[wpt-sync] Sync PR 27674 - Make SubresourceWebBundles feature available only in Secure Context
Categories
(Testing :: web-platform-tests, task, P4)
Tracking
(firefox88 fixed)
| Tracking | Status | |
|---|---|---|
| firefox88 | --- | fixed |
People
(Reporter: mozilla.org, Unassigned)
References
()
Details
(Whiteboard: [wptsync downstream])
Sync web-platform-tests PR 27674 into mozilla-central (this bug is closed when the sync is complete).
PR: https://github.com/web-platform-tests/wpt/pull/27674
Details from upstream follow.
b'Tsuyoshi Horo <horo@chromium.org>' wrote:
Make SubresourceWebBundles feature available only in Secure Context
We are developing the SubresourceWebBundles feature behind the feature
flag. This feature is enabled when
--enable-features=SubresourceWebBundles or
chrome://flags/#enable-experimental-web-platform-features is enabled
even when the page is non-Secure Context.But according to this doc, we should make powerful new features
available only to secure origins.
https://www.chromium.org/Home/chromium-security/prefer-secure-origins-for-powerful-new-featuresSo this CL makes the SubresourceWebBundles feature available only in
Secure Context by:
(1) Add [SecureContext] extended attribute toresourcesandscopes
attribute of HTMLLinkElement in html_link_element.idl.
(2) Check IsSecureContext() also when we check
RuntimeEnabledFeatures::SubresourceWebBundlesEnabled().Note: this restriction doesn’t affect Origin Trial of this feature,
because Origin Trials are only enabled for secure origins.Bug: 1082020
Change-Id: Ifa533f99f64c83015d293946084395a5af59cfba
Reviewed-on: https://chromium-review.googlesource.com/2703194
WPT-Export-Revision: 40e3b2ca7b2fdae2d2f63231a504cfbf8d6ba726
|
Assignee | |
Comment 1•3 years ago
|
||
PR 27674 applied with additional changes from upstream: 650f204fcb86070a61ccfd4fc63b6c3e8c0c142c, 7cbccf70c5a4a7f4d4113057696228f49de48008
|
|
Assignee | |
Comment 2•3 years ago
|
||
Pushed to try (stability) https://treeherder.mozilla.org/#/jobs?repo=try&revision=e294510fac56e1c0f22cd6b5644ea9cc60c1c12c
|
|
Assignee | |
Comment 3•3 years ago
|
||
Pushed to try (stability) https://treeherder.mozilla.org/#/jobs?repo=try&revision=0a84b26d2ad8b10da15c8f432bce1472b567b73c
|
|
Assignee | |
Comment 4•3 years ago
|
||
CI Results
Ran 0 Firefox configurations based on mozilla-central, and Firefox, Chrome, and Safari on GitHub CI
Total 12 tests and 1 subtests
Status Summary
Firefox
OK : 7
PASS : 10
FAIL : 17
TIMEOUT: 10
NOTRUN : 15
Chrome
OK : 11
PASS : 27
FAIL : 19
TIMEOUT: 2
Safari
OK : 7
PASS : 10
FAIL : 17
TIMEOUT: 8
ERROR : 1
NOTRUN : 15
Links
Details
New Tests That Don't Pass
/web-bundle/subresource-loading/link-web-bundle.https.tentative.html
resources must be defined on HTMLLinkElement prototype: FAIL (Chrome: PASS, Safari: FAIL)
scopes must be defined on HTMLLinkElement prototype: FAIL (Chrome: PASS, Safari: FAIL)
webbundle must be a supported token of a link element's relList: FAIL (Chrome: PASS, Safari: FAIL)
resources must be DOMTokenList: FAIL (Chrome: PASS, Safari: FAIL)
scopes must be DOMTokenList: FAIL (Chrome: PASS, Safari: FAIL)
/web-bundle/subresource-loading/subframe-from-web-bundle.https.tentative.html: TIMEOUT (Chrome: OK, Safari: TIMEOUT)
location.href in urn uuid iframe.: TIMEOUT (Chrome: PASS, Safari: TIMEOUT)
Accesing window.localStorage should throw a SecurityError.: NOTRUN (Chrome: PASS, Safari: NOTRUN)
Accesing window.sessionStorage should throw a SecurityError.: NOTRUN (Chrome: PASS, Safari: NOTRUN)
Accesing document.cookie should throw a SecurityError.: NOTRUN (Chrome: PASS, Safari: NOTRUN)
Opening an indexedDB should throw a SecurityError.: NOTRUN (Chrome: PASS, Safari: NOTRUN)
window.caches should be undefined.: NOTRUN (Chrome: PASS, Safari: NOTRUN)
/web-bundle/subresource-loading/subresource-loading-cors-error.https.tentative.html
Use CORS if crossorigin=anonymous or crossorigin=use-credential is specified. A cross origin bundle must not be loaded unless a server returns a valid Access-Control-Allow-Origin header.: FAIL (Chrome: FAIL, Safari: FAIL)
