Closed Bug 1697753 Opened 5 years ago Closed 5 years ago

[wpt-sync] Sync PR 27977 - CSP: Don't trigger spv for frame-ancestors

Categories

(Core :: DOM: Security, task, P4)

Product:
Core
Component:
DOM: Security
Type:
task

Tracking

()

Status:
RESOLVED FIXED
Milestone:
88 Branch
Tracking Flags:
Tracking Status
firefox88 --- fixed

People

(Reporter: wpt-sync, Unassigned)

References

(
URL
)

Details

(Whiteboard: [wptsync downstream][domsecurity-backlog])

Sync web-platform-tests PR 27977 into mozilla-central (this bug is closed when the sync is complete).

PR: https://github.com/web-platform-tests/wpt/pull/27977
Details from upstream follow.

b'Antonio Sartori <antoniosartori@chromium.org>' wrote:

CSP: Don't trigger spv for frame-ancestors

We should not trigger frame-ancestors securitypolicyviolation events
in the parent frame, since this is a cross-origin leak.

Fixed: 1186611
Bug: 1186611
Change-Id: Iee57e198c17b6827dde199431b31b87b82e0e276
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2747500
Reviewed-by: Arthur Sonzogni \<arthursonzogni@chromium.org>
Commit-Queue: Antonio Sartori \<antoniosartori@chromium.org>
Cr-Commit-Position: refs/heads/master@{#861885}

Component: web-platform-tests → DOM: Security
Product: Testing → Core

CI Results

Ran 15 Firefox configurations based on mozilla-central, and Firefox, Chrome, and Safari on GitHub CI

Total 1 tests and 2 subtests

Status Summary

Firefox

OK : 1
PASS: 1
FAIL: 1

Chrome

OK : 1
PASS: 1
FAIL: 1

Safari

OK : 1
PASS: 2

Links

Gecko CI (Treeherder)
GitHub PR Head
GitHub PR Base

Details

New Tests That Don't Pass

/content-security-policy/frame-ancestors/frame-ancestors-none-block.html
frame-ancestors-none-block: FAIL (Chrome: FAIL, Safari: PASS)

Whiteboard: [wptsync downstream] → [wptsync downstream][domsecurity-backlog]
Pushed by wptsync@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/b0755c5b752d [wpt PR 27977] - CSP: Don't trigger spv for frame-ancestors, a=testonly https://hg.mozilla.org/integration/autoland/rev/e6f3bdd9bafd [wpt PR 27977] - Update wpt metadata, a=testonly

https://hg.mozilla.org/mozilla-central/rev/b0755c5b752d
https://hg.mozilla.org/mozilla-central/rev/e6f3bdd9bafd

Status: NEW → RESOLVED
Closed: 5 years ago
status-firefox88: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 88 Branch
You need to log in before you can comment on or make changes to this bug.