "log:NoReferencingScriptValidCheck");
+}, "Script was loaded as its valid integrity check passed");
+</script>
+</body>
+</html>
+
diff --git a/testing/web-platform/tests/import-maps/no-referencing-script-integrity.html b/testing/web-platform/tests/import-maps/no-referencing-script-integrity.html
new file mode 100644
index 0000000000000..8025ba3b8993d
--- /dev/null
+++ b/testing/web-platform/tests/import-maps/no-referencing-script-integrity.html
@@ -0,0 +1,34 @@
+<!DOCTYPE html>
+<html>
+<head>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script>
+let log = [];
+</script>
+<script type="importmap">
+{
+  "integrity": {
+    "./resources/log.js?pipe=sub&name=NoReferencingScriptInvalidCheck": "sha384-Li9vy3DqF8tnTXuiaAJuML3ky+er10rcgNR/VqsVpcw+ThHmYcwiB1pbOxEbzJr7"
+  }
+}
+</script>
+<script>
+let promiseResolve;
+let promiseReject;
+let promise = new Promise((resolve, reject) => {
+  promiseResolve = resolve;
+  promiseReject = reject;
+});
+</script>
+</head>
+<body>
+<img src="/images/green.png"
+  onload="import('./resources/log.js?pipe=sub&name=NoReferencingScriptInvalidCheck').then(promiseResolve).catch(promiseReject)">
+<script type="module">
+promise_test(async t => {
+  await promise_rejects_js(t, TypeError, promise);
+}, "Script was not loaded as its integrity check failed");
+</script>
+</body>
+</html>
diff --git a/testing/web-platform/tests/import-maps/nonimport-integrity.html b/testing/web-platform/tests/import-maps/nonimport-integrity.html
new file mode 100644
index 0000000000000..1157ee64ee781
--- /dev/null
+++ b/testing/web-platform/tests/import-maps/nonimport-integrity.html
@@ -0,0 +1,161 @@
+<!DOCTYPE html>
+<html>
+<head>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script>
+let log = [];
+</script>
+<script type="importmap">
+{
+  "integrity": {
+    "./resources/log.js?pipe=sub&name=ModuleNoIntegrity": "sha384-foobar",
+    "./resources/log.js?pipe=sub&name=ModuleIntegrity": "sha384-foobar",
+    "./resources/log.js?pipe=sub&name=ModuleEmptyIntegrity": "sha384-foobar",
+    "./resources/log.js?pipe=sub&name=ModuleBadIntegrityAttribute": "sha384-COhDkp+ybIZ9wz9hUaSJ5NzKcn8wOMZMpsACZfTeEdBRtNcX5yWJnFn+lIK77Tay",
+    "./resources/log.js?pipe=sub&name=ModulePreloadNoIntegrity": "sha384-foobar",
+    "./resources/log.js?pipe=sub&name=ModulePreloadIntegrity": "sha384-foobar",
+    "./resources/log.js?pipe=sub&name=ModulePreloadEmptyIntegrity": "sha384-foobar",
+    "./resources/log.js?pipe=sub&name=ModulePreloadBadIntegrityAttribute": "sha384-026dlUs9+KSmPb0Uc7oUPOlWBO67o7vSFdfLJZWEVTvKCly5NXO8+CsOXl54ZBqJ",
+    "./resources/log.js?pipe=sub&name=NonModule": "sha384-foobar",
+    "/images/green.png": "sha384-foobar"
+  }
+}
+</script>
+<script type="module">
+promise_test(async t => {
+  log = [];
+  const script = document.createElement("script");
+  script.type = "module";
+  script.src = "./resources/log.js?pipe=sub&name=ModuleNoIntegrity";
+  const promise = new Promise((resolve, reject) => {
+    script.onload = resolve;
+    script.onerror = () => { reject(Error()); };
+  });
+  document.head.appendChild(script);
+  await promise_rejects_js(t, Error, promise);
+}, "Script was not loaded as its integrity check was not ignored");
+
+promise_test(async () => {
+  log = [];
+  const script = document.createElement("script");
+  script.type = "module";
+  script.integrity = "sha384-QtZrhNFOSmHASHnBdmGg+zrVz5hjukCBakaqwT2pcG7w+QTa/niK16csP6kXAeXI";
+  script.src = "./resources/log.js?pipe=sub&name=ModuleIntegrity";
+  const promise = new Promise((resolve, reject) => {
+    script.onload = resolve;
+    script.onerror = reject;
+  });
+  document.head.appendChild(script);
+  await promise;
+  assert_equals(log.length, 1);
+  assert_equals(log[0], "log:ModuleIntegrity");
+}, "Script was loaded as its correct integrity attribute was not ignored");
+
+promise_test(async () => {
+  log = [];
+  const script = document.createElement("script");
+  script.type = "module";
+  script.integrity = "";
+  script.src = "./resources/log.js?pipe=sub&name=ModuleEmptyIntegrity";
