[wpt-sync] Sync PR 29379 - [Credentialless]: Add tests about the HTTP cache.
Categories
(Core :: DOM: Core & HTML, task, P4)
Tracking
()
Tracking | Status | |
---|---|---|
firefox91 | --- | fixed |
People
(Reporter: mozilla.org, Unassigned)
References
()
Details
(Whiteboard: [wptsync downstream])
Sync web-platform-tests PR 29379 into mozilla-central (this bug is closed when the sync is complete).
PR: https://github.com/web-platform-tests/wpt/pull/29379
Details from upstream follow.
b'arthursonzogni <arthursonzogni@chromium.org>' wrote:
[Credentialless]: Add tests about the HTTP cache.
The request's includeCredentials isn't part of the HTTP cache key.
It means if:
- a.com requests c.com with credentials,
- b.com requests c.com without credentials
Then both a.com and b.com will get a response requested with credentials.This seems problematic in general. The request's credential mode is not
respected, and a.com influences directly b.com. The partitioned HTTP
cache will fixe one of the two problem.With COEP:credentialless, we obviously don't want to request a resource
without credentials and get a response with credentials. That would be a
security issue.Here is a WPT test about it.
Bug:https://github.com/whatwg/fetch/issues/1253
Bug:1218023
Change-Id: I888dc020a8ae770816d0fbc42e8803df3ba66392
Reviewed-on: https://chromium-review.googlesource.com/2961290
WPT-Export-Revision: dd750bf54291925aeb9dc03b01d32809199c4ead
Assignee | ||
Updated•3 years ago
|
Assignee | ||
Comment 1•3 years ago
|
||
Pushed to try (stability) https://treeherder.mozilla.org/#/jobs?repo=try&revision=b01e7301c8f0c88c8880bccfab91172f66f8337d
Assignee | ||
Comment 2•3 years ago
|
||
CI Results
Ran 0 Firefox configurations based on mozilla-central, and Firefox, Chrome, and Safari on GitHub CI
Total 1 tests and 1 subtests
Status Summary
Firefox
OK : 1
FAIL: 1
Chrome
OK : 1
FAIL: 1
Safari
OK : 1
FAIL: 1
Links
Details
New Tests That Don't Pass
/html/cross-origin-embedder-policy/credentialless/cache.tentative.html
The HTTP cache must not be used: FAIL (Chrome: FAIL, Safari: FAIL)
Pushed by wptsync@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/3cd02be971ed [wpt PR 29379] - [Credentialless]: Add tests about the HTTP cache., a=testonly
Comment 4•3 years ago
|
||
bugherder |
Description
•