Closed Bug 1716513 Opened 3 years ago Closed 3 years ago

[wpt-sync] Sync PR 29379 - [Credentialless]: Add tests about the HTTP cache.

Categories

(Core :: DOM: Core & HTML, task, P4)

Product:
Core
Component:
DOM: Core & HTML
Type:
task

Tracking

()

Status:
RESOLVED FIXED
Milestone:
91 Branch
Tracking Flags:
Tracking Status
firefox91 --- fixed

People

(Reporter: mozilla.org, Unassigned)

References

(
URL
)

Details

(Whiteboard: [wptsync downstream])

Sync web-platform-tests PR 29379 into mozilla-central (this bug is closed when the sync is complete).

PR: https://github.com/web-platform-tests/wpt/pull/29379
Details from upstream follow.

b'arthursonzogni <arthursonzogni@chromium.org>' wrote:

[Credentialless]: Add tests about the HTTP cache.

The request's includeCredentials isn't part of the HTTP cache key.

It means if:

  • a.com requests c.com with credentials,
  • b.com requests c.com without credentials
    Then both a.com and b.com will get a response requested with credentials.

This seems problematic in general. The request's credential mode is not
respected, and a.com influences directly b.com. The partitioned HTTP
cache will fixe one of the two problem.

With COEP:credentialless, we obviously don't want to request a resource
without credentials and get a response with credentials. That would be a
security issue.

Here is a WPT test about it.

Bug:https://github.com/whatwg/fetch/issues/1253
Bug:1218023
Change-Id: I888dc020a8ae770816d0fbc42e8803df3ba66392
Reviewed-on: https://chromium-review.googlesource.com/2961290
WPT-Export-Revision: dd750bf54291925aeb9dc03b01d32809199c4ead

Component: web-platform-tests → DOM: Core & HTML
Product: Testing → Core

CI Results

Ran 0 Firefox configurations based on mozilla-central, and Firefox, Chrome, and Safari on GitHub CI

Total 1 tests and 1 subtests

Status Summary

Firefox

OK : 1
FAIL: 1

Chrome

OK : 1
FAIL: 1

Safari

OK : 1
FAIL: 1

Links

GitHub PR Head
GitHub PR Base

Details

New Tests That Don't Pass

/html/cross-origin-embedder-policy/credentialless/cache.tentative.html
The HTTP cache must not be used: FAIL (Chrome: FAIL, Safari: FAIL)

Pushed by wptsync@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/3cd02be971ed
[wpt PR 29379] - [Credentialless]: Add tests about the HTTP cache., a=testonly

https://hg.mozilla.org/mozilla-central/rev/3cd02be971ed

Status: NEW → RESOLVED
Closed: 3 years ago
status-firefox91: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 91 Branch
You need to log in before you can comment on or make changes to this bug.