+  const promise = new Promise((resolve, reject) => {
+    script.onload = resolve;
+    script.onerror = reject;
+  });
+  document.head.appendChild(script);
+  await promise;
+  assert_equals(log.length, 1);
+  assert_equals(log[0], "log:ModuleEmptyIntegrity");
+}, "Script was loaded as its empty integrity attribute was not ignored");
+
+promise_test(async t => {
+  log = [];
+  const script = document.createElement("script");
+  script.type = "module";
+  script.integrity = "sha384-foobar";
+  script.src = "./resources/log.js?pipe=sub&name=ModuleBadIntegrityAttribute";
+  const promise = new Promise((resolve, reject) => {
+    script.onload = resolve;
+    script.onerror = () => { reject(Error()); };
+  });
+  document.head.appendChild(script);
+  await promise_rejects_js(t, Error, promise);
+}, "Script was not loaded as its bad integrity attribute was not overridden");
+
+promise_test(async t => {
+  const link = document.createElement("link");
+  link.rel = "modulepreload";
+  link.href = "./resources/log.js?pipe=sub&name=ModulePreloadNoIntegrity";
+  const promise = new Promise((resolve, reject) => {
+    link.onload = resolve;
+    link.onerror = () => { reject(Error()); };
+  });
+  document.head.appendChild(link);
+  await promise_rejects_js(t, Error, promise);
+}, "Modulepreload was not loaded as its integrity check was not ignored");
+
+promise_test(async () => {
+  const link = document.createElement("link");
+  link.rel = "modulepreload";
+  link.integrity = "sha384-iDG3WysExtjWvD9QwQrC7nGXRvO0jM+r7Z2cOLMDO2geMlEtmN9j9xfqHfzT45+9";
+  link.href = "./resources/log.js?pipe=sub&name=ModulePreloadIntegrity";
+  const promise = new Promise((resolve, reject) => {
+    link.onload = resolve;
+    link.onerror = reject;
+  });
+  document.head.appendChild(link);
+  await promise;
+}, "Modulepreload was loaded as its correct integrity attribute was not ignored");
+
+promise_test(async () => {
+  const link = document.createElement("link");
+  link.rel = "modulepreload";
+  link.integrity = "";
+  link.href = "./resources/log.js?pipe=sub&name=ModulePreloadEmptyIntegrity";
+  const promise = new Promise((resolve, reject) => {
+    link.onload = resolve;
+    link.onerror = reject;
+  });
+  document.head.appendChild(link);
+  await promise;
+}, "Modulepreload was loaded as its empty integrity attribute was not ignored");
+
+promise_test(async t => {
+  const link = document.createElement("link");
+  link.rel = "modulepreload";
+  link.integrity = "sha384-foobar";
+  link.href = "./resources/log.js?pipe=sub&name=ModulePreloadBadIntegrityAttribute";
+  const promise = new Promise((resolve, reject) => {
+    link.onload = resolve;
+    link.onerror = () => { reject(Error()); };
+  });
+  document.head.appendChild(link);
+  await promise_rejects_js(t, Error, promise);
+}, "Modulepreload was not loaded as its bad integrity attribute was not ignored");
+
+promise_test(async () => {
+  log = [];
+  const script = document.createElement("script");
+  script.src = "./resources/log.js?pipe=sub&name=NonModule";
+  const promise = new Promise((resolve, reject) => {
+    script.onload = resolve;
+    script.onerror = reject;
+  });
+  document.head.appendChild(script);
+  await promise;
+  assert_equals(log.length, 1);
+  assert_equals(log[0], "log:NonModule");
+}, "Classic script was loaded as its integrity check was ignored");
+
+promise_test(async () => {
+  const img = document.createElement("img");
+  const promise = new Promise((resolve, reject) => {
+    img.onload = resolve;
+    img.onerror = reject;
+  });
+  img.src = "/images/green.png";
+  document.head.appendChild(img);
+  await promise;
+}, "Image was loaded as its integrity check was ignored");
+</script>
+</head>
diff --git a/testing/web-platform/tests/import-maps/static-integrity.html b/testing/web-platform/tests/import-maps/static-integrity.html
new file mode 100644
index 0000000000000..d1d3649339e5b
--- /dev/null
+++ b/testing/web-platform/tests/import-maps/static-integrity.html