/web-bundle/subresource-loading/subresource-loading-cors.https.tentative.html
request's mode must be cors. A server should return a valid Access-Control-Allow-Origin header if a bundle is a cross origin bundle.: FAIL (Chrome: PASS, Safari: FAIL)
/web-bundle/subresource-loading/subresource-loading-credential.https.tentative.sub.html: TIMEOUT (Chrome: OK, Safari: TIMEOUT)
'no crossorigin attribute' should send a credential to a same origin bundle: TIMEOUT (Chrome: PASS, Safari: TIMEOUT)
'no crossorigin attribute' should not send a credential to a cross origin bundle: NOTRUN (Chrome: FAIL, Safari: NOTRUN)
'anonymous' should send a credential to a same origin bundle: NOTRUN (Chrome: PASS, Safari: NOTRUN)
'anonymous' should not send a credential to a cross origin bundle: NOTRUN (Chrome: PASS, Safari: NOTRUN)
'use-credentials' should send a credential to a same origin bundle: NOTRUN (Chrome: PASS, Safari: NOTRUN)
'use-credentials' should send a credential to a cross origin bundle: NOTRUN (Chrome: PASS, Safari: NOTRUN)
/web-bundle/subresource-loading/subresource-loading-from-web-bundle.https.tentative.html: TIMEOUT (Chrome: OK, Safari: TIMEOUT)
Subresource loading with WebBundle: FAIL (Chrome: FAIL, Safari: FAIL)
Subresource loading with WebBundle (Fetch API): FAIL (Chrome: FAIL, Safari: FAIL)
Dynamically adding / updating / removing "<link rel=webbundle>": FAIL (Chrome: FAIL, Safari: FAIL)
Dynamically loading classic script from web bundle with link.resources: FAIL (Chrome: FAIL, Safari: FAIL)
Dynamically loading classic script from web bundle with link.scopes: FAIL (Chrome: FAIL, Safari: FAIL)
<link rel="webbundle"> fires a load event on load success: TIMEOUT (Chrome: PASS, Safari: TIMEOUT)
<link rel="webbundle"> fires an error event on load failure: NOTRUN (Chrome: PASS, Safari: NOTRUN)
Subresource URL must be same-origin with bundle URL: NOTRUN (Chrome: PASS, Safari: NOTRUN)
Subresource loading with urn:uuid: URL with link.resources: NOTRUN (Chrome: PASS, Safari: NOTRUN)
Subresource loading with urn:uuid: URL with link.scopes: NOTRUN (Chrome: PASS, Safari: NOTRUN)
Updating resource= attribute should not reload the bundle: NOTRUN (Chrome: FAIL, Safari: NOTRUN)
/web-bundle/subresource-loading/subresource-loading-nested-bundle.https.tentative.html: TIMEOUT (Chrome: OK, Safari: TIMEOUT)
A nested bundle can be fetched: FAIL (Chrome: FAIL, Safari: FAIL)
Subresources in a nested bundle should not be loaded: TIMEOUT (Chrome: FAIL, Safari: TIMEOUT)
/web-bundle/subresource-loading/subresource-loading-path-restriction.https.tentative.html
Subresources should be loaded.: FAIL (Chrome: FAIL, Safari: FAIL)
Subresources should not be loaded due to path restriction.: FAIL (Chrome: FAIL, Safari: FAIL)
/web-bundle/subresource-loading/subresource-loading-static-element-with-base.https.tentative.html
Subresources from static elements should be loaded from web bundle.: FAIL (Chrome: FAIL, Safari: FAIL)
/web-bundle/subresource-loading/subresource-loading-static-element.https.tentative.html
Subresources from static elements should be loaded from web bundle.: FAIL (Chrome: FAIL, Safari: FAIL)
/web-bundle/wbn-from-network/wbn-location.tentative.html: TIMEOUT (Chrome: TIMEOUT, Safari: ERROR)
Location of a page in a Web Bundle: TIMEOUT (Chrome: TIMEOUT)
Pushed by wptsync@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/89ed496456a1 [wpt PR 27674] - Make SubresourceWebBundles feature available only in Secure Context, a=testonly
Pushed by wptsync@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/d27ce8b0df69 [wpt PR 27674] - Make SubresourceWebBundles feature available only in Secure Context, a=testonly
Pushed by wptsync@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/94a0a37b00f5 [wpt PR 27674] - Make SubresourceWebBundles feature available only in Secure Context, a=testonly
|
||
Comment 8•3 years ago
|
||
| bugherder | ||
Description
•