Closed Bug 1700080 Opened 4 years ago Closed 4 years ago

[wpt-sync] Sync PR 28169 - CSP: Improve WPTs inside workers

Categories

(Core :: DOM: Security, task, P4)

task

Tracking

()

RESOLVED FIXED
89 Branch
Tracking Status
firefox89 --- fixed

People

(Reporter: wpt-sync, Unassigned)

References

()

Details

(Whiteboard: [wptsync downstream][domsecurity-backlog])

Sync web-platform-tests PR 28169 into mozilla-central (this bug is closed when the sync is complete).

PR: https://github.com/web-platform-tests/wpt/pull/28169
Details from upstream follow.

b'Antonio Sartori <antoniosartori@chromium.org>' wrote:

CSP: Improve WPTs inside workers

This change improves Web Platform Tests for Content Security Policy
inside shared workers, by:

  1. Fixing a test with CSP: connect-src 'self' that could not fail
    because of CORS requests being blocked independently of CSP.

  2. Adding assertions that we raise securitypolicyviolation events for
    CSP violations.

  3. Adding a test for Content Security Policies in report-only mode.

While testing this, I noticed that debug versions of chrome would
crash when checking the disposition of a securitypolicyviolation event
from a Worker. This because of the thread-safety DCHECKs of
WTF::String. For addressing this, I needed to create new global static
strings "enforce" and "report".

Change-Id: I9c91b1a60eac82279dd74e8bb640dde2ada9cf6e

Reviewed-on: https://chromium-review.googlesource.com/2775564
WPT-Export-Revision: 000fa657910f79c8f2daa92ff6987032f5a062c9

Component: web-platform-tests → DOM: Security
Product: Testing → Core
Whiteboard: [wptsync downstream] → [wptsync downstream][domsecurity-backlog]
Whiteboard: [wptsync downstream][domsecurity-backlog] → [wptsync downstream]

CI Results

Ran 0 Firefox configurations based on mozilla-central, and Firefox, Chrome, and Safari on GitHub CI

Total 4 tests and 5 subtests

Status Summary

Firefox

OK : 3
PASS : 40
FAIL : 11
TIMEOUT: 1

Chrome

OK : 4
PASS : 61

Safari

PASS : 11
FAIL : 11
TIMEOUT: 5
ERROR : 2
NOTRUN : 6

Links

GitHub PR Head
GitHub PR Base

Details

New Tests That Don't Pass

/content-security-policy/inside-worker/dedicated-inheritance.html: TIMEOUT (Chrome: OK, Safari: TIMEOUT)
Cross-origin 'fetch()' in http:?pipe=sub|header(Content-Security-Policy,default-src%20*): FAIL (Chrome: PASS, Safari: FAIL)
Cross-origin XHR in http:?pipe=sub|header(Content-Security-Policy,default-src%20*): FAIL (Chrome: PASS, Safari: FAIL)
Same-origin => cross-origin 'fetch()' in http:?pipe=sub|header(Content-Security-Policy,default-src%20*): FAIL (Chrome: PASS, Safari: FAIL)
Cross-origin 'fetch()' in http:?pipe=sub|header(Content-Security-Policy,connect-src%20*): FAIL (Chrome: PASS, Safari: FAIL)
Cross-origin XHR in http:?pipe=sub|header(Content-Security-Policy,connect-src%20*): FAIL (Chrome: PASS, Safari: FAIL)
Same-origin => cross-origin 'fetch()' in http:?pipe=sub|header(Content-Security-Policy,connect-src%20*): FAIL (Chrome: PASS, Safari: FAIL)
Same-origin 'fetch()' in http:?pipe=sub|header(Content-Security-Policy,connect-src%20%27none%27): FAIL (Chrome: PASS, Safari: FAIL)
Same-origin XHR in http:?pipe=sub|header(Content-Security-Policy,connect-src%20%27none%27): FAIL (Chrome: PASS, Safari: FAIL)
Cross-origin 'fetch()' in http:: FAIL (Chrome: PASS, Safari: FAIL)
Cross-origin XHR in http:: FAIL (Chrome: PASS, Safari: FAIL)
Same-origin => cross-origin 'fetch()' in http:: FAIL (Chrome: PASS, Safari: FAIL)

Whiteboard: [wptsync downstream] → [wptsync downstream][domsecurity-backlog]
Pushed by wptsync@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/a06d06b6e001 [wpt PR 28169] - CSP: Improve WPTs inside workers, a=testonly
Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → FIXED
Target Milestone: --- → 89 Branch
You need to log in before you can comment on or make changes to this bug.