@@ -0,0 +1,68 @@
+<!DOCTYPE html>
+<html>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script>
+let log = [];
+</script>
+<script type="importmap">
+{
+  "imports": {
+    "./resources/log.js?pipe=sub&name=A": "./resources/log.js?pipe=sub&name=B",
+    "./resources/log.js?pipe=sub&name=C": "./resources/log.js?pipe=sub&name=D"
+  },
+  "integrity": {
+    "./resources/log.js?pipe=sub&name=B": "sha384-Li9vy3DqF8tnTXuiaAJuML3ky+er10rcgNR/VqsVpcw+ThHmYcwiB1pbOxEbzJr7",
+    "./resources/log.js?pipe=sub&name=D": "sha384-rxZqznFuOnvObm6JJKVmwzBXrsRG25IepqKDFHGhtitRu9YPjxPpRPMIu2hzvtxF",
+    "./resources/log.js?pipe=sub&name=X": "sha384-mCon9M46vUfNK2Wb3yjvBmpBw/3hwB+wMYS8IzDBng+7//R5Qao35E1azo4gFVzx",
+    "./resources/log.js?pipe=sub&name=Y": "sha384-u0yaFlBF39Au++qcn+MGL/Ml7UmuVfLymNJAz6Yyi4RqyUfWelcuAzVyE8Shs9xn",
+    "./resources/log.js?pipe=sub&name=Z": "sha384-u0yaFlBF39Au++qcn+MGL/Ml7UmuVfLymNJAz6Yyi4RqyUfWelcuAzVyE8Shs9xn"
+  }
+}
+</script>
+<script type="module">
+import './resources/log.js?pipe=sub&name=A';
+</script>
+<script type="module">
+test(t => {
+    assert_array_equals(log, []);
+  }, 'Static script did not load as it failed its integrity check');
+log = [];
+</script>
+<script type="module">
+import './resources/log.js?pipe=sub&name=C';
+</script>
+<script type="module">
+test(t => {
+    assert_array_equals(log, ["log:D"]);
+  }, 'Static script loaded as its integrity check passed');
+log = [];
+</script>
+<script type="module">
+import './resources/log.js?pipe=sub&name=X';
+</script>
+<script type="module">
+test(t => {
+    assert_array_equals(log, []);
+  }, 'Static script did not load as it failed its integrity check, even' +
+     ' without an import defined');
+log = [];
+</script>
+<script type="module">
+import './resources/log.js?pipe=sub&name=Y';
+</script>
+<script type="module">
+test(t => {
+    assert_array_equals(log, ["log:Y"]);
+  }, 'Static script loaded as its integrity check passed without an import' +
+     ' defined');
+log = [];
+</script>
+<script type="module" src="./resources/log.js?pipe=sub&name=Z">;
+</script>
+<script type="module">
+test(t => {
+    assert_array_equals(log, []);
+  }, 'HTML-based module script did not load as its integrity check failed.');
+log = [];
+</script>
diff --git a/testing/web-platform/tests/service-workers/service-worker/fetch-request-resources.https.html b/testing/web-platform/tests/service-workers/service-worker/fetch-request-resources.https.html
index b4680c3ccd58d..9524e6d4749b2 100644
--- a/testing/web-platform/tests/service-workers/service-worker/fetch-request-resources.https.html
+++ b/testing/web-platform/tests/service-workers/service-worker/fetch-request-resources.https.html
@@ -90,7 +90,67 @@
       destination: 'script',
       message: `Script load (url:${actual_url})`
     };
-  frame.contentWindow.load_script_with_integrity(actual_url, integrity);
+  frame.contentWindow.load_script_with_integrity(actual_url, integrity, /*type=*/null);
+  return add_promise_to_test(actual_url);
+}
+
+function module_script_integrity_test(frame, url, integrity, expected_integrity) {
+  const actual_url = url + "_module";
+  expected_results[actual_url] = {
+      url: actual_url,
+      mode: 'cors',
+      credentials: 'same-origin',
+      redirect: 'follow',
+      integrity: expected_integrity,
+      destination: 'script',
+      message: `Module Script load (url:${actual_url})`
+    };
+  frame.contentWindow.load_script_with_integrity(actual_url, integrity, "module");
+  return add_promise_to_test(actual_url);
+}
+
+function modulepreload_integrity_test(frame, url, integrity, expected_integrity) {
+  const actual_url = url + "_modulepreload";
+  expected_results[actual_url] = {
+      url: actual_url,
+      mode: 'cors',
+      credentials: 'same-origin',
+      redirect: 'follow',
+      integrity: expected_integrity,
+      destination: 'script',
+      message: `Module Script load (url:${actual_url})`
+    };
+  frame.contentWindow.load_modulepreload_with_integrity(actual_url, integrity);
