Open Bug 1972079 Opened 6 days ago Updated 2 hours ago

[wpt-sync] Sync PR 53093 - IntegrityPolicy: align about:blank to spec

Categories

(Testing :: web-platform-tests, task, P4)

Product:
Testing
Component:
web-platform-tests
Type:
task

Tracking

(Not tracked)

People

(Reporter: wpt-sync, Unassigned)

References

(Depends on 1 open bug,
URL
)

Details

(Whiteboard: [wptsync downstream])

Sync web-platform-tests PR 53093 into mozilla-central (this bug is closed when the sync is complete).

PR: https://github.com/web-platform-tests/wpt/pull/53093
Details from upstream follow.

Yoav Weiss <yoavweiss@chromium.org> wrote:

IntegrityPolicy: align about:blank to spec

Following [1], we've added about: URLs to the protocols that should be
exempt from the Integrity-Policy checks.

This CL adds test for that and aligns the implementation to pass the
tests.

[1] https://github.com/w3c/webappsec-subresource-integrity/pull/137#discussion_r2126331909

Change-Id: Ia02e1e1a9dce406e04f21501aa6065accb7c1fe8
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/6632731
Reviewed-by: Camille Lamy \<clamy@chromium.org>
Commit-Queue: Yoav Weiss (@Shopify) \<yoavweiss@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1472928}

Whiteboard: [wptsync downstream] → [wptsync downstream error]
Whiteboard: [wptsync downstream error] → [wptsync downstream]

CI Results

Ran 9 Firefox configurations based on mozilla-central, and Firefox, Chrome, and Safari on GitHub CI

Total 3 tests and 12 subtests

Status Summary

Firefox

TIMEOUT: 2
ERROR : 1
NOTRUN : 11

Chrome

OK : 1
PASS : 10
FAIL : 2

Safari

TIMEOUT: 2
NOTRUN : 11

Links

Gecko CI (Treeherder)
GitHub PR Head
GitHub PR Base

Details

New Tests That Don't Pass

  • /subresource-integrity/integrity-policy/script.https.html?reporting=true [wpt.fyi]: SKIP
  • /subresource-integrity/integrity-policy/script.https.html?reporting=false [wpt.fyi]: ERROR
  • /subresource-integrity/integrity-policy/script.https.html [wpt.fyi]: TIMEOUT (Chrome: OK, Safari: TIMEOUT)
    • Ensure that a script without integrity did not run: TIMEOUT (Chrome: PASS, Safari: TIMEOUT)
    • Ensure that a script with unknown integrity algorithm did not run: NOTRUN (Chrome: PASS, Safari: NOTRUN)
    • Ensure that a script without integrity algorithm runs and gets reported in report-only mode: NOTRUN (Chrome: PASS, Safari: NOTRUN)
    • Ensure that a no-cors script gets blocked: NOTRUN (Chrome: PASS, Safari: NOTRUN)
    • Ensure that ReportingObserver gets called without endpoints: NOTRUN (Chrome: PASS, Safari: NOTRUN)
    • Ensure that a script with integrity runs: NOTRUN (Chrome: PASS, Safari: NOTRUN)
    • Ensure that a data URI script with no integrity runs: NOTRUN (Chrome: PASS, Safari: NOTRUN)
    • Ensure that a no-CORS data URI script with no integrity runs: NOTRUN (Chrome: PASS, Safari: NOTRUN)
    • Ensure that a blob URL script with no integrity runs: NOTRUN (Chrome: PASS, Safari: NOTRUN)
    • Ensure that a no-CORS blob URL script with no integrity runs: NOTRUN (Chrome: PASS, Safari: NOTRUN)
    • Ensure that an about:blank URL script with no integrity does not trigger a report: NOTRUN (Chrome: FAIL, Safari: NOTRUN)
    • Ensure that a no-CORS about:blank URL script with no integrity does not trigger a report: NOTRUN (Chrome: FAIL, Safari: NOTRUN)

Tests Disabled in Gecko Infrastructure

You need to log in before you can comment on or make changes to this bug.