From 20386d985490c7de38f1301a3c181cda68ff9ca5 Mon Sep 17 00:00:00 2001 From: Tim van der Lippe Date: Sun, 20 Jul 2025 18:00:28 +0200 Subject: [PATCH] Forward CSP violations from load_whole_resource to parent event loop (#38048) Any CSP violations happening when loading a worker should be reported on the global of the document that creates the worker. Since workers run in different threads, we can't pass in this parent global into the worker global scope. Instead, we need to send a message to the parent event loop to report it on the correct global. Part of https://github.com/servo/servo/issues/4577 Fixes https://github.com/servo/servo/issues/37027 Signed-off-by: Tim van der Lippe --- .../script/dom/dedicatedworkerglobalscope.rs | 24 +++++++++++++++-- components/script/dom/htmlscriptelement.rs | 2 +- .../script/dom/serviceworkerglobalscope.rs | 10 ++++++- components/script/dom/workerglobalscope.rs | 25 ++++++++++++++--- components/script/dom/worklet.rs | 10 ++++++- components/script/fetch.rs | 13 ++++++--- components/script/messaging.rs | 8 ++++++ components/script/script_thread.rs | 8 ++++++ tests/wpt/meta/MANIFEST.json | 13 ++++++++- .../blob/star-doesnt-match-blob.sub.html.ini | 3 --- .../child-src-worker-blocked.sub.html.ini | 4 --- .../worker-import-data.http.html.ini | 18 ------------- .../worker-import-data.https.html.ini | 18 ------------- .../worker-import-data.http.html.ini | 18 ------------- .../worker-import-data.https.html.ini | 18 ------------- .../worker-classic.http.html.ini | 6 ----- .../worker-classic.https.html.ini | 6 ----- .../worker-import-data.http.html.ini | 18 ------------- .../worker-import-data.https.html.ini | 18 ------------- .../worker-import.http.html.ini | 18 ------------- .../worker-import.https.html.ini | 18 ------------- .../worker-module.http.html.ini | 6 ----- .../worker-module.https.html.ini | 6 ----- .../worker-import-data.http.html.ini | 18 ------------- .../worker-import-data.https.html.ini | 18 ------------- .../worker-import-data.http.html.ini | 18 ------------- .../worker-import-data.https.html.ini | 18 ------------- .../worker-import-data.http.html.ini | 18 ------------- .../worker-import-data.https.html.ini | 18 ------------- .../worker-import-data.http.html.ini | 18 ------------- .../worker-import-data.https.html.ini | 18 ------------- .../worker-classic.http.html.ini | 6 ----- .../worker-classic.https.html.ini | 6 ----- .../worker-import-data.http.html.ini | 18 ------------- .../worker-import-data.https.html.ini | 18 ------------- .../worker-import.http.html.ini | 18 ------------- .../worker-import.https.html.ini | 18 ------------- .../worker-module.http.html.ini | 6 ----- .../worker-module.https.html.ini | 6 ----- .../worker-import-data.http.html.ini | 18 ------------- .../worker-import-data.https.html.ini | 18 ------------- .../worker-import-data.http.html.ini | 18 ------------- .../worker-import-data.https.html.ini | 18 ------------- .../dedicatedworker-script-src.html.ini | 25 ----------------- .../worker-src/dedicated-none.sub.html.ini | 3 --- ...er-src-child-fallback-blocked.sub.html.ini | 4 --- .../generic/test-case.sub.js | 6 +++++ .../dedicatedworker-worker-src.html | 18 +++++++++++++ .../support/worker-src-none.sub.js | 27 +++++++++++++++++++ 49 files changed, 152 insertions(+), 531 deletions(-) delete mode 100644 tests/wpt/meta/content-security-policy/blob/star-doesnt-match-blob.sub.html.ini delete mode 100644 tests/wpt/meta/content-security-policy/child-src/child-src-worker-blocked.sub.html.ini delete mode 100644 tests/wpt/meta/content-security-policy/gen/top.http-rp/script-src-self/worker-import-data.http.html.ini delete mode 100644 tests/wpt/meta/content-security-policy/gen/top.http-rp/script-src-self/worker-import-data.https.html.ini delete mode 100644 tests/wpt/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/worker-import-data.http.html.ini delete mode 100644 tests/wpt/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/worker-import-data.https.html.ini delete mode 100644 tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-none/worker-classic.http.html.ini delete mode 100644 tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-none/worker-classic.https.html.ini delete mode 100644 tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-none/worker-import-data.http.html.ini delete mode 100644 tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-none/worker-import-data.https.html.ini delete mode 100644 tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-none/worker-import.http.html.ini delete mode 100644 tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-none/worker-import.https.html.ini delete mode 100644 tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-none/worker-module.http.html.ini delete mode 100644 tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-none/worker-module.https.html.ini delete mode 100644 tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-self/worker-import-data.http.html.ini delete mode 100644 tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-self/worker-import-data.https.html.ini delete mode 100644 tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/worker-import-data.http.html.ini delete mode 100644 tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/worker-import-data.https.html.ini delete mode 100644 tests/wpt/meta/content-security-policy/gen/top.meta/script-src-self/worker-import-data.http.html.ini delete mode 100644 tests/wpt/meta/content-security-policy/gen/top.meta/script-src-self/worker-import-data.https.html.ini delete mode 100644 tests/wpt/meta/content-security-policy/gen/top.meta/script-src-wildcard/worker-import-data.http.html.ini delete mode 100644 tests/wpt/meta/content-security-policy/gen/top.meta/script-src-wildcard/worker-import-data.https.html.ini delete mode 100644 tests/wpt/meta/content-security-policy/gen/top.meta/worker-src-none/worker-classic.http.html.ini delete mode 100644 tests/wpt/meta/content-security-policy/gen/top.meta/worker-src-none/worker-classic.https.html.ini delete mode 100644 tests/wpt/meta/content-security-policy/gen/top.meta/worker-src-none/worker-import-data.http.html.ini delete mode 100644 tests/wpt/meta/content-security-policy/gen/top.meta/worker-src-none/worker-import-data.https.html.ini delete mode 100644 tests/wpt/meta/content-security-policy/gen/top.meta/worker-src-none/worker-import.http.html.ini delete mode 100644 tests/wpt/meta/content-security-policy/gen/top.meta/worker-src-none/worker-import.https.html.ini delete mode 100644 tests/wpt/meta/content-security-policy/gen/top.meta/worker-src-none/worker-module.http.html.ini delete mode 100644 tests/wpt/meta/content-security-policy/gen/top.meta/worker-src-none/worker-module.https.html.ini delete mode 100644 tests/wpt/meta/content-security-policy/gen/top.meta/worker-src-self/worker-import-data.http.html.ini delete mode 100644 tests/wpt/meta/content-security-policy/gen/top.meta/worker-src-self/worker-import-data.https.html.ini delete mode 100644 tests/wpt/meta/content-security-policy/gen/top.meta/worker-src-wildcard/worker-import-data.http.html.ini delete mode 100644 tests/wpt/meta/content-security-policy/gen/top.meta/worker-src-wildcard/worker-import-data.https.html.ini delete mode 100644 tests/wpt/meta/content-security-policy/worker-src/dedicated-worker-src-child-fallback-blocked.sub.html.ini create mode 100644 tests/wpt/tests/content-security-policy/inside-worker/dedicatedworker-worker-src.html create mode 100644 tests/wpt/tests/content-security-policy/inside-worker/support/worker-src-none.sub.js diff --git a/components/script/dom/dedicatedworkerglobalscope.rs b/components/script/dom/dedicatedworkerglobalscope.rs index 7bc6343b13e..30404d23757 100644 --- a/components/script/dom/dedicatedworkerglobalscope.rs +++ b/components/script/dom/dedicatedworkerglobalscope.rs @@ -44,7 +44,7 @@ use crate::dom::bindings::str::DOMString; use crate::dom::bindings::structuredclone; use crate::dom::bindings::trace::{CustomTraceable, RootedTraceableBox}; use crate::dom::bindings::utils::define_all_exposed_interfaces; -use crate::dom::csp::parse_csp_list_from_metadata; +use crate::dom::csp::{Violation, parse_csp_list_from_metadata}; use crate::dom::errorevent::ErrorEvent; use crate::dom::event::{Event, EventBubbles, EventCancelable, EventStatus}; use crate::dom::eventtarget::EventTarget; @@ -55,7 +55,7 @@ use crate::dom::reportingendpoint::ReportingEndpoint; use crate::dom::webgpu::identityhub::IdentityHub; use crate::dom::worker::{TrustedWorkerAddress, Worker}; use crate::dom::workerglobalscope::WorkerGlobalScope; -use crate::fetch::load_whole_resource; +use crate::fetch::{CspViolationsProcessor, load_whole_resource}; use crate::messaging::{CommonScriptMsg, ScriptEventLoopReceiver, ScriptEventLoopSender}; use crate::realms::{AlreadyInRealm, InRealm, enter_realm}; use crate::script_runtime::ScriptThreadEventCategory::WorkerEvent; @@ -178,6 +178,22 @@ impl QueuedTaskConversion for DedicatedWorkerScriptMsg { unsafe_no_jsmanaged_fields!(TaskQueue); +struct DedicatedWorkerCspProcessor { + parent_event_loop_sender: ScriptEventLoopSender, + pipeline_id: PipelineId, +} + +impl CspViolationsProcessor for DedicatedWorkerCspProcessor { + fn process_csp_violations(&self, violations: Vec) { + let _ = self + .parent_event_loop_sender + .send(CommonScriptMsg::ReportCspViolations( + self.pipeline_id, + violations, + )); + } +} + // https://html.spec.whatwg.org/multipage/#dedicatedworkerglobalscope #[dom_struct] pub(crate) struct DedicatedWorkerGlobalScope { @@ -464,6 +480,10 @@ impl DedicatedWorkerGlobalScope { request, &global_scope.resource_threads().sender(), global_scope, + &DedicatedWorkerCspProcessor { + parent_event_loop_sender: parent_event_loop_sender.clone(), + pipeline_id, + }, CanGc::note(), ) { Err(e) => { diff --git a/components/script/dom/htmlscriptelement.rs b/components/script/dom/htmlscriptelement.rs index 65d6c07ba52..7a028504109 100644 --- a/components/script/dom/htmlscriptelement.rs +++ b/components/script/dom/htmlscriptelement.rs @@ -73,7 +73,7 @@ use crate::dom::trustedscript::TrustedScript; use crate::dom::trustedscripturl::TrustedScriptURL; use crate::dom::virtualmethods::VirtualMethods; use crate::dom::window::Window; -use crate::fetch::{create_a_potential_cors_request, load_whole_resource}; +use crate::fetch::create_a_potential_cors_request; use crate::network_listener::{self, NetworkListener, PreInvoke, ResourceTimingListener}; use crate::realms::enter_realm; use crate::script_module::{ diff --git a/components/script/dom/serviceworkerglobalscope.rs b/components/script/dom/serviceworkerglobalscope.rs index 9b431da9c0e..2758f1a71bb 100644 --- a/components/script/dom/serviceworkerglobalscope.rs +++ b/components/script/dom/serviceworkerglobalscope.rs @@ -39,6 +39,7 @@ use crate::dom::bindings::str::DOMString; use crate::dom::bindings::structuredclone; use crate::dom::bindings::trace::CustomTraceable; use crate::dom::bindings::utils::define_all_exposed_interfaces; +use crate::dom::csp::Violation; use crate::dom::dedicatedworkerglobalscope::AutoWorkerReset; use crate::dom::event::Event; use crate::dom::eventtarget::EventTarget; @@ -49,7 +50,7 @@ use crate::dom::globalscope::GlobalScope; use crate::dom::webgpu::identityhub::IdentityHub; use crate::dom::worker::TrustedWorkerAddress; use crate::dom::workerglobalscope::WorkerGlobalScope; -use crate::fetch::load_whole_resource; +use crate::fetch::{CspViolationsProcessor, load_whole_resource}; use crate::messaging::{CommonScriptMsg, ScriptEventLoopSender}; use crate::realms::{AlreadyInRealm, InRealm, enter_realm}; use crate::script_runtime::{CanGc, JSContext as SafeJSContext, Runtime, ThreadSafeJSContext}; @@ -133,6 +134,12 @@ pub(crate) enum MixedMessage { Timer, } +struct ServiceWorkerCspProcessor {} + +impl CspViolationsProcessor for ServiceWorkerCspProcessor { + fn process_csp_violations(&self, _violations: Vec) {} +} + #[dom_struct] pub(crate) struct ServiceWorkerGlobalScope { workerglobalscope: WorkerGlobalScope, @@ -360,6 +367,7 @@ impl ServiceWorkerGlobalScope { request, &resource_threads_sender, global.upcast(), + &ServiceWorkerCspProcessor {}, CanGc::note(), ) { Err(_) => { diff --git a/components/script/dom/workerglobalscope.rs b/components/script/dom/workerglobalscope.rs index 312968fd2f9..82fefa1180b 100644 --- a/components/script/dom/workerglobalscope.rs +++ b/components/script/dom/workerglobalscope.rs @@ -53,6 +53,7 @@ use crate::dom::bindings::settings_stack::AutoEntryScript; use crate::dom::bindings::str::{DOMString, USVString}; use crate::dom::bindings::trace::RootedTraceableBox; use crate::dom::crypto::Crypto; +use crate::dom::csp::{GlobalCspReporting, Violation}; use crate::dom::dedicatedworkerglobalscope::DedicatedWorkerGlobalScope; use crate::dom::globalscope::GlobalScope; use crate::dom::idbfactory::IDBFactory; @@ -68,7 +69,7 @@ use crate::dom::webgpu::identityhub::IdentityHub; use crate::dom::window::{base64_atob, base64_btoa}; use crate::dom::workerlocation::WorkerLocation; use crate::dom::workernavigator::WorkerNavigator; -use crate::fetch; +use crate::fetch::{CspViolationsProcessor, Fetch, load_whole_resource}; use crate::messaging::{CommonScriptMsg, ScriptEventLoopReceiver, ScriptEventLoopSender}; use crate::realms::{InRealm, enter_realm}; use crate::script_runtime::{CanGc, JSContext, JSContextHelper, Runtime}; @@ -413,10 +414,13 @@ impl WorkerGlobalScopeMethods for WorkerGlobalScope { ) .pipeline_id(Some(self.upcast::().pipeline_id())); - let (url, source) = match fetch::load_whole_resource( + let (url, source) = match load_whole_resource( request, &global_scope.resource_threads().sender(), global_scope, + &WorkerCspProcessor { + global_scope: DomRoot::from_ref(global_scope), + }, can_gc, ) { Err(_) => return Err(Error::Network), @@ -582,7 +586,7 @@ impl WorkerGlobalScopeMethods for WorkerGlobalScope { comp: InRealm, can_gc: CanGc, ) -> Rc { - fetch::Fetch(self.upcast(), input, init, comp, can_gc) + Fetch(self.upcast(), input, init, comp, can_gc) } // https://w3c.github.io/hr-time/#the-performance-attribute @@ -690,6 +694,10 @@ impl WorkerGlobalScope { reports_chan.send(ProcessReports::new(reports)); }); }, + CommonScriptMsg::ReportCspViolations(_, violations) => { + self.upcast::() + .report_csp_violations(violations, None, None); + }, } true } @@ -701,3 +709,14 @@ impl WorkerGlobalScope { .cancel_all_tasks_and_ignore_future_tasks(); } } + +struct WorkerCspProcessor { + global_scope: DomRoot, +} + +impl CspViolationsProcessor for WorkerCspProcessor { + fn process_csp_violations(&self, violations: Vec) { + self.global_scope + .report_csp_violations(violations, None, None); + } +} diff --git a/components/script/dom/worklet.rs b/components/script/dom/worklet.rs index 9d5e5cbafcb..35157e89a8f 100644 --- a/components/script/dom/worklet.rs +++ b/components/script/dom/worklet.rs @@ -41,6 +41,7 @@ use crate::dom::bindings::reflector::{DomGlobal, Reflector, reflect_dom_object}; use crate::dom::bindings::root::{Dom, DomRoot, RootCollection, ThreadLocalStackRoots}; use crate::dom::bindings::str::USVString; use crate::dom::bindings::trace::{CustomTraceable, JSTraceable, RootedTraceableBox}; +use crate::dom::csp::Violation; use crate::dom::globalscope::GlobalScope; use crate::dom::promise::Promise; #[cfg(feature = "testbinding")] @@ -49,7 +50,7 @@ use crate::dom::window::Window; use crate::dom::workletglobalscope::{ WorkletGlobalScope, WorkletGlobalScopeInit, WorkletGlobalScopeType, WorkletTask, }; -use crate::fetch::load_whole_resource; +use crate::fetch::{CspViolationsProcessor, load_whole_resource}; use crate::messaging::{CommonScriptMsg, MainThreadScriptMsg}; use crate::realms::InRealm; use crate::script_runtime::{CanGc, Runtime, ScriptThreadEventCategory}; @@ -433,6 +434,12 @@ struct WorkletThreadInit { global_init: WorkletGlobalScopeInit, } +struct WorkletCspProcessor {} + +impl CspViolationsProcessor for WorkletCspProcessor { + fn process_csp_violations(&self, _violations: Vec) {} +} + /// A thread for executing worklets. #[cfg_attr(crown, crown::unrooted_must_root_lint::must_root)] struct WorkletThread { @@ -671,6 +678,7 @@ impl WorkletThread { request, &resource_fetcher, global_scope.upcast::(), + &WorkletCspProcessor {}, can_gc, ) .ok() diff --git a/components/script/fetch.rs b/components/script/fetch.rs index bf546494084..d9a52d0e448 100644 --- a/components/script/fetch.rs +++ b/components/script/fetch.rs @@ -337,11 +337,16 @@ fn fill_headers_with_metadata(r: DomRoot, m: Metadata, can_gc: CanGc) r.set_redirected(m.redirected); } +pub(crate) trait CspViolationsProcessor { + fn process_csp_violations(&self, violations: Vec); +} + /// Convenience function for synchronously loading a whole resource. pub(crate) fn load_whole_resource( request: RequestBuilder, core_resource_thread: &CoreResourceThread, global: &GlobalScope, + csp_violations_processor: &dyn CspViolationsProcessor, can_gc: CanGc, ) -> Result<(Metadata, Vec), NetworkError> { let request = request.https_state(global.get_https_state()); @@ -358,9 +363,8 @@ pub(crate) fn load_whole_resource( let mut metadata = None; loop { match action_receiver.recv().unwrap() { - FetchResponseMsg::ProcessRequestBody(..) | - FetchResponseMsg::ProcessRequestEOF(..) | - FetchResponseMsg::ProcessCspViolations(..) => {}, + FetchResponseMsg::ProcessRequestBody(..) | FetchResponseMsg::ProcessRequestEOF(..) => { + }, FetchResponseMsg::ProcessResponse(_, Ok(m)) => { metadata = Some(match m { FetchMetadata::Unfiltered(m) => m, @@ -377,6 +381,9 @@ pub(crate) fn load_whole_resource( }, FetchResponseMsg::ProcessResponse(_, Err(e)) | FetchResponseMsg::ProcessResponseEOF(_, Err(e)) => return Err(e), + FetchResponseMsg::ProcessCspViolations(_, violations) => { + csp_violations_processor.process_csp_violations(violations); + }, } } } diff --git a/components/script/messaging.rs b/components/script/messaging.rs index 8294d977944..57665183f67 100644 --- a/components/script/messaging.rs +++ b/components/script/messaging.rs @@ -27,6 +27,7 @@ use webgpu_traits::WebGPUMsg; use crate::dom::abstractworker::WorkerScriptMsg; use crate::dom::bindings::trace::CustomTraceable; +use crate::dom::csp::Violation; use crate::dom::dedicatedworkerglobalscope::DedicatedWorkerScriptMsg; use crate::dom::serviceworkerglobalscope::ServiceWorkerScriptMsg; use crate::dom::worker::TrustedWorkerAddress; @@ -99,6 +100,10 @@ impl MixedMessage { *pipeline_id }, MainThreadScriptMsg::Common(CommonScriptMsg::CollectReports(_)) => None, + MainThreadScriptMsg::Common(CommonScriptMsg::ReportCspViolations( + pipeline_id, + _, + )) => Some(*pipeline_id), MainThreadScriptMsg::NavigationResponse { pipeline_id, .. } => Some(*pipeline_id), MainThreadScriptMsg::WorkletLoaded(pipeline_id) => Some(*pipeline_id), MainThreadScriptMsg::RegisterPaintWorklet { pipeline_id, .. } => Some(*pipeline_id), @@ -157,6 +162,8 @@ pub(crate) enum CommonScriptMsg { Option, TaskSourceName, ), + /// Report CSP violations in the script + ReportCspViolations(PipelineId, Vec), } impl fmt::Debug for CommonScriptMsg { @@ -166,6 +173,7 @@ impl fmt::Debug for CommonScriptMsg { CommonScriptMsg::Task(ref category, ref task, _, _) => { f.debug_tuple("Task").field(category).field(task).finish() }, + CommonScriptMsg::ReportCspViolations(..) => write!(f, "ReportCspViolations(...)"), } } } diff --git a/components/script/script_thread.rs b/components/script/script_thread.rs index 91ab7bbabbc..4e406a9d1f5 100644 --- a/components/script/script_thread.rs +++ b/components/script/script_thread.rs @@ -2087,6 +2087,14 @@ impl ScriptThread { MainThreadScriptMsg::Common(CommonScriptMsg::CollectReports(chan)) => { self.collect_reports(chan) }, + MainThreadScriptMsg::Common(CommonScriptMsg::ReportCspViolations( + pipeline_id, + violations, + )) => { + if let Some(global) = self.documents.borrow().find_global(pipeline_id) { + global.report_csp_violations(violations, None, None); + } + }, MainThreadScriptMsg::NavigationResponse { pipeline_id, message, diff --git a/tests/wpt/meta/MANIFEST.json b/tests/wpt/meta/MANIFEST.json index 92ca51fa3c3..12520bf7227 100644 --- a/tests/wpt/meta/MANIFEST.json +++ b/tests/wpt/meta/MANIFEST.json @@ -401224,7 +401224,7 @@ ] }, "test-case.sub.js": [ - "d9a6494dd36af93f0e66209525caf6de37e9368b", + "43171f5b1fafaf098880506efe42da92d742d25f", [] ], "unreached.js": [ @@ -401361,6 +401361,10 @@ "script-src-self.sub.js": [ "aac5b4326d5304825dfbdd5c9d701f504b996bb4", [] + ], + "worker-src-none.sub.js": [ + "76ba0684caac7e635f714ae586def5a8460ed75b", + [] ] } }, @@ -577596,6 +577600,13 @@ {} ] ], + "dedicatedworker-worker-src.html": [ + "072ea1ac64eda1771a960d78766ba6958a469256", + [ + null, + {} + ] + ], "serviceworker-connect-src.https.sub.html": [ "f455fe6a168ce464b60e57b08974c3d021a501af", [ diff --git a/tests/wpt/meta/content-security-policy/blob/star-doesnt-match-blob.sub.html.ini b/tests/wpt/meta/content-security-policy/blob/star-doesnt-match-blob.sub.html.ini deleted file mode 100644 index 179a42c0c69..00000000000 --- a/tests/wpt/meta/content-security-policy/blob/star-doesnt-match-blob.sub.html.ini +++ /dev/null @@ -1,3 +0,0 @@ -[star-doesnt-match-blob.sub.html] - [Expecting logs: ["violated-directive=worker-src","TEST COMPLETE"\]] - expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/child-src/child-src-worker-blocked.sub.html.ini b/tests/wpt/meta/content-security-policy/child-src/child-src-worker-blocked.sub.html.ini deleted file mode 100644 index 00dc3a8948a..00000000000 --- a/tests/wpt/meta/content-security-policy/child-src/child-src-worker-blocked.sub.html.ini +++ /dev/null @@ -1,4 +0,0 @@ -[child-src-worker-blocked.sub.html] - expected: TIMEOUT - [Should throw a securitypolicyviolation event] - expected: TIMEOUT diff --git a/tests/wpt/meta/content-security-policy/gen/top.http-rp/script-src-self/worker-import-data.http.html.ini b/tests/wpt/meta/content-security-policy/gen/top.http-rp/script-src-self/worker-import-data.http.html.ini deleted file mode 100644 index 437d2f9f629..00000000000 --- a/tests/wpt/meta/content-security-policy/gen/top.http-rp/script-src-self/worker-import-data.http.html.ini +++ /dev/null @@ -1,18 +0,0 @@ -[worker-import-data.http.html] - [Content Security Policy: Expects blocked for worker-import-data to cross-http origin and keep-origin redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to cross-http origin and no-redirect redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to cross-http origin and swap-origin redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to same-http origin and keep-origin redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to same-http origin and no-redirect redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to same-http origin and swap-origin redirection from http context.: securitypolicyviolation] - expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/gen/top.http-rp/script-src-self/worker-import-data.https.html.ini b/tests/wpt/meta/content-security-policy/gen/top.http-rp/script-src-self/worker-import-data.https.html.ini deleted file mode 100644 index 7ae7249b54b..00000000000 --- a/tests/wpt/meta/content-security-policy/gen/top.http-rp/script-src-self/worker-import-data.https.html.ini +++ /dev/null @@ -1,18 +0,0 @@ -[worker-import-data.https.html] - [Content Security Policy: Expects blocked for worker-import-data to cross-https origin and keep-origin redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to cross-https origin and no-redirect redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to cross-https origin and swap-origin redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to same-https origin and keep-origin redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to same-https origin and no-redirect redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to same-https origin and swap-origin redirection from https context.: securitypolicyviolation] - expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/worker-import-data.http.html.ini b/tests/wpt/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/worker-import-data.http.html.ini deleted file mode 100644 index 437d2f9f629..00000000000 --- a/tests/wpt/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/worker-import-data.http.html.ini +++ /dev/null @@ -1,18 +0,0 @@ -[worker-import-data.http.html] - [Content Security Policy: Expects blocked for worker-import-data to cross-http origin and keep-origin redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to cross-http origin and no-redirect redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to cross-http origin and swap-origin redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to same-http origin and keep-origin redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to same-http origin and no-redirect redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to same-http origin and swap-origin redirection from http context.: securitypolicyviolation] - expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/worker-import-data.https.html.ini b/tests/wpt/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/worker-import-data.https.html.ini deleted file mode 100644 index 7ae7249b54b..00000000000 --- a/tests/wpt/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/worker-import-data.https.html.ini +++ /dev/null @@ -1,18 +0,0 @@ -[worker-import-data.https.html] - [Content Security Policy: Expects blocked for worker-import-data to cross-https origin and keep-origin redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to cross-https origin and no-redirect redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to cross-https origin and swap-origin redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to same-https origin and keep-origin redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to same-https origin and no-redirect redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to same-https origin and swap-origin redirection from https context.: securitypolicyviolation] - expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-none/worker-classic.http.html.ini b/tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-none/worker-classic.http.html.ini deleted file mode 100644 index c1baa1ca94c..00000000000 --- a/tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-none/worker-classic.http.html.ini +++ /dev/null @@ -1,6 +0,0 @@ -[worker-classic.http.html] - [Content Security Policy: Expects blocked for worker-classic to same-http origin and keep-origin redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-classic to same-http origin and no-redirect redirection from http context.: securitypolicyviolation] - expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-none/worker-classic.https.html.ini b/tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-none/worker-classic.https.html.ini deleted file mode 100644 index 1e57b472300..00000000000 --- a/tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-none/worker-classic.https.html.ini +++ /dev/null @@ -1,6 +0,0 @@ -[worker-classic.https.html] - [Content Security Policy: Expects blocked for worker-classic to same-https origin and keep-origin redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-classic to same-https origin and no-redirect redirection from https context.: securitypolicyviolation] - expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-none/worker-import-data.http.html.ini b/tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-none/worker-import-data.http.html.ini deleted file mode 100644 index 437d2f9f629..00000000000 --- a/tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-none/worker-import-data.http.html.ini +++ /dev/null @@ -1,18 +0,0 @@ -[worker-import-data.http.html] - [Content Security Policy: Expects blocked for worker-import-data to cross-http origin and keep-origin redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to cross-http origin and no-redirect redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to cross-http origin and swap-origin redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to same-http origin and keep-origin redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to same-http origin and no-redirect redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to same-http origin and swap-origin redirection from http context.: securitypolicyviolation] - expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-none/worker-import-data.https.html.ini b/tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-none/worker-import-data.https.html.ini deleted file mode 100644 index 7ae7249b54b..00000000000 --- a/tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-none/worker-import-data.https.html.ini +++ /dev/null @@ -1,18 +0,0 @@ -[worker-import-data.https.html] - [Content Security Policy: Expects blocked for worker-import-data to cross-https origin and keep-origin redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to cross-https origin and no-redirect redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to cross-https origin and swap-origin redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to same-https origin and keep-origin redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to same-https origin and no-redirect redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to same-https origin and swap-origin redirection from https context.: securitypolicyviolation] - expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-none/worker-import.http.html.ini b/tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-none/worker-import.http.html.ini deleted file mode 100644 index de8aee6d0d9..00000000000 --- a/tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-none/worker-import.http.html.ini +++ /dev/null @@ -1,18 +0,0 @@ -[worker-import.http.html] - [Content Security Policy: Expects blocked for worker-import to cross-http origin and keep-origin redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import to cross-http origin and no-redirect redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import to cross-http origin and swap-origin redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import to same-http origin and keep-origin redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import to same-http origin and no-redirect redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import to same-http origin and swap-origin redirection from http context.: securitypolicyviolation] - expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-none/worker-import.https.html.ini b/tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-none/worker-import.https.html.ini deleted file mode 100644 index 083522812e5..00000000000 --- a/tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-none/worker-import.https.html.ini +++ /dev/null @@ -1,18 +0,0 @@ -[worker-import.https.html] - [Content Security Policy: Expects blocked for worker-import to cross-https origin and keep-origin redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import to cross-https origin and no-redirect redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import to cross-https origin and swap-origin redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import to same-https origin and keep-origin redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import to same-https origin and no-redirect redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import to same-https origin and swap-origin redirection from https context.: securitypolicyviolation] - expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-none/worker-module.http.html.ini b/tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-none/worker-module.http.html.ini deleted file mode 100644 index 8c6ad15c0ec..00000000000 --- a/tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-none/worker-module.http.html.ini +++ /dev/null @@ -1,6 +0,0 @@ -[worker-module.http.html] - [Content Security Policy: Expects blocked for worker-module to same-http origin and keep-origin redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-module to same-http origin and no-redirect redirection from http context.: securitypolicyviolation] - expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-none/worker-module.https.html.ini b/tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-none/worker-module.https.html.ini deleted file mode 100644 index 30aa1c64f98..00000000000 --- a/tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-none/worker-module.https.html.ini +++ /dev/null @@ -1,6 +0,0 @@ -[worker-module.https.html] - [Content Security Policy: Expects blocked for worker-module to same-https origin and keep-origin redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-module to same-https origin and no-redirect redirection from https context.: securitypolicyviolation] - expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-self/worker-import-data.http.html.ini b/tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-self/worker-import-data.http.html.ini deleted file mode 100644 index 437d2f9f629..00000000000 --- a/tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-self/worker-import-data.http.html.ini +++ /dev/null @@ -1,18 +0,0 @@ -[worker-import-data.http.html] - [Content Security Policy: Expects blocked for worker-import-data to cross-http origin and keep-origin redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to cross-http origin and no-redirect redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to cross-http origin and swap-origin redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to same-http origin and keep-origin redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to same-http origin and no-redirect redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to same-http origin and swap-origin redirection from http context.: securitypolicyviolation] - expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-self/worker-import-data.https.html.ini b/tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-self/worker-import-data.https.html.ini deleted file mode 100644 index 7ae7249b54b..00000000000 --- a/tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-self/worker-import-data.https.html.ini +++ /dev/null @@ -1,18 +0,0 @@ -[worker-import-data.https.html] - [Content Security Policy: Expects blocked for worker-import-data to cross-https origin and keep-origin redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to cross-https origin and no-redirect redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to cross-https origin and swap-origin redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to same-https origin and keep-origin redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to same-https origin and no-redirect redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to same-https origin and swap-origin redirection from https context.: securitypolicyviolation] - expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/worker-import-data.http.html.ini b/tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/worker-import-data.http.html.ini deleted file mode 100644 index 437d2f9f629..00000000000 --- a/tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/worker-import-data.http.html.ini +++ /dev/null @@ -1,18 +0,0 @@ -[worker-import-data.http.html] - [Content Security Policy: Expects blocked for worker-import-data to cross-http origin and keep-origin redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to cross-http origin and no-redirect redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to cross-http origin and swap-origin redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to same-http origin and keep-origin redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to same-http origin and no-redirect redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to same-http origin and swap-origin redirection from http context.: securitypolicyviolation] - expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/worker-import-data.https.html.ini b/tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/worker-import-data.https.html.ini deleted file mode 100644 index 7ae7249b54b..00000000000 --- a/tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/worker-import-data.https.html.ini +++ /dev/null @@ -1,18 +0,0 @@ -[worker-import-data.https.html] - [Content Security Policy: Expects blocked for worker-import-data to cross-https origin and keep-origin redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to cross-https origin and no-redirect redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to cross-https origin and swap-origin redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to same-https origin and keep-origin redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to same-https origin and no-redirect redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to same-https origin and swap-origin redirection from https context.: securitypolicyviolation] - expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/gen/top.meta/script-src-self/worker-import-data.http.html.ini b/tests/wpt/meta/content-security-policy/gen/top.meta/script-src-self/worker-import-data.http.html.ini deleted file mode 100644 index 437d2f9f629..00000000000 --- a/tests/wpt/meta/content-security-policy/gen/top.meta/script-src-self/worker-import-data.http.html.ini +++ /dev/null @@ -1,18 +0,0 @@ -[worker-import-data.http.html] - [Content Security Policy: Expects blocked for worker-import-data to cross-http origin and keep-origin redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to cross-http origin and no-redirect redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to cross-http origin and swap-origin redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to same-http origin and keep-origin redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to same-http origin and no-redirect redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to same-http origin and swap-origin redirection from http context.: securitypolicyviolation] - expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/gen/top.meta/script-src-self/worker-import-data.https.html.ini b/tests/wpt/meta/content-security-policy/gen/top.meta/script-src-self/worker-import-data.https.html.ini deleted file mode 100644 index 7ae7249b54b..00000000000 --- a/tests/wpt/meta/content-security-policy/gen/top.meta/script-src-self/worker-import-data.https.html.ini +++ /dev/null @@ -1,18 +0,0 @@ -[worker-import-data.https.html] - [Content Security Policy: Expects blocked for worker-import-data to cross-https origin and keep-origin redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to cross-https origin and no-redirect redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to cross-https origin and swap-origin redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to same-https origin and keep-origin redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to same-https origin and no-redirect redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to same-https origin and swap-origin redirection from https context.: securitypolicyviolation] - expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/gen/top.meta/script-src-wildcard/worker-import-data.http.html.ini b/tests/wpt/meta/content-security-policy/gen/top.meta/script-src-wildcard/worker-import-data.http.html.ini deleted file mode 100644 index 437d2f9f629..00000000000 --- a/tests/wpt/meta/content-security-policy/gen/top.meta/script-src-wildcard/worker-import-data.http.html.ini +++ /dev/null @@ -1,18 +0,0 @@ -[worker-import-data.http.html] - [Content Security Policy: Expects blocked for worker-import-data to cross-http origin and keep-origin redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to cross-http origin and no-redirect redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to cross-http origin and swap-origin redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to same-http origin and keep-origin redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to same-http origin and no-redirect redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to same-http origin and swap-origin redirection from http context.: securitypolicyviolation] - expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/gen/top.meta/script-src-wildcard/worker-import-data.https.html.ini b/tests/wpt/meta/content-security-policy/gen/top.meta/script-src-wildcard/worker-import-data.https.html.ini deleted file mode 100644 index 7ae7249b54b..00000000000 --- a/tests/wpt/meta/content-security-policy/gen/top.meta/script-src-wildcard/worker-import-data.https.html.ini +++ /dev/null @@ -1,18 +0,0 @@ -[worker-import-data.https.html] - [Content Security Policy: Expects blocked for worker-import-data to cross-https origin and keep-origin redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to cross-https origin and no-redirect redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to cross-https origin and swap-origin redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to same-https origin and keep-origin redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to same-https origin and no-redirect redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to same-https origin and swap-origin redirection from https context.: securitypolicyviolation] - expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/gen/top.meta/worker-src-none/worker-classic.http.html.ini b/tests/wpt/meta/content-security-policy/gen/top.meta/worker-src-none/worker-classic.http.html.ini deleted file mode 100644 index c1baa1ca94c..00000000000 --- a/tests/wpt/meta/content-security-policy/gen/top.meta/worker-src-none/worker-classic.http.html.ini +++ /dev/null @@ -1,6 +0,0 @@ -[worker-classic.http.html] - [Content Security Policy: Expects blocked for worker-classic to same-http origin and keep-origin redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-classic to same-http origin and no-redirect redirection from http context.: securitypolicyviolation] - expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/gen/top.meta/worker-src-none/worker-classic.https.html.ini b/tests/wpt/meta/content-security-policy/gen/top.meta/worker-src-none/worker-classic.https.html.ini deleted file mode 100644 index 1e57b472300..00000000000 --- a/tests/wpt/meta/content-security-policy/gen/top.meta/worker-src-none/worker-classic.https.html.ini +++ /dev/null @@ -1,6 +0,0 @@ -[worker-classic.https.html] - [Content Security Policy: Expects blocked for worker-classic to same-https origin and keep-origin redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-classic to same-https origin and no-redirect redirection from https context.: securitypolicyviolation] - expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/gen/top.meta/worker-src-none/worker-import-data.http.html.ini b/tests/wpt/meta/content-security-policy/gen/top.meta/worker-src-none/worker-import-data.http.html.ini deleted file mode 100644 index 437d2f9f629..00000000000 --- a/tests/wpt/meta/content-security-policy/gen/top.meta/worker-src-none/worker-import-data.http.html.ini +++ /dev/null @@ -1,18 +0,0 @@ -[worker-import-data.http.html] - [Content Security Policy: Expects blocked for worker-import-data to cross-http origin and keep-origin redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to cross-http origin and no-redirect redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to cross-http origin and swap-origin redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to same-http origin and keep-origin redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to same-http origin and no-redirect redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to same-http origin and swap-origin redirection from http context.: securitypolicyviolation] - expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/gen/top.meta/worker-src-none/worker-import-data.https.html.ini b/tests/wpt/meta/content-security-policy/gen/top.meta/worker-src-none/worker-import-data.https.html.ini deleted file mode 100644 index 7ae7249b54b..00000000000 --- a/tests/wpt/meta/content-security-policy/gen/top.meta/worker-src-none/worker-import-data.https.html.ini +++ /dev/null @@ -1,18 +0,0 @@ -[worker-import-data.https.html] - [Content Security Policy: Expects blocked for worker-import-data to cross-https origin and keep-origin redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to cross-https origin and no-redirect redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to cross-https origin and swap-origin redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to same-https origin and keep-origin redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to same-https origin and no-redirect redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to same-https origin and swap-origin redirection from https context.: securitypolicyviolation] - expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/gen/top.meta/worker-src-none/worker-import.http.html.ini b/tests/wpt/meta/content-security-policy/gen/top.meta/worker-src-none/worker-import.http.html.ini deleted file mode 100644 index de8aee6d0d9..00000000000 --- a/tests/wpt/meta/content-security-policy/gen/top.meta/worker-src-none/worker-import.http.html.ini +++ /dev/null @@ -1,18 +0,0 @@ -[worker-import.http.html] - [Content Security Policy: Expects blocked for worker-import to cross-http origin and keep-origin redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import to cross-http origin and no-redirect redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import to cross-http origin and swap-origin redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import to same-http origin and keep-origin redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import to same-http origin and no-redirect redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import to same-http origin and swap-origin redirection from http context.: securitypolicyviolation] - expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/gen/top.meta/worker-src-none/worker-import.https.html.ini b/tests/wpt/meta/content-security-policy/gen/top.meta/worker-src-none/worker-import.https.html.ini deleted file mode 100644 index 083522812e5..00000000000 --- a/tests/wpt/meta/content-security-policy/gen/top.meta/worker-src-none/worker-import.https.html.ini +++ /dev/null @@ -1,18 +0,0 @@ -[worker-import.https.html] - [Content Security Policy: Expects blocked for worker-import to cross-https origin and keep-origin redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import to cross-https origin and no-redirect redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import to cross-https origin and swap-origin redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import to same-https origin and keep-origin redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import to same-https origin and no-redirect redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import to same-https origin and swap-origin redirection from https context.: securitypolicyviolation] - expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/gen/top.meta/worker-src-none/worker-module.http.html.ini b/tests/wpt/meta/content-security-policy/gen/top.meta/worker-src-none/worker-module.http.html.ini deleted file mode 100644 index 8c6ad15c0ec..00000000000 --- a/tests/wpt/meta/content-security-policy/gen/top.meta/worker-src-none/worker-module.http.html.ini +++ /dev/null @@ -1,6 +0,0 @@ -[worker-module.http.html] - [Content Security Policy: Expects blocked for worker-module to same-http origin and keep-origin redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-module to same-http origin and no-redirect redirection from http context.: securitypolicyviolation] - expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/gen/top.meta/worker-src-none/worker-module.https.html.ini b/tests/wpt/meta/content-security-policy/gen/top.meta/worker-src-none/worker-module.https.html.ini deleted file mode 100644 index 30aa1c64f98..00000000000 --- a/tests/wpt/meta/content-security-policy/gen/top.meta/worker-src-none/worker-module.https.html.ini +++ /dev/null @@ -1,6 +0,0 @@ -[worker-module.https.html] - [Content Security Policy: Expects blocked for worker-module to same-https origin and keep-origin redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-module to same-https origin and no-redirect redirection from https context.: securitypolicyviolation] - expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/gen/top.meta/worker-src-self/worker-import-data.http.html.ini b/tests/wpt/meta/content-security-policy/gen/top.meta/worker-src-self/worker-import-data.http.html.ini deleted file mode 100644 index 437d2f9f629..00000000000 --- a/tests/wpt/meta/content-security-policy/gen/top.meta/worker-src-self/worker-import-data.http.html.ini +++ /dev/null @@ -1,18 +0,0 @@ -[worker-import-data.http.html] - [Content Security Policy: Expects blocked for worker-import-data to cross-http origin and keep-origin redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to cross-http origin and no-redirect redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to cross-http origin and swap-origin redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to same-http origin and keep-origin redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to same-http origin and no-redirect redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to same-http origin and swap-origin redirection from http context.: securitypolicyviolation] - expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/gen/top.meta/worker-src-self/worker-import-data.https.html.ini b/tests/wpt/meta/content-security-policy/gen/top.meta/worker-src-self/worker-import-data.https.html.ini deleted file mode 100644 index 7ae7249b54b..00000000000 --- a/tests/wpt/meta/content-security-policy/gen/top.meta/worker-src-self/worker-import-data.https.html.ini +++ /dev/null @@ -1,18 +0,0 @@ -[worker-import-data.https.html] - [Content Security Policy: Expects blocked for worker-import-data to cross-https origin and keep-origin redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to cross-https origin and no-redirect redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to cross-https origin and swap-origin redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to same-https origin and keep-origin redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to same-https origin and no-redirect redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to same-https origin and swap-origin redirection from https context.: securitypolicyviolation] - expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/gen/top.meta/worker-src-wildcard/worker-import-data.http.html.ini b/tests/wpt/meta/content-security-policy/gen/top.meta/worker-src-wildcard/worker-import-data.http.html.ini deleted file mode 100644 index 437d2f9f629..00000000000 --- a/tests/wpt/meta/content-security-policy/gen/top.meta/worker-src-wildcard/worker-import-data.http.html.ini +++ /dev/null @@ -1,18 +0,0 @@ -[worker-import-data.http.html] - [Content Security Policy: Expects blocked for worker-import-data to cross-http origin and keep-origin redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to cross-http origin and no-redirect redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to cross-http origin and swap-origin redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to same-http origin and keep-origin redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to same-http origin and no-redirect redirection from http context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to same-http origin and swap-origin redirection from http context.: securitypolicyviolation] - expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/gen/top.meta/worker-src-wildcard/worker-import-data.https.html.ini b/tests/wpt/meta/content-security-policy/gen/top.meta/worker-src-wildcard/worker-import-data.https.html.ini deleted file mode 100644 index 7ae7249b54b..00000000000 --- a/tests/wpt/meta/content-security-policy/gen/top.meta/worker-src-wildcard/worker-import-data.https.html.ini +++ /dev/null @@ -1,18 +0,0 @@ -[worker-import-data.https.html] - [Content Security Policy: Expects blocked for worker-import-data to cross-https origin and keep-origin redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to cross-https origin and no-redirect redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to cross-https origin and swap-origin redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to same-https origin and keep-origin redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to same-https origin and no-redirect redirection from https context.: securitypolicyviolation] - expected: FAIL - - [Content Security Policy: Expects blocked for worker-import-data to same-https origin and swap-origin redirection from https context.: securitypolicyviolation] - expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/inside-worker/dedicatedworker-script-src.html.ini b/tests/wpt/meta/content-security-policy/inside-worker/dedicatedworker-script-src.html.ini index 3bc4ce7feda..3fbf4e3f51c 100644 --- a/tests/wpt/meta/content-security-policy/inside-worker/dedicatedworker-script-src.html.ini +++ b/tests/wpt/meta/content-security-policy/inside-worker/dedicatedworker-script-src.html.ini @@ -1,28 +1,3 @@ [dedicatedworker-script-src.html] - expected: TIMEOUT - [Cross-origin `importScripts()` blocked in http: with script-src 'self'] - expected: TIMEOUT - - [`eval()` blocked in http: with script-src 'self'] - expected: NOTRUN - - [`setTimeout([string\])` blocked in http: with script-src 'self'] - expected: NOTRUN - - [Reports are sent for http: with script-src 'self'] - expected: NOTRUN - - [Cross-origin `importScripts()` blocked in blob: with script-src 'self'] - expected: FAIL - - [`eval()` blocked in blob: with script-src 'self'] - expected: FAIL - - [`setTimeout([string\])` blocked in blob: with script-src 'self'] - expected: FAIL - [Reports are sent for blob: with script-src 'self'] expected: FAIL - - [dedicatedworker-script-src] - expected: TIMEOUT diff --git a/tests/wpt/meta/content-security-policy/worker-src/dedicated-none.sub.html.ini b/tests/wpt/meta/content-security-policy/worker-src/dedicated-none.sub.html.ini index 33e648d1faa..c60bb15fd8f 100644 --- a/tests/wpt/meta/content-security-policy/worker-src/dedicated-none.sub.html.ini +++ b/tests/wpt/meta/content-security-policy/worker-src/dedicated-none.sub.html.ini @@ -1,7 +1,4 @@ [dedicated-none.sub.html] expected: TIMEOUT - [Same-origin dedicated worker blocked by host-source expression.] - expected: TIMEOUT - [blob: dedicated worker blocked by 'blob:'.] expected: TIMEOUT diff --git a/tests/wpt/meta/content-security-policy/worker-src/dedicated-worker-src-child-fallback-blocked.sub.html.ini b/tests/wpt/meta/content-security-policy/worker-src/dedicated-worker-src-child-fallback-blocked.sub.html.ini deleted file mode 100644 index 84fd9e4b730..00000000000 --- a/tests/wpt/meta/content-security-policy/worker-src/dedicated-worker-src-child-fallback-blocked.sub.html.ini +++ /dev/null @@ -1,4 +0,0 @@ -[dedicated-worker-src-child-fallback-blocked.sub.html] - expected: TIMEOUT - [Same-origin dedicated worker allowed by worker-src 'self'.] - expected: TIMEOUT diff --git a/tests/wpt/tests/content-security-policy/generic/test-case.sub.js b/tests/wpt/tests/content-security-policy/generic/test-case.sub.js index d9a6494dd36..43171f5b1fa 100644 --- a/tests/wpt/tests/content-security-policy/generic/test-case.sub.js +++ b/tests/wpt/tests/content-security-policy/generic/test-case.sub.js @@ -57,6 +57,12 @@ function TestCase(scenarios, sanityChecker) { // https://bugzilla.mozilla.org/show_bug.cgi?id=1808911 // In Firefox sometimes violations from Worklets are delayed. timeout = 10; + } else if (scenario.subresource.startsWith('worker-') && + navigator.userAgent.includes("Servo/")) { + // In Servo, worker violations are also delayed, as they are + // sent via IPC. However, they typically arrive relatively + // quickly after that. + timeout = 1; } await new Promise(resolve => setTimeout(resolve, timeout)); diff --git a/tests/wpt/tests/content-security-policy/inside-worker/dedicatedworker-worker-src.html b/tests/wpt/tests/content-security-policy/inside-worker/dedicatedworker-worker-src.html new file mode 100644 index 00000000000..072ea1ac64e --- /dev/null +++ b/tests/wpt/tests/content-security-policy/inside-worker/dedicatedworker-worker-src.html @@ -0,0 +1,18 @@ + + + + + diff --git a/tests/wpt/tests/content-security-policy/inside-worker/support/worker-src-none.sub.js b/tests/wpt/tests/content-security-policy/inside-worker/support/worker-src-none.sub.js new file mode 100644 index 00000000000..76ba0684caa --- /dev/null +++ b/tests/wpt/tests/content-security-policy/inside-worker/support/worker-src-none.sub.js @@ -0,0 +1,27 @@ +importScripts("{{location[server]}}/resources/testharness.js"); +importScripts("{{location[server]}}/content-security-policy/support/testharness-helper.js"); + +let cspEventFiredInDocument = false; +self.addEventListener("message", e => { + if (e.data == "SecurityPolicyViolation from Document") { + cspEventFiredInDocument = true; + } +}); + +async_test(t => { + const url = new URL("{{location[server]}}/content-security-policy/support/ping.js").toString(); + const w = new Worker(url); + w.onmessage = t.unreached_func("Ping should not be sent."); + Promise.all([ + waitUntilCSPEventForURL(t, url) + .then(t.step_func_done(e => { + assert_equals(e.blockedURI, url); + assert_equals(e.violatedDirective, "worker-src"); + assert_equals(e.effectiveDirective, "worker-src"); + assert_false(cspEventFiredInDocument, "Should not have fired event on document"); + })), + waitUntilEvent(w, "error"), + ]); +}, "Nested worker with worker-src is disallowed."); + +done();