[wpt-sync] Sync PR 13864 - Add redirected cases to CSP/import tests in wpt/worklets

RESOLVED FIXED in Firefox 65

Status

()

enhancement
P4
normal
RESOLVED FIXED
10 months ago
5 months ago

People

(Reporter: wptsync, Unassigned)

Tracking

unspecified
mozilla65
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(firefox65 fixed)

Details

(Whiteboard: [wptsync downstream], )

Sync web-platform-tests PR 13864 into mozilla-central (this bug is closed when the sync is complete).

PR: https://github.com/web-platform-tests/wpt/pull/13864
Details from upstream follow.

Hiroshige Hayashizaki <hiroshige@chromium.org> wrote:
>  Add redirected cases to CSP/import tests in wpt/worklets
>  
>  Also this CL replaces some of empty-worklet-script.js usage
>  in CSP tests with empty-worklet-script-with-cors-header.js
>  to make sure worklets are rejected due to CSP, not CORS.
>  
>  Change-Id: Ie463d206254c4c6728a79dae0ad79e4f7e333b92
>  
>  Reviewed-on: https://chromium-review.googlesource.com/1312146
>  WPT-Export-Revision: cb3fcad75dfc93a4656021c4da9271b06f0e2d8f
Component: web-platform-tests → DOM
Product: Testing → Core
Ran 8 tests and 184 subtests
OK     : 8
PASS   : 21
FAIL   : 163

New tests that have failures or other problems:
/worklets/animation-worklet-csp.https.html
    A remote-origin worklet importing a remote-origin script should be blocked by the script-src 'self' directive.: FAIL
    A remote-origin worklet importing a remote-origin script should be blocked by the script-src directive specifying the origin.: FAIL
    A remote-origin worklet importing a remote-origin script should not be blocked because the script-src * directive allows it.: FAIL
    A remote-origin worklet importing a remote-origin script should not be blocked by the worker-src directive because worklets obey the script-src directive.: FAIL
    A remote-origin worklet should be blocked by the script-src 'self' directive.: FAIL
    A remote-origin worklet should be blocked by the script-src directive specifying the origin.: FAIL
    A remote-origin worklet should not be blocked because the script-src * directive allows it.: FAIL
    A remote-origin worklet should not be blocked by the worker-src directive because worklets obey the script-src directive.: FAIL
    A remote-origin-redirected worklet should be blocked by the script-src 'self' directive.: FAIL
    A remote-origin-redirected worklet should be blocked by the script-src directive specifying the origin.: FAIL
    A remote-origin-redirected worklet should not be blocked because the script-src * directive allows it.: FAIL
    A remote-origin-redirected worklet should not be blocked by the worker-src directive because worklets obey the script-src directive.: FAIL
    A same-origin worklet importing a remote-origin script should be blocked by the script-src 'self' directive.: FAIL
    A same-origin worklet importing a remote-origin script should be blocked by the script-src directive specifying the origin.: FAIL
    A same-origin worklet importing a remote-origin script should not be blocked because the script-src * directive allows it.: FAIL
    A same-origin worklet importing a remote-origin script should not be blocked by the worker-src directive because worklets obey the script-src directive.: FAIL
    A same-origin worklet importing a remote-origin-redirected script should be blocked by the script-src 'self' directive.: FAIL
    A same-origin worklet importing a remote-origin-redirected script should be blocked by the script-src directive specifying the origin.: FAIL
    A same-origin worklet importing a remote-origin-redirected script should not be blocked because the script-src * directive allows it.: FAIL
    A same-origin worklet importing a remote-origin-redirected script should not be blocked by the worker-src directive because worklets obey the script-src directive.: FAIL
    A same-origin worklet importing an insecure-origin script should be blocked because of mixed contents.: FAIL
    A same-origin worklet importing an insecure-origin script should not be blocked because of upgrade-insecure-requests.: FAIL
    A same-origin worklet importing an insecure-origin-redirected script should be blocked because of mixed contents.: FAIL
    A same-origin worklet importing an insecure-origin-redirected script should not be blocked because of upgrade-insecure-requests.: FAIL
    An insecure-origin worklet should be blocked because of mixed contents.: FAIL
    An insecure-origin worklet should not be blocked because of upgrade-insecure-requests.: FAIL
    An insecure-origin-redirected worklet should be blocked because of mixed contents.: FAIL
    An insecure-origin-redirected worklet should not be blocked because of upgrade-insecure-requests.: FAIL
/worklets/animation-worklet-import.https.html
    Importing a cross-origin-redirected resource with the Access-Control-Allow-Origin header should resolve the given promise: FAIL
    Importing a cross-origin-redirected resource without the Access-Control-Allow-Origin header should reject the given promise: FAIL
/worklets/audio-worklet-csp.https.html
    A remote-origin worklet importing a remote-origin script should be blocked by the script-src directive specifying the origin.: FAIL
    A remote-origin worklet importing a remote-origin script should not be blocked because the script-src * directive allows it.: FAIL
    A remote-origin worklet importing a remote-origin script should not be blocked by the worker-src directive because worklets obey the script-src directive.: FAIL
    A remote-origin worklet should be blocked by the script-src 'self' directive.: FAIL
    A remote-origin-redirected worklet should be blocked by the script-src 'self' directive.: FAIL
    A same-origin worklet importing a remote-origin script should be blocked by the script-src directive specifying the origin.: FAIL
    A same-origin worklet importing a remote-origin script should not be blocked because the script-src * directive allows it.: FAIL
    A same-origin worklet importing a remote-origin script should not be blocked by the worker-src directive because worklets obey the script-src directive.: FAIL
    A same-origin worklet importing a remote-origin-redirected script should be blocked by the script-src directive specifying the origin.: FAIL
    A same-origin worklet importing a remote-origin-redirected script should not be blocked because the script-src * directive allows it.: FAIL
    A same-origin worklet importing a remote-origin-redirected script should not be blocked by the worker-src directive because worklets obey the script-src directive.: FAIL
    A same-origin worklet importing an insecure-origin script should not be blocked because of upgrade-insecure-requests.: FAIL
    A same-origin worklet importing an insecure-origin-redirected script should not be blocked because of upgrade-insecure-requests.: FAIL
/worklets/audio-worklet-import.https.html
    Importing a cross-origin-redirected resource without the Access-Control-Allow-Origin header should reject the given promise: FAIL
/worklets/layout-worklet-csp.https.html
    A remote-origin worklet importing a remote-origin script should be blocked by the script-src 'self' directive.: FAIL
    A remote-origin worklet importing a remote-origin script should be blocked by the script-src directive specifying the origin.: FAIL
    A remote-origin worklet importing a remote-origin script should not be blocked because the script-src * directive allows it.: FAIL
    A remote-origin worklet importing a remote-origin script should not be blocked by the worker-src directive because worklets obey the script-src directive.: FAIL
    A remote-origin worklet should be blocked by the script-src 'self' directive.: FAIL
    A remote-origin worklet should be blocked by the script-src directive specifying the origin.: FAIL
    A remote-origin worklet should not be blocked because the script-src * directive allows it.: FAIL
    A remote-origin worklet should not be blocked by the worker-src directive because worklets obey the script-src directive.: FAIL
    A remote-origin-redirected worklet should be blocked by the script-src 'self' directive.: FAIL
    A remote-origin-redirected worklet should be blocked by the script-src directive specifying the origin.: FAIL
