Add support for Upgrade request to a potentially trustworthy URL. (#34986)

* Add support for Upgrade request to a potentially trustworthy URL.

Signed-off-by: Shubham Gupta <shubham13297@gmail.com>

* script: Support inheritable insecure request policy in documents and workers.

Signed-off-by: Josh Matthews <josh@joshmatthews.net>

---------

Signed-off-by: Shubham Gupta <shubham13297@gmail.com>
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
Co-authored-by: Shubham Gupta <shubham.gupta@chromium.org>
Co-authored-by: Josh Matthews <josh@joshmatthews.net>
This commit is contained in:
Shubham Gupta 2025-02-05 20:49:56 +08:00 committed by GitHub
parent 7b36f2beb3
commit 1e164738d8
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
57 changed files with 264 additions and 346 deletions

View file

@ -1,18 +0,0 @@
[fetch.https.html]
[Upgrade-Insecure-Requests: Expects allowed for fetch to cross-http-downgrade origin and downgrade redirection from https context.]
expected: FAIL
[Upgrade-Insecure-Requests: Expects allowed for fetch to cross-http-downgrade origin and no-redirect redirection from https context.]
expected: FAIL
[Upgrade-Insecure-Requests: Expects allowed for fetch to cross-https origin and downgrade redirection from https context.]
expected: FAIL
[Upgrade-Insecure-Requests: Expects allowed for fetch to same-http-downgrade origin and downgrade redirection from https context.]
expected: FAIL
[Upgrade-Insecure-Requests: Expects allowed for fetch to same-http-downgrade origin and no-redirect redirection from https context.]
expected: FAIL
[Upgrade-Insecure-Requests: Expects allowed for fetch to same-https origin and downgrade redirection from https context.]
expected: FAIL

View file

@ -1,18 +0,0 @@
[img-tag.https.html]
[Upgrade-Insecure-Requests: Expects allowed for img-tag to cross-http-downgrade origin and downgrade redirection from https context.]
expected: FAIL
[Upgrade-Insecure-Requests: Expects allowed for img-tag to cross-http-downgrade origin and no-redirect redirection from https context.]
expected: FAIL
[Upgrade-Insecure-Requests: Expects allowed for img-tag to cross-https origin and downgrade redirection from https context.]
expected: FAIL
[Upgrade-Insecure-Requests: Expects allowed for img-tag to same-http-downgrade origin and downgrade redirection from https context.]
expected: FAIL
[Upgrade-Insecure-Requests: Expects allowed for img-tag to same-http-downgrade origin and no-redirect redirection from https context.]
expected: FAIL
[Upgrade-Insecure-Requests: Expects allowed for img-tag to same-https origin and downgrade redirection from https context.]
expected: FAIL

View file

@ -1,9 +0,0 @@
[worker-classic.https.html]
[Upgrade-Insecure-Requests: Expects allowed for worker-classic to same-http-downgrade origin and downgrade redirection from https context.]
expected: FAIL
[Upgrade-Insecure-Requests: Expects allowed for worker-classic to same-http-downgrade origin and no-redirect redirection from https context.]
expected: FAIL
[Upgrade-Insecure-Requests: Expects allowed for worker-classic to same-https origin and downgrade redirection from https context.]
expected: FAIL

View file

@ -1,9 +0,0 @@
[worker-module.https.html]
[Upgrade-Insecure-Requests: Expects allowed for worker-module to same-http-downgrade origin and downgrade redirection from https context.]
expected: FAIL
[Upgrade-Insecure-Requests: Expects allowed for worker-module to same-http-downgrade origin and no-redirect redirection from https context.]
expected: FAIL
[Upgrade-Insecure-Requests: Expects allowed for worker-module to same-https origin and downgrade redirection from https context.]
expected: FAIL

View file

@ -1,18 +0,0 @@
[xhr.https.html]
[Upgrade-Insecure-Requests: Expects allowed for xhr to cross-http-downgrade origin and downgrade redirection from https context.]
expected: FAIL
[Upgrade-Insecure-Requests: Expects allowed for xhr to cross-http-downgrade origin and no-redirect redirection from https context.]
expected: FAIL
[Upgrade-Insecure-Requests: Expects allowed for xhr to cross-https origin and downgrade redirection from https context.]
expected: FAIL
[Upgrade-Insecure-Requests: Expects allowed for xhr to same-http-downgrade origin and downgrade redirection from https context.]
expected: FAIL
[Upgrade-Insecure-Requests: Expects allowed for xhr to same-http-downgrade origin and no-redirect redirection from https context.]
expected: FAIL
[Upgrade-Insecure-Requests: Expects allowed for xhr to same-https origin and downgrade redirection from https context.]
expected: FAIL

View file

@ -1,18 +0,0 @@
[fetch.https.html]
[Upgrade-Insecure-Requests: Expects allowed for fetch to cross-http-downgrade origin and downgrade redirection from https context.]
expected: FAIL
[Upgrade-Insecure-Requests: Expects allowed for fetch to cross-http-downgrade origin and no-redirect redirection from https context.]
expected: FAIL
[Upgrade-Insecure-Requests: Expects allowed for fetch to cross-https origin and downgrade redirection from https context.]
expected: FAIL
[Upgrade-Insecure-Requests: Expects allowed for fetch to same-http-downgrade origin and downgrade redirection from https context.]
expected: FAIL
[Upgrade-Insecure-Requests: Expects allowed for fetch to same-http-downgrade origin and no-redirect redirection from https context.]
expected: FAIL
[Upgrade-Insecure-Requests: Expects allowed for fetch to same-https origin and downgrade redirection from https context.]
expected: FAIL

View file

@ -1,18 +0,0 @@
[img-tag.https.html]
[Upgrade-Insecure-Requests: Expects allowed for img-tag to cross-http-downgrade origin and downgrade redirection from https context.]
expected: FAIL
[Upgrade-Insecure-Requests: Expects allowed for img-tag to cross-http-downgrade origin and no-redirect redirection from https context.]
expected: FAIL
[Upgrade-Insecure-Requests: Expects allowed for img-tag to cross-https origin and downgrade redirection from https context.]
expected: FAIL
[Upgrade-Insecure-Requests: Expects allowed for img-tag to same-http-downgrade origin and downgrade redirection from https context.]
expected: FAIL
[Upgrade-Insecure-Requests: Expects allowed for img-tag to same-http-downgrade origin and no-redirect redirection from https context.]
expected: FAIL
[Upgrade-Insecure-Requests: Expects allowed for img-tag to same-https origin and downgrade redirection from https context.]
expected: FAIL

View file

@ -1,9 +0,0 @@
[worker-classic.https.html]
[Upgrade-Insecure-Requests: Expects allowed for worker-classic to same-http-downgrade origin and downgrade redirection from https context.]
expected: FAIL
[Upgrade-Insecure-Requests: Expects allowed for worker-classic to same-http-downgrade origin and no-redirect redirection from https context.]
expected: FAIL
[Upgrade-Insecure-Requests: Expects allowed for worker-classic to same-https origin and downgrade redirection from https context.]
expected: FAIL

View file

@ -1,9 +0,0 @@
[worker-module.https.html]
[Upgrade-Insecure-Requests: Expects allowed for worker-module to same-http-downgrade origin and downgrade redirection from https context.]
expected: FAIL
[Upgrade-Insecure-Requests: Expects allowed for worker-module to same-http-downgrade origin and no-redirect redirection from https context.]
expected: FAIL
[Upgrade-Insecure-Requests: Expects allowed for worker-module to same-https origin and downgrade redirection from https context.]
expected: FAIL

View file

@ -1,18 +0,0 @@
[xhr.https.html]
[Upgrade-Insecure-Requests: Expects allowed for xhr to cross-http-downgrade origin and downgrade redirection from https context.]
expected: FAIL
[Upgrade-Insecure-Requests: Expects allowed for xhr to cross-http-downgrade origin and no-redirect redirection from https context.]
expected: FAIL
[Upgrade-Insecure-Requests: Expects allowed for xhr to cross-https origin and downgrade redirection from https context.]
expected: FAIL
[Upgrade-Insecure-Requests: Expects allowed for xhr to same-http-downgrade origin and downgrade redirection from https context.]
expected: FAIL
[Upgrade-Insecure-Requests: Expects allowed for xhr to same-http-downgrade origin and no-redirect redirection from https context.]
expected: FAIL
[Upgrade-Insecure-Requests: Expects allowed for xhr to same-https origin and downgrade redirection from https context.]
expected: FAIL

View file

@ -1,18 +0,0 @@
[fetch.https.html]
[Upgrade-Insecure-Requests: Expects allowed for fetch to cross-http-downgrade origin and downgrade redirection from https context.]
expected: FAIL
[Upgrade-Insecure-Requests: Expects allowed for fetch to cross-http-downgrade origin and no-redirect redirection from https context.]
expected: FAIL
[Upgrade-Insecure-Requests: Expects allowed for fetch to cross-https origin and downgrade redirection from https context.]
expected: FAIL
[Upgrade-Insecure-Requests: Expects allowed for fetch to same-http-downgrade origin and downgrade redirection from https context.]
expected: FAIL
[Upgrade-Insecure-Requests: Expects allowed for fetch to same-http-downgrade origin and no-redirect redirection from https context.]
expected: FAIL
[Upgrade-Insecure-Requests: Expects allowed for fetch to same-https origin and downgrade redirection from https context.]
expected: FAIL

