Open Bug 2016081 Opened 2 days ago Updated 1 day ago

[wpt-sync] Sync PR 57704 - [WPT] Fix connect-src-webtransport-allowed.sub.https.html

Categories

(Core :: DOM: Security, task, P4)

Product:
Core
Component:
DOM: Security
Type:
task

Tracking

()

People

(Reporter: wpt-sync, Unassigned)

References

(Depends on 1 open bug,
URL
)

Details

(Whiteboard: [wptsync downstream])

Sync web-platform-tests PR 57704 into mozilla-central (this bug is closed when the sync is complete).

PR: https://github.com/web-platform-tests/wpt/pull/57704
Details from upstream follow.

Antonio Sartori <antoniosartori@chromium.org> wrote:

[WPT] Fix connect-src-webtransport-allowed.sub.https.html

After a conversation on https://github.com/w3c/webappsec-csp/pull/791
it turns out that the behavior we are going to spec is really that any
webtransport connection specifying the serverCertificateHashes is
blocked by CSP unless the keyword 'unsafe-webtransport-hashes' is
used.

Change-Id: I473a555e6f9d61d847f415452df39731823e2d2b
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7566522
Reviewed-by: Mike West \<mkwst@chromium.org>
Commit-Queue: Antonio Sartori \<antoniosartori@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1583125}

Component: web-platform-tests → DOM: Security
Product: Testing → Core

CI Results

Ran 0 Firefox configurations based on mozilla-central, and Firefox, and Safari on GitHub CI

Total 1 tests and 3 subtests

Status Summary

Firefox

OK : 1
PASS: 2
FAIL: 1

Safari

OK : 1
FAIL: 3

Links

GitHub PR Head
GitHub PR Base

Details

New Tests That Don't Pass

You need to log in before you can comment on or make changes to this bug.