Open Bug 1467155 Opened 2 years ago Updated 2 years ago

Fix CSP web platform test race conditions for error report checking

Categories

(Testing :: web-platform-tests, enhancement, P3)

enhancement

Tracking

(Not tracked)

People

(Reporter: ckerschb, Unassigned)

References

(Blocks 1 open bug)

Details

(Whiteboard: [domsecurity-backlog1])

As discussed within [1] it seems that almost all CSP error reporting tests suffer from a potential race condition. In fact using:

<script async defer src='../support/checkReport.sub.js?bla>

does not guarantee that the error report has been received on the server before the script runs.

Please note that some CSP wpt tests dynamically generate the script for checking whether a report has been received on the server [2], which is probably the right way to go.

In any case, we should inspect all of the tests within web-platform/tests/content-security-policy to make sure there are no race conditions of that kind.

[1] https://bugzilla.mozilla.org/show_bug.cgi?id=1466508#c15
[2] https://dxr.mozilla.org/mozilla-central/source/testing/web-platform/tests/content-security-policy/object-src/object-src-2_2.html#47-50
Priority: -- → P3
Whiteboard: [domsecurity-backlog1]
Blocks: csp-w3c-3
Might be worth filing this in the wpt repo so maybe someone other than us will do it... ;)
(In reply to Boris Zbarsky [:bz] (no decent commit message means r-) from comment #1)
> Might be worth filing this in the wpt repo so maybe someone other than us
> will do it... ;)

indeed :-)
Component: DOM: Security → web-platform-tests
Product: Core → Testing
You need to log in before you can comment on or make changes to this bug.