mirror of
https://github.com/servo/servo.git
synced 2025-07-22 14:53:49 +01:00
Forward CSP violations from load_whole_resource to parent event loop (#38048)
Any CSP violations happening when loading a worker should be reported on the global of the document that creates the worker. Since workers run in different threads, we can't pass in this parent global into the worker global scope. Instead, we need to send a message to the parent event loop to report it on the correct global. Part of https://github.com/servo/servo/issues/4577 Fixes https://github.com/servo/servo/issues/37027 Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
This commit is contained in:
Tim van der Lippe
GitHub
parent
772c84633e
commit
20386d9854
49 changed files with 152 additions and 531 deletions
|
|
@ -44,7 +44,7 @@ use crate::dom::bindings::str::DOMString;
|
|||
use crate::dom::bindings::structuredclone;
|
||||
use crate::dom::bindings::trace::{CustomTraceable, RootedTraceableBox};
|
||||
use crate::dom::bindings::utils::define_all_exposed_interfaces;
|
||||
use crate::dom::csp::parse_csp_list_from_metadata;
|
||||
use crate::dom::csp::{Violation, parse_csp_list_from_metadata};
|
||||
use crate::dom::errorevent::ErrorEvent;
|
||||
use crate::dom::event::{Event, EventBubbles, EventCancelable, EventStatus};
|
||||
use crate::dom::eventtarget::EventTarget;
|
||||
|
|
@ -55,7 +55,7 @@ use crate::dom::reportingendpoint::ReportingEndpoint;
|
|||
use crate::dom::webgpu::identityhub::IdentityHub;
|
||||
use crate::dom::worker::{TrustedWorkerAddress, Worker};
|
||||
use crate::dom::workerglobalscope::WorkerGlobalScope;
|
||||
use crate::fetch::load_whole_resource;
|
||||
use crate::fetch::{CspViolationsProcessor, load_whole_resource};
|
||||
use crate::messaging::{CommonScriptMsg, ScriptEventLoopReceiver, ScriptEventLoopSender};
|
||||
use crate::realms::{AlreadyInRealm, InRealm, enter_realm};
|
||||
use crate::script_runtime::ScriptThreadEventCategory::WorkerEvent;
|
||||
|
|
@ -178,6 +178,22 @@ impl QueuedTaskConversion for DedicatedWorkerScriptMsg {
|
|||
|
||||
unsafe_no_jsmanaged_fields!(TaskQueue<DedicatedWorkerScriptMsg>);
|
||||
|
||||
struct DedicatedWorkerCspProcessor {
|
||||
parent_event_loop_sender: ScriptEventLoopSender,
|
||||
pipeline_id: PipelineId,
|
||||
}
|
||||
|
||||
impl CspViolationsProcessor for DedicatedWorkerCspProcessor {
|
||||
fn process_csp_violations(&self, violations: Vec<Violation>) {
|
||||
let _ = self
|
||||
.parent_event_loop_sender
|
||||
.send(CommonScriptMsg::ReportCspViolations(
|
||||
self.pipeline_id,
|
||||
violations,
|
||||
));
|
||||
}
|
||||
}
|
||||
|
||||
// https://html.spec.whatwg.org/multipage/#dedicatedworkerglobalscope
|
||||
#[dom_struct]
|
||||
pub(crate) struct DedicatedWorkerGlobalScope {
|
||||
|
|
@ -464,6 +480,10 @@ impl DedicatedWorkerGlobalScope {
|
|||
request,
|
||||
&global_scope.resource_threads().sender(),
|
||||
global_scope,
|
||||
&DedicatedWorkerCspProcessor {
|
||||
parent_event_loop_sender: parent_event_loop_sender.clone(),
|
||||
pipeline_id,
|
||||
},
|
||||
CanGc::note(),
|
||||
) {
|
||||
Err(e) => {
|
||||
|
|
|
|||
|
|
@ -73,7 +73,7 @@ use crate::dom::trustedscript::TrustedScript;
|
|||
use crate::dom::trustedscripturl::TrustedScriptURL;
|
||||
use crate::dom::virtualmethods::VirtualMethods;
|
||||
use crate::dom::window::Window;
|
||||
use crate::fetch::{create_a_potential_cors_request, load_whole_resource};