View file

@ -1,18 +0,0 @@
[img-tag.https.html]
[Upgrade-Insecure-Requests: Expects allowed for img-tag to cross-http-downgrade origin and downgrade redirection from https context.]
expected: FAIL
[Upgrade-Insecure-Requests: Expects allowed for img-tag to cross-http-downgrade origin and no-redirect redirection from https context.]
expected: FAIL
[Upgrade-Insecure-Requests: Expects allowed for img-tag to cross-https origin and downgrade redirection from https context.]
expected: FAIL
[Upgrade-Insecure-Requests: Expects allowed for img-tag to same-http-downgrade origin and downgrade redirection from https context.]
expected: FAIL
[Upgrade-Insecure-Requests: Expects allowed for img-tag to same-http-downgrade origin and no-redirect redirection from https context.]
expected: FAIL
[Upgrade-Insecure-Requests: Expects allowed for img-tag to same-https origin and downgrade redirection from https context.]
expected: FAIL

View file

@ -1,9 +0,0 @@
[worker-classic.https.html]
[Upgrade-Insecure-Requests: Expects allowed for worker-classic to same-http-downgrade origin and downgrade redirection from https context.]
expected: FAIL
[Upgrade-Insecure-Requests: Expects allowed for worker-classic to same-http-downgrade origin and no-redirect redirection from https context.]
expected: FAIL
[Upgrade-Insecure-Requests: Expects allowed for worker-classic to same-https origin and downgrade redirection from https context.]
expected: FAIL

View file

@ -1,9 +0,0 @@
[worker-module.https.html]
[Upgrade-Insecure-Requests: Expects allowed for worker-module to same-http-downgrade origin and downgrade redirection from https context.]
expected: FAIL
[Upgrade-Insecure-Requests: Expects allowed for worker-module to same-http-downgrade origin and no-redirect redirection from https context.]
expected: FAIL
[Upgrade-Insecure-Requests: Expects allowed for worker-module to same-https origin and downgrade redirection from https context.]
expected: FAIL

View file

@ -1,18 +0,0 @@
[xhr.https.html]
[Upgrade-Insecure-Requests: Expects allowed for xhr to cross-http-downgrade origin and downgrade redirection from https context.]
expected: FAIL
[Upgrade-Insecure-Requests: Expects allowed for xhr to cross-http-downgrade origin and no-redirect redirection from https context.]
expected: FAIL
[Upgrade-Insecure-Requests: Expects allowed for xhr to cross-https origin and downgrade redirection from https context.]
expected: FAIL
[Upgrade-Insecure-Requests: Expects allowed for xhr to same-http-downgrade origin and downgrade redirection from https context.]
expected: FAIL
[Upgrade-Insecure-Requests: Expects allowed for xhr to same-http-downgrade origin and no-redirect redirection from https context.]
expected: FAIL
[Upgrade-Insecure-Requests: Expects allowed for xhr to same-https origin and downgrade redirection from https context.]
expected: FAIL

View file

@ -1,18 +0,0 @@
[fetch.https.html]
[Upgrade-Insecure-Requests: Expects allowed for fetch to cross-http-downgrade origin and downgrade redirection from https context.]
expected: FAIL
[Upgrade-Insecure-Requests: Expects allowed for fetch to cross-http-downgrade origin and no-redirect redirection from https context.]
expected: FAIL
[Upgrade-Insecure-Requests: Expects allowed for fetch to cross-https origin and downgrade redirection from https context.]
expected: FAIL
[Upgrade-Insecure-Requests: Expects allowed for fetch to same-http-downgrade origin and downgrade redirection from https context.]
expected: FAIL
[Upgrade-Insecure-Requests: Expects allowed for fetch to same-http-downgrade origin and no-redirect redirection from https context.]
expected: FAIL
[Upgrade-Insecure-Requests: Expects allowed for fetch to same-https origin and downgrade redirection from https context.]
expected: FAIL

