Open
Bug 1273241
Opened 8 years ago
Updated 2 months ago
Several CSP web platform tests are failing after the latest update from bug 1273176
Categories
(Testing :: web-platform-tests, defect)
Tracking
(Not tracked)
NEW
People
(Reporter: KWierso, Unassigned)
Details
(Keywords: leave-open, Whiteboard: [test disabled] )
Attachments
(1 obsolete file)
I'm going to be disabling them shortly.
|
Reporter | |
Comment 1•8 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/13238d8c6816
|
|
Reporter | |
Comment 2•8 years ago
|
||
I'm sure there's a more precise way to disable these on only the affected platforms, but they're currently holding the tree closed.
Flags: needinfo?(james)
|
|
Reporter | |
Updated•8 years ago
|
Keywords: leave-open
|
|
Reporter | |
Comment 3•8 years ago
|
||
| bugherder | ||
https://hg.mozilla.org/mozilla-central/rev/13238d8c6816
|
||
Comment 4•7 years ago
|
||
This probably needs triage from the security team...
Flags: needinfo?(ckerschb)
|
||
Comment 5•7 years ago
|
||
(In reply to Boris Zbarsky [:bz] (still a bit busy) (if a patch has no decent message, automatic r-) from comment #4) > This probably needs triage from the security team... Thanks for letting me know. I'll have someone look at that.
|
|
||
Comment 6•7 years ago
|
||
Francois, Wennie mentioned you might be able to take a look at this one. If not, please let me know!
Flags: needinfo?(ckerschb) → needinfo?(francois)
|
||
Comment 7•7 years ago
|
||
Here's what I found so far. Tests that fail: https://github.com/w3c/web-platform-tests/blob/master/content-security-policy/blink-contrib/self-doesnt-match-blob.sub.html https://github.com/w3c/web-platform-tests/blob/master/content-security-policy/blink-contrib/star-doesnt-match-blob.sub.html https://github.com/w3c/web-platform-tests/blob/master/content-security-policy/blink-contrib/worker-connect-src-allowed.sub.html https://github.com/w3c/web-platform-tests/blob/master/content-security-policy/blink-contrib/worker-script-src.sub.html I suspect they fail because we lack SecurityPolicyViolationEvent (bug 1302962). I've got too much on this week and next, but I'll try to confirm after that. Tests that are no longer in the upstream repo: testing/web-platform/meta/content-security-policy/frame-ancestors/multiple-frames-meta-ignored.sub.html.ini testing/web-platform/meta/content-security-policy/frame-ancestors/multiple-frames-self-allowed.sub.html.ini testing/web-platform/meta/content-security-policy/frame-ancestors/single-frame-self-allowed.sub.html.ini They have been replaced with new ones, so it's probably not worth looking into these.
Flags: needinfo?(francois)
|
||
Updated•7 years ago
|
Flags: needinfo?(james)
|
||
Comment 8•6 years ago
|
||
Also with SecurityPolicyViolationEvent enabled, these blob tests fail because we don't 'rename' directives. See: https://w3c.github.io/webappsec-csp/#effective-directive-for-a-request SecurityPolicyViolation event should report 'worker-src' as violation-directive, but we report 'child-src' instead.
|
|
||
Comment 9•6 years ago
|
||
Do we have a bug filed for the naming of CSP directives?
Flags: needinfo?(ckerschb)
|
|
||
Comment 10•6 years ago
|
||
(In reply to Andrea Marchesini [:baku] from comment #9) > Do we have a bug filed for the naming of CSP directives? I suppose that should be Bug 1192684 - Content Security Policy reports should include "effective-directive" and "status-code".
Flags: needinfo?(ckerschb)
|
||
Comment 11•5 years ago
|
||
The leave-open keyword is there and there is no activity for 6 months.
:jgraham, maybe it's time to close this bug?
Flags: needinfo?(james)
|
|
||
Updated•5 years ago
|
Flags: needinfo?(james)
|
||
Updated•5 years ago
|
Whiteboard: [test disabled]
|
||
Updated•2 years ago
|
Severity: normal → S3
| Comment hidden (spam) |
|
|
||
Updated•2 months ago
|
Attachment #9381584 -
Attachment is obsolete: true
You need to log in
before you can comment on or make changes to this bug.
Description
•