|
||||
use crate::fetch::create_a_potential_cors_request;
|
||||
use crate::network_listener::{self, NetworkListener, PreInvoke, ResourceTimingListener};
|
||||
use crate::realms::enter_realm;
|
||||
use crate::script_module::{
|
||||
|
|
|
|||
|
|
@ -39,6 +39,7 @@ use crate::dom::bindings::str::DOMString;
|
|||
use crate::dom::bindings::structuredclone;
|
||||
use crate::dom::bindings::trace::CustomTraceable;
|
||||
use crate::dom::bindings::utils::define_all_exposed_interfaces;
|
||||
use crate::dom::csp::Violation;
|
||||
use crate::dom::dedicatedworkerglobalscope::AutoWorkerReset;
|
||||
use crate::dom::event::Event;
|
||||
use crate::dom::eventtarget::EventTarget;
|
||||
|
|
@ -49,7 +50,7 @@ use crate::dom::globalscope::GlobalScope;
|
|||
use crate::dom::webgpu::identityhub::IdentityHub;
|
||||
use crate::dom::worker::TrustedWorkerAddress;
|
||||
use crate::dom::workerglobalscope::WorkerGlobalScope;
|
||||
use crate::fetch::load_whole_resource;
|
||||
use crate::fetch::{CspViolationsProcessor, load_whole_resource};
|
||||
use crate::messaging::{CommonScriptMsg, ScriptEventLoopSender};
|
||||
use crate::realms::{AlreadyInRealm, InRealm, enter_realm};
|
||||
use crate::script_runtime::{CanGc, JSContext as SafeJSContext, Runtime, ThreadSafeJSContext};
|
||||
|
|
@ -133,6 +134,12 @@ pub(crate) enum MixedMessage {
|
|||
Timer,
|
||||
}
|
||||
|
||||
struct ServiceWorkerCspProcessor {}
|
||||
|
||||
impl CspViolationsProcessor for ServiceWorkerCspProcessor {
|
||||
fn process_csp_violations(&self, _violations: Vec<Violation>) {}
|
||||
}
|
||||
|
||||
#[dom_struct]
|
||||
pub(crate) struct ServiceWorkerGlobalScope {
|
||||
workerglobalscope: WorkerGlobalScope,
|
||||
|
|
@ -360,6 +367,7 @@ impl ServiceWorkerGlobalScope {
|
|||
request,
|
||||
&resource_threads_sender,
|
||||
global.upcast(),
|
||||
&ServiceWorkerCspProcessor {},
|
||||
CanGc::note(),
|
||||
) {
|
||||
Err(_) => {
|
||||
|
|
|
|||
|
|
@ -53,6 +53,7 @@ use crate::dom::bindings::settings_stack::AutoEntryScript;
|
|||
use crate::dom::bindings::str::{DOMString, USVString};
|
||||
use crate::dom::bindings::trace::RootedTraceableBox;
|
||||
use crate::dom::crypto::Crypto;
|
||||
use crate::dom::csp::{GlobalCspReporting, Violation};
|
||||
use crate::dom::dedicatedworkerglobalscope::DedicatedWorkerGlobalScope;
|
||||
use crate::dom::globalscope::GlobalScope;
|
||||
use crate::dom::idbfactory::IDBFactory;
|
||||
|
|
@ -68,7 +69,7 @@ use crate::dom::webgpu::identityhub::IdentityHub;
|
|||
use crate::dom::window::{base64_atob, base64_btoa};
|
||||
use crate::dom::workerlocation::WorkerLocation;
|
||||
use crate::dom::workernavigator::WorkerNavigator;
|
||||
use crate::fetch;
|
||||
use crate::fetch::{CspViolationsProcessor, Fetch, load_whole_resource};
|
||||
use crate::messaging::{CommonScriptMsg, ScriptEventLoopReceiver, ScriptEventLoopSender};
|
||||
use crate::realms::{InRealm, enter_realm};
|
||||
use crate::script_runtime::{CanGc, JSContext, JSContextHelper, Runtime};
|
||||
|
|
@ -413,10 +414,13 @@ impl WorkerGlobalScopeMethods<crate::DomTypeHolder> for WorkerGlobalScope {
|
|||
)
|
||||
.pipeline_id(Some(self.upcast::<GlobalScope>().pipeline_id()));
|
||||
|
||||
let (url, source) = match fetch::load_whole_resource(
|
||||
let (url, source) = match load_whole_resource(
|
||||
request,
|
||||
&global_scope.resource_threads().sender(),
|
||||
global_scope,
