[wpt-sync] Sync PR 28169 - CSP: Improve WPTs inside workers
Categories
(Core :: DOM: Security, task, P4)
Tracking
()
Tracking | Status | |
---|---|---|
firefox89 | --- | fixed |
People
(Reporter: wpt-sync, Unassigned)
References
()
Details
(Whiteboard: [wptsync downstream][domsecurity-backlog])
Sync web-platform-tests PR 28169 into mozilla-central (this bug is closed when the sync is complete).
PR: https://github.com/web-platform-tests/wpt/pull/28169
Details from upstream follow.
b'Antonio Sartori <antoniosartori@chromium.org>' wrote:
CSP: Improve WPTs inside workers
This change improves Web Platform Tests for Content Security Policy
inside shared workers, by:
Fixing a test with CSP: connect-src 'self' that could not fail
because of CORS requests being blocked independently of CSP.Adding assertions that we raise securitypolicyviolation events for
CSP violations.Adding a test for Content Security Policies in report-only mode.
While testing this, I noticed that debug versions of chrome would
crash when checking the disposition of a securitypolicyviolation event
from a Worker. This because of the thread-safety DCHECKs of
WTF::String. For addressing this, I needed to create new global static
strings "enforce" and "report".Change-Id: I9c91b1a60eac82279dd74e8bb640dde2ada9cf6e
Reviewed-on: https://chromium-review.googlesource.com/2775564
WPT-Export-Revision: 000fa657910f79c8f2daa92ff6987032f5a062c9
Assignee | ||
Updated•4 years ago
|
Updated•4 years ago
|
Assignee | ||
Updated•4 years ago
|
Assignee | ||
Comment 1•4 years ago
|
||
Assignee | ||
Comment 2•4 years ago
|
||
CI Results
Ran 0 Firefox configurations based on mozilla-central, and Firefox, Chrome, and Safari on GitHub CI
Total 4 tests and 5 subtests
Status Summary
Firefox
OK : 3
PASS : 40
FAIL : 11
TIMEOUT: 1
Chrome
OK : 4
PASS : 61
Safari
PASS : 11
FAIL : 11
TIMEOUT: 5
ERROR : 2
NOTRUN : 6
Links
Details
New Tests That Don't Pass
/content-security-policy/inside-worker/dedicated-inheritance.html: TIMEOUT (Chrome: OK, Safari: TIMEOUT)
Cross-origin 'fetch()' in http:?pipe=sub|header(Content-Security-Policy,default-src%20*): FAIL (Chrome: PASS, Safari: FAIL)
Cross-origin XHR in http:?pipe=sub|header(Content-Security-Policy,default-src%20*): FAIL (Chrome: PASS, Safari: FAIL)
Same-origin => cross-origin 'fetch()' in http:?pipe=sub|header(Content-Security-Policy,default-src%20*): FAIL (Chrome: PASS, Safari: FAIL)
Cross-origin 'fetch()' in http:?pipe=sub|header(Content-Security-Policy,connect-src%20*): FAIL (Chrome: PASS, Safari: FAIL)
Cross-origin XHR in http:?pipe=sub|header(Content-Security-Policy,connect-src%20*): FAIL (Chrome: PASS, Safari: FAIL)
Same-origin => cross-origin 'fetch()' in http:?pipe=sub|header(Content-Security-Policy,connect-src%20*): FAIL (Chrome: PASS, Safari: FAIL)
Same-origin 'fetch()' in http:?pipe=sub|header(Content-Security-Policy,connect-src%20%27none%27): FAIL (Chrome: PASS, Safari: FAIL)
Same-origin XHR in http:?pipe=sub|header(Content-Security-Policy,connect-src%20%27none%27): FAIL (Chrome: PASS, Safari: FAIL)
Cross-origin 'fetch()' in http:: FAIL (Chrome: PASS, Safari: FAIL)
Cross-origin XHR in http:: FAIL (Chrome: PASS, Safari: FAIL)
Same-origin => cross-origin 'fetch()' in http:: FAIL (Chrome: PASS, Safari: FAIL)
Updated•4 years ago
|
Comment 4•4 years ago
|
||
bugherder |
Description
•