--- a/testing/web-platform/tests/signed-exchange/resources/generate-test-sxgs.sh
+++ b/testing/web-platform/tests/signed-exchange/resources/generate-test-sxgs.sh
@@ -3,17 +3,17 @@ sxg_version=1b3
 certfile=127.0.0.1.sxg.pem
 keyfile=127.0.0.1.sxg.key
 inner_url_origin=https://127.0.0.1:8444
 # TODO: Stop hard-coding "web-platform.test" when generating Signed Exchanges on
 # the fly.
 wpt_test_origin=https://web-platform.test:8444
 wpt_test_remote_origin=https://www1.web-platform.test:8444
 cert_url_origin=$wpt_test_origin
-sxg_content_type='content-type: application/signed-exchange;v=b2'
+sxg_content_type='content-type: application/signed-exchange;v=b3'
 
 set -e
 
 for cmd in gen-signedexchange gen-certurl; do
     if ! command -v $cmd > /dev/null 2>&1; then
         echo "$cmd is not installed. Please run:"
         echo "  go get -u github.com/WICG/webpackage/go/signedexchange/cmd/..."
         exit 1
@@ -35,16 +35,31 @@ gen-signedexchange \
   -certUrl $cert_url_origin/signed-exchange/resources/$certfile.cbor \
   -validityUrl $inner_url_origin/signed-exchange/resources/resource.validity.msg \
   -privateKey $keyfile \
   -date 2018-04-01T00:00:00Z \
   -expire 168h \
   -o sxg/sxg-location.sxg \
   -miRecordSize 100
 
+# A signed exchange of unsupported version.
+gen-signedexchange \
+  -version 1b2 \
+  -uri $inner_url_origin/signed-exchange/resources/inner-url.html \
+  -status 200 \
+  -content sxg-location.html \
+  -certificate $certfile \
+  -certUrl $cert_url_origin/signed-exchange/resources/$certfile.cbor \
+  -validityUrl $inner_url_origin/signed-exchange/resources/resource.validity.msg \
+  -privateKey $keyfile \
+  -date 2018-04-01T00:00:00Z \
+  -expire 168h \
+  -o sxg-version1b2.sxg \
+  -miRecordSize 100
+
 # A valid Signed Exchange for testing referrer which logical origin is the wpt
 # test origin.
 gen-signedexchange \
   -version $sxg_version \
   -uri $wpt_test_origin/signed-exchange/resources/inner-url.html \
   -status 200 \
   -content sxg-location.html \
   -certificate $certfile \

new file mode 100644
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..092eb9d38ffecf173d353b5ac59744a5893bfa75
GIT binary patch
literal 1005
zc$}3|OKTHR7)=orvJ?>)F2*YKnVHEXY4e(tn&)WJCTW_ax{#ZhFEi83tM}eC)0Qq2
zp$MYCp+(TO3m1YL!5>gviwL@MQCukEMrWEv>Poy9hI7C9&N=rxT;i(XP)7&^7Bos7
zlH|CsFwgSd4kzQ$Xp|$mYJn00SJsfF0*8UveJlgvbjt!9>SKe|sA&Yo4g!G#19iYi
zF&;^ruH@IUQY}}HccisyA?&J&Z8gzfZnoo1l@1gsx?C5mxngs^osIXTn`KRvw8e^(
z?X;xkdW7rYW-(zqQ8l;GYt?92+gNEUu-P)|kTc2+9;Q>wCNgwIr(6Cl#PR>0V1(F_
z4r>y1JjLi11r>W|aa_?=Ae1xp5Ydnjn+x#~uR#V(|Mna}C*&B2c5Q63)T8{%`_Cm=
z;;O6zCM$PrJklPTiPO%?YNFrnDlwx~H+r|snQhQe*==`Q+VzeEH;UE5;$~$gp%sYe
z<)I)7VmKxUu_zzs`4j`LqkEoyEfS8#=6L?zelckR)odkO%r~ACh6A<}rzaG7WH|Fy
zUXlx|Tjn6)R=8|a9h6Gzw7hEc^3sx9L(!#LyI$&v#U!DK_DNRY`Lb+#(OEP^w;X6+
zqTo`_e;nRa8o~sq*r(l4ygF(FOSTo=Qp=~^1H+}HujH1qjkRi?@g*|BG}WmAne33u
z*j;AjINegCQO%zOoaTm2!8DPv?$Atdpj(PPV3DHaH$7TeCmtK{<b(-?pldIlA03{v
z58v#BA78jU_Wi@d&(F@gh1UyHS6}Ww%4jM~%rcYUGp86a!|VhZ=J>>VQ6tu|G4(!#
zR(vrPCjI~ZGHe-9-L{g9V#|HgCyYw0hM_xq(&s_=_;y-2`-}Pc?&v|{?!|+r--N~Y
zd-rdD*?aXVlK*<<2gZO;>G%}CG?LKCoh~wr4w8FG#zO>lr&7V)*&+5|nj2;D8!O&f
AJpcdz

new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/signed-exchange/resources/sxg-version1b2.sxg.headers
@@ -0,0 +1,2 @@
+Content-Type: application/signed-exchange;v=b2
+X-Content-Type-Options: nosniff

