Closed Bug 1657373 Opened 4 years ago Closed 4 years ago

[wpt-sync] Sync PR 24890 - Send CSP frame-ancestors violations also when XFO is present

Categories

(Core :: DOM: Security, task, P4)

Product:
Core
Component:
DOM: Security
Type:
task

Tracking

()

Status:
RESOLVED FIXED
Milestone:
81 Branch
Tracking Flags:
Tracking Status
firefox81 --- fixed

People

(Reporter: mozilla.org, Unassigned)

References

(
URL
)

Details

(Whiteboard: [wptsync downstream][domsecurity-backlog])

Sync web-platform-tests PR 24890 into mozilla-central (this bug is closed when the sync is complete).

PR: https://github.com/web-platform-tests/wpt/pull/24890
Details from upstream follow.

Antonio Sartori <antoniosartori@chromium.org> wrote:

Send CSP frame-ancestors violations also when XFO is present

If a Content-Security-Policy frame-ancestors directive is enforced,
then the X-Frame-Options header is ignored. However, if the
frame-ancestors directive is report-only, the X-Frame-Options header
is checked and the frame possibly blocked. However, in this second
case, we must still check whether we have to send a
Content-Security-Policy violation report.

Bug: 1097078
Change-Id: I9768a3859184ac1d35bd938f45cc40e111e2af4b
Reviewed-on: https://chromium-review.googlesource.com/2339115
WPT-Export-Revision: 2914ce5576c434d94a81b1cc0b23903f22aac390

PR 24890 applied with additional changes from upstream: d6b66d95c91647d0b6228a3857c00bcb1f24862b
Component: web-platform-tests → DOM: Security
Product: Testing → Core

CI Results

Ran 12 Firefox configurations based on mozilla-central, and Firefox, Chrome, and Safari on GitHub CI

Total 2 tests and 1 subtests

Status Summary

Firefox

OK : 2
PASS: 2
FAIL: 2

Chrome

OK : 2
PASS: 1
FAIL: 1

Safari

OK : 2
PASS: 1
FAIL: 1

Links

Gecko CI (Treeherder)
GitHub PR Head
GitHub PR Base

Details

Firefox-only Failures

/content-security-policy/reporting/report-frame-ancestors.sub.html
Violation report status OK.: FAIL [Gecko-linux1804-64-debug, Gecko-linux1804-64-opt, Gecko-linux1804-64-qr-debug, Gecko-linux1804-64-qr-opt, GitHub], PASS [Gecko-android-em-7.0-x86_64-debug-geckoview, Gecko-android-em-7.0-x86_64-opt-geckoview, Gecko-windows10-64-debug, Gecko-windows10-64-opt, Gecko-windows10-64-qr-debug, Gecko-windows10-64-qr-opt, Gecko-windows7-32-debug, Gecko-windows7-32-opt]

New Tests That Don't Pass

/content-security-policy/reporting/report-frame-ancestors.sub.html
Violation report status OK.: FAIL [Gecko-linux1804-64-debug, Gecko-linux1804-64-opt, Gecko-linux1804-64-qr-debug, Gecko-linux1804-64-qr-opt, GitHub], PASS [Gecko-android-em-7.0-x86_64-debug-geckoview, Gecko-android-em-7.0-x86_64-opt-geckoview, Gecko-windows10-64-debug, Gecko-windows10-64-opt, Gecko-windows10-64-qr-debug, Gecko-windows10-64-qr-opt, Gecko-windows7-32-debug, Gecko-windows7-32-opt] (Chrome: PASS, Safari: PASS)
/content-security-policy/reporting/report-frame-ancestors-with-x-frame-options.sub.html
Violation report status OK.: FAIL [Gecko-linux1804-64-debug, Gecko-linux1804-64-opt, Gecko-linux1804-64-qr-debug, Gecko-linux1804-64-qr-opt, GitHub], PASS [Gecko-android-em-7.0-x86_64-debug-geckoview, Gecko-android-em-7.0-x86_64-opt-geckoview, Gecko-windows10-64-debug, Gecko-windows10-64-opt, Gecko-windows10-64-qr-debug, Gecko-windows10-64-qr-opt, Gecko-windows7-32-debug, Gecko-windows7-32-opt] (Chrome: FAIL, Safari: FAIL)

Whiteboard: [wptsync downstream] → [wptsync downstream][domsecurity-backlog]
Pushed by wptsync@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/d9cec0d65dbc
[wpt PR 24890] - Send CSP frame-ancestors violations also when XFO is present, a=testonly
https://hg.mozilla.org/integration/autoland/rev/060e32270673
[wpt PR 24890] - Update wpt metadata, a=testonly
Pushed by wptsync@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/89eb20d278cf
[wpt PR 24890] - Send CSP frame-ancestors violations also when XFO is present, a=testonly
https://hg.mozilla.org/integration/autoland/rev/c6c8127e291c
[wpt PR 24890] - Update wpt metadata, a=testonly

https://hg.mozilla.org/mozilla-central/rev/89eb20d278cf
https://hg.mozilla.org/mozilla-central/rev/c6c8127e291c

Status: NEW → RESOLVED
Closed: 4 years ago
status-firefox81: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 81 Branch
You need to log in before you can comment on or make changes to this bug.