    A remote-origin-redirected worklet should not be blocked because the script-src * directive allows it.: FAIL
    A remote-origin-redirected worklet should not be blocked by the worker-src directive because worklets obey the script-src directive.: FAIL
    A same-origin worklet importing a remote-origin script should be blocked by the script-src 'self' directive.: FAIL
    A same-origin worklet importing a remote-origin script should be blocked by the script-src directive specifying the origin.: FAIL
    A same-origin worklet importing a remote-origin script should not be blocked because the script-src * directive allows it.: FAIL
    A same-origin worklet importing a remote-origin script should not be blocked by the worker-src directive because worklets obey the script-src directive.: FAIL
    A same-origin worklet importing a remote-origin-redirected script should be blocked by the script-src 'self' directive.: FAIL
    A same-origin worklet importing a remote-origin-redirected script should be blocked by the script-src directive specifying the origin.: FAIL
    A same-origin worklet importing a remote-origin-redirected script should not be blocked because the script-src * directive allows it.: FAIL
    A same-origin worklet importing a remote-origin-redirected script should not be blocked by the worker-src directive because worklets obey the script-src directive.: FAIL
    A same-origin worklet importing an insecure-origin script should be blocked because of mixed contents.: FAIL
    A same-origin worklet importing an insecure-origin script should not be blocked because of upgrade-insecure-requests.: FAIL
    A same-origin worklet importing an insecure-origin-redirected script should be blocked because of mixed contents.: FAIL
    A same-origin worklet importing an insecure-origin-redirected script should not be blocked because of upgrade-insecure-requests.: FAIL
    An insecure-origin worklet should be blocked because of mixed contents.: FAIL
    An insecure-origin worklet should not be blocked because of upgrade-insecure-requests.: FAIL
    An insecure-origin-redirected worklet should be blocked because of mixed contents.: FAIL
    An insecure-origin-redirected worklet should not be blocked because of upgrade-insecure-requests.: FAIL
/worklets/layout-worklet-import.https.html
    Importing a cross-origin-redirected resource with the Access-Control-Allow-Origin header should resolve the given promise: FAIL
    Importing a cross-origin-redirected resource without the Access-Control-Allow-Origin header should reject the given promise: FAIL
/worklets/paint-worklet-csp.https.html
    A remote-origin worklet importing a remote-origin script should be blocked by the script-src 'self' directive.: FAIL
    A remote-origin worklet importing a remote-origin script should be blocked by the script-src directive specifying the origin.: FAIL
    A remote-origin worklet importing a remote-origin script should not be blocked because the script-src * directive allows it.: FAIL
    A remote-origin worklet importing a remote-origin script should not be blocked by the worker-src directive because worklets obey the script-src directive.: FAIL
    A remote-origin worklet should be blocked by the script-src 'self' directive.: FAIL
    A remote-origin worklet should be blocked by the script-src directive specifying the origin.: FAIL
    A remote-origin worklet should not be blocked because the script-src * directive allows it.: FAIL
    A remote-origin worklet should not be blocked by the worker-src directive because worklets obey the script-src directive.: FAIL
    A remote-origin-redirected worklet should be blocked by the script-src 'self' directive.: FAIL
    A remote-origin-redirected worklet should be blocked by the script-src directive specifying the origin.: FAIL
    A remote-origin-redirected worklet should not be blocked because the script-src * directive allows it.: FAIL
    A remote-origin-redirected worklet should not be blocked by the worker-src directive because worklets obey the script-src directive.: FAIL
    A same-origin worklet importing a remote-origin script should be blocked by the script-src 'self' directive.: FAIL
    A same-origin worklet importing a remote-origin script should be blocked by the script-src directive specifying the origin.: FAIL
    A same-origin worklet importing a remote-origin script should not be blocked because the script-src * directive allows it.: FAIL
    A same-origin worklet importing a remote-origin script should not be blocked by the worker-src directive because worklets obey the script-src directive.: FAIL
    A same-origin worklet importing a remote-origin-redirected script should be blocked by the script-src 'self' directive.: FAIL
    A same-origin worklet importing a remote-origin-redirected script should be blocked by the script-src directive specifying the origin.: FAIL
    A same-origin worklet importing a remote-origin-redirected script should not be blocked because the script-src * directive allows it.: FAIL
    A same-origin worklet importing a remote-origin-redirected script should not be blocked by the worker-src directive because worklets obey the script-src directive.: FAIL
    A same-origin worklet importing an insecure-origin script should be blocked because of mixed contents.: FAIL
    A same-origin worklet importing an insecure-origin script should not be blocked because of upgrade-insecure-requests.: FAIL
    A same-origin worklet importing an insecure-origin-redirected script should be blocked because of mixed contents.: FAIL
    A same-origin worklet importing an insecure-origin-redirected script should not be blocked because of upgrade-insecure-requests.: FAIL
    An insecure-origin worklet should be blocked because of mixed contents.: FAIL
    An insecure-origin worklet should not be blocked because of upgrade-insecure-requests.: FAIL
    An insecure-origin-redirected worklet should be blocked because of mixed contents.: FAIL
    An insecure-origin-redirected worklet should not be blocked because of upgrade-insecure-requests.: FAIL
/worklets/paint-worklet-import.https.html
    Importing a cross-origin-redirected resource with the Access-Control-Allow-Origin header should resolve the given promise: FAIL
    Importing a cross-origin-redirected resource without the Access-Control-Allow-Origin header should reject the given promise: FAIL
Pushed by wptsync@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/37be95c946fa
[wpt PR 13864] - Add redirected cases to CSP/import tests in wpt/worklets, a=testonly
https://hg.mozilla.org/integration/mozilla-inbound/rev/a7f16bb1b02d
[wpt PR 13864] - Update wpt metadata, a=testonly
https://hg.mozilla.org/mozilla-central/rev/37be95c946fa
https://hg.mozilla.org/mozilla-central/rev/a7f16bb1b02d
Status: NEW → RESOLVED
Closed: 9 months ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla65
Depends on: 1508671
Component: DOM → DOM: Core & HTML
You need to log in before you can comment on or make changes to this bug.