[wpt-sync] Sync PR 23144 - Forward CSP, even for the initial empty document.
Categories
(Core :: DOM: Security, task, P4)
Tracking
()
Tracking | Status | |
---|---|---|
firefox77 | --- | fixed |
People
(Reporter: mozilla.org, Unassigned)
References
()
Details
(Whiteboard: [wptsync downstream][domsecurity-backlog])
Sync web-platform-tests PR 23144 into mozilla-central (this bug is closed when the sync is complete).
PR: https://github.com/web-platform-tests/wpt/pull/23144
Details from upstream follow.
arthursonzogni <arthursonzogni@chromium.org> wrote:
Forward CSP, even for the initial empty document.
Bug 1064676 has been fixed by:
https://chromium-review.googlesource.com/c/chromium/src/+/2111170
And tested by:
https://chromium-review.googlesource.com/c/chromium/src/+/2144012The bug was fixed for every CSP checked in the renderer process. However
there are still one issue for the one checked in the browser process.This patch:
- Fix the bug by sending the CSP of the initial empty document.
- Add a regression test (WPT).
This patch can potentially also fix:
- https://crbug.com/1072719
- https://crbug.com/955350
(I haven't checked. I will do it later after landing this patch)Bug: 1064676, 1072719, 955350
Change-Id: Ie5325035c74d9e2476d6c80af3e5d5c9068ea928Reviewed-on: https://chromium-review.googlesource.com/2159242
WPT-Export-Revision: 4248ee31b3c3258c54fcf64af073b77c3b625927
Assignee | ||
Updated•9 months ago
|
Assignee | ||
Comment 1•9 months ago
|
||
Pushed to try (stability) https://treeherder.mozilla.org/#/jobs?repo=try&revision=b07cc3e37684f59261778f5b353059d4a9905fe9
Updated•9 months ago
|
Assignee | ||
Comment 2•9 months ago
|
||
CI Results
Ran 13 Firefox configurations based on mozilla-central, and Firefox, Chrome, and Safari on GitHub CI
Total 68 tests
Status Summary
Firefox
PASS : 67
TIMEOUT: 2
Chrome
TIMEOUT: 2
Safari
TIMEOUT: 2
Links
Gecko CI (Treeherder)
GitHub PR Head
GitHub PR Base
Details
New Tests That Don't Pass
/content-security-policy/inheritance/frame-src-javascript-url.html: TIMEOUT (Chrome: TIMEOUT, Safari: TIMEOUT)
<iframe src='javascript:...'>'s inherits policy (dynamically inserted <iframe> is blocked): TIMEOUT (Chrome: TIMEOUT, Safari: TIMEOUT)
Pushed by wptsync@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/458ce658d824 [wpt PR 23144] - Forward CSP, even for the initial empty document., a=testonly https://hg.mozilla.org/integration/autoland/rev/ed6e6a032a82 [wpt PR 23144] - Update wpt metadata, a=testonly
Pushed by archaeopteryx@coole-files.de: https://hg.mozilla.org/integration/autoland/rev/1ec9b02985ce [wpt PR 23144] - Forward CSP, even for the initial empty document., a=testonly https://hg.mozilla.org/integration/autoland/rev/117465eac2d7 [wpt PR 23144] - Update wpt metadata, a=testonly
Comment 5•9 months ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/1ec9b02985ce
https://hg.mozilla.org/mozilla-central/rev/117465eac2d7
Description
•