[wpt-sync] Sync PR 23230 - Fix report-to CSP directive to only allow one endpoint
Categories
(Core :: DOM: Security, task, P4)
Tracking
()
Tracking | Status | |
---|---|---|
firefox77 | --- | fixed |
People
(Reporter: mozilla.org, Unassigned)
References
()
Details
(Whiteboard: [wptsync downstream][domsecurity-backlog])
Sync web-platform-tests PR 23230 into mozilla-central (this bug is closed when the sync is complete).
PR: https://github.com/web-platform-tests/wpt/pull/23230
Details from upstream follow.
Antonio Sartori <antoniosartori@chromium.org> wrote:
Fix report-to CSP directive to only allow one endpoint
According to https://w3c.github.io/webappsec-csp/#directive-report-to,
the Content-Security-Policy directive "report-to" should only accept one
token (endpint). However, our previous implementation allowed several
endpoints to be specified.Bug: 916265
Change-Id: Ie11ee736f577d015921a5291824dcedcbc790177
Fixed: 916265
Reviewed-on: https://chromium-review.googlesource.com/2162826
WPT-Export-Revision: bb58828674f6b7be23b80fe4f09c76cc54d8ae52
Assignee | ||
Updated•11 months ago
|
Updated•11 months ago
|
Assignee | ||
Updated•11 months ago
|
Assignee | ||
Comment 1•11 months ago
|
||
Pushed to try (stability) https://treeherder.mozilla.org/#/jobs?repo=try&revision=faa9e2a6dadc55e1920454bef6909eb3ffacb8ef
Updated•11 months ago
|
Assignee | ||
Comment 2•10 months ago
|
||
CI Results
Ran 13 Firefox configurations based on mozilla-central, and Firefox, Chrome, and Safari on GitHub CI
Total 70 tests
Status Summary
Firefox
OK : 3
PASS : 9[GitHub] 76[Gecko-android-em-7.0-x86_64-debug-geckoview, Gecko-android-em-7.0-x86_64-opt-geckoview, Gecko-linux1804-64-asan-opt, Gecko-linux1804-64-debug, Gecko-linux1804-64-opt, Gecko-linux1804-64-qr-debug, Gecko-linux1804-64-qr-opt, Gecko-windows10-64-debug, Gecko-windows10-64-opt, Gecko-windows10-64-qr-debug, Gecko-windows10-64-qr-opt, Gecko-windows7-32-debug, Gecko-windows7-32-opt]
Chrome
OK : 3
PASS : 9
Safari
PASS : 6
TIMEOUT: 6
Links
Pushed by wptsync@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/536c22746d91 [wpt PR 23230] - Fix report-to CSP directive to only allow one endpoint, a=testonly
Pushed by archaeopteryx@coole-files.de: https://hg.mozilla.org/integration/autoland/rev/4eb3222d24ca [wpt PR 23230] - Fix report-to CSP directive to only allow one endpoint, a=testonly
Comment 5•10 months ago
|
||
bugherder |
Description
•