Open Bug 1639490 Opened 4 years ago Updated 3 years ago

2 /content-security-policy/generic/ tests are expected TIMEOUT

Categories

(Core :: DOM: Security, defect, P3)

Product:
Core
Component:
DOM: Security
Type:
defect

Tracking

()

People

(Reporter: jmaher, Unassigned)

References

Details

(Whiteboard: [domsecurity-backlog1])

these 2 tests are expected timeout and should be fixed or run less frequently:
/content-security-policy/generic/filesystem-urls-do-not-match-self.sub.html
/content-security-policy/generic/policy-inherited-correctly-by-plznavigate.html

/content-security-policy/generic/filesystem-urls-do-not-match-self.sub.html is just a harness timeout with no tests run.

/content-security-policy/generic/policy-inherited-correctly-by-plznavigate.html runs subtests and times out. I see this in the devtools console:
Content Security Policy: The page’s settings blocked the loading of a resource at http://web-platform.test:8000/content-security-policy/support/fail.html (“frame-src”)

:ckerschb here are a couple other csp tests that are timeout. I have 18 in total (16 more), so stay tuned. If you have advice or questions on these specific tests, please share.

Flags: needinfo?(ckerschb)

(In reply to Joel Maher ( :jmaher ) (UTC-4) from comment #0)

these 2 tests are expected timeout and should be fixed or run less frequently:
/content-security-policy/generic/filesystem-urls-do-not-match-self.sub.html

This one relies on script-src-elem which we do not support and don't plan to support in the near future - backlog seems fine.

/content-security-policy/generic/policy-inherited-correctly-by-plznavigate.html

It seems to me like some problem with message passing when doc.writing an iframe. However CSP is blocking the iframe correctly because I see PASS Violation report status OK.. Not sure if there is a way to eliminate the timeout but still allow the first part of the test to run. Is there?

Severity: -- → S3
Flags: needinfo?(ckerschb)
Priority: -- → P3
Whiteboard: [domsecurity-backlog1]

:jgraham, could you help answer the last question in comment 2 ?

Flags: needinfo?(james)

The rest of the test does run. The problem is just that without getting the securitypolicyviolation event we can't pass the part of the test that's specifically looking for that event, and as is typical we end up timing out in a test for "does this event fire" when it doesn't. Assuming this is somehow related to document.write I'm going to redirect to smaug in case he has any insight.

Flags: needinfo?(james) → needinfo?(bugs)

cancelling long overdue needinfo

Flags: needinfo?(bugs)
You need to log in before you can comment on or make changes to this bug.