+  return add_promise_to_test(actual_url);
+}
+
+function import_module_integrity_test(frame, url, expected_integrity) {
+  const actual_url = url + "_moduleimport";
+  expected_results[actual_url] = {
+      url: actual_url,
+      mode: 'cors',
+      credentials: 'same-origin',
+      redirect: 'follow',
+      integrity: expected_integrity,
+      destination: 'script',
+      message: `Module Script load (url:${actual_url})`
+    };
+  frame.contentWindow.import_modulescript(actual_url);
+  return add_promise_to_test(actual_url);
+}
+
+function import_dynamic_module_integrity_test(frame, url, expected_integrity) {
+  const actual_url = url + "_moduleimportdynamic";
+  expected_results[actual_url] = {
+      url: actual_url,
+      mode: 'cors',
+      credentials: 'same-origin',
+      redirect: 'follow',
+      integrity: expected_integrity,
+      destination: 'script',
+      message: `Module Script load (url:${actual_url})`
+    };
+  frame.contentWindow.import_dynamic_modulescript(actual_url);
   return add_promise_to_test(actual_url);
 }
 
@@ -253,6 +313,19 @@
                               'sha256-foo sha384-abc ');
   await script_integrity_test(f, LOCAL_URL, 'sha256-foo sha256-abc',
                               'sha256-foo sha256-abc');
+  await module_script_integrity_test(f, LOCAL_URL,
+                                     null,
+                                     'sha384-foobar');
+
+  await modulepreload_integrity_test(f, LOCAL_URL,
+                                     null,
+                                     'sha384-foobar');
+
+  await import_module_integrity_test(f, LOCAL_URL,
+                                     'sha384-foobar');
+
+  await import_dynamic_module_integrity_test(f, LOCAL_URL,
+                                     'sha384-foobar');
 
   await css_integrity_test(f, LOCAL_URL, '     ', '     ');
   await css_integrity_test(
diff --git a/testing/web-platform/tests/service-workers/service-worker/resources/fetch-request-resources-iframe.https.html b/testing/web-platform/tests/service-workers/service-worker/resources/fetch-request-resources-iframe.https.html
index 86e9f4bb3598a..37fc491134d0f 100644
--- a/testing/web-platform/tests/service-workers/service-worker/resources/fetch-request-resources-iframe.https.html
+++ b/testing/web-platform/tests/service-workers/service-worker/resources/fetch-request-resources-iframe.https.html
@@ -1,5 +1,15 @@
 <script src="test-helpers.sub.js?pipe=sub"></script>
 <body>
+<script type="importmap">
+{
+  "integrity": {
+    "./sample?test_module": "sha384-foobar",
+    "./sample?test_modulepreload": "sha384-foobar",
+    "./sample?test_moduleimport": "sha384-foobar",
+    "./sample?test_moduleimportdynamic": "sha384-foobar"
+  }
+}
+</script>
 <script>
 
 function load_image(url, cross_origin) {
@@ -50,13 +60,42 @@
   }
 }
 
-function load_script_with_integrity(url, integrity) {
+function load_script_with_integrity(url, integrity, type) {
   const script = document.createElement('script');
+  if (type) {
+    script.type = type;
+  }
   script.src = url;
-  script.integrity = integrity;
+  if (integrity) {
+    script.integrity = integrity;
+  }
   document.body.appendChild(script);
 }
 
+function import_modulescript(url) {
+  const script = document.createElement('script');
+  script.type = "module";
+  script.innerHTML = `import "${url}";`;
+  document.body.appendChild(script);
+}
+
+function import_dynamic_modulescript(url) {
+  const script = document.createElement('script');
+  script.type = "module";
+  script.innerHTML = `import("${url}");`;
+  document.body.appendChild(script);
+}
+
+function load_modulepreload_with_integrity(url, integrity) {
+  const link = document.createElement('link');
+  link.href = url;
+  if (integrity) {
+    link.integrity = integrity;
+  }
+  link.rel = "modulepreload";
+  document.body.appendChild(link);
+}
+
 function load_css_with_integrity(url, integrity) {
   const link = document.createElement('link');
   link.rel = 'stylesheet'