Closed Bug 1610634 Opened 5 years ago Closed 5 years ago

[wpt-sync] Sync PR 21321 - Remove instances of 'whitelist' in content-security-policy/

Categories

(Core :: DOM: Security, task, P4)

Product:
Core
Component:
DOM: Security
Type:
task

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla77
Tracking Flags:
Tracking Status
firefox77 --- fixed

People

(Reporter: wpt-sync, Unassigned)

References

(
URL
)

Details

(Whiteboard: [wptsync downstream][domsecurity-backlog])

Sync web-platform-tests PR 21321 into mozilla-central (this bug is closed when the sync is complete).

PR: https://github.com/web-platform-tests/wpt/pull/21321
Details from upstream follow.

Stephen McGruer <smcgruer@chromium.org> wrote:

Remove instances of 'whitelist' in content-security-policy/

As per https://whatwg.org/style-guide

Component: web-platform-tests → DOM: Security
Product: Testing → Core
Whiteboard: [wptsync downstream] → [wptsync downstream][domsecurity-backlog]
Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → INVALID
Status: RESOLVED → REOPENED
Resolution: INVALID → ---
Status: REOPENED → RESOLVED
Closed: 5 years ago5 years ago
Resolution: --- → INVALID
Status: RESOLVED → REOPENED
Resolution: INVALID → ---
Try push failed: decision task PwZ9iACFR6aSv-mWz3IaUw returned error
Try push failed: decision task PwZ9iACFR6aSv-mWz3IaUw returned error
Try push failed: decision task PwZ9iACFR6aSv-mWz3IaUw returned error

CI Results

Ran 13 Firefox configurations based on mozilla-central, and Firefox, Chrome, and Safari on GitHub CI

Total 79 tests

Status Summary

Firefox

OK : 11
PASS : 28[GitHub] 95[Gecko-android-em-7.0-x86_64-debug-geckoview, Gecko-android-em-7.0-x86_64-opt-geckoview, Gecko-linux1804-64-asan-opt, Gecko-linux1804-64-debug, Gecko-linux1804-64-opt, Gecko-linux1804-64-qr-debug, Gecko-linux1804-64-qr-opt, Gecko-windows10-64-debug, Gecko-windows10-64-opt, Gecko-windows10-64-qr-debug, Gecko-windows10-64-qr-opt, Gecko-windows7-32-debug, Gecko-windows7-32-opt]
FAIL : 11
TIMEOUT: 2

Chrome

OK : 10
PASS : 38
FAIL : 1
TIMEOUT: 2
ERROR : 1

Safari

OK : 9
PASS : 21
FAIL : 14
TIMEOUT: 7
NOTRUN : 1

Links

Gecko CI (Treeherder)
GitHub PR Head
GitHub PR Base

Details

New Tests That Don't Pass

/content-security-policy/script-src/script-src-strict_dynamic_discard_source_expressions.html
Allowed scripts without a correct nonce are not permitted with strict-dynamic.: FAIL (Chrome: PASS, Safari: FAIL)
/content-security-policy/style-src/stylenonce-allowed.sub.html
Should fire securitypolicyviolation: FAIL (Chrome: PASS, Safari: NOTRUN)
/content-security-policy/script-src/script-src-sri_hash.sub.html
matching plus unsupported integrity: FAIL (Chrome: PASS, Safari: FAIL)
External script in a script tag with matching SRI hash should run.: FAIL (Chrome: PASS, Safari: FAIL)
matching integrity: FAIL (Chrome: PASS, Safari: FAIL)
multiple matching integrity: FAIL (Chrome: PASS, Safari: FAIL)
/content-security-policy/embedded-enforcement/subsumption_algorithm-unsafe_inline.html
Effective returned csp allows 'unsafe-inline': FAIL (Chrome: PASS, Safari: FAIL)
Required csp does not allow unsafe-inline, but retuned csp does.: FAIL (Chrome: PASS, Safari: FAIL)
Required csp allows strict-dynamic, but retuned csp does.: FAIL (Chrome: PASS, Safari: FAIL)
Returned csp allows a nonce.: FAIL (Chrome: PASS, Safari: FAIL)
Returned csp allows a hash.: FAIL (Chrome: PASS, Safari: FAIL)
/content-security-policy/script-src/script-src-strict_dynamic_double_policy_honor_source_expressions.html: TIMEOUT (Chrome: TIMEOUT, Safari: TIMEOUT)
Non-allowed script injected via appendChild is not permitted with strict-dynamic + a nonce+allowed double policy.: TIMEOUT (Chrome: TIMEOUT, Safari: TIMEOUT)

Pushed by wptsync@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/31660eba618e [wpt PR 21321] - Remove instances of 'whitelist' in content-security-policy/, a=testonly https://hg.mozilla.org/integration/autoland/rev/c810b8fdfc11 [wpt PR 21321] - Update wpt metadata, a=testonly
Pushed by archaeopteryx@coole-files.de: https://hg.mozilla.org/integration/autoland/rev/acd05c459589 [wpt PR 21321] - Remove instances of 'whitelist' in content-security-policy/, a=testonly https://hg.mozilla.org/integration/autoland/rev/98fde366f022 [wpt PR 21321] - Update wpt metadata, a=testonly

https://hg.mozilla.org/mozilla-central/rev/acd05c459589
https://hg.mozilla.org/mozilla-central/rev/98fde366f022

Status: REOPENED → RESOLVED
Closed: 5 years ago5 years ago
status-firefox77: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla77
You need to log in before you can comment on or make changes to this bug.