Closed Bug 1632860 Opened 4 months ago Closed 3 months ago

[wpt-sync] Sync PR 23230 - Fix report-to CSP directive to only allow one endpoint

Categories

(Core :: DOM: Security, task, P4)

task

Tracking

()

RESOLVED FIXED
mozilla77
Tracking Status
firefox77 --- fixed

People

(Reporter: mozilla.org, Unassigned)

References

()

Details

(Whiteboard: [wptsync downstream][domsecurity-backlog])

Sync web-platform-tests PR 23230 into mozilla-central (this bug is closed when the sync is complete).

PR: https://github.com/web-platform-tests/wpt/pull/23230
Details from upstream follow.

Antonio Sartori <antoniosartori@chromium.org> wrote:

Fix report-to CSP directive to only allow one endpoint

According to https://w3c.github.io/webappsec-csp/#directive-report-to,
the Content-Security-Policy directive "report-to" should only accept one
token (endpint). However, our previous implementation allowed several
endpoints to be specified.

Bug: 916265
Change-Id: Ie11ee736f577d015921a5291824dcedcbc790177
Fixed: 916265
Reviewed-on: https://chromium-review.googlesource.com/2162826
WPT-Export-Revision: bb58828674f6b7be23b80fe4f09c76cc54d8ae52

Component: web-platform-tests → DOM: Security
Product: Testing → Core
Whiteboard: [wptsync downstream] → [wptsync downstream][domsecurity-backlog]
Whiteboard: [wptsync downstream][domsecurity-backlog] → [wptsync downstream]
Whiteboard: [wptsync downstream] → [wptsync downstream][domsecurity-backlog]

CI Results

Ran 13 Firefox configurations based on mozilla-central, and Firefox, Chrome, and Safari on GitHub CI

Total 70 tests

Status Summary

Firefox

OK : 3
PASS : 9[GitHub] 76[Gecko-android-em-7.0-x86_64-debug-geckoview, Gecko-android-em-7.0-x86_64-opt-geckoview, Gecko-linux1804-64-asan-opt, Gecko-linux1804-64-debug, Gecko-linux1804-64-opt, Gecko-linux1804-64-qr-debug, Gecko-linux1804-64-qr-opt, Gecko-windows10-64-debug, Gecko-windows10-64-opt, Gecko-windows10-64-qr-debug, Gecko-windows10-64-qr-opt, Gecko-windows7-32-debug, Gecko-windows7-32-opt]

Chrome

OK : 3
PASS : 9

Safari

PASS : 6
TIMEOUT: 6

Links

Gecko CI (Treeherder)
GitHub PR Head
GitHub PR Base

Pushed by wptsync@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/536c22746d91
[wpt PR 23230] - Fix report-to CSP directive to only allow one endpoint, a=testonly
Pushed by archaeopteryx@coole-files.de:
https://hg.mozilla.org/integration/autoland/rev/4eb3222d24ca
[wpt PR 23230] - Fix report-to CSP directive to only allow one endpoint, a=testonly
Status: NEW → RESOLVED
Closed: 3 months ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla77
You need to log in before you can comment on or make changes to this bug.