Closed Bug 1938981 Opened 2 months ago Closed 1 month ago

[wpt-sync] Sync PR 49722 - Add web platform test for CSP frame-ancestors with path

Categories

(Core :: DOM: Security, task, P4)

Product:
Core
Component:
DOM: Security
Type:
task

Tracking

()

Status:
RESOLVED FIXED
Milestone:
136 Branch
Tracking Flags:
Tracking Status
firefox136 --- fixed

People

(Reporter: wpt-sync, Unassigned)

References

(
URL
)

Details

(Whiteboard: [wptsync downstream])

Sync web-platform-tests PR 49722 into mozilla-central (this bug is closed when the sync is complete).

PR: https://github.com/web-platform-tests/wpt/pull/49722
Details from upstream follow.

Emily Stark <estark@google.com> wrote:

Add web platform test for CSP frame-ancestors with path

The CSP frame-ancestors checking algorithm matches the frame
ancestor's origin against the source list. An origin will never match
a URL with a path in the source list. Hence this CL adds a web
platform test checking that frame loads are blocked if frame-ancestors
includes a URL with a path.

Bug: 40780874
Change-Id: I33a461a1f69b040d8a5e803978161352821d4161
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/6094569
Reviewed-by: Antonio Sartori \<antoniosartori@chromium.org>
Commit-Queue: Emily Stark \<estark@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1397345}

Component: web-platform-tests → DOM: Security
Product: Testing → Core

CI Results

Ran 9 Firefox configurations based on mozilla-central, and Firefox, Chrome, and Safari on GitHub CI

Total 30 tests and 1 subtests

Status Summary

Firefox

OK : 30
PASS: 30[Gecko-windows11-32-2009-qr-debug] 31[Gecko-android-em-7.0-x86_64-lite-qr-opt-geckoview, Gecko-android-em-7.0-x86_64-qr-debug-geckoview, Gecko-android-em-7.0-x86_64-qr-opt-geckoview, Gecko-linux1804-64-qr-debug, Gecko-linux1804-64-qr-opt, Gecko-windows11-32-2009-qr-opt, Gecko-windows11-64-2009-qr-debug, Gecko-windows11-64-2009-qr-opt, GitHub]
FAIL: 1

Chrome

OK : 30
PASS: 31

Safari

OK : 30
PASS: 31

Links

Gecko CI (Treeherder)
GitHub PR Head
GitHub PR Base

Details

New Tests That Don't Pass

  • /content-security-policy/frame-ancestors/frame-ancestors-path-ignored.window.html [wpt.fyi]
    • A 'frame-ancestors' CSP directive with a URL that includes a path should be ignored.: FAIL [Gecko-windows11-32-2009-qr-debug], PASS [Gecko-android-em-7.0-x86_64-lite-qr-opt-geckoview, Gecko-android-em-7.0-x86_64-qr-debug-geckoview, Gecko-android-em-7.0-x86_64-qr-opt-geckoview, Gecko-linux1804-64-qr-debug, Gecko-linux1804-64-qr-opt, Gecko-windows11-32-2009-qr-opt, Gecko-windows11-64-2009-qr-debug, Gecko-windows11-64-2009-qr-opt, GitHub] (Chrome: PASS, Safari: PASS)
Pushed by wptsync@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/8576ab39c47f [wpt PR 49722] - Add web platform test for CSP frame-ancestors with path, a=testonly https://hg.mozilla.org/integration/autoland/rev/266aa8a4ac00 [wpt PR 49722] - Update wpt metadata, a=testonly

https://hg.mozilla.org/mozilla-central/rev/8576ab39c47f
https://hg.mozilla.org/mozilla-central/rev/266aa8a4ac00

Status: NEW → RESOLVED
Closed: 1 month ago
status-firefox136: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 136 Branch
You need to log in before you can comment on or make changes to this bug.