View file

@ -1,18 +0,0 @@
[img-tag.https.html]
[Upgrade-Insecure-Requests: Expects allowed for img-tag to cross-http-downgrade origin and downgrade redirection from https context.]
expected: FAIL
[Upgrade-Insecure-Requests: Expects allowed for img-tag to cross-http-downgrade origin and no-redirect redirection from https context.]
expected: FAIL
[Upgrade-Insecure-Requests: Expects allowed for img-tag to cross-https origin and downgrade redirection from https context.]
expected: FAIL
[Upgrade-Insecure-Requests: Expects allowed for img-tag to same-http-downgrade origin and downgrade redirection from https context.]
expected: FAIL
[Upgrade-Insecure-Requests: Expects allowed for img-tag to same-http-downgrade origin and no-redirect redirection from https context.]
expected: FAIL
[Upgrade-Insecure-Requests: Expects allowed for img-tag to same-https origin and downgrade redirection from https context.]
expected: FAIL

View file

@ -1,9 +0,0 @@
[worker-classic.https.html]
[Upgrade-Insecure-Requests: Expects allowed for worker-classic to same-http-downgrade origin and downgrade redirection from https context.]
expected: FAIL
[Upgrade-Insecure-Requests: Expects allowed for worker-classic to same-http-downgrade origin and no-redirect redirection from https context.]
expected: FAIL
[Upgrade-Insecure-Requests: Expects allowed for worker-classic to same-https origin and downgrade redirection from https context.]
expected: FAIL

View file

@ -1,9 +0,0 @@
[worker-module.https.html]
[Upgrade-Insecure-Requests: Expects allowed for worker-module to same-http-downgrade origin and downgrade redirection from https context.]
expected: FAIL
[Upgrade-Insecure-Requests: Expects allowed for worker-module to same-http-downgrade origin and no-redirect redirection from https context.]
expected: FAIL
[Upgrade-Insecure-Requests: Expects allowed for worker-module to same-https origin and downgrade redirection from https context.]
expected: FAIL

View file

@ -1,18 +0,0 @@
[xhr.https.html]
[Upgrade-Insecure-Requests: Expects allowed for xhr to cross-http-downgrade origin and downgrade redirection from https context.]
expected: FAIL
[Upgrade-Insecure-Requests: Expects allowed for xhr to cross-http-downgrade origin and no-redirect redirection from https context.]
expected: FAIL
[Upgrade-Insecure-Requests: Expects allowed for xhr to cross-https origin and downgrade redirection from https context.]
expected: FAIL
[Upgrade-Insecure-Requests: Expects allowed for xhr to same-http-downgrade origin and downgrade redirection from https context.]
expected: FAIL
[Upgrade-Insecure-Requests: Expects allowed for xhr to same-http-downgrade origin and no-redirect redirection from https context.]
expected: FAIL
[Upgrade-Insecure-Requests: Expects allowed for xhr to same-https origin and downgrade redirection from https context.]
expected: FAIL

View file

@ -1,18 +0,0 @@
[fetch.https.html]
[Upgrade-Insecure-Requests: Expects allowed for fetch to cross-http-downgrade origin and downgrade redirection from https context.]
expected: FAIL
[Upgrade-Insecure-Requests: Expects allowed for fetch to cross-http-downgrade origin and no-redirect redirection from https context.]
expected: FAIL
[Upgrade-Insecure-Requests: Expects allowed for fetch to cross-https origin and downgrade redirection from https context.]
expected: FAIL
[Upgrade-Insecure-Requests: Expects allowed for fetch to same-http-downgrade origin and downgrade redirection from https context.]
expected: FAIL
[Upgrade-Insecure-Requests: Expects allowed for fetch to same-http-downgrade origin and no-redirect redirection from https context.]
expected: FAIL
[Upgrade-Insecure-Requests: Expects allowed for fetch to same-https origin and downgrade redirection from https context.]
expected: FAIL

View file

@ -1,18 +0,0 @@
[xhr.https.html]
[Upgrade-Insecure-Requests: Expects allowed for xhr to cross-http-downgrade origin and downgrade redirection from https context.]
expected: FAIL
[Upgrade-Insecure-Requests: Expects allowed for xhr to cross-http-downgrade origin and no-redirect redirection from https context.]
expected: FAIL
[Upgrade-Insecure-Requests: Expects allowed for xhr to cross-https origin and downgrade redirection from https context.]
expected: FAIL
[Upgrade-Insecure-Requests: Expects allowed for xhr to same-http-downgrade origin and downgrade redirection from https context.]
expected: FAIL
[Upgrade-Insecure-Requests: Expects allowed for xhr to same-http-downgrade origin and no-redirect redirection from https context.]
expected: FAIL
[Upgrade-Insecure-Requests: Expects allowed for xhr to same-https origin and downgrade redirection from https context.]
expected: FAIL