|
||||
&WorkerCspProcessor {
|
||||
global_scope: DomRoot::from_ref(global_scope),
|
||||
},
|
||||
can_gc,
|
||||
) {
|
||||
Err(_) => return Err(Error::Network),
|
||||
|
|
@ -582,7 +586,7 @@ impl WorkerGlobalScopeMethods<crate::DomTypeHolder> for WorkerGlobalScope {
|
|||
comp: InRealm,
|
||||
can_gc: CanGc,
|
||||
) -> Rc<Promise> {
|
||||
fetch::Fetch(self.upcast(), input, init, comp, can_gc)
|
||||
Fetch(self.upcast(), input, init, comp, can_gc)
|
||||
}
|
||||
|
||||
// https://w3c.github.io/hr-time/#the-performance-attribute
|
||||
|
|
@ -690,6 +694,10 @@ impl WorkerGlobalScope {
|
|||
reports_chan.send(ProcessReports::new(reports));
|
||||
});
|
||||
},
|
||||
CommonScriptMsg::ReportCspViolations(_, violations) => {
|
||||
self.upcast::<GlobalScope>()
|
||||
.report_csp_violations(violations, None, None);
|
||||
},
|
||||
}
|
||||
true
|
||||
}
|
||||
|
|
@ -701,3 +709,14 @@ impl WorkerGlobalScope {
|
|||
.cancel_all_tasks_and_ignore_future_tasks();
|
||||
}
|
||||
}
|
||||
|
||||
struct WorkerCspProcessor {
|
||||
global_scope: DomRoot<GlobalScope>,
|
||||
}
|
||||
|
||||
impl CspViolationsProcessor for WorkerCspProcessor {
|
||||
fn process_csp_violations(&self, violations: Vec<Violation>) {
|
||||
self.global_scope
|
||||
.report_csp_violations(violations, None, None);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -41,6 +41,7 @@ use crate::dom::bindings::reflector::{DomGlobal, Reflector, reflect_dom_object};
|
|||
use crate::dom::bindings::root::{Dom, DomRoot, RootCollection, ThreadLocalStackRoots};
|
||||
use crate::dom::bindings::str::USVString;
|
||||
use crate::dom::bindings::trace::{CustomTraceable, JSTraceable, RootedTraceableBox};
|
||||
use crate::dom::csp::Violation;
|
||||
use crate::dom::globalscope::GlobalScope;
|
||||
use crate::dom::promise::Promise;
|
||||
#[cfg(feature = "testbinding")]
|
||||
|
|
@ -49,7 +50,7 @@ use crate::dom::window::Window;
|
|||
use crate::dom::workletglobalscope::{
|
||||
WorkletGlobalScope, WorkletGlobalScopeInit, WorkletGlobalScopeType, WorkletTask,
|
||||
};
|
||||
use crate::fetch::load_whole_resource;
|
||||
use crate::fetch::{CspViolationsProcessor, load_whole_resource};
|
||||
use crate::messaging::{CommonScriptMsg, MainThreadScriptMsg};
|
||||
use crate::realms::InRealm;
|
||||
use crate::script_runtime::{CanGc, Runtime, ScriptThreadEventCategory};
|
||||
|
|
@ -433,6 +434,12 @@ struct WorkletThreadInit {
|
|||
global_init: WorkletGlobalScopeInit,
|
||||
}
|
||||
|
||||
struct WorkletCspProcessor {}
|
||||
|
||||
impl CspViolationsProcessor for WorkletCspProcessor {
|
||||
fn process_csp_violations(&self, _violations: Vec<Violation>) {}
|
||||
}
|
||||
|
||||
/// A thread for executing worklets.
|
||||
#[cfg_attr(crown, crown::unrooted_must_root_lint::must_root)]
|
||||
struct WorkletThread {
|
||||
|
|
@ -671,6 +678,7 @@ impl WorkletThread {
|
|||
request,
|
||||
&resource_fetcher,
|
||||
global_scope.upcast::<GlobalScope>(),
|
||||
&WorkletCspProcessor {},
|
||||
can_gc,
|
||||
)
|
||||
.ok()
|
||||
|
|
|
|||
|
|
@ -337,11 +337,16 @@ fn fill_headers_with_metadata(r: DomRoot<Response>, m: Metadata, can_gc: CanGc)
|
|||
r.set_redirected(m.redirected);
|
||||
}
|
||||
|
||||
pub(crate) trait CspViolationsProcessor {
|
||||
fn process_csp_violations(&self, violations: Vec<Violation>);
|
||||
}
|
||||
|
||||
/// Convenience function for synchronously loading a whole resource.
