From 63cfeb3a180857c95b36012d833b903ec11cfc2f Mon Sep 17 00:00:00 2001 From: Tim van der Lippe Date: Sun, 8 Jun 2025 20:44:55 +0200 Subject: [PATCH] Report URI with POST fetch request (#37209) Part of #4577 Signed-off-by: Tim van der Lippe --- components/net/tests/http_loader.rs | 37 +-- components/script/dom/globalscope.rs | 3 +- components/script/security_manager.rs | 271 ++++++++++++++++-- components/shared/net/request.rs | 20 ++ ...uri-does-not-respect-base-uri.sub.html.ini | 3 - .../dedicatedworker-connect-src.html.ini | 3 - .../reporting/report-and-enforce.html.ini | 3 - .../report-blocked-data-uri.html.ini | 3 - ...port-blocked-uri-cross-origin.sub.html.ini | 3 - .../reporting/report-blocked-uri.html.ini | 3 - ...eport-cross-origin-no-cookies.sub.html.ini | 3 - .../report-original-url.sub.html.ini | 3 - .../report-preload-and-consume.https.html.ini | 4 - .../report-same-origin-with-cookies.html.ini | 6 - .../report-uri-effective-directive.html.ini | 3 - .../report-uri-from-child-frame.html.ini | 3 - ...report-uri-from-inline-javascript.html.ini | 3 - .../report-uri-from-javascript.html.ini | 3 - .../report-uri-multiple-reversed.html.ini | 3 - .../reporting/report-uri-multiple.html.ini | 3 - .../report-uri-scheme-relative.html.ini | 3 - .../fetch/metadata/report.https.sub.html.ini | 10 - 22 files changed, 277 insertions(+), 119 deletions(-) delete mode 100644 tests/wpt/meta/content-security-policy/base-uri/report-uri-does-not-respect-base-uri.sub.html.ini delete mode 100644 tests/wpt/meta/content-security-policy/reporting/report-and-enforce.html.ini delete mode 100644 tests/wpt/meta/content-security-policy/reporting/report-blocked-data-uri.html.ini delete mode 100644 tests/wpt/meta/content-security-policy/reporting/report-blocked-uri-cross-origin.sub.html.ini delete mode 100644 tests/wpt/meta/content-security-policy/reporting/report-blocked-uri.html.ini delete mode 100644 tests/wpt/meta/content-security-policy/reporting/report-cross-origin-no-cookies.sub.html.ini delete mode 100644 tests/wpt/meta/content-security-policy/reporting/report-original-url.sub.html.ini delete mode 100644 tests/wpt/meta/content-security-policy/reporting/report-preload-and-consume.https.html.ini delete mode 100644 tests/wpt/meta/content-security-policy/reporting/report-same-origin-with-cookies.html.ini delete mode 100644 tests/wpt/meta/content-security-policy/reporting/report-uri-effective-directive.html.ini delete mode 100644 tests/wpt/meta/content-security-policy/reporting/report-uri-from-child-frame.html.ini delete mode 100644 tests/wpt/meta/content-security-policy/reporting/report-uri-from-inline-javascript.html.ini delete mode 100644 tests/wpt/meta/content-security-policy/reporting/report-uri-from-javascript.html.ini delete mode 100644 tests/wpt/meta/content-security-policy/reporting/report-uri-multiple-reversed.html.ini delete mode 100644 tests/wpt/meta/content-security-policy/reporting/report-uri-multiple.html.ini delete mode 100644 tests/wpt/meta/content-security-policy/reporting/report-uri-scheme-relative.html.ini delete mode 100644 tests/wpt/meta/fetch/metadata/report.https.sub.html.ini diff --git a/components/net/tests/http_loader.rs b/components/net/tests/http_loader.rs index 3e3adcedda9..494d14cb281 100644 --- a/components/net/tests/http_loader.rs +++ b/components/net/tests/http_loader.rs @@ -31,8 +31,6 @@ use http::{HeaderName, Method, StatusCode}; use http_body_util::combinators::BoxBody; use hyper::body::{Body, Bytes, Incoming}; use hyper::{Request as HyperRequest, Response as HyperResponse}; -use ipc_channel::ipc::{self, IpcSharedMemory}; -use ipc_channel::router::ROUTER; use net::cookie::ServoCookie; use net::cookie_storage::CookieStorage; use net::fetch::methods::{self}; @@ -41,8 +39,8 @@ use net::resource_thread::AuthCacheEntry; use net::test::{DECODER_BUFFER_SIZE, replace_host_table}; use net_traits::http_status::HttpStatus; use net_traits::request::{ - BodyChunkRequest, BodyChunkResponse, BodySource, CredentialsMode, Destination, Referrer, - Request, RequestBody, RequestBuilder, RequestMode, + CredentialsMode, Destination, Referrer, Request, RequestBuilder, RequestMode, + create_request_body_with_content, }; use net_traits::response::{Response, ