## Description
This PR adds a `nonce` parameter to flutter.js' `loadEntrypoint` method.
When set, loadEntrypoint will add a `nonce` attribute to the `main.dart.js` script tag, which allows Flutter to run in environments slightly more restricted by CSP; those that don't add `'self'` as a valid source for `script-src`.
----
### CSP directive
After this change, the CSP directive for a Flutter Web index.html can be:
```
script-src 'nonce-YOUR_NONCE_VALUE' 'wasm-unsafe-eval';
font-src https://fonts.gstatic.com;
style-src 'nonce-YOUR_NONCE_VALUE';
```
When CSP is set via a `meta` tag (like in the test accompanying this change), and to use a service worker, the CSP needs an additional directive: [`worker-src 'self';`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/worker-src)
When CSP set via response headers, the CSP that applies to `flutter_service_worker.js` is determined by its response headers. See **Web Workers API > [Content security policy](https://developer.mozilla.org/en-US/docs/Web/API/Web_Workers_API/Using_web_workers#content_security_policy)** in MDN.)
----
### Initialization
If the CSP is set to disallow `script-src 'self'`, a nonce needs to also be passed to `loadEntrypoint`:
```javascript
_flutter.loader.loadEntrypoint({
nonce: 'SOME_NONCE',
onEntrypointLoaded: (engineInitializer) async {
const appRunner = await engineInitializer.initializeEngine({
nonce: 'SOME_NONCE',
});
appRunner.runApp();
},
});
```
(`nonce` shows twice for now, because the entrypoint loader script doesn't have direct access to the `initializeEngine` call.)
----
## Tests
* Added a smoke test to ensure an app configured as described above starts.
## Issues
* Fixes https://github.com/flutter/flutter/issues/126977
Some upcoming engine changes will bind to a function provided by the emscripten JS wrapper around skwasm, rather than just the wasm module itself. This will make sure not to break the benchmarks when those engine changes land. See https://github.com/flutter/engine/pull/46388
This implements https://github.com/flutter/flutter/issues/132654#issuecomment-1738221257, namely:
Make `Chromium.close` more robust:
* Send `SIGTERM` and wait up to 5 seconds, if the process exited, great! Return from the function.
* If the process has not exited, then send a `SIGKILL`, which is a much firmer way to exit a process. Same as before, wait up to 5 seconds, if the process exited, great! Return from the function.
* If it still hasn't exited then give up trying to exit Chromium, just print a warning to the console and return from the function.
Bonus: a few nullability fixes and extra `-v` logging.
Fixes https://github.com/flutter/flutter/issues/132654
This makes two changes to prepare for incoming changes to skwasm in the web engine:
* We will (at least for now) be depending on the `WebAssembly.Function` constructor in `skwasm`, which is hidden behind the `--experimental-wasm-type-reflection` flag. We need to pass that when running skwasm benchmarks.
* We are going to be upgrading the skwasm build to a newer version of emscripten, which exposes the wasm exports via the `wasmExports` property instead of the `asm` property. Make sure to support either, if passed.
Towards https://github.com/dart-lang/test/issues/2065
The flutter test runner uses the copy of `host.dart.js` from the copy of
`package:test` that surfaces in the pub solve for `flutter_tool`. This
copy has been updated to allow either the old pattern of communication,
or this new pattern. The new pattern removes an extra hop and use of the
frame `window.onMessage` messages.
Fixed types for `_getNewServiceWorker` and `_waitForServiceWorkerActivation` functions.
These functions currently expect a Promise as an argument, but we're actually passing in an already resolved value:
```js
.then(this._getNewServiceWorker)
.then(this._waitForServiceWorkerActivation);
```
Flutter web uses requireJS in `debug` mode to assemble a DDC-compiled app from a bunch of small files ("modules").
This caused that `canvaskit.js` (and all other modules that used a browserify-like loading header) didn't work because they attempted to use the `define` function provided by Flutter's instance of `requireJS` (which kept the defined modules private, rather than as globals on the page, as the users of the JS expected).
A [fix](https://github.com/flutter/engine/pull/27342) was added to `flutter/engine` to trick loaders into *not* using the `requireJS` module loader, but a recent change in the fix's js-interop layer *subtly* changed its JS output on the page (objects went from `undefined` to `null`), causing this:
* https://github.com/flutter/flutter/issues/126131 (and others)
This PR hides a bit of code that is commonly used by module loaders to decide that they may use the `define` function provided by requireJS (so the engine workaround can be removed).
## Next steps
* https://github.com/flutter/engine/pull/42941
## Issues
Partially addresses: https://github.com/flutter/flutter/issues/126131 (and others)
## Tests
* Added a unit test to ensure the `delete` stays
* Manually tested with the Gallery app in `debug` mode with a bunch of user-supplied scripts that currently fail to load.
* Also tested hot restart as suggested by @nshahan
Replace imports of `src/remote_listener.dart` with `backend.dart` which exports `RemoteListener`.
Remove the unused imports of `src/backend/stack_trace_formatter.dart` (no uses of `StackTraceFormatter`) and
`src/backend/suite_channel_manager.dart` (no uses of `SuiteChannelManager`).
* Allow any JS file in flutter loader.
* Nag only if service worker API is completely unavailable.
* Add info about Secure Contexts if that may be the reason why serviceworker is not available.
* Update sanity test.
* If service worker settings are null, do not even check if the API is available.
