Closed Bug 1761035 Opened 2 years ago Closed 2 years ago

[wpt-sync] Sync PR 33326 - Add a few cases to preload SRI

Categories

(Core :: DOM: Core & HTML, task, P4)

task

Tracking

()

RESOLVED FIXED
100 Branch
Tracking Status
firefox100 --- fixed

People

(Reporter: mozilla.org, Unassigned)

References

(Blocks 1 open bug, )

Details

(Whiteboard: [wptsync downstream])

Sync web-platform-tests PR 33326 into mozilla-central (this bug is closed when the sync is complete).

PR: https://github.com/web-platform-tests/wpt/pull/33326
Details from upstream follow.

Noam Rosenthal <noam.j.rosenthal@gmail.com> wrote:

Add a few cases to preload SRI

  1. preload without SRI, resource with matching SRI
  2. Both preload and resource with matching SRI, but different algorithm

These two cases don't show the same results across browsers.

  • In Chromium both would not reuse the preload
  • In WebKit they both reuse the preload
  • In Gecko the first one does not reuse and the second one does.

Note that in webkit most of the tests in this file currently fail, WebKit does not perform SRI matching on preload/consume.

The test results in this PR match chromium, but they are not necessarily "correct".

Component: web-platform-tests → DOM: Core & HTML
Product: Testing → Core
Status: NEW → RESOLVED
Closed: 2 years ago
Resolution: --- → INVALID
Status: RESOLVED → REOPENED
Resolution: INVALID → ---

CI Results

Ran 11 Firefox configurations based on mozilla-central, and Firefox, Chrome, and Safari on GitHub CI

Total 2 tests and 3 subtests

Status Summary

Firefox

OK : 2
PASS: 51
FAIL: 25

Chrome

OK : 2
PASS: 70
FAIL: 6

Safari

OK : 2
PASS: 39
FAIL: 37

Links

Gecko CI (Treeherder)
GitHub PR Head
GitHub PR Base

Details

New Tests That Don't Pass

/preload/subresource-integrity.html
Same-origin script with incorrect hash.: FAIL (Chrome: PASS, Safari: FAIL)
Same-origin script with sha256 match, sha512 mismatch: FAIL (Chrome: PASS, Safari: FAIL)
<crossorigin='anonymous'> script with incorrect hash, ACAO: *: FAIL (Chrome: PASS, Safari: FAIL)
<crossorigin='use-credentials'> script with incorrect hash CORS-eligible: FAIL (Chrome: PASS, Safari: FAIL)
<crossorigin='anonymous'> script with CORS-ineligible resource: FAIL (Chrome: PASS, Safari: FAIL)
Cross-origin script, not CORS request, with correct hash: FAIL (Chrome: PASS, Safari: FAIL)
Cross-origin script, not CORS request, with hash mismatch: FAIL (Chrome: PASS, Safari: FAIL)
[Tentative] Same-origin script with matching digest does not reuse preload with matching but stronger digest.: FAIL (Chrome: PASS, Safari: FAIL)
Same-origin style with incorrect hash.: FAIL (Chrome: PASS, Safari: FAIL)
Same-origin style with sha256 match, sha512 mismatch: FAIL (Chrome: PASS, Safari: FAIL)
<crossorigin='anonymous'> style with incorrect hash, ACAO: *: FAIL (Chrome: PASS, Safari: FAIL)
<crossorigin='use-credentials'> style with incorrect hash CORS-eligible: FAIL (Chrome: PASS, Safari: FAIL)
<crossorigin='anonymous'> style with CORS-ineligible resource: FAIL (Chrome: PASS, Safari: FAIL)
Cross-origin style, not CORS request, with correct hash: FAIL (Chrome: PASS, Safari: FAIL)
Cross-origin style, not CORS request, with hash mismatch: FAIL (Chrome: PASS, Safari: FAIL)
[Tentative] Same-origin style with matching digest does not reuse preload with matching but stronger digest.: FAIL (Chrome: PASS, Safari: FAIL)
Same-origin image with incorrect hash.: FAIL (Chrome: FAIL, Safari: FAIL)
Same-origin image with sha256 match, sha512 mismatch: FAIL (Chrome: FAIL, Safari: FAIL)
<crossorigin='anonymous'> image with incorrect hash, ACAO: *: FAIL (Chrome: FAIL, Safari: FAIL)
<crossorigin='use-credentials'> image with incorrect hash CORS-eligible: FAIL (Chrome: FAIL, Safari: FAIL)
<crossorigin='anonymous'> image with CORS-ineligible resource: FAIL (Chrome: PASS, Safari: FAIL)
Cross-origin image, not CORS request, with correct hash: FAIL (Chrome: FAIL, Safari: FAIL)
Cross-origin image, not CORS request, with hash mismatch: FAIL (Chrome: FAIL, Safari: FAIL)
/service-workers/service-worker/fetch-canvas-tainting-video-with-range-request.https.html
range responses from single origin (same-origin): FAIL (Chrome: PASS, Safari: FAIL)
range responses from single origin with both opaque and non-opaque responses: FAIL (Chrome: PASS, Safari: FAIL)

Pushed by wptsync@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/005cf6d7ad55
[wpt PR 33326] - Add a few cases to preload SRI, a=testonly
https://hg.mozilla.org/integration/autoland/rev/8ae35d4835b3
[wpt PR 33326] - Update wpt metadata, a=testonly
Status: REOPENED → RESOLVED
Closed: 2 years ago2 years ago
Resolution: --- → FIXED
Target Milestone: --- → 100 Branch
You need to log in before you can comment on or make changes to this bug.