|
||||
pub(crate) fn load_whole_resource(
|
||||
request: RequestBuilder,
|
||||
core_resource_thread: &CoreResourceThread,
|
||||
global: &GlobalScope,
|
||||
csp_violations_processor: &dyn CspViolationsProcessor,
|
||||
can_gc: CanGc,
|
||||
) -> Result<(Metadata, Vec<u8>), NetworkError> {
|
||||
let request = request.https_state(global.get_https_state());
|
||||
|
|
@ -358,9 +363,8 @@ pub(crate) fn load_whole_resource(
|
|||
let mut metadata = None;
|
||||
loop {
|
||||
match action_receiver.recv().unwrap() {
|
||||
FetchResponseMsg::ProcessRequestBody(..) |
|
||||
FetchResponseMsg::ProcessRequestEOF(..) |
|
||||
FetchResponseMsg::ProcessCspViolations(..) => {},
|
||||
FetchResponseMsg::ProcessRequestBody(..) | FetchResponseMsg::ProcessRequestEOF(..) => {
|
||||
},
|
||||
FetchResponseMsg::ProcessResponse(_, Ok(m)) => {
|
||||
metadata = Some(match m {
|
||||
FetchMetadata::Unfiltered(m) => m,
|
||||
|
|
@ -377,6 +381,9 @@ pub(crate) fn load_whole_resource(
|
|||
},
|
||||
FetchResponseMsg::ProcessResponse(_, Err(e)) |
|
||||
FetchResponseMsg::ProcessResponseEOF(_, Err(e)) => return Err(e),
|
||||
FetchResponseMsg::ProcessCspViolations(_, violations) => {
|
||||
csp_violations_processor.process_csp_violations(violations);
|
||||
},
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -27,6 +27,7 @@ use webgpu_traits::WebGPUMsg;
|
|||
|
||||
use crate::dom::abstractworker::WorkerScriptMsg;
|
||||
use crate::dom::bindings::trace::CustomTraceable;
|
||||
use crate::dom::csp::Violation;
|
||||
use crate::dom::dedicatedworkerglobalscope::DedicatedWorkerScriptMsg;
|
||||
use crate::dom::serviceworkerglobalscope::ServiceWorkerScriptMsg;
|
||||
use crate::dom::worker::TrustedWorkerAddress;
|
||||
|
|
@ -99,6 +100,10 @@ impl MixedMessage {
|
|||
*pipeline_id
|
||||
},
|
||||
MainThreadScriptMsg::Common(CommonScriptMsg::CollectReports(_)) => None,
|
||||
MainThreadScriptMsg::Common(CommonScriptMsg::ReportCspViolations(
|
||||
pipeline_id,
|
||||
_,
|
||||
)) => Some(*pipeline_id),
|
||||
MainThreadScriptMsg::NavigationResponse { pipeline_id, .. } => Some(*pipeline_id),
|
||||
MainThreadScriptMsg::WorkletLoaded(pipeline_id) => Some(*pipeline_id),
|
||||
MainThreadScriptMsg::RegisterPaintWorklet { pipeline_id, .. } => Some(*pipeline_id),
|
||||
|
|
@ -157,6 +162,8 @@ pub(crate) enum CommonScriptMsg {
|
|||
Option<PipelineId>,
|
||||
TaskSourceName,
|
||||
),
|
||||
/// Report CSP violations in the script
|
||||
ReportCspViolations(PipelineId, Vec<Violation>),
|
||||
}
|
||||
|
||||
impl fmt::Debug for CommonScriptMsg {
|
||||
|
|
@ -166,6 +173,7 @@ impl fmt::Debug for CommonScriptMsg {
|
|||
CommonScriptMsg::Task(ref category, ref task, _, _) => {
|
||||
f.debug_tuple("Task").field(category).field(task).finish()
|
||||
},
|
||||
CommonScriptMsg::ReportCspViolations(..) => write!(f, "ReportCspViolations(...)"),
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -2087,6 +2087,14 @@ impl ScriptThread {
|
|||
MainThreadScriptMsg::Common(CommonScriptMsg::CollectReports(chan)) => {
|
||||
self.collect_reports(chan)
|
||||
},
|
||||
MainThreadScriptMsg::Common(CommonScriptMsg::ReportCspViolations(
|
||||
pipeline_id,
|
||||
violations,
|
||||
)) => {
|
||||
if let Some(global) = self.documents.borrow().find_global(pipeline_id) {
|
||||
global.report_csp_violations(violations, None, None);
|
||||
}
|
||||
},
|
||||
MainThreadScriptMsg::NavigationResponse {
|
||||
pipeline_id,
|
||||
message,
|
||||
|
|
|
|||
13
tests/wpt/meta/MANIFEST.json
vendored
13
tests/wpt/meta/MANIFEST.json
vendored
|
|
@ -401224,7 +401224,7 @@
|
|||
]
|
||||
},
|
||||
"test-case.sub.js": [
|
||||
"d9a6494dd36af93f0e66209525caf6de37e9368b",
|
||||
"43171f5b1fafaf098880506efe42da92d742d25f",
|
||||
[]
|
||||
],
|
||||
"unreached.js": [
|
||||
|
|
@ -401361,6 +401361,10 @@
|
|||
"script-src-self.sub.js": [
|
||||
"aac5b4326d5304825dfbdd5c9d701f504b996bb4",
|
||||
[]
|
||||
],
|
||||
"worker-src-none.sub.js": [
|
||||
"76ba0684caac7e635f714ae586def5a8460ed75b",
|
||||
[]
|
||||
]
|
||||
}
|
||||
},
|
||||
|
|
@ -577596,6 +577600,13 @@
|
|||
{}
|
||||
]
|
||||
],
|
||||
"dedicatedworker-worker-src.html": [
|
||||
"072ea1ac64eda1771a960d78766ba6958a469256",
|
||||
[
|
||||
null,
|
||||
{}
|
||||
]
|
||||
],
|
||||
"serviceworker-connect-src.https.sub.html": [
|
||||
"f455fe6a168ce464b60e57b08974c3d021a501af",
|
||||
[
|
||||
|
|
|
|||
|
|
@ -1,3 +0,0 @@
|
|||
[star-doesnt-match-blob.sub.html]
|
||||
[Expecting logs: ["violated-directive=worker-src","TEST COMPLETE"\]]
|
||||
expected: FAIL
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
[child-src-worker-blocked.sub.html]
|
||||
expected: TIMEOUT
|
||||
[Should throw a securitypolicyviolation event]
|
||||
expected: TIMEOUT
|
||||
|
|
@ -1,18 +0,0 @@
|
|||
[worker-import-data.http.html]
|
||||
[Content Security Policy: Expects blocked for worker-import-data to cross-http origin and keep-origin redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to cross-http origin and no-redirect redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to cross-http origin and swap-origin redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to same-http origin and keep-origin redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to same-http origin and no-redirect redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to same-http origin and swap-origin redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
|
@ -1,18 +0,0 @@
|
|||
[worker-import-data.https.html]
|
||||
[Content Security Policy: Expects blocked for worker-import-data to cross-https origin and keep-origin redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to cross-https origin and no-redirect redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to cross-https origin and swap-origin redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to same-https origin and keep-origin redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to same-https origin and no-redirect redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to same-https origin and swap-origin redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
|
@ -1,18 +0,0 @@
|
|||
[worker-import-data.http.html]
|
||||
