Closed
Bug 1501179
Opened 6 years ago
Closed 6 years ago
[wpt-sync] Sync PR 13671 - Cross origin workers should fail to fetch
Categories
(Core :: DOM: Workers, enhancement, P4)
Core
DOM: Workers
Tracking
()
RESOLVED
FIXED
mozilla65
Tracking | Status | |
---|---|---|
firefox65 | --- | fixed |
People
(Reporter: mozilla.org, Unassigned)
References
()
Details
(Whiteboard: [wptsync downstream])
Sync web-platform-tests PR 13671 into mozilla-central (this bug is closed when the sync is complete). PR: https://github.com/web-platform-tests/wpt/pull/13671 Details from upstream follow. Dominic Farolino <domfarolino@gmail.com> wrote: > Cross origin workers should fail to fetch > > /cc @domenic @bzbarsky @nhiroki > > Tackle low-hanging fruit in https://github.com/web-platform-tests/wpt/issues/13426. > > Prior to this PR, testing that cross-origin workers fail was pretty [grim](https://wpt.fyi/results/workers/Worker_cross_origin_security_err.htm?aligned&label=stable), in that the test basically broke for everyone but Firefox, who seems to be the only conforming implementation here. > > It is true that cross-origin workers fail to fetch in all or most implementations, but it seems that every failure is some synchronous security error, as opposed to letting the Fetch naturally result in a failure, and going through the normal means of firing ["an event named error"](https://html.spec.whatwg.org/multipage/workers.html#worker-processing-model:event-error). > > This PR fixes the test for non-Firefox-like impls, and extends it to include module workers. I guess I should follow-up with vendors though, to see if they'd be willing to remove their immediate-erroring behavior in favor of letting Fetch naturally fail the request. Is it possible that vendors see cross-origin workers as a big enough security concern such that it's too big a risk to Fetch the doomed request, lest it somehow slip through the cracks and got sent? I just think its odd that a lot of impls are immediately failing cross-origin worker construction, when the spec does never mentions this. Here's where we do it [in Chrome](https://cs.chromium.org/chromium/src/third_party/blink/renderer/core/workers/abstract_worker.cc?sq=package:chromium&g=0&l=52).
Assignee | ||
Updated•6 years ago
|
Component: web-platform-tests → DOM: Workers
Product: Testing → Core
Assignee | ||
Comment 1•6 years ago
|
||
Pushed to try https://treeherder.mozilla.org/#/jobs?repo=try&revision=4515dedcbd9632f991a4ee950511e29007f26c0f
Assignee | ||
Comment 2•6 years ago
|
||
Pushed to try https://treeherder.mozilla.org/#/jobs?repo=try&revision=e0dcf2b3f7f730fdc4a0243041ea328e2e16af6c
Assignee | ||
Comment 3•6 years ago
|
||
Ran 1 tests and 2 subtests OK : 1 PASS : 2
Assignee | ||
Comment 4•6 years ago
|
||
Pushed to try (stability) https://treeherder.mozilla.org/#/jobs?repo=try&revision=d0a9556c419104227290a05449a5119799978e23
Pushed by wptsync@mozilla.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/34d6dcb56a91 [wpt PR 13671] - Cross origin workers should fail to fetch, a=testonly
Comment 6•6 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/34d6dcb56a91
Status: NEW → RESOLVED
Closed: 6 years ago
status-firefox65:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla65
You need to log in
before you can comment on or make changes to this bug.
Description
•