diff --git a/components/script/dom/dedicatedworkerglobalscope.rs b/components/script/dom/dedicatedworkerglobalscope.rs index 7bc6343b13e..30404d23757 100644 --- a/components/script/dom/dedicatedworkerglobalscope.rs +++ b/components/script/dom/dedicatedworkerglobalscope.rs @@ -44,7 +44,7 @@ use crate::dom::bindings::str::DOMString; use crate::dom::bindings::structuredclone; use crate::dom::bindings::trace::{CustomTraceable, RootedTraceableBox}; use crate::dom::bindings::utils::define_all_exposed_interfaces; -use crate::dom::csp::parse_csp_list_from_metadata; +use crate::dom::csp::{Violation, parse_csp_list_from_metadata}; use crate::dom::errorevent::ErrorEvent; use crate::dom::event::{Event, EventBubbles, EventCancelable, EventStatus}; use crate::dom::eventtarget::EventTarget; @@ -55,7 +55,7 @@ use crate::dom::reportingendpoint::ReportingEndpoint; use crate::dom::webgpu::identityhub::IdentityHub; use crate::dom::worker::{TrustedWorkerAddress, Worker}; use crate::dom::workerglobalscope::WorkerGlobalScope; -use crate::fetch::load_whole_resource; +use crate::fetch::{CspViolationsProcessor, load_whole_resource}; use crate::messaging::{CommonScriptMsg, ScriptEventLoopReceiver, ScriptEventLoopSender}; use crate::realms::{AlreadyInRealm, InRealm, enter_realm}; use crate::script_runtime::ScriptThreadEventCategory::WorkerEvent; @@ -178,6 +178,22 @@ impl QueuedTaskConversion for DedicatedWorkerScriptMsg { unsafe_no_jsmanaged_fields!(TaskQueue); +struct DedicatedWorkerCspProcessor { + parent_event_loop_sender: ScriptEventLoopSender, + pipeline_id: PipelineId, +} + +impl CspViolationsProcessor for DedicatedWorkerCspProcessor { + fn process_csp_violations(&self, violations: Vec) { + let _ = self + .parent_event_loop_sender + .send(CommonScriptMsg::ReportCspViolations( + self.pipeline_id, + violations, + )); + } +} + // https://html.spec.whatwg.org/multipage/#dedicatedworkerglobalscope #[dom_struct] pub(crate) struct DedicatedWorkerGlobalScope { @@ -464,6 +480,10 @@ impl DedicatedWorkerGlobalScope { request, &global_scope.resource_threads().sender(), global_scope, + &DedicatedWorkerCspProcessor { + parent_event_loop_sender: parent_event_loop_sender.clone(), + pipeline_id, + }, CanGc::note(), ) { Err(e) => { diff --git a/components/script/dom/htmlscriptelement.rs b/components/script/dom/htmlscriptelement.rs index 65d6c07ba52..7a028504109 100644 --- a/components/script/dom/htmlscriptelement.rs +++ b/components/script/dom/htmlscriptelement.rs @@ -73,7 +73,7 @@ use crate::dom::trustedscript::TrustedScript; use crate::dom::trustedscripturl::TrustedScriptURL; use crate::dom::virtualmethods::VirtualMethods; use crate::dom::window::Window; -use crate::fetch::{create_a_potential_cors_request, load_whole_resource}; +use crate::fetch::create_a_potential_cors_request; use crate::network_listener::{self, NetworkListener, PreInvoke, ResourceTimingListener}; use crate::realms::enter_realm; use crate::script_module::{ diff --git a/components/script/dom/serviceworkerglobalscope.rs b/components/script/dom/serviceworkerglobalscope.rs index 9b431da9c0e..2758f1a71bb 100644 --- a/components/script/dom/serviceworkerglobalscope.rs +++ b/components/script/dom/serviceworkerglobalscope.rs @@ -39,6 +39,7 @@ use crate::dom::bindings::str::DOMString; use crate::dom::bindings::structuredclone; use crate::dom::bindings::trace::CustomTraceable; use crate::dom::bindings::utils::define_all_exposed_interfaces; +use crate::dom::csp::Violation; use crate::dom::dedicatedworkerglobalscope::AutoWorkerReset; use crate::dom::event::Event; use crate::dom::eventtarget::EventTarget; @@ -49,7 +50,7 @@ use crate::dom::globalscope::GlobalScope; use crate::dom::webgpu::identityhub::IdentityHub; use crate::dom::worker::TrustedWorkerAddress; use crate::dom::workerglobalscope::WorkerGlobalScope; -use crate::fetch::load_whole_resource; +use crate::fetch::{CspViolationsProcessor, load_whole_resource}; use crate::messaging::{CommonScriptMsg, ScriptEventLoopSender}; use crate::realms::{AlreadyInRealm, InRealm, enter_realm}; use crate::script_runtime::{CanGc, JSContext as SafeJSContext, Runtime, ThreadSafeJSContext}; @@ -133,6 +134,12 @@ pub(crate) enum MixedMessage { Timer, } +struct ServiceWorkerCspProcessor {} + +impl CspViolationsProcessor for ServiceWorkerCspProcessor { + fn process_csp_violations(&self, _violations: Vec) {} +} + #[dom_struct] pub(crate) struct ServiceWorkerGlobalScope { workerglobalscope: WorkerGlobalScope, @@ -360,6 +367,7 @@ impl ServiceWorkerGlobalScope { request, &resource_threads_sender, global.upcast(), + &ServiceWorkerCspProcessor {}, CanGc::note(), ) { Err(_) => { diff --git a/components/script/dom/workerglobalscope.rs b/components/script/dom/workerglobalscope.rs index 312968fd2f9..82fefa1180b 100644 --- a/components/script/dom/workerglobalscope.rs +++ b/components/script/dom/workerglobalscope.rs @@ -53,6 +53,7 @@ use crate::dom::bindings::settings_stack::AutoEntryScript; use crate::dom::bindings::str::{DOMString, USVString}; use crate::dom::bindings::trace::RootedTraceableBox; use crate::dom::crypto::Crypto; +use crate::dom::csp::{GlobalCspReporting, Violation}; use crate::dom::dedicatedworkerglobalscope::DedicatedWorkerGlobalScope; use crate::dom::globalscope::GlobalScope; use crate::dom::idbfactory::IDBFactory; @@ -68,7 +69,7 @@ use crate::dom::webgpu::identityhub::IdentityHub; use crate::dom::window::{base64_atob, base64_btoa}; use crate::dom::workerlocation::WorkerLocation; use crate::dom::workernavigator::WorkerNavigator; -use crate::fetch; +use crate::fetch::{CspViolationsProcessor, Fetch, load_whole_resource}; use crate::messaging::{CommonScriptMsg, ScriptEventLoopReceiver, ScriptEventLoopSender}; use crate::realms::{InRealm, enter_realm}; use crate::script_runtime::{CanGc, JSContext, JSContextHelper, Runtime}; @@ -413,10 +414,13 @@ impl WorkerGlobalScopeMethods for WorkerGlobalScope { ) .pipeline_id(Some(self.upcast::().pipeline_id())); - let (url, source) = match fetch::load_whole_resource( + let (url, source) = match load_whole_resource( request, &global_scope.resource_threads().sender(), global_scope, + &WorkerCspProcessor { + global_scope: DomRoot::from_ref(global_scope), + }, can_gc, ) { Err(_) => return Err(Error::Network), @@ -582,7 +586,7 @@ impl WorkerGlobalScopeMethods for WorkerGlobalScope { comp: InRealm, can_gc: CanGc, ) -> Rc { - fetch::Fetch(self.upcast(), input, init, comp, can_gc) + Fetch(self.upcast(), input, init, comp, can_gc) } // https://w3c.github.io/hr-time/#the-performance-attribute @@ -690,6 +694,10 @@ impl WorkerGlobalScope { reports_chan.send(ProcessReports::new(reports)); }); }, + CommonScriptMsg::ReportCspViolations(_, violations) => { + self.upcast::() + .report_csp_violations(violations, None, None); + }, } true } @@ -701,3 +709,14 @@ impl WorkerGlobalScope { .cancel_all_tasks_and_ignore_future_tasks(); } } + +struct WorkerCspProcessor { + global_scope: DomRoot, +} + +impl CspViolationsProcessor for WorkerCspProcessor { + fn process_csp_violations(&self, violations: Vec) { + self.global_scope + .report_csp_violations(violations, None, None); + } +} diff --git a/components/script/dom/worklet.rs b/components/script/dom/worklet.rs index 9d5e5cbafcb..35157e89a8f 100644 --- a/components/script/dom/worklet.rs +++ b/components/script/dom/worklet.rs @@ -41,6 +41,7 @@ use crate::dom::bindings::reflector::{DomGlobal, Reflector, reflect_dom_object}; use crate::dom::bindings::root::{Dom, DomRoot, RootCollection, ThreadLocalStackRoots}; use crate::dom::bindings::str::USVString; use crate::dom::bindings::trace::{CustomTraceable, JSTraceable, RootedTraceableBox}; +use crate::dom::csp::Violation; use crate::dom::globalscope::GlobalScope; use crate::dom::promise::Promise; #[cfg(feature = "testbinding")] @@ -49,7 +50,7 @@ use crate::dom::window::Window; use crate::dom::workletglobalscope::{ WorkletGlobalScope, WorkletGlobalScopeInit, WorkletGlobalScopeType, WorkletTask, }; -use crate::fetch::load_whole_resource; +use crate::fetch::{CspViolationsProcessor, load_whole_resource}; use crate::messaging::{CommonScriptMsg, MainThreadScriptMsg}; use crate::realms::InRealm; use crate::script_runtime::{CanGc, Runtime, ScriptThreadEventCategory}; @@ -433,6 +434,12 @@ struct WorkletThreadInit { global_init: WorkletGlobalScopeInit, } +struct WorkletCspProcessor {} + +impl CspViolationsProcessor for WorkletCspProcessor { + fn process_csp_violations(&self, _violations: Vec) {} +} + /// A thread for executing worklets. #[cfg_attr(crown, crown::unrooted_must_root_lint::must_root)] struct WorkletThread { @@ -671,6 +678,7 @@ impl WorkletThread { request, &resource_fetcher, global_scope.upcast::(), + &WorkletCspProcessor {}, can_gc, ) .ok() diff --git a/components/script/fetch.rs b/components/script/fetch.rs index bf546494084..d9a52d0e448 100644 --- a/components/script/fetch.rs +++ b/components/script/fetch.rs @@ -337,11 +337,16 @@ fn fill_headers_with_metadata(r: DomRoot, m: Metadata, can_gc: CanGc) r.set_redirected(m.redirected); } +pub(crate) trait CspViolationsProcessor { + fn process_csp_violations(&self, violations: Vec); +} + /// Convenience function for synchronously loading a whole resource. pub(crate) fn load_whole_resource( request: RequestBuilder, core_resource_thread: &CoreResourceThread, global: &GlobalScope, + csp_violations_processor: &dyn CspViolationsProcessor, can_gc: CanGc, ) -> Result<(Metadata, Vec), NetworkError> { let request = request.https_state(global.get_https_state()); @@ -358,9 +363,8 @@ pub(crate) fn load_whole_resource( let mut metadata = None; loop { match action_receiver.recv().unwrap() { - FetchResponseMsg::ProcessRequestBody(..) | - FetchResponseMsg::ProcessRequestEOF(..) | - FetchResponseMsg::ProcessCspViolations(..) => {}, + FetchResponseMsg::ProcessRequestBody(..) | FetchResponseMsg::ProcessRequestEOF(..) => { + }, FetchResponseMsg::ProcessResponse(_, Ok(m)) => { metadata = Some(match m { FetchMetadata::Unfiltered(m) => m, @@ -377,6 +381,9 @@ pub(crate) fn load_whole_resource( }, FetchResponseMsg::ProcessResponse(_, Err(e)) | FetchResponseMsg::ProcessResponseEOF(_, Err(e)) => return Err(e), + FetchResponseMsg::ProcessCspViolations(_, violations) => { + csp_violations_processor.process_csp_violations(violations); + }, } } } diff --git a/components/script/messaging.rs b/components/script/messaging.rs index 8294d977944..57665183f67 100644 --- a/components/script/messaging.rs +++ b/components/script/messaging.rs @@ -27,6 +27,7 @@ use webgpu_traits::WebGPUMsg; use crate::dom::abstractworker::WorkerScriptMsg; use crate::dom::bindings::trace::CustomTraceable; +use crate::dom::csp::Violation; use crate::dom::dedicatedworkerglobalscope::DedicatedWorkerScriptMsg; use crate::dom::serviceworkerglobalscope::ServiceWorkerScriptMsg; use crate::dom::worker::TrustedWorkerAddress; @@ -99,6 +100,10 @@ impl MixedMessage { *pipeline_id }, MainThreadScriptMsg::Common(CommonScriptMsg::CollectReports(_)) => None, + MainThreadScriptMsg::Common(CommonScriptMsg::ReportCspViolations( + pipeline_id, + _, + )) => Some(*pipeline_id), MainThreadScriptMsg::NavigationResponse { pipeline_id, .. } => Some(*pipeline_id), MainThreadScriptMsg::WorkletLoaded(pipeline_id) => Some(*pipeline_id), MainThreadScriptMsg::RegisterPaintWorklet { pipeline_id, .. } => Some(*pipeline_id), @@ -157,6 +162,8 @@ pub(crate) enum CommonScriptMsg { Option, TaskSourceName, ), + /// Report CSP violations in the script + ReportCspViolations(PipelineId, Vec), } impl fmt::Debug for CommonScriptMsg { @@ -166,6 +173,7 @@ impl fmt::Debug for CommonScriptMsg { CommonScriptMsg::Task(ref category, ref task, _, _) => { f.debug_tuple("Task").field(category).field(task).finish() }, + CommonScriptMsg::ReportCspViolations(..) => write!(f, "ReportCspViolations(...)"), } } } diff --git a/components/script/script_thread.rs b/components/script/script_thread.rs index 91ab7bbabbc..4e406a9d1f5 100644 --- a/components/script/script_thread.rs +++ b/components/script/script_thread.rs @@ -2087,6 +2087,14 @@ impl ScriptThread { MainThreadScriptMsg::Common(CommonScriptMsg::CollectReports(chan)) => { self.collect_reports(chan) }, + MainThreadScriptMsg::Common(CommonScriptMsg::ReportCspViolations( + pipeline_id, + violations, + )) => { + if let Some(global) = self.documents.borrow().find_global(pipeline_id) { + global.report_csp_violations(violations, None, None); + } + }, MainThreadScriptMsg::NavigationResponse { pipeline_id, message, diff --git a/tests/wpt/meta/MANIFEST.json b/tests/wpt/meta/MANIFEST.json index 92ca51fa3c3..12520bf7227 100644 --- a/tests/wpt/meta/MANIFEST.json +++ b/tests/wpt/meta/MANIFEST.json @@ -401224,7 +401224,7 @@ ] }, "test-case.sub.js": [ - "d9a6494dd36af93f0e66209525caf6de37e9368b", + "43171f5b1fafaf098880506efe42da92d742d25f", [] ], "unreached.js": [ @@ -401361,6 +401361,10 @@ "script-src-self.sub.js": [ "aac5b4326d5304825dfbdd5c9d701f504b996bb4", [] + ], + "worker-src-none.sub.js": [ + "76ba0684caac7e635f714ae586def5a8460ed75b", + [] ] } }, @@ -577596,6 +577600,13 @@ {} ] ], + "dedicatedworker-worker-src.html": [ + "072ea1ac64eda1771a960d78766ba6958a469256", + [ + null, + {} + ] + ], "serviceworker-connect-src.https.sub.html": [ "f455fe6a168ce464b60e57b08974c3d021a501af", [ diff --git a/tests/wpt/meta/content-security-policy/blob/star-doesnt-match-blob.sub.html.ini b/tests/wpt/meta/content-security-policy/blob/star-doesnt-match-blob.sub.html.ini deleted file mode 100644 index 179a42c0c69..00000000000 --- a/tests/wpt/meta/content-security-policy/blob/star-doesnt-match-blob.sub.html.ini +++ /dev/null @@ -1,3 +0,0 @@ -[star-doesnt-match-blob.sub.html] - [Expecting logs: ["violated-directive=worker-src","TEST COMPLETE"\]] - expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/child-src/child-src-worker-blocked.sub.html.ini b/tests/wpt/meta/content-security-policy/child-src/child-src-worker-blocked.sub.html.ini deleted file mode 100644 index 00dc3a8948a..00000000000 --- a/tests/wpt/meta/content-security-policy/child-src/child-src-worker-blocked.sub.html.ini +++ /dev/null @@ -1,4 +0,0 @@ -[child-src-worker-blocked.sub.html] - expected: TIMEOUT - [Should throw a securitypolicyviolation event] - expected: TIMEOUT diff --git a/tests/wpt/meta/content-security-policy/gen/top.http-rp/script-src-self/worker-import-data.http.html.ini b/tests/wpt/meta/content-security-policy/gen/top.http-rp/script-src-self/worker-import-data.http.html.ini deleted file mode 100644 index 437d2f9f629..00000000000 --- a/tests/wpt/meta/content-security-policy/gen/top.http-rp/script-src-self/worker-import-data.http.html.ini +++ /dev/null @@ -1,18 +0,0 @@ -[worker-import-data.http.html] - [Content Security Policy: Expects blocked for worker-import-data to cross-http origin and keep-origin redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to cross-http origin and no-redirect redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to cross-http origin and swap-origin redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to same-http origin and keep-origin redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to same-http origin and no-redirect redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to same-http origin and swap-origin redirection from http context.: securitypolicyviolation] - expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/gen/top.http-rp/script-src-self/worker-import-data.https.html.ini b/tests/wpt/meta/content-security-policy/gen/top.http-rp/script-src-self/worker-import-data.https.html.ini deleted file mode 100644 index 7ae7249b54b..00000000000 --- a/tests/wpt/meta/content-security-policy/gen/top.http-rp/script-src-self/worker-import-data.https.html.ini +++ /dev/null @@ -1,18 +0,0 @@ -[worker-import-data.https.html] - [Content Security Policy: Expects blocked for worker-import-data to cross-https origin and keep-origin redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to cross-https origin and no-redirect redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to cross-https origin and swap-origin redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to same-https origin and keep-origin redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to same-https origin and no-redirect redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to same-https origin and swap-origin redirection from https context.: securitypolicyviolation] - expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/worker-import-data.http.html.ini b/tests/wpt/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/worker-import-data.http.html.ini deleted file mode 100644 index 437d2f9f629..00000000000 --- a/tests/wpt/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/worker-import-data.http.html.ini +++ /dev/null @@ -1,18 +0,0 @@ -[worker-import-data.http.html] - [Content Security Policy: Expects blocked for worker-import-data to cross-http origin and keep-origin redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to cross-http origin and no-redirect redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to cross-http origin and swap-origin redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to same-http origin and keep-origin redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to same-http origin and no-redirect redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to same-http origin and swap-origin redirection from http context.: securitypolicyviolation] - expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/worker-import-data.https.html.ini b/tests/wpt/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/worker-import-data.https.html.ini deleted file mode 100644 index 7ae7249b54b..00000000000 --- a/tests/wpt/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/worker-import-data.https.html.ini +++ /dev/null @@ -1,18 +0,0 @@ -[worker-import-data.https.html] - [Content Security Policy: Expects blocked for worker-import-data to cross-https origin and keep-origin redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to cross-https origin and no-redirect redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to cross-https origin and swap-origin redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to same-https origin and keep-origin redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to same-https origin and no-redirect redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to same-https origin and swap-origin redirection from https context.: securitypolicyviolation] - expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-none/worker-classic.http.html.ini b/tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-none/worker-classic.http.html.ini deleted file mode 100644 index c1baa1ca94c..00000000000 --- a/tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-none/worker-classic.http.html.ini +++ /dev/null @@ -1,6 +0,0 @@ -[worker-classic.http.html] - [Content Security Policy: Expects blocked for worker-classic to same-http origin and keep-origin redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-classic to same-http origin and no-redirect redirection from http context.: securitypolicyviolation] - expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-none/worker-classic.https.html.ini b/tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-none/worker-classic.https.html.ini deleted file mode 100644 index 1e57b472300..00000000000 --- a/tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-none/worker-classic.https.html.ini +++ /dev/null @@ -1,6 +0,0 @@ -[worker-classic.https.html] - [Content Security Policy: Expects blocked for worker-classic to same-https origin and keep-origin redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-classic to same-https origin and no-redirect redirection from https context.: securitypolicyviolation] - expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-none/worker-import-data.http.html.ini b/tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-none/worker-import-data.http.html.ini deleted file mode 100644 index 437d2f9f629..00000000000 --- a/tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-none/worker-import-data.http.html.ini +++ /dev/null @@ -1,18 +0,0 @@ -[worker-import-data.http.html] - [Content Security Policy: Expects blocked for worker-import-data to cross-http origin and keep-origin redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to cross-http origin and no-redirect redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to cross-http origin and swap-origin redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to same-http origin and keep-origin redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to same-http origin and no-redirect redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to same-http origin and swap-origin redirection from http context.: securitypolicyviolation] - expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-none/worker-import-data.https.html.ini b/tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-none/worker-import-data.https.html.ini deleted file mode 100644 index 7ae7249b54b..00000000000 --- a/tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-none/worker-import-data.https.html.ini +++ /dev/null @@ -1,18 +0,0 @@ -[worker-import-data.https.html] - [Content Security Policy: Expects blocked for worker-import-data to cross-https origin and keep-origin redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to cross-https origin and no-redirect redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to cross-https origin and swap-origin redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to same-https origin and keep-origin redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to same-https origin and no-redirect redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to same-https origin and swap-origin redirection from https context.: securitypolicyviolation] - expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-none/worker-import.http.html.ini b/tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-none/worker-import.http.html.ini deleted file mode 100644 index de8aee6d0d9..00000000000 --- a/tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-none/worker-import.http.html.ini +++ /dev/null @@ -1,18 +0,0 @@ -[worker-import.http.html] - [Content Security Policy: Expects blocked for worker-import to cross-http origin and keep-origin redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import to cross-http origin and no-redirect redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import to cross-http origin and swap-origin redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import to same-http origin and keep-origin redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import to same-http origin and no-redirect redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import to same-http origin and swap-origin redirection from http context.: securitypolicyviolation] - expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-none/worker-import.https.html.ini b/tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-none/worker-import.https.html.ini deleted file mode 100644 index 083522812e5..00000000000 --- a/tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-none/worker-import.https.html.ini +++ /dev/null @@ -1,18 +0,0 @@ -[worker-import.https.html] - [Content Security Policy: Expects blocked for worker-import to cross-https origin and keep-origin redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import to cross-https origin and no-redirect redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import to cross-https origin and swap-origin redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import to same-https origin and keep-origin redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import to same-https origin and no-redirect redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import to same-https origin and swap-origin redirection from https context.: securitypolicyviolation] - expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-none/worker-module.http.html.ini b/tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-none/worker-module.http.html.ini deleted file mode 100644 index 8c6ad15c0ec..00000000000 --- a/tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-none/worker-module.http.html.ini +++ /dev/null @@ -1,6 +0,0 @@ -[worker-module.http.html] - [Content Security Policy: Expects blocked for worker-module to same-http origin and keep-origin redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-module to same-http origin and no-redirect redirection from http context.: securitypolicyviolation] - expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-none/worker-module.https.html.ini b/tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-none/worker-module.https.html.ini deleted file mode 100644 index 30aa1c64f98..00000000000 --- a/tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-none/worker-module.https.html.ini +++ /dev/null @@ -1,6 +0,0 @@ -[worker-module.https.html] - [Content Security Policy: Expects blocked for worker-module to same-https origin and keep-origin redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-module to same-https origin and no-redirect redirection from https context.: securitypolicyviolation] - expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-self/worker-import-data.http.html.ini b/tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-self/worker-import-data.http.html.ini deleted file mode 100644 index 437d2f9f629..00000000000 --- a/tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-self/worker-import-data.http.html.ini +++ /dev/null @@ -1,18 +0,0 @@ -[worker-import-data.http.html] - [Content Security Policy: Expects blocked for worker-import-data to cross-http origin and keep-origin redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to cross-http origin and no-redirect redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to cross-http origin and swap-origin redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to same-http origin and keep-origin redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to same-http origin and no-redirect redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to same-http origin and swap-origin redirection from http context.: securitypolicyviolation] - expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-self/worker-import-data.https.html.ini b/tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-self/worker-import-data.https.html.ini deleted file mode 100644 index 7ae7249b54b..00000000000 --- a/tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-self/worker-import-data.https.html.ini +++ /dev/null @@ -1,18 +0,0 @@ -[worker-import-data.https.html] - [Content Security Policy: Expects blocked for worker-import-data to cross-https origin and keep-origin redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to cross-https origin and no-redirect redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to cross-https origin and swap-origin redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to same-https origin and keep-origin redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to same-https origin and no-redirect redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to same-https origin and swap-origin redirection from https context.: securitypolicyviolation] - expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/worker-import-data.http.html.ini b/tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/worker-import-data.http.html.ini deleted file mode 100644 index 437d2f9f629..00000000000 --- a/tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/worker-import-data.http.html.ini +++ /dev/null @@ -1,18 +0,0 @@ -[worker-import-data.http.html] - [Content Security Policy: Expects blocked for worker-import-data to cross-http origin and keep-origin redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to cross-http origin and no-redirect redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to cross-http origin and swap-origin redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to same-http origin and keep-origin redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to same-http origin and no-redirect redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to same-http origin and swap-origin redirection from http context.: securitypolicyviolation] - expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/worker-import-data.https.html.ini b/tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/worker-import-data.https.html.ini deleted file mode 100644 index 7ae7249b54b..00000000000 --- a/tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/worker-import-data.https.html.ini +++ /dev/null @@ -1,18 +0,0 @@ -[worker-import-data.https.html] - [Content Security Policy: Expects blocked for worker-import-data to cross-https origin and keep-origin redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to cross-https origin and no-redirect redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to cross-https origin and swap-origin redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to same-https origin and keep-origin redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to same-https origin and no-redirect redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to same-https origin and swap-origin redirection from https context.: securitypolicyviolation] - expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/gen/top.meta/script-src-self/worker-import-data.http.html.ini b/tests/wpt/meta/content-security-policy/gen/top.meta/script-src-self/worker-import-data.http.html.ini deleted file mode 100644 index 437d2f9f629..00000000000 --- a/tests/wpt/meta/content-security-policy/gen/top.meta/script-src-self/worker-import-data.http.html.ini +++ /dev/null @@ -1,18 +0,0 @@ -[worker-import-data.http.html] - [Content Security Policy: Expects blocked for worker-import-data to cross-http origin and keep-origin redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to cross-http origin and no-redirect redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to cross-http origin and swap-origin redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to same-http origin and keep-origin redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to same-http origin and no-redirect redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to same-http origin and swap-origin redirection from http context.: securitypolicyviolation] - expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/gen/top.meta/script-src-self/worker-import-data.https.html.ini b/tests/wpt/meta/content-security-policy/gen/top.meta/script-src-self/worker-import-data.https.html.ini deleted file mode 100644 index 7ae7249b54b..00000000000 --- a/tests/wpt/meta/content-security-policy/gen/top.meta/script-src-self/worker-import-data.https.html.ini +++ /dev/null @@ -1,18 +0,0 @@ -[worker-import-data.https.html] - [Content Security Policy: Expects blocked for worker-import-data to cross-https origin and keep-origin redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to cross-https origin and no-redirect redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to cross-https origin and swap-origin redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to same-https origin and keep-origin redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to same-https origin and no-redirect redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to same-https origin and swap-origin redirection from https context.: securitypolicyviolation] - expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/gen/top.meta/script-src-wildcard/worker-import-data.http.html.ini b/tests/wpt/meta/content-security-policy/gen/top.meta/script-src-wildcard/worker-import-data.http.html.ini deleted file mode 100644 index 437d2f9f629..00000000000 --- a/tests/wpt/meta/content-security-policy/gen/top.meta/script-src-wildcard/worker-import-data.http.html.ini +++ /dev/null @@ -1,18 +0,0 @@ -[worker-import-data.http.html] - [Content Security Policy: Expects blocked for worker-import-data to cross-http origin and keep-origin redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to cross-http origin and no-redirect redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to cross-http origin and swap-origin redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to same-http origin and keep-origin redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to same-http origin and no-redirect redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to same-http origin and swap-origin redirection from http context.: securitypolicyviolation] - expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/gen/top.meta/script-src-wildcard/worker-import-data.https.html.ini b/tests/wpt/meta/content-security-policy/gen/top.meta/script-src-wildcard/worker-import-data.https.html.ini deleted file mode 100644 index 7ae7249b54b..00000000000 --- a/tests/wpt/meta/content-security-policy/gen/top.meta/script-src-wildcard/worker-import-data.https.html.ini +++ /dev/null @@ -1,18 +0,0 @@ -[worker-import-data.https.html] - [Content Security Policy: Expects blocked for worker-import-data to cross-https origin and keep-origin redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to cross-https origin and no-redirect redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to cross-https origin and swap-origin redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to same-https origin and keep-origin redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to same-https origin and no-redirect redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to same-https origin and swap-origin redirection from https context.: securitypolicyviolation] - expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/gen/top.meta/worker-src-none/worker-classic.http.html.ini b/tests/wpt/meta/content-security-policy/gen/top.meta/worker-src-none/worker-classic.http.html.ini deleted file mode 100644 index c1baa1ca94c..00000000000 --- a/tests/wpt/meta/content-security-policy/gen/top.meta/worker-src-none/worker-classic.http.html.ini +++ /dev/null @@ -1,6 +0,0 @@ -[worker-classic.http.html] - [Content Security Policy: Expects blocked for worker-classic to same-http origin and keep-origin redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-classic to same-http origin and no-redirect redirection from http context.: securitypolicyviolation] - expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/gen/top.meta/worker-src-none/worker-classic.https.html.ini b/tests/wpt/meta/content-security-policy/gen/top.meta/worker-src-none/worker-classic.https.html.ini deleted file mode 100644 index 1e57b472300..00000000000 --- a/tests/wpt/meta/content-security-policy/gen/top.meta/worker-src-none/worker-classic.https.html.ini +++ /dev/null @@ -1,6 +0,0 @@ -[worker-classic.https.html] - [Content Security Policy: Expects blocked for worker-classic to same-https origin and keep-origin redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-classic to same-https origin and no-redirect redirection from https context.: securitypolicyviolation] - expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/gen/top.meta/worker-src-none/worker-import-data.http.html.ini b/tests/wpt/meta/content-security-policy/gen/top.meta/worker-src-none/worker-import-data.http.html.ini deleted file mode 100644 index 437d2f9f629..00000000000 --- a/tests/wpt/meta/content-security-policy/gen/top.meta/worker-src-none/worker-import-data.http.html.ini +++ /dev/null @@ -1,18 +0,0 @@ -[worker-import-data.http.html] - [Content Security Policy: Expects blocked for worker-import-data to cross-http origin and keep-origin redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to cross-http origin and no-redirect redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to cross-http origin and swap-origin redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to same-http origin and keep-origin redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to same-http origin and no-redirect redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to same-http origin and swap-origin redirection from http context.: securitypolicyviolation] - expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/gen/top.meta/worker-src-none/worker-import-data.https.html.ini b/tests/wpt/meta/content-security-policy/gen/top.meta/worker-src-none/worker-import-data.https.html.ini deleted file mode 100644 index 7ae7249b54b..00000000000 --- a/tests/wpt/meta/content-security-policy/gen/top.meta/worker-src-none/worker-import-data.https.html.ini +++ /dev/null @@ -1,18 +0,0 @@ -[worker-import-data.https.html] - [Content Security Policy: Expects blocked for worker-import-data to cross-https origin and keep-origin redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to cross-https origin and no-redirect redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to cross-https origin and swap-origin redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to same-https origin and keep-origin redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to same-https origin and no-redirect redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to same-https origin and swap-origin redirection from https context.: securitypolicyviolation] - expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/gen/top.meta/worker-src-none/worker-import.http.html.ini b/tests/wpt/meta/content-security-policy/gen/top.meta/worker-src-none/worker-import.http.html.ini deleted file mode 100644 index de8aee6d0d9..00000000000 --- a/tests/wpt/meta/content-security-policy/gen/top.meta/worker-src-none/worker-import.http.html.ini +++ /dev/null @@ -1,18 +0,0 @@ -[worker-import.http.html] - [Content Security Policy: Expects blocked for worker-import to cross-http origin and keep-origin redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import to cross-http origin and no-redirect redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import to cross-http origin and swap-origin redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import to same-http origin and keep-origin redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import to same-http origin and no-redirect redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import to same-http origin and swap-origin redirection from http context.: securitypolicyviolation] - expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/gen/top.meta/worker-src-none/worker-import.https.html.ini b/tests/wpt/meta/content-security-policy/gen/top.meta/worker-src-none/worker-import.https.html.ini deleted file mode 100644 index 083522812e5..00000000000 --- a/tests/wpt/meta/content-security-policy/gen/top.meta/worker-src-none/worker-import.https.html.ini +++ /dev/null @@ -1,18 +0,0 @@ -[worker-import.https.html] - [Content Security Policy: Expects blocked for worker-import to cross-https origin and keep-origin redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import to cross-https origin and no-redirect redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import to cross-https origin and swap-origin redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import to same-https origin and keep-origin redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import to same-https origin and no-redirect redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import to same-https origin and swap-origin redirection from https context.: securitypolicyviolation] - expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/gen/top.meta/worker-src-none/worker-module.http.html.ini b/tests/wpt/meta/content-security-policy/gen/top.meta/worker-src-none/worker-module.http.html.ini deleted file mode 100644 index 8c6ad15c0ec..00000000000 --- a/tests/wpt/meta/content-security-policy/gen/top.meta/worker-src-none/worker-module.http.html.ini +++ /dev/null @@ -1,6 +0,0 @@ -[worker-module.http.html] - [Content Security Policy: Expects blocked for worker-module to same-http origin and keep-origin redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-module to same-http origin and no-redirect redirection from http context.: securitypolicyviolation] - expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/gen/top.meta/worker-src-none/worker-module.https.html.ini b/tests/wpt/meta/content-security-policy/gen/top.meta/worker-src-none/worker-module.https.html.ini deleted file mode 100644 index 30aa1c64f98..00000000000 --- a/tests/wpt/meta/content-security-policy/gen/top.meta/worker-src-none/worker-module.https.html.ini +++ /dev/null @@ -1,6 +0,0 @@ -[worker-module.https.html] - [Content Security Policy: Expects blocked for worker-module to same-https origin and keep-origin redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-module to same-https origin and no-redirect redirection from https context.: securitypolicyviolation] - expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/gen/top.meta/worker-src-self/worker-import-data.http.html.ini b/tests/wpt/meta/content-security-policy/gen/top.meta/worker-src-self/worker-import-data.http.html.ini deleted file mode 100644 index 437d2f9f629..00000000000 --- a/tests/wpt/meta/content-security-policy/gen/top.meta/worker-src-self/worker-import-data.http.html.ini +++ /dev/null @@ -1,18 +0,0 @@ -[worker-import-data.http.html] - [Content Security Policy: Expects blocked for worker-import-data to cross-http origin and keep-origin redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to cross-http origin and no-redirect redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to cross-http origin and swap-origin redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to same-http origin and keep-origin redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to same-http origin and no-redirect redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to same-http origin and swap-origin redirection from http context.: securitypolicyviolation] - expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/gen/top.meta/worker-src-self/worker-import-data.https.html.ini b/tests/wpt/meta/content-security-policy/gen/top.meta/worker-src-self/worker-import-data.https.html.ini deleted file mode 100644 index 7ae7249b54b..00000000000 --- a/tests/wpt/meta/content-security-policy/gen/top.meta/worker-src-self/worker-import-data.https.html.ini +++ /dev/null @@ -1,18 +0,0 @@ -[worker-import-data.https.html] - [Content Security Policy: Expects blocked for worker-import-data to cross-https origin and keep-origin redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to cross-https origin and no-redirect redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to cross-https origin and swap-origin redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to same-https origin and keep-origin redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to same-https origin and no-redirect redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to same-https origin and swap-origin redirection from https context.: securitypolicyviolation] - expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/gen/top.meta/worker-src-wildcard/worker-import-data.http.html.ini b/tests/wpt/meta/content-security-policy/gen/top.meta/worker-src-wildcard/worker-import-data.http.html.ini deleted file mode 100644 index 437d2f9f629..00000000000 --- a/tests/wpt/meta/content-security-policy/gen/top.meta/worker-src-wildcard/worker-import-data.http.html.ini +++ /dev/null @@ -1,18 +0,0 @@ -[worker-import-data.http.html] - [Content Security Policy: Expects blocked for worker-import-data to cross-http origin and keep-origin redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to cross-http origin and no-redirect redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to cross-http origin and swap-origin redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to same-http origin and keep-origin redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to same-http origin and no-redirect redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to same-http origin and swap-origin redirection from http context.: securitypolicyviolation] - expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/gen/top.meta/worker-src-wildcard/worker-import-data.https.html.ini b/tests/wpt/meta/content-security-policy/gen/top.meta/worker-src-wildcard/worker-import-data.https.html.ini deleted file mode 100644 index 7ae7249b54b..00000000000 --- a/tests/wpt/meta/content-security-policy/gen/top.meta/worker-src-wildcard/worker-import-data.https.html.ini +++ /dev/null @@ -1,18 +0,0 @@ -[worker-import-data.https.html] - [Content Security Policy: Expects blocked for worker-import-data to cross-https origin and keep-origin redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to cross-https origin and no-redirect redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to cross-https origin and swap-origin redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to same-https origin and keep-origin redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to same-https origin and no-redirect redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to same-https origin and swap-origin redirection from https context.: securitypolicyviolation] - expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/inside-worker/dedicatedworker-script-src.html.ini b/tests/wpt/meta/content-security-policy/inside-worker/dedicatedworker-script-src.html.ini index 3bc4ce7feda..3fbf4e3f51c 100644 --- a/tests/wpt/meta/content-security-policy/inside-worker/dedicatedworker-script-src.html.ini +++ b/tests/wpt/meta/content-security-policy/inside-worker/dedicatedworker-script-src.html.ini @@ -1,28 +1,3 @@ [dedicatedworker-script-src.html] - expected: TIMEOUT - [Cross-origin `importScripts()` blocked in http: with script-src 'self'] - expected: TIMEOUT - - [`eval()` blocked in http: with script-src 'self'] - expected: NOTRUN - - [`setTimeout([string\])` blocked in http: with script-src 'self'] - expected: NOTRUN - - [Reports are sent for http: with script-src 'self'] - expected: NOTRUN - - [Cross-origin `importScripts()` blocked in blob: with script-src 'self'] - expected: FAIL - - [`eval()` blocked in blob: with script-src 'self'] - expected: FAIL - - [`setTimeout([string\])` blocked in blob: with script-src 'self'] - expected: FAIL - [Reports are sent for blob: with script-src 'self'] expected: FAIL - - [dedicatedworker-script-src] - expected: TIMEOUT diff --git a/tests/wpt/meta/content-security-policy/worker-src/dedicated-none.sub.html.ini b/tests/wpt/meta/content-security-policy/worker-src/dedicated-none.sub.html.ini index 33e648d1faa..c60bb15fd8f 100644 --- a/tests/wpt/meta/content-security-policy/worker-src/dedicated-none.sub.html.ini +++ b/tests/wpt/meta/content-security-policy/worker-src/dedicated-none.sub.html.ini @@ -1,7 +1,4 @@ [dedicated-none.sub.html] expected: TIMEOUT - [Same-origin dedicated worker blocked by host-source expression.] - expected: TIMEOUT - [blob: dedicated worker blocked by 'blob:'.] expected: TIMEOUT diff --git a/tests/wpt/meta/content-security-policy/worker-src/dedicated-worker-src-child-fallback-blocked.sub.html.ini b/tests/wpt/meta/content-security-policy/worker-src/dedicated-worker-src-child-fallback-blocked.sub.html.ini deleted file mode 100644 index 84fd9e4b730..00000000000 --- a/tests/wpt/meta/content-security-policy/worker-src/dedicated-worker-src-child-fallback-blocked.sub.html.ini +++ /dev/null @@ -1,4 +0,0 @@ -[dedicated-worker-src-child-fallback-blocked.sub.html] - expected: TIMEOUT - [Same-origin dedicated worker allowed by worker-src 'self'.] - expected: TIMEOUT diff --git a/tests/wpt/tests/content-security-policy/generic/test-case.sub.js b/tests/wpt/tests/content-security-policy/generic/test-case.sub.js index d9a6494dd36..43171f5b1fa 100644 --- a/tests/wpt/tests/content-security-policy/generic/test-case.sub.js +++ b/tests/wpt/tests/content-security-policy/generic/test-case.sub.js @@ -57,6 +57,12 @@ function TestCase(scenarios, sanityChecker) { // https://bugzilla.mozilla.org/show_bug.cgi?id=1808911 // In Firefox sometimes violations from Worklets are delayed. timeout = 10; + } else if (scenario.subresource.startsWith('worker-') && + navigator.userAgent.includes("Servo/")) { + // In Servo, worker violations are also delayed, as they are + // sent via IPC. However, they typically arrive relatively + // quickly after that. + timeout = 1; } await new Promise(resolve => setTimeout(resolve, timeout)); diff --git a/tests/wpt/tests/content-security-policy/inside-worker/dedicatedworker-worker-src.html b/tests/wpt/tests/content-security-policy/inside-worker/dedicatedworker-worker-src.html new file mode 100644 index 00000000000..072ea1ac64e --- /dev/null +++ b/tests/wpt/tests/content-security-policy/inside-worker/dedicatedworker-worker-src.html @@ -0,0 +1,18 @@ + + + + + diff --git a/tests/wpt/tests/content-security-policy/inside-worker/support/worker-src-none.sub.js b/tests/wpt/tests/content-security-policy/inside-worker/support/worker-src-none.sub.js new file mode 100644 index 00000000000..76ba0684caa --- /dev/null +++ b/tests/wpt/tests/content-security-policy/inside-worker/support/worker-src-none.sub.js @@ -0,0 +1,27 @@ +importScripts("{{location[server]}}/resources/testharness.js"); +importScripts("{{location[server]}}/content-security-policy/support/testharness-helper.js"); + +let cspEventFiredInDocument = false; +self.addEventListener("message", e => { + if (e.data == "SecurityPolicyViolation from Document") { + cspEventFiredInDocument = true; + } +}); + +async_test(t => { + const url = new URL("{{location[server]}}/content-security-policy/support/ping.js").toString(); + const w = new Worker(url); + w.onmessage = t.unreached_func("Ping should not be sent."); + Promise.all([ + waitUntilCSPEventForURL(t, url) + .then(t.step_func_done(e => { + assert_equals(e.blockedURI, url); + assert_equals(e.violatedDirective, "worker-src"); + assert_equals(e.effectiveDirective, "worker-src"); + assert_false(cspEventFiredInDocument, "Should not have fired event on document"); + })), + waitUntilEvent(w, "error"), + ]); +}, "Nested worker with worker-src is disallowed."); + +done();