[Content Security Policy: Expects blocked for worker-import-data to cross-http origin and keep-origin redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to cross-http origin and no-redirect redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to cross-http origin and swap-origin redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to same-http origin and keep-origin redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to same-http origin and no-redirect redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to same-http origin and swap-origin redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
|
@ -1,18 +0,0 @@
|
|||
[worker-import-data.https.html]
|
||||
[Content Security Policy: Expects blocked for worker-import-data to cross-https origin and keep-origin redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to cross-https origin and no-redirect redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to cross-https origin and swap-origin redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to same-https origin and keep-origin redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to same-https origin and no-redirect redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to same-https origin and swap-origin redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
[worker-classic.http.html]
|
||||
[Content Security Policy: Expects blocked for worker-classic to same-http origin and keep-origin redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-classic to same-http origin and no-redirect redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
[worker-classic.https.html]
|
||||
[Content Security Policy: Expects blocked for worker-classic to same-https origin and keep-origin redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-classic to same-https origin and no-redirect redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
|
@ -1,18 +0,0 @@
|
|||
[worker-import-data.http.html]
|
||||
[Content Security Policy: Expects blocked for worker-import-data to cross-http origin and keep-origin redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to cross-http origin and no-redirect redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to cross-http origin and swap-origin redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to same-http origin and keep-origin redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to same-http origin and no-redirect redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to same-http origin and swap-origin redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
|
@ -1,18 +0,0 @@
|
|||
[worker-import-data.https.html]
|
||||
[Content Security Policy: Expects blocked for worker-import-data to cross-https origin and keep-origin redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to cross-https origin and no-redirect redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to cross-https origin and swap-origin redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to same-https origin and keep-origin redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to same-https origin and no-redirect redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to same-https origin and swap-origin redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
|
@ -1,18 +0,0 @@
|
|||
[worker-import.http.html]
|
||||
[Content Security Policy: Expects blocked for worker-import to cross-http origin and keep-origin redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import to cross-http origin and no-redirect redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import to cross-http origin and swap-origin redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import to same-http origin and keep-origin redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import to same-http origin and no-redirect redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import to same-http origin and swap-origin redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
|
@ -1,18 +0,0 @@
|
|||
[worker-import.https.html]
|
||||
[Content Security Policy: Expects blocked for worker-import to cross-https origin and keep-origin redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import to cross-https origin and no-redirect redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import to cross-https origin and swap-origin redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import to same-https origin and keep-origin redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import to same-https origin and no-redirect redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import to same-https origin and swap-origin redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
[worker-module.http.html]
|
||||
[Content Security Policy: Expects blocked for worker-module to same-http origin and keep-origin redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-module to same-http origin and no-redirect redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
[worker-module.https.html]
|
||||
[Content Security Policy: Expects blocked for worker-module to same-https origin and keep-origin redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-module to same-https origin and no-redirect redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
|
@ -1,18 +0,0 @@
|
|||
[worker-import-data.http.html]
|
||||
[Content Security Policy: Expects blocked for worker-import-data to cross-http origin and keep-origin redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to cross-http origin and no-redirect redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to cross-http origin and swap-origin redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to same-http origin and keep-origin redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to same-http origin and no-redirect redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to same-http origin and swap-origin redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
|
@ -1,18 +0,0 @@
|
|||
[worker-import-data.https.html]
|
||||
