Closed Bug 1639499 Opened 5 years ago Closed 5 years ago

2 /content-security-policy/inside-worker/ tests are expected TIMEOUT

Categories

(Core :: DOM: Security, defect, P3)

Product:
Core
Component:
DOM: Security
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla79
Tracking Flags:
Tracking Status
firefox79 --- fixed

People

(Reporter: jmaher, Assigned: jmaher)

References

Details

(Whiteboard: [domsecurity-backlog1])

Attachments

(1 file)

Bug 1639499 - move csp and workers to backlog (tier-2). r=ckerschb
47 bytes, text/x-phabricator-request
Details | Review

these 2 tests are marked expected timeout:
/content-security-policy/inside-worker/dedicated-inheritance.html
/content-security-policy/inside-worker/dedicated-script.html

running locally I see /content-security-policy/inside-worker/dedicated-inheritance.html:
Same-origin XHR in http:?pipe=sub|header(Content-Security-Policy,connect-src%20%27none%27)

and for /content-security-policy/inside-worker/dedicated-script.html:
assert_throws_dom: importScripts should throw NetworkError function "_ => importScripts("http://www.web-platform.test:8001/content-security-policy/support/var-a.js")" did not throw

:ckerschb, can you help triage this?

Flags: needinfo?(ckerschb)

Mhm, nothing obvious and it seems we are passing the majority of subtests but are failing those two. Baku, you have a better understanding of workers. Anything obvious?

Severity: -- → S3
Flags: needinfo?(ckerschb) → needinfo?(amarchesini)
Priority: -- → P3
Whiteboard: [domsecurity-backlog1]

(In reply to Christoph Kerschbaumer [:ckerschb] from comment #1)

Mhm, nothing obvious and it seems we are passing the majority of subtests but are failing those two. Baku, you have a better understanding of workers. Anything obvious?

The timeout happens because of these 2 lines:
https://searchfox.org/mozilla-central/rev/bc3600def806859c31b2c7ac06e3d69271052a89/testing/web-platform/tests/content-security-policy/inside-worker/dedicated-script.html#9,11

Using the headers Content-Security-Policy,script-src 'none' and Content-Security-Policy,default-src 'none', we do not allow the importScripts here:
https://searchfox.org/mozilla-central/rev/bc3600def806859c31b2c7ac06e3d69271052a89/testing/web-platform/tests/content-security-policy/inside-worker/support/script-src-self.sub.js#1

About the other failures, it seems that we treat CSP incorrectly in workers. Christoph, do you confirm this is a p3 bug?

Flags: needinfo?(amarchesini) → needinfo?(ckerschb)

(In reply to Andrea Marchesini [:baku] from comment #2)

About the other failures, it seems that we treat CSP incorrectly in workers. Christoph, do you confirm this is a p3 bug?

Yes, I think it's fine to leave that as a P3 - workers and CSP is a thing on it's own and we have more pressing issues to fix.

However, I think it's fine to disable the two tests:
/content-security-policy/inside-worker/dedicated-inheritance.html
/content-security-policy/inside-worker/dedicated-script.html

Jmaher, are you willing to do that? I am happy to review.

Flags: needinfo?(ckerschb) → needinfo?(jmaher)

I should have a patch up today

Flags: needinfo?(jmaher)

move csp for workers to backlog (tier-2) and fix a side effect in other tests

Assignee: nobody → jmaher
Status: NEW → ASSIGNED
Pushed by jmaher@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/003f7643ff81 move csp and workers to backlog (tier-2). r=ckerschb

https://hg.mozilla.org/mozilla-central/rev/003f7643ff81

Status: ASSIGNED → RESOLVED
Closed: 5 years ago
status-firefox79: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla79
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: