Closed Bug 1438817 Opened 4 years ago Closed 4 years ago

[wpt-sync] PR 9557 - Implemented cascading of the RequiredCSP through nested contexts

Categories

(Core :: DOM: Security, enhancement, P3)

enhancement

Tracking

()

RESOLVED FIXED
mozilla61
Tracking Status
firefox61 --- fixed

People

(Reporter: mozilla.org, Unassigned)

Details

(Whiteboard: [wptsync downstream][domsecurity-backlog3])

An iframe that is inside another iframe that has as RequiredCSP should
respect that RequiredCSP.

Spec: https://w3c.github.io/webappsec-csp/embedded/#required-csp

Bug: 779031
Change-Id: I9042d63a6d14f48fd3cf1caaccf22c5cd1aa6d7a
Reviewed-on: https://chromium-review.googlesource.com/924064
WPT-Export-Revision: 627556217f7f62a63ac6de3e95a5e403680321d9
Component: web-platform-tests → DOM: Security
Product: Testing → Core
Ran 16 tests and 221 subtests
OK     : 16
PASS   : 143
FAIL   : 78

New tests that have failures or other problems:
/content-security-policy/embedded-enforcement/required-csp-header-cascade.html
    Test same origin: Test less restrictive policy on second iframe: FAIL
    Test same origin: Test more restrictive policy on second iframe: FAIL
    Test same origin: Test no policy on first iframe: FAIL
    Test same origin: Test no policy on second iframe: FAIL
    Test same origin: Test same policy for both iframes: FAIL
Priority: -- → P3
Whiteboard: [wptsync downstream] → [wptsync downstream][domsecurity-backlog3]
Pushed by james@hoppipolla.co.uk:
https://hg.mozilla.org/integration/mozilla-inbound/rev/5039137e5a10
[wpt PR 9557] - Implemented cascading of the RequiredCSP through nested contexts, a=testonly
https://hg.mozilla.org/integration/mozilla-inbound/rev/d7836d190e01
[wpt PR 9557]- Update wpt metadata, a=testonly
https://hg.mozilla.org/mozilla-central/rev/5039137e5a10
https://hg.mozilla.org/mozilla-central/rev/d7836d190e01
Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla61
You need to log in before you can comment on or make changes to this bug.