Closed Bug 1619692 Opened 5 years ago Closed 5 years ago

[wpt-sync] Sync PR 22066 - Enforce mime-type check when loading Origin Policy manifest.

Categories

(Testing :: web-platform-tests, task, P4)

Product:
Testing
Component:
web-platform-tests
Type:
task

Tracking

(firefox76 fixed)

Status:
RESOLVED FIXED
Milestone:
mozilla76
Tracking Flags:
Tracking Status
firefox76 --- fixed

People

(Reporter: wpt-sync, Unassigned)

References

(
URL
)

Details

(Whiteboard: [wptsync downstream])

Sync web-platform-tests PR 22066 into mozilla-central (this bug is closed when the sync is complete).

PR: https://github.com/web-platform-tests/wpt/pull/22066
Details from upstream follow.

W. James MacLean <wjmaclean@chromium.org> wrote:

Enforce mime-type check when loading Origin Policy manifest.

This CL modifies OriginPolicyFetcher to enforce that Origin Policy
manifests load with the mimetype

application/originpolicy+json

If an incorrect mime type is received, loading is aborted, and
the OriginPolicy object is returned with an empty policy and
status kNoPolicyApplies.

The test includes a valid CSP which, if applied, would lead the test
to fail as eval() would not succeed. If the manifest is rejected due
to its incorrect mimetype, then the test passes.

Bug: 1051169
Change-Id: I59e5bde20c8a21a4fae8dbc3c6f58f34cb292195

Reviewed-on: https://chromium-review.googlesource.com/2080696
WPT-Export-Revision: 3cf460095b833cf41fc3c7780ab6c3de093ccdeb

PR 22066 applied with additional changes from upstream: 496499a3188a8da571cbe59e182d555c2a6b8d69
Pushed by wptsync@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/22cdeeabc792 [wpt PR 22066] - Enforce mime-type check when loading Origin Policy manifest., a=testonly https://hg.mozilla.org/integration/autoland/rev/191dc5aeda7d [wpt PR 22066] - Update wpt metadata, a=testonly

https://hg.mozilla.org/mozilla-central/rev/22cdeeabc792
https://hg.mozilla.org/mozilla-central/rev/191dc5aeda7d

Status: NEW → RESOLVED
Closed: 5 years ago
status-firefox76: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla76
You need to log in before you can comment on or make changes to this bug.