1619692 - [wpt-sync] Sync PR 22066 - Enforce mime-type check when loading Origin Policy manifest.

Status: RESOLVED FIXED

(Testing :: web-platform-tests, task, P4)

Description

[Web Platform Test Sync Bot (Matrix: #interop:mozilla.org)]

Sync web-platform-tests PR 22066 into mozilla-central (this bug is closed when the sync is complete).

PR: https://github.com/web-platform-tests/wpt/pull/22066
Details from upstream follow.

W. James MacLean <wjmaclean@chromium.org> wrote:

Enforce mime-type check when loading Origin Policy manifest.

This CL modifies OriginPolicyFetcher to enforce that Origin Policy
manifests load with the mimetype

application/originpolicy+json

If an incorrect mime type is received, loading is aborted, and
the OriginPolicy object is returned with an empty policy and
status kNoPolicyApplies.

The test includes a valid CSP which, if applied, would lead the test
to fail as eval() would not succeed. If the manifest is rejected due
to its incorrect mimetype, then the test passes.

Bug: 1051169
Change-Id: I59e5bde20c8a21a4fae8dbc3c6f58f34cb292195

Reviewed-on: https://chromium-review.googlesource.com/2080696
WPT-Export-Revision: 3cf460095b833cf41fc3c7780ab6c3de093ccdeb

Comment 1

[Web Platform Test Sync Bot (Matrix: #interop:mozilla.org)]

PR 22066 applied with additional changes from upstream: 496499a3188a8da571cbe59e182d555c2a6b8d69

Comment 2

[Web Platform Test Sync Bot (Matrix: #interop:mozilla.org)]

Pushed to try (stability) https://treeherder.mozilla.org/#/jobs?repo=try&revision=8eb7cf6a6c247bcee276c5cff6427911fc04e5a4

Comment 3

[Pulsebot]

Pushed by wptsync@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/22cdeeabc792
[wpt PR 22066] - Enforce mime-type check when loading Origin Policy manifest., a=testonly
https://hg.mozilla.org/integration/autoland/rev/191dc5aeda7d
[wpt PR 22066] - Update wpt metadata, a=testonly

Comment 4

[Stefan Hindli [:stefan_hindli]]

https://hg.mozilla.org/mozilla-central/rev/22cdeeabc792
https://hg.mozilla.org/mozilla-central/rev/191dc5aeda7d