Closed Bug 1631842 Opened 4 months ago Closed 3 months ago

[wpt-sync] Sync PR 23144 - Forward CSP, even for the initial empty document.

Categories

(Core :: DOM: Security, task, P4)

Product:
Core
Component:
DOM: Security
Type:
task

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla77
Tracking Flags:
Tracking Status
firefox77 --- fixed

People

(Reporter: mozilla.org, Unassigned)

References

(
URL
)

Details

(Whiteboard: [wptsync downstream][domsecurity-backlog])

Sync web-platform-tests PR 23144 into mozilla-central (this bug is closed when the sync is complete).

PR: https://github.com/web-platform-tests/wpt/pull/23144
Details from upstream follow.

arthursonzogni <arthursonzogni@chromium.org> wrote:

Forward CSP, even for the initial empty document.

Bug 1064676 has been fixed by:
https://chromium-review.googlesource.com/c/chromium/src/+/2111170
And tested by:
https://chromium-review.googlesource.com/c/chromium/src/+/2144012

The bug was fixed for every CSP checked in the renderer process. However
there are still one issue for the one checked in the browser process.

This patch:

  1. Fix the bug by sending the CSP of the initial empty document.
  2. Add a regression test (WPT).

This patch can potentially also fix:

Bug: 1064676, 1072719, 955350
Change-Id: Ie5325035c74d9e2476d6c80af3e5d5c9068ea928

Reviewed-on: https://chromium-review.googlesource.com/2159242
WPT-Export-Revision: 4248ee31b3c3258c54fcf64af073b77c3b625927

Component: web-platform-tests → DOM: Security
Product: Testing → Core
Whiteboard: [wptsync downstream] → [wptsync downstream][domsecurity-backlog]

CI Results

Ran 13 Firefox configurations based on mozilla-central, and Firefox, Chrome, and Safari on GitHub CI

Total 68 tests

Status Summary

Firefox

PASS : 67
TIMEOUT: 2

Chrome

TIMEOUT: 2

Safari

TIMEOUT: 2

Links

Gecko CI (Treeherder)
GitHub PR Head
GitHub PR Base

Details

New Tests That Don't Pass

/content-security-policy/inheritance/frame-src-javascript-url.html: TIMEOUT (Chrome: TIMEOUT, Safari: TIMEOUT)
<iframe src='javascript:...'>'s inherits policy (dynamically inserted <iframe> is blocked): TIMEOUT (Chrome: TIMEOUT, Safari: TIMEOUT)

Pushed by wptsync@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/458ce658d824
[wpt PR 23144] - Forward CSP, even for the initial empty document., a=testonly
https://hg.mozilla.org/integration/autoland/rev/ed6e6a032a82
[wpt PR 23144] - Update wpt metadata, a=testonly
Pushed by archaeopteryx@coole-files.de:
https://hg.mozilla.org/integration/autoland/rev/1ec9b02985ce
[wpt PR 23144] - Forward CSP, even for the initial empty document., a=testonly
https://hg.mozilla.org/integration/autoland/rev/117465eac2d7
[wpt PR 23144] - Update wpt metadata, a=testonly

https://hg.mozilla.org/mozilla-central/rev/1ec9b02985ce
https://hg.mozilla.org/mozilla-central/rev/117465eac2d7

Status: NEW → RESOLVED
Closed: 3 months ago
status-firefox77: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla77
You need to log in before you can comment on or make changes to this bug.