index f671f27d7445a85f8f84906ba06006a075b2c640..6d8538882d27c40b0ffcf0845c090844aaec87b7
GIT binary patch
literal 1965
zc$~de4{Q@<6feOD6cdaQ5k)yR8Qa=k+iSbETRXh||G(?nvTh`rYwzpz==JWn`?_9-
zC;|%O&j>mN2@yvO{t0nGMF>U%#3hiBm<bCSg9s{Mh(Tr~YC`b3S_5kQ6BE8mF7MvG
z_kQoa@Atk>l4+wZZBnUHIS2)*O|Lg%t*AkHjBQr4*{qisngf&$$eA3;(LgT(i7$#7
zAn6&71EQ`dvS<z#*u`0rWz%FPugi*jLB|0JDsGZYtETK$sdlnt8nEq%63x*Z@g!XV
zXTVJ0E-7zv`SLLwVv$gq_7^l+cbQHXh>$xT?X-!>oQqqQ#~BYU1*}de;$%`tmP+nW
zPzcB+OV-w};aaVMAfD_ZQYi*H%bMPpqq!aFBUy%GV7Zc>qwYVKR+G?L9JC<Ob?pel
zK|qVjx1)|?Xr)Abfze4h60@}E3?{`O14MW$W(lNq0!zXyFBVX!xcn3L?@6Lc^H2d4
z&`g>aYq6_fj%FdAv=viX%EEScvH9MDrXS?Uu$;<v=bY&P2>J*w-WSo>a$c#@4~m4q
zVYFbF#cZ$|4DASz1xCTF=uAelrNv-))mtqoWxKg1hq0$WW(ny96BZ|U1LlirGC<?W
zf^2`OQ?TZZy)G}2cN<y>OU&VGlOPF;k_$5!!Wmv^76)~(EPxb33IfYyNXYQqA8T*#
zbEHi~%^YwUo?<vUd~+76>Y}6?TNnRNwoa0A=uf1Kxq3t6bLMWl>Uh5X!uIhMqfzaY
z>&K&)JEZuf+521OpV`s6p9<hEk1=8O`J-|?iI=gwXtsc5p-#LQ4H`?Wl9x{ONK_OL
z(D-u7>nwzqP|kADW8!6tiIgbI@}xCr(*&27llsmGfra@vVc~BjEqCqw#Ic6!`+i>8
zG;Q$1FCRwD{&Lf7v**Igw(VGV!@S!;>fw_+FKzlX#I$TZHNNxk`p>PqhJHA_>e&aA
zGJ_sfO-#QXq~GRPz4=7X_zY~#{JRd6N2BGV6DPmg(i5!T5!pztav!=KL*W}LzUwY)
z^+%rAI5IxtjmwFJb>E*4ZF|4z)Qfk|dgm4GUk#0cWQA7F6Ucaz<wD6ONA#{Gbjj~u
z2E$1<?+HZZ7-^2iQeFQ1-we(D5Xewpq3e2YbHhW2KYMaP{rSBI_asL1_;;7yn%O)&
zII;B2>o4t!D1FG0q6DC$2(votzZ)j|0(Yk?(L;EU3Pgw64jIUT4p-F|;j>75a=-kE
z1mTf0!gE6-7hkY@_Ki&6bNsY+>~!*hnS*Q3jV=5lY8jZd_u%A~+V#~SYP*yX83A^v
zOAJTxC6uHnPoEMt%qaJQGKr0g3P6&`N8Wq;%Gfl1Y;=Wj%f0iaTsynzo7eA=y+;=}
z)gKxj?8wnzkrrtL70)Kb(XrvNM=uPVIQ{L^scU!4+5FTUN4PHa$9t9%zGvnSAKQNM
zEV4q4Ad}XpvbiKG@FG-R5{y*9XwX>sUs)_)J&W29iq8}a6^EJ%&50nZ{mo7h!MRVG
zu{&=dznr`>V0-$$-B&(3KnVH9?lq@wG(<LZHm<hMn|owQWRrSih&toc%CG&1;b+#Z
yU3z)l2Va{!SEv3Yia@*xrxLQFszET)<F%`^4N)WstZZsmuhdp$MYQW{z5ErWe8UX@

new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/signed-exchange/sxg-version1b2.tentative.html
@@ -0,0 +1,20 @@
+<!DOCTYPE html>
+<title>Loading SignedHTTPExchange of unsupported version must fail</title>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/common/get-host-info.sub.js"></script>
+<script src="./resources/sxg-util.js"></script>
+<body>
+<p>Note: This test FAILs if your browser supports Signed Exchange version 1b2.</p>
+<script>
+promise_test(async (t) => {
+  const sxgUrl = get_host_info().HTTPS_ORIGIN +
+                 '/signed-exchange/resources/sxg-version1b2.sxg';
+  const message = await openSXGInIframeAndWaitForMessage(t, sxgUrl);
+  const innerURL = innerURLOrigin() +
+                   '/signed-exchange/resources/inner-url.html';
+  assert_equals(message.location, innerURL);
+  assert_true(message.is_fallback);
+}, 'Loading SignedHTTPExchange of unsupported version must fail and fallback redirect.');
+</script>
+</body>