Closed Bug 1270050 Opened 9 years ago Closed 8 years ago

W3C origin-when-crossorigin vs origin-when-cross-origin

Categories

(Core :: DOM: Security, defect)

Product:
Core
Component:
DOM: Security
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla49
Tracking Flags:
Tracking Status
firefox49 --- fixed

People

(Reporter: tnguyen, Assigned: tnguyen)

References

Details

(Whiteboard: [domsecurity-active])

Attachments

(2 files, 1 obsolete file)

Update meta file
14.21 KB, patch
franziskus
: review+
jdm
: review+
Details | Diff | Splinter Review
Change `crossorigin` to `cross-origin`
808.94 KB, patch
tnguyen
: review+
jdm
: review+
Details | Diff | Splinter Review
https://github.com/w3c/webappsec/commit/c992d5cd9c93eaa509ee499efd7ef8f5ab9811d8 Seems that origin-when-crossorigin will be replaced by origin-when-cross-origin. However many web platform tests currently (and current public version) are using origin-when-crossorigin. origin-when-crossorigin value should be treated as valid value as well.
Discussed internally and we thought that the wpt should use latest and correct value "origin-when-cross-origin". What we should do is to change this value correctly in referrer-policy web platform test.
Franziskus, just making sure you have seen this bug.
Flags: needinfo?(franziskuskiefer)
Whiteboard: [domsecurity-backlog]
I would like to add some additional information: There's a typo issue in specs (editor's reply in [1], [2], should be Mike). Old version specs [3] and new one [4] should be public soon `origin-when-cross-origin` is correct but Chrome and Firefox already ship `origin-when-crossorigin` and sites already used it In current version, Google supports both of `origin-when-crossorigin` and `origin-when-cross-origin` (I tried with Google Canary and web platform tests are passed with both of them). However, running web platform tests in Firefox still fails in this sort of test (~28 cases failed with setAttribute), because `origin-when-crossorigin` is still considered as invalid value attribute (Bug 1178337 has just fixed recently but only added `origin-when-cross-origin` to the valid enums) [1] https://lists.w3.org/Archives/Public/public-webappsec/2015May/0064.html [2] https://lists.w3.org/Archives/Public/public-webappsec/2015May/0091.html [3] https://www.w3.org/TR/referrer-policy/#referrer-policy-delivery-meta [4] https://w3c.github.io/webappsec-referrer-policy/ Currently referrer policy web platform tests are written based on the old one `origin-when-crossorigin` I discussed with Franziskus and there're 2 ways to go: - Support `origin-when-crossorigin` in Firefox - Fix web platform test to use `origin-when-cross-origin` because `origin-when-crossorigin` will be deprecated soon It makes more sense to go second one. And Franziskus should know about that :) Thanks
Attached patch Update meta fileSplinter Review
Blocks: 1168540
Assignee: nobody → tnguyen
Status: NEW → ASSIGNED
Attachment #8750157 - Flags: review?(ckerschb)
Attachment #8750154 - Flags: review?(ckerschb)
Hi Christoph, Could you please take a look into that? This renamed `origin-when-crossorigin` --> `origin-when-cross-origin` in web platform tests and updated meta file as well
Whiteboard: [domsecurity-backlog] → [domsecurity-active]
Comment on attachment 8750154 [details] [diff] [review] Change `crossorigin` to `cross-origin` Franziskus is the right reviewer for this.
Attachment #8750154 - Flags: review?(ckerschb) → review?(franziskuskiefer)
Attachment #8750157 - Flags: review?(ckerschb) → review?(franziskuskiefer)
Comment on attachment 8750154 [details] [diff] [review] Change `crossorigin` to `cross-origin` Review of attachment 8750154 [details] [diff] [review]: ----------------------------------------------------------------- I still see some |crossorigin| in spec_json.js. r+ with those fixed as well.
Attachment #8750154 - Flags: review?(franziskuskiefer) → review+
Attachment #8750157 - Flags: review?(franziskuskiefer) → review+
Flags: needinfo?(franziskuskiefer)
Thanks Franziskus for your reviewing
Attachment #8750154 - Attachment is obsolete: true
Attachment #8753752 - Flags: review+
(In reply to Thomas Nguyen[:tnguyen] from comment #11) > Try looks good > https://treeherder.mozilla.org/#/jobs?repo=try&revision=eb1005956bb3 what's up with all the oranges on Win7?
Flags: needinfo?(tnguyen)
Something went wrong with windows 7 recently. You could see all of try results have the same result with many failures on Windows 7(click: go next 50)
Flags: needinfo?(tnguyen)
Hi Josh, could you please review this? This only renamed `origin-when-crossorigin` --> `origin-when-cross-origin` in web platform tests and updated meta file as well.
Attachment #8750157 - Flags: review?(josh)
Attachment #8753752 - Flags: review?(josh)
Attachment #8750157 - Flags: review?(josh) → review+
Comment on attachment 8753752 [details] [diff] [review] Change `crossorigin` to `cross-origin` Review of attachment 8753752 [details] [diff] [review]: ----------------------------------------------------------------- This appears to be racing with https://github.com/w3c/web-platform-tests/pull/3059, so we'll see what happens!
Attachment #8753752 - Flags: review?(josh) → review+
Try result in comment 11
Keywords: checkin-needed
Thanks Josh and Franziskus for your review.
for some reasons starting with this push we have perma failures like https://treeherder.mozilla.org/logviewer.html#?job_id=28628738&repo=mozilla-inbound so i had to back this out
Flags: needinfo?(tnguyen)
did some investigation and seems your patch is innocent (sorry for the backout) and all the timeouts where more caused by bug 1275281 - sorry for the backout again - re-checked this in
Flags: needinfo?(tnguyen)
Nice, thanks
https://hg.mozilla.org/mozilla-central/rev/9a7ac883cb35 https://hg.mozilla.org/mozilla-central/rev/07ede99a3cd3
Status: ASSIGNED → RESOLVED
Closed: 8 years ago
status-firefox49: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla49
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: