mirror of
https://github.com/servo/servo.git
synced 2025-08-06 06:00:15 +01:00
Forward CSP violations from load_whole_resource to parent event loop (#38048)
Any CSP violations happening when loading a worker should be reported on the global of the document that creates the worker. Since workers run in different threads, we can't pass in this parent global into the worker global scope. Instead, we need to send a message to the parent event loop to report it on the correct global. Part of https://github.com/servo/servo/issues/4577 Fixes https://github.com/servo/servo/issues/37027 Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
This commit is contained in:
Tim van der Lippe
GitHub
parent
772c84633e
commit
20386d9854
49 changed files with 152 additions and 531 deletions
13
tests/wpt/meta/MANIFEST.json
vendored
13
tests/wpt/meta/MANIFEST.json
vendored
|
|
@ -401224,7 +401224,7 @@
|
|||
]
|
||||
},
|
||||
"test-case.sub.js": [
|
||||
"d9a6494dd36af93f0e66209525caf6de37e9368b",
|
||||
"43171f5b1fafaf098880506efe42da92d742d25f",
|
||||
[]
|
||||
],
|
||||
"unreached.js": [
|
||||
|
|
@ -401361,6 +401361,10 @@
|
|||
"script-src-self.sub.js": [
|
||||
"aac5b4326d5304825dfbdd5c9d701f504b996bb4",
|
||||
[]
|
||||
],
|
||||
"worker-src-none.sub.js": [
|
||||
"76ba0684caac7e635f714ae586def5a8460ed75b",
|
||||
[]
|
||||
]
|
||||
}
|
||||
},
|
||||
|
|
@ -577596,6 +577600,13 @@
|
|||
{}
|
||||
]
|
||||
],
|
||||
"dedicatedworker-worker-src.html": [
|
||||
"072ea1ac64eda1771a960d78766ba6958a469256",
|
||||
[
|
||||
null,
|
||||
{}
|
||||
]
|
||||
],
|
||||
"serviceworker-connect-src.https.sub.html": [
|
||||
"f455fe6a168ce464b60e57b08974c3d021a501af",
|
||||
[
|
||||
|
|
|
|||
|
|
@ -1,3 +0,0 @@
|
|||
[star-doesnt-match-blob.sub.html]
|
||||
[Expecting logs: ["violated-directive=worker-src","TEST COMPLETE"\]]
|
||||
expected: FAIL
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
[child-src-worker-blocked.sub.html]
|
||||
expected: TIMEOUT
|
||||
[Should throw a securitypolicyviolation event]
|
||||
expected: TIMEOUT
|
||||
|
|
@ -1,18 +0,0 @@
|
|||
[worker-import-data.http.html]
|
||||
[Content Security Policy: Expects blocked for worker-import-data to cross-http origin and keep-origin redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to cross-http origin and no-redirect redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to cross-http origin and swap-origin redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to same-http origin and keep-origin redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to same-http origin and no-redirect redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to same-http origin and swap-origin redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
|
@ -1,18 +0,0 @@
|
|||
[worker-import-data.https.html]
|
||||
[Content Security Policy: Expects blocked for worker-import-data to cross-https origin and keep-origin redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to cross-https origin and no-redirect redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to cross-https origin and swap-origin redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to same-https origin and keep-origin redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to same-https origin and no-redirect redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to same-https origin and swap-origin redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
|
@ -1,18 +0,0 @@
|
|||
[worker-import-data.http.html]
|
||||
[Content Security Policy: Expects blocked for worker-import-data to cross-http origin and keep-origin redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to cross-http origin and no-redirect redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to cross-http origin and swap-origin redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to same-http origin and keep-origin redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to same-http origin and no-redirect redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to same-http origin and swap-origin redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
|
@ -1,18 +0,0 @@
|
|||
[worker-import-data.https.html]
|
||||
[Content Security Policy: Expects blocked for worker-import-data to cross-https origin and keep-origin redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to cross-https origin and no-redirect redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to cross-https origin and swap-origin redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to same-https origin and keep-origin redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to same-https origin and no-redirect redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to same-https origin and swap-origin redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
[worker-classic.http.html]
|
||||
[Content Security Policy: Expects blocked for worker-classic to same-http origin and keep-origin redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-classic to same-http origin and no-redirect redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
[worker-classic.https.html]
|
||||
[Content Security Policy: Expects blocked for worker-classic to same-https origin and keep-origin redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-classic to same-https origin and no-redirect redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
|
@ -1,18 +0,0 @@
|
|||
[worker-import-data.http.html]
|
||||
[Content Security Policy: Expects blocked for worker-import-data to cross-http origin and keep-origin redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to cross-http origin and no-redirect redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to cross-http origin and swap-origin redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to same-http origin and keep-origin redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to same-http origin and no-redirect redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to same-http origin and swap-origin redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
|
@ -1,18 +0,0 @@
|
|||
[worker-import-data.https.html]
|
||||
[Content Security Policy: Expects blocked for worker-import-data to cross-https origin and keep-origin redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to cross-https origin and no-redirect redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to cross-https origin and swap-origin redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to same-https origin and keep-origin redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to same-https origin and no-redirect redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to same-https origin and swap-origin redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
|
@ -1,18 +0,0 @@
|
|||
[worker-import.http.html]
|
||||
[Content Security Policy: Expects blocked for worker-import to cross-http origin and keep-origin redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import to cross-http origin and no-redirect redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import to cross-http origin and swap-origin redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import to same-http origin and keep-origin redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import to same-http origin and no-redirect redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import to same-http origin and swap-origin redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
|
@ -1,18 +0,0 @@
|
|||
[worker-import.https.html]
|
||||
[Content Security Policy: Expects blocked for worker-import to cross-https origin and keep-origin redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import to cross-https origin and no-redirect redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import to cross-https origin and swap-origin redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import to same-https origin and keep-origin redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import to same-https origin and no-redirect redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import to same-https origin and swap-origin redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
[worker-module.http.html]
|
||||
[Content Security Policy: Expects blocked for worker-module to same-http origin and keep-origin redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-module to same-http origin and no-redirect redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
[worker-module.https.html]
|
||||
[Content Security Policy: Expects blocked for worker-module to same-https origin and keep-origin redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-module to same-https origin and no-redirect redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
|
@ -1,18 +0,0 @@
|
|||
[worker-import-data.http.html]
|
||||
[Content Security Policy: Expects blocked for worker-import-data to cross-http origin and keep-origin redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to cross-http origin and no-redirect redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to cross-http origin and swap-origin redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to same-http origin and keep-origin redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to same-http origin and no-redirect redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to same-http origin and swap-origin redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
|
@ -1,18 +0,0 @@
|
|||
[worker-import-data.https.html]
|
||||
[Content Security Policy: Expects blocked for worker-import-data to cross-https origin and keep-origin redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to cross-https origin and no-redirect redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to cross-https origin and swap-origin redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to same-https origin and keep-origin redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to same-https origin and no-redirect redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to same-https origin and swap-origin redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
|
@ -1,18 +0,0 @@
|
|||
[worker-import-data.http.html]
|
||||
[Content Security Policy: Expects blocked for worker-import-data to cross-http origin and keep-origin redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to cross-http origin and no-redirect redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to cross-http origin and swap-origin redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to same-http origin and keep-origin redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to same-http origin and no-redirect redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to same-http origin and swap-origin redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
|
@ -1,18 +0,0 @@
|
|||
[worker-import-data.https.html]
|
||||
[Content Security Policy: Expects blocked for worker-import-data to cross-https origin and keep-origin redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to cross-https origin and no-redirect redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to cross-https origin and swap-origin redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to same-https origin and keep-origin redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to same-https origin and no-redirect redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to same-https origin and swap-origin redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
|
@ -1,18 +0,0 @@
|
|||
[worker-import-data.http.html]
|
||||
[Content Security Policy: Expects blocked for worker-import-data to cross-http origin and keep-origin redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to cross-http origin and no-redirect redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to cross-http origin and swap-origin redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to same-http origin and keep-origin redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to same-http origin and no-redirect redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to same-http origin and swap-origin redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
|
@ -1,18 +0,0 @@
|
|||
[worker-import-data.https.html]
|
||||
[Content Security Policy: Expects blocked for worker-import-data to cross-https origin and keep-origin redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to cross-https origin and no-redirect redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to cross-https origin and swap-origin redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to same-https origin and keep-origin redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to same-https origin and no-redirect redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to same-https origin and swap-origin redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
|
@ -1,18 +0,0 @@
|
|||
[worker-import-data.http.html]
|
||||
[Content Security Policy: Expects blocked for worker-import-data to cross-http origin and keep-origin redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to cross-http origin and no-redirect redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to cross-http origin and swap-origin redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to same-http origin and keep-origin redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to same-http origin and no-redirect redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to same-http origin and swap-origin redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
|
@ -1,18 +0,0 @@
|
|||
[worker-import-data.https.html]
|
||||
[Content Security Policy: Expects blocked for worker-import-data to cross-https origin and keep-origin redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to cross-https origin and no-redirect redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to cross-https origin and swap-origin redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to same-https origin and keep-origin redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to same-https origin and no-redirect redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to same-https origin and swap-origin redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
[worker-classic.http.html]
|
||||
[Content Security Policy: Expects blocked for worker-classic to same-http origin and keep-origin redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-classic to same-http origin and no-redirect redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
[worker-classic.https.html]
|
||||
[Content Security Policy: Expects blocked for worker-classic to same-https origin and keep-origin redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-classic to same-https origin and no-redirect redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
|
@ -1,18 +0,0 @@
|
|||
[worker-import-data.http.html]
|
||||
[Content Security Policy: Expects blocked for worker-import-data to cross-http origin and keep-origin redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to cross-http origin and no-redirect redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to cross-http origin and swap-origin redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to same-http origin and keep-origin redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to same-http origin and no-redirect redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to same-http origin and swap-origin redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
|
@ -1,18 +0,0 @@
|
|||
[worker-import-data.https.html]
|
||||
[Content Security Policy: Expects blocked for worker-import-data to cross-https origin and keep-origin redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to cross-https origin and no-redirect redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to cross-https origin and swap-origin redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to same-https origin and keep-origin redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to same-https origin and no-redirect redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to same-https origin and swap-origin redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
|
@ -1,18 +0,0 @@
|
|||
[worker-import.http.html]
|
||||
[Content Security Policy: Expects blocked for worker-import to cross-http origin and keep-origin redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import to cross-http origin and no-redirect redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import to cross-http origin and swap-origin redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import to same-http origin and keep-origin redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import to same-http origin and no-redirect redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import to same-http origin and swap-origin redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
|
@ -1,18 +0,0 @@
|
|||
[worker-import.https.html]
|
||||
[Content Security Policy: Expects blocked for worker-import to cross-https origin and keep-origin redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import to cross-https origin and no-redirect redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import to cross-https origin and swap-origin redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import to same-https origin and keep-origin redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import to same-https origin and no-redirect redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import to same-https origin and swap-origin redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
[worker-module.http.html]
|
||||
[Content Security Policy: Expects blocked for worker-module to same-http origin and keep-origin redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-module to same-http origin and no-redirect redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
[worker-module.https.html]
|
||||
[Content Security Policy: Expects blocked for worker-module to same-https origin and keep-origin redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-module to same-https origin and no-redirect redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
|
@ -1,18 +0,0 @@
|
|||
[worker-import-data.http.html]
|
||||
[Content Security Policy: Expects blocked for worker-import-data to cross-http origin and keep-origin redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to cross-http origin and no-redirect redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to cross-http origin and swap-origin redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to same-http origin and keep-origin redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to same-http origin and no-redirect redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to same-http origin and swap-origin redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
|
@ -1,18 +0,0 @@
|
|||
[worker-import-data.https.html]
|
||||
[Content Security Policy: Expects blocked for worker-import-data to cross-https origin and keep-origin redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to cross-https origin and no-redirect redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to cross-https origin and swap-origin redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to same-https origin and keep-origin redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to same-https origin and no-redirect redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to same-https origin and swap-origin redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
|
@ -1,18 +0,0 @@
|
|||
[worker-import-data.http.html]
|
||||
[Content Security Policy: Expects blocked for worker-import-data to cross-http origin and keep-origin redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to cross-http origin and no-redirect redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to cross-http origin and swap-origin redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to same-http origin and keep-origin redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to same-http origin and no-redirect redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to same-http origin and swap-origin redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
|
@ -1,18 +0,0 @@
|
|||
[worker-import-data.https.html]
|
||||
[Content Security Policy: Expects blocked for worker-import-data to cross-https origin and keep-origin redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to cross-https origin and no-redirect redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to cross-https origin and swap-origin redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to same-https origin and keep-origin redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to same-https origin and no-redirect redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to same-https origin and swap-origin redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
|
@ -1,28 +1,3 @@
|
|||
[dedicatedworker-script-src.html]
|
||||
expected: TIMEOUT
|
||||
[Cross-origin `importScripts()` blocked in http: with script-src 'self']
|
||||
expected: TIMEOUT
|
||||
|
||||
[`eval()` blocked in http: with script-src 'self']
|
||||
expected: NOTRUN
|
||||
|
||||
[`setTimeout([string\])` blocked in http: with script-src 'self']
|
||||
expected: NOTRUN
|
||||
|
||||
[Reports are sent for http: with script-src 'self']
|
||||
expected: NOTRUN
|
||||
|
||||
[Cross-origin `importScripts()` blocked in blob: with script-src 'self']
|
||||
expected: FAIL
|
||||
|
||||
[`eval()` blocked in blob: with script-src 'self']
|
||||
expected: FAIL
|
||||
|
||||
[`setTimeout([string\])` blocked in blob: with script-src 'self']
|
||||
expected: FAIL
|
||||
|
||||
[Reports are sent for blob: with script-src 'self']
|
||||
expected: FAIL
|
||||
|
||||
[dedicatedworker-script-src]
|
||||
expected: TIMEOUT
|
||||
|
|
|
|||
|
|
@ -1,7 +1,4 @@
|
|||
[dedicated-none.sub.html]
|
||||
expected: TIMEOUT
|
||||
[Same-origin dedicated worker blocked by host-source expression.]
|
||||
expected: TIMEOUT
|
||||
|
||||
[blob: dedicated worker blocked by 'blob:'.]
|
||||
expected: TIMEOUT
|
||||
|
|
|
|||
|
|
@ -1,4 +0,0 @@
|
|||
[dedicated-worker-src-child-fallback-blocked.sub.html]
|
||||
expected: TIMEOUT
|
||||
[Same-origin dedicated worker allowed by worker-src 'self'.]
|
||||
expected: TIMEOUT
|
||||
|
|
@ -57,6 +57,12 @@ function TestCase(scenarios, sanityChecker) {
|
|||
// https://bugzilla.mozilla.org/show_bug.cgi?id=1808911
|
||||
// In Firefox sometimes violations from Worklets are delayed.
|
||||
timeout = 10;
|
||||
} else if (scenario.subresource.startsWith('worker-') &&
|
||||
navigator.userAgent.includes("Servo/")) {
|
||||
// In Servo, worker violations are also delayed, as they are
|
||||
// sent via IPC. However, they typically arrive relatively
|
||||
// quickly after that.
|
||||
timeout = 1;
|
||||
}
|
||||
await new Promise(resolve => setTimeout(resolve, timeout));
|
||||
|
||||
|
|
|
|||
18
tests/wpt/tests/content-security-policy/inside-worker/dedicatedworker-worker-src.html
vendored
Normal file
18
tests/wpt/tests/content-security-policy/inside-worker/dedicatedworker-worker-src.html
vendored
Normal file
|
|
@ -0,0 +1,18 @@
|
|||
<!DOCTYPE html>
|
||||
<script src="/resources/testharness.js"></script>
|
||||
<script src="/resources/testharnessreport.js"></script>
|
||||
<!-- Test the 'worker-src' directive on nested dedicated workers -->
|
||||
<script>
|
||||
const w = new Worker(
|
||||
`./support/worker-src-none.sub.js?` +
|
||||
`pipe=sub|header(Content-Security-Policy,` +
|
||||
`worker-src 'none')`);
|
||||
// Forward 'securitypolicyviolation' events from the document into the
|
||||
// worker (we shouldn't actually see any, so the worker will assert that
|
||||
// none are fired).
|
||||
document.addEventListener('securitypolicyviolation', _ => {
|
||||
w.postMessage("SecurityPolicyViolation from Document");
|
||||
});
|
||||
// Nested workers are disallowed and don't send violations to document
|
||||
fetch_tests_from_worker(w);
|
||||
</script>
|
||||
27
tests/wpt/tests/content-security-policy/inside-worker/support/worker-src-none.sub.js
vendored
Normal file
27
tests/wpt/tests/content-security-policy/inside-worker/support/worker-src-none.sub.js
vendored
Normal file
|
|
@ -0,0 +1,27 @@
|
|||
importScripts("{{location[server]}}/resources/testharness.js");
|
||||
importScripts("{{location[server]}}/content-security-policy/support/testharness-helper.js");
|
||||
|
||||
let cspEventFiredInDocument = false;
|
||||
self.addEventListener("message", e => {
|
||||
if (e.data == "SecurityPolicyViolation from Document") {
|
||||
cspEventFiredInDocument = true;
|
||||
}
|
||||
});
|
||||
|
||||
async_test(t => {
|
||||
const url = new URL("{{location[server]}}/content-security-policy/support/ping.js").toString();
|
||||
const w = new Worker(url);
|
||||
w.onmessage = t.unreached_func("Ping should not be sent.");
|
||||
Promise.all([
|
||||
waitUntilCSPEventForURL(t, url)
|
||||
.then(t.step_func_done(e => {
|
||||
assert_equals(e.blockedURI, url);
|
||||
assert_equals(e.violatedDirective, "worker-src");
|
||||
assert_equals(e.effectiveDirective, "worker-src");
|
||||
assert_false(cspEventFiredInDocument, "Should not have fired event on document");
|
||||
})),
|
||||
waitUntilEvent(w, "error"),
|
||||
]);
|
||||
}, "Nested worker with worker-src is disallowed.");
|
||||
|
||||
done();
|
||||
Loading…
Add table
Add a link
Reference in a new issue