Open
Bug 1467155
Opened 7 years ago
Updated 2 years ago
Fix CSP web platform test race conditions for error report checking
Categories
(Testing :: web-platform-tests, enhancement, P3)
Testing
web-platform-tests
Tracking
(Not tracked)
NEW
People
(Reporter: ckerschb, Unassigned)
References
(Blocks 1 open bug)
Details
(Whiteboard: [domsecurity-backlog1])
As discussed within [1] it seems that almost all CSP error reporting tests suffer from a potential race condition. In fact using:
<script async defer src='../support/checkReport.sub.js?bla>
does not guarantee that the error report has been received on the server before the script runs.
Please note that some CSP wpt tests dynamically generate the script for checking whether a report has been received on the server [2], which is probably the right way to go.
In any case, we should inspect all of the tests within web-platform/tests/content-security-policy to make sure there are no race conditions of that kind.
[1] https://bugzilla.mozilla.org/show_bug.cgi?id=1466508#c15
[2] https://dxr.mozilla.org/mozilla-central/source/testing/web-platform/tests/content-security-policy/object-src/object-src-2_2.html#47-50
Reporter | ||
Updated•7 years ago
|
Priority: -- → P3
Whiteboard: [domsecurity-backlog1]
Comment 1•7 years ago
|
||
Might be worth filing this in the wpt repo so maybe someone other than us will do it... ;)
Reporter | ||
Comment 2•7 years ago
|
||
(In reply to Boris Zbarsky [:bz] (no decent commit message means r-) from comment #1)
> Might be worth filing this in the wpt repo so maybe someone other than us
> will do it... ;)
indeed :-)
Component: DOM: Security → web-platform-tests
Product: Core → Testing
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•