Several CSP web platform tests are failing after the latest update from bug 1273176

NEW
Unassigned

Status

Testing
web-platform-tests
a year ago
5 months ago

People

(Reporter: KWierso, Unassigned, NeedInfo)

Tracking

({leave-open})

48 Branch
leave-open
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

a year ago
I'm going to be disabling them shortly.
(Reporter)

Comment 1

a year ago
https://hg.mozilla.org/integration/mozilla-inbound/rev/13238d8c6816
(Reporter)

Comment 2

a year ago
I'm sure there's a more precise way to disable these on only the affected platforms, but they're currently holding the tree closed.
Flags: needinfo?(james)
(Reporter)

Updated

a year ago
Keywords: leave-open
(Reporter)

Comment 3

a year ago
bugherder
https://hg.mozilla.org/mozilla-central/rev/13238d8c6816
This probably needs triage from the security team...
Flags: needinfo?(ckerschb)
(In reply to Boris Zbarsky [:bz] (still a bit busy) (if a patch has no decent message, automatic r-) from comment #4)
> This probably needs triage from the security team...

Thanks for letting me know. I'll have someone look at that.
Francois, Wennie mentioned you might be able to take a look at this one. If not, please let me know!
Flags: needinfo?(ckerschb) → needinfo?(francois)
Here's what I found so far.

Tests that fail:

https://github.com/w3c/web-platform-tests/blob/master/content-security-policy/blink-contrib/self-doesnt-match-blob.sub.html
https://github.com/w3c/web-platform-tests/blob/master/content-security-policy/blink-contrib/star-doesnt-match-blob.sub.html
https://github.com/w3c/web-platform-tests/blob/master/content-security-policy/blink-contrib/worker-connect-src-allowed.sub.html
https://github.com/w3c/web-platform-tests/blob/master/content-security-policy/blink-contrib/worker-script-src.sub.html

I suspect they fail because we lack SecurityPolicyViolationEvent (bug 1302962). I've got too much on this week and next, but I'll try to confirm after that.

Tests that are no longer in the upstream repo:

testing/web-platform/meta/content-security-policy/frame-ancestors/multiple-frames-meta-ignored.sub.html.ini
testing/web-platform/meta/content-security-policy/frame-ancestors/multiple-frames-self-allowed.sub.html.ini
testing/web-platform/meta/content-security-policy/frame-ancestors/single-frame-self-allowed.sub.html.ini

They have been replaced with new ones, so it's probably not worth looking into these.
Flags: needinfo?(francois)
You need to log in before you can comment on or make changes to this bug.