Add CSP directive for reftest.xhtml to allow removing the exception for CSP checks for Marionette
Categories
(Testing :: Marionette Client and Harness, defect, P2)
Tracking
(firefox142 fixed)
| Tracking | Status | |
|---|---|---|
| firefox142 | --- | fixed |
People
(Reporter: whimboo, Assigned: whimboo)
References
(Blocks 1 open bug)
Details
(Whiteboard: [webdriver:m17])
Attachments
(1 file)
After moving out all the Marionette chrome test files over on bug 1344267, we also need a solution for the files related to reftests. This is a bit more complicated given that it spans across Marionette unit tests and web-platform-tests. Especially that the latter will have to work upstream as well it's not that clear to me yet where to put the relevant xhtml and js files.
Simon, the reftest.xhtml file was as well affected by the wanted CSP changes, or not?
|
||
Comment 1•11 months ago
|
||
It seems I disabled it outside of automation: https://searchfox.org/mozilla-central/source/dom/security/nsContentSecurityUtils.cpp#1983 and I haven't received any bug reports. Does this contradict your statement about using it in WPTs?
|
Assignee | |
Comment 2•11 months ago
|
||
(In reply to Simon Friedberger (:simonf) from comment #1)
It seems I disabled it outside of automation: https://searchfox.org/mozilla-central/source/dom/security/nsContentSecurityUtils.cpp#1983 and I haven't received any bug reports. Does this contradict your statement about using it in WPTs?
This is the folder as used by the old-style reftest harness: https://searchfox.org/mozilla-central/source/layout/tools/reftest/
With Marionette - as what web-platform-tests require - the location of the chrome files is chrome://remote/content/marionette/ at the moment. But at least for wpt tests we set the disable all security pref so it means that Cu.isInAutomation should be true in our CI.
|
|
Assignee | |
Updated•11 months ago
|
|
||
Comment 3•11 months ago
|
||
For wpt reftests we do need to run them in the version of the browser we release to end users.
The way it currently works is that the implementation is part of the public marionette API. As far as I know there aren't any other consumers, but it's hard to be sure. So even though the feature is only for running tests, it's not test-only in the same way as stuff that only runs gecko CI; it's part of the product as much as other marionette/WebDriver features.
I don't fully know the context for this bug, but if the current setup is untenable for security reasons, we could consider moving the HTML wrapper file into wpt. But it would be extremely strange to have a product feature that depends on the consumer providing a very specific HTML file that is not itself bundled with the product. So I hope we can find some other solution here.
|
||
Comment 4•11 months ago
|
||
The severity field is not set for this bug.
:whimboo, could you have a look please?
For more information, please visit BugBot documentation.
|
|
Assignee | |
Updated•11 months ago
|
|
|
Assignee | |
Comment 5•10 months ago
|
||
Ok, so it looks like that we have to keep the file where it currently is. As such lets see if it will be enough to add the required CSP directive to the XHTML file to make the crashes go away with the following lines removed:
|
|
Assignee | |
Comment 6•10 months ago
|
||
I pushed a try build with the updated content as mentioned above and it looks all good:
https://treeherder.mozilla.org/jobs?repo=try&revision=b1c9aaac4756a43a4057c427f672f05a152df844
Simon, are those changes what you expect to see? If yes, I can upload the patches for review. Thanks.
|
|
Assignee | |
Updated•10 months ago
|
|
|
Assignee | |
Comment 8•10 months ago
|
||
|
||
Updated•10 months ago
|
|
||
Comment 10•10 months ago
|
||
| bugherder | ||
Description
•