[Content Security Policy: Expects blocked for worker-import-data to cross-https origin and keep-origin redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to cross-https origin and no-redirect redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to cross-https origin and swap-origin redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to same-https origin and keep-origin redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to same-https origin and no-redirect redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to same-https origin and swap-origin redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
|
@ -1,18 +0,0 @@
|
|||
[worker-import-data.http.html]
|
||||
[Content Security Policy: Expects blocked for worker-import-data to cross-http origin and keep-origin redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to cross-http origin and no-redirect redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to cross-http origin and swap-origin redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to same-http origin and keep-origin redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to same-http origin and no-redirect redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to same-http origin and swap-origin redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
|
@ -1,18 +0,0 @@
|
|||
[worker-import-data.https.html]
|
||||
[Content Security Policy: Expects blocked for worker-import-data to cross-https origin and keep-origin redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to cross-https origin and no-redirect redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to cross-https origin and swap-origin redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to same-https origin and keep-origin redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to same-https origin and no-redirect redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to same-https origin and swap-origin redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
|
@ -1,18 +0,0 @@
|
|||
[worker-import-data.http.html]
|
||||
[Content Security Policy: Expects blocked for worker-import-data to cross-http origin and keep-origin redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to cross-http origin and no-redirect redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to cross-http origin and swap-origin redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to same-http origin and keep-origin redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to same-http origin and no-redirect redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to same-http origin and swap-origin redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
|
@ -1,18 +0,0 @@
|
|||
[worker-import-data.https.html]
|
||||
[Content Security Policy: Expects blocked for worker-import-data to cross-https origin and keep-origin redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to cross-https origin and no-redirect redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to cross-https origin and swap-origin redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to same-https origin and keep-origin redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to same-https origin and no-redirect redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to same-https origin and swap-origin redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
|
@ -1,18 +0,0 @@
|
|||
[worker-import-data.http.html]
|
||||
[Content Security Policy: Expects blocked for worker-import-data to cross-http origin and keep-origin redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to cross-http origin and no-redirect redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to cross-http origin and swap-origin redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to same-http origin and keep-origin redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to same-http origin and no-redirect redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to same-http origin and swap-origin redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
|
@ -1,18 +0,0 @@
|
|||
[worker-import-data.https.html]
|
||||
[Content Security Policy: Expects blocked for worker-import-data to cross-https origin and keep-origin redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to cross-https origin and no-redirect redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to cross-https origin and swap-origin redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to same-https origin and keep-origin redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to same-https origin and no-redirect redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to same-https origin and swap-origin redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
[worker-classic.http.html]
|
||||
[Content Security Policy: Expects blocked for worker-classic to same-http origin and keep-origin redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-classic to same-http origin and no-redirect redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
[worker-classic.https.html]
|
||||
[Content Security Policy: Expects blocked for worker-classic to same-https origin and keep-origin redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-classic to same-https origin and no-redirect redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
|
@ -1,18 +0,0 @@
|
|||
[worker-import-data.http.html]
|
||||
[Content Security Policy: Expects blocked for worker-import-data to cross-http origin and keep-origin redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to cross-http origin and no-redirect redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to cross-http origin and swap-origin redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to same-http origin and keep-origin redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to same-http origin and no-redirect redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to same-http origin and swap-origin redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
|
@ -1,18 +0,0 @@
|
|||
[worker-import-data.https.html]
|
||||
[Content Security Policy: Expects blocked for worker-import-data to cross-https origin and keep-origin redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to cross-https origin and no-redirect redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to cross-https origin and swap-origin redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to same-https origin and keep-origin redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to same-https origin and no-redirect redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to same-https origin and swap-origin redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
|
@ -1,18 +0,0 @@
|
|||
[worker-import.http.html]
|
||||
[Content Security Policy: Expects blocked for worker-import to cross-http origin and keep-origin redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import to cross-http origin and no-redirect redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import to cross-http origin and swap-origin redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import to same-http origin and keep-origin redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import to same-http origin and no-redirect redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import to same-http origin and swap-origin redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
|
@ -1,18 +0,0 @@
|
|||
[worker-import.https.html]
|
||||
[Content Security Policy: Expects blocked for worker-import to cross-https origin and keep-origin redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import to cross-https origin and no-redirect redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import to cross-https origin and swap-origin redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import to same-https origin and keep-origin redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import to same-https origin and no-redirect redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import to same-https origin and swap-origin redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
[worker-module.http.html]
|
||||
[Content Security Policy: Expects blocked for worker-module to same-http origin and keep-origin redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-module to same-http origin and no-redirect redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
[worker-module.https.html]
|
||||
[Content Security Policy: Expects blocked for worker-module to same-https origin and keep-origin redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-module to same-https origin and no-redirect redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
|
@ -1,18 +0,0 @@
|
|||
[worker-import-data.http.html]
|
||||
[Content Security Policy: Expects blocked for worker-import-data to cross-http origin and keep-origin redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to cross-http origin and no-redirect redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to cross-http origin and swap-origin redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to same-http origin and keep-origin redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to same-http origin and no-redirect redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to same-http origin and swap-origin redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
|
@ -1,18 +0,0 @@
|
|||
[worker-import-data.https.html]
|
||||
[Content Security Policy: Expects blocked for worker-import-data to cross-https origin and keep-origin redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to cross-https origin and no-redirect redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to cross-https origin and swap-origin redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to same-https origin and keep-origin redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to same-https origin and no-redirect redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to same-https origin and swap-origin redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
|
@ -1,18 +0,0 @@
|
|||
[worker-import-data.http.html]
|
||||
[Content Security Policy: Expects blocked for worker-import-data to cross-http origin and keep-origin redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to cross-http origin and no-redirect redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to cross-http origin and swap-origin redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to same-http origin and keep-origin redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to same-http origin and no-redirect redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to same-http origin and swap-origin redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
|
@ -1,18 +0,0 @@
|
|||
[worker-import-data.https.html]
|
||||
[Content Security Policy: Expects blocked for worker-import-data to cross-https origin and keep-origin redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to cross-https origin and no-redirect redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to cross-https origin and swap-origin redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to same-https origin and keep-origin redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to same-https origin and no-redirect redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-import-data to same-https origin and swap-origin redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
|
@ -1,28 +1,3 @@
|
|||
[dedicatedworker-script-src.html]
|
||||
expected: TIMEOUT
|
||||
[Cross-origin `importScripts()` blocked in http: with script-src 'self']
|
||||
expected: TIMEOUT
|
||||
|
||||
[`eval()` blocked in http: with script-src 'self']
|
||||
expected: NOTRUN
|
||||
|
||||
[`setTimeout([string\])` blocked in http: with script-src 'self']
|
||||
expected: NOTRUN
|
||||
|
||||
[Reports are sent for http: with script-src 'self']
|
||||
expected: NOTRUN
|
||||
|
||||
[Cross-origin `importScripts()` blocked in blob: with script-src 'self']
|
||||
expected: FAIL
|
||||
|
||||
[`eval()` blocked in blob: with script-src 'self']
|
||||
expected: FAIL
|
||||
|
||||
[`setTimeout([string\])` blocked in blob: with script-src 'self']
|
||||
expected: FAIL
|
||||
|
||||
[Reports are sent for blob: with script-src 'self']
|
||||
expected: FAIL
|
||||
|
||||
[dedicatedworker-script-src]
|
||||
expected: TIMEOUT
|
||||
|
|
|
|||
|
|
@ -1,7 +1,4 @@
|
|||
[dedicated-none.sub.html]
|
||||
expected: TIMEOUT
|
||||
[Same-origin dedicated worker blocked by host-source expression.]
|
||||
expected: TIMEOUT
|
||||
|
||||
[blob: dedicated worker blocked by 'blob:'.]
|
||||
expected: TIMEOUT
|
||||
|
|
|
|||
|
|
@ -1,4 +0,0 @@
|
|||
[dedicated-worker-src-child-fallback-blocked.sub.html]
|
||||
expected: TIMEOUT
|
||||
[Same-origin dedicated worker allowed by worker-src 'self'.]
|
||||
expected: TIMEOUT
|
||||
|
|
@ -57,6 +57,12 @@ function TestCase(scenarios, sanityChecker) {
|
|||
// https://bugzilla.mozilla.org/show_bug.cgi?id=1808911
|
||||
// In Firefox sometimes violations from Worklets are delayed.
|
||||
timeout = 10;
|
||||
} else if (scenario.subresource.startsWith('worker-') &&
|
||||
navigator.userAgent.includes("Servo/")) {
|
||||
// In Servo, worker violations are also delayed, as they are
|
||||
// sent via IPC. However, they typically arrive relatively
|
||||
// quickly after that.
|
||||
timeout = 1;
|
||||
}
|
||||
await new Promise(resolve => setTimeout(resolve, timeout));
|
||||
|
||||
|
|
|
|||
18
tests/wpt/tests/content-security-policy/inside-worker/dedicatedworker-worker-src.html
vendored
Normal file
18
tests/wpt/tests/content-security-policy/inside-worker/dedicatedworker-worker-src.html
vendored
Normal file
|
|
@ -0,0 +1,18 @@
|
|||
<!DOCTYPE html>
|
||||
<script src="/resources/testharness.js"></script>
|
||||
<script src="/resources/testharnessreport.js"></script>
|
||||
<!-- Test the 'worker-src' directive on nested dedicated workers -->
|
||||
<script>
|
||||
const w = new Worker(
|
||||
`./support/worker-src-none.sub.js?` +
|
||||
`pipe=sub|header(Content-Security-Policy,` +
|
||||
`worker-src 'none')`);
|
||||
// Forward 'securitypolicyviolation' events from the document into the
|
||||
// worker (we shouldn't actually see any, so the worker will assert that
|
||||
// none are fired).
|
||||
document.addEventListener('securitypolicyviolation', _ => {
|
||||
w.postMessage("SecurityPolicyViolation from Document");
|
||||
});
|
||||
// Nested workers are disallowed and don't send violations to document
|
||||
fetch_tests_from_worker(w);
|
||||
</script>
|
||||
27
tests/wpt/tests/content-security-policy/inside-worker/support/worker-src-none.sub.js
vendored
Normal file
27
tests/wpt/tests/content-security-policy/inside-worker/support/worker-src-none.sub.js
vendored
Normal file
|
|
@ -0,0 +1,27 @@
|
|||
importScripts("{{location[server]}}/resources/testharness.js");
|
||||
importScripts("{{location[server]}}/content-security-policy/support/testharness-helper.js");
|
||||
|
||||
let cspEventFiredInDocument = false;
|
||||
self.addEventListener("message", e => {
|
||||
if (e.data == "SecurityPolicyViolation from Document") {
|
||||
cspEventFiredInDocument = true;
|
||||
}
|
||||
});
|
||||
|
||||
async_test(t => {
|
||||
const url = new URL("{{location[server]}}/content-security-policy/support/ping.js").toString();
|
||||
const w = new Worker(url);
|
||||
w.onmessage = t.unreached_func("Ping should not be sent.");
|
||||
Promise.all([
|
||||
waitUntilCSPEventForURL(t, url)
|
||||
.then(t.step_func_done(e => {
|
||||
assert_equals(e.blockedURI, url);
|
||||
assert_equals(e.violatedDirective, "worker-src");
|
||||
assert_equals(e.effectiveDirective, "worker-src");
|
||||
assert_false(cspEventFiredInDocument, "Should not have fired event on document");
|
||||
})),
|
||||
waitUntilEvent(w, "error"),
|
||||
]);
|
||||
}, "Nested worker with worker-src is disallowed.");
|
||||
|
||||
done();
|
||||
Loading…
Add table
Add a link
Reference in a new issue