Closed Bug 1436245 Opened 4 years ago Closed 4 years ago

Various CSP web-platform-tests are going to permafail when Gecko 60 merges to Beta on 2018-03-01

Categories

(Core :: DOM: Security, defect, P1)

defect

Tracking

()

VERIFIED FIXED
mozilla60
Tracking Status
firefox-esr52 --- unaffected
firefox58 --- unaffected
firefox59 --- unaffected
firefox60 + verified

People

(Reporter: ryanvm, Assigned: ckerschb)

References

Details

(Whiteboard: [domsecurity-active])

Attachments

(1 file, 1 obsolete file)

Looks like these tests were recently added in bug 1435337. Hopefully just a pref needing to be forced on?

https://treeherder.mozilla.org/logviewer.html#?job_id=160713552&repo=try
https://treeherder.mozilla.org/logviewer.html#?job_id=160713472&repo=try

TEST-UNEXPECTED-TIMEOUT | /content-security-policy/reporting/report-original-url.sub.html | Direct block, same-origin = full URL in report - Test timed out
TEST-UNEXPECTED-TIMEOUT | /content-security-policy/reporting/report-original-url.sub.html | Block after redirect, same-origin = original URL in report - Test timed out
TEST-UNEXPECTED-TIMEOUT | /content-security-policy/reporting/report-original-url.sub.html | Block after redirect, cross-origin = original URL in report - Test timed out
TEST-UNEXPECTED-TIMEOUT | /content-security-policy/reporting-api/reporting-api-report-only-sends-reports-on-violation.https.sub.html | Event is fired - Test timed out
TEST-UNEXPECTED-TIMEOUT | /content-security-policy/reporting-api/reporting-api-report-only-sends-reports-on-violation.https.sub.html | expected OK
TEST-UNEXPECTED-TIMEOUT | /content-security-policy/reporting-api/reporting-api-report-to-overrides-report-uri-1.https.sub.html | Event is fired - Test timed out
TEST-UNEXPECTED-TIMEOUT | /content-security-policy/reporting-api/reporting-api-report-to-overrides-report-uri-1.https.sub.html | expected OK
TEST-UNEXPECTED-TIMEOUT | /content-security-policy/reporting-api/reporting-api-report-to-overrides-report-uri-2.https.sub.html | Event is fired - Test timed out
TEST-UNEXPECTED-TIMEOUT | /content-security-policy/reporting-api/reporting-api-report-to-overrides-report-uri-2.https.sub.html | expected OK
TEST-UNEXPECTED-TIMEOUT | /content-security-policy/reporting-api/reporting-api-sends-reports-on-violation.https.sub.html | Event is fired - Test timed out
TEST-UNEXPECTED-TIMEOUT | /content-security-policy/reporting-api/reporting-api-sends-reports-on-violation.https.sub.html | expected OK
TEST-UNEXPECTED-TIMEOUT | /content-security-policy/reporting-api/reporting-api-works-on-frame-src.https.sub.html | Event is fired - Test timed out
TEST-UNEXPECTED-TIMEOUT | /content-security-policy/reporting-api/reporting-api-works-on-frame-src.https.sub.html | expected OK
Flags: needinfo?(ckerschb)
Assignee: nobody → ckerschb
Flags: needinfo?(ckerschb)
Priority: -- → P1
Whiteboard: [domsecurity-active]
Ryan, tested locally by flipping the pref security.csp.enable_violation_events to false within all.js. Do we need more testing or are we good to check those updates in?
Attachment #8949022 - Flags: review?(ryanvm)
Status: NEW → ASSIGNED
Sounds fine to me - the only question I have is whether it makes more sense to set this pref at the directory level instead of on the individual tests, which would avoid any surprises from future upstream updates. WDYT?
(In reply to Ryan VanderMeulen [:RyanVM] from comment #2)
> Sounds fine to me - the only question I have is whether it makes more sense
> to set this pref at the directory level instead of on the individual tests,
> which would avoid any surprises from future upstream updates. WDYT?

Actually I was thinking about that and would prefer that solution but didn't know if it's possible or not. How do I do that?
That should do the trick for all CSP wpt tests.
Attachment #8949022 - Attachment is obsolete: true
Attachment #8949022 - Flags: review?(ryanvm)
Attachment #8949147 - Flags: review?(ryanvm)
Comment on attachment 8949147 [details] [diff] [review]
bug_1436245_fix_csp_wpt_tests.patch

Assuming you've verified this locally, lgtm!
Attachment #8949147 - Flags: review?(ryanvm) → review+
(In reply to Ryan VanderMeulen [:RyanVM] from comment #6)
> Assuming you've verified this locally, lgtm!

I cherry picked several tests and ran them locally.
Keywords: checkin-needed
Pushed by ryanvm@gmail.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/c358f1f20f8a
Flip pref explicitly for CSP security policy violation events for newly pulled wpt tests. r=ryanvm
Keywords: checkin-needed
https://hg.mozilla.org/mozilla-central/rev/c358f1f20f8a
Status: ASSIGNED → RESOLVED
Closed: 4 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla60
Thanks for the quick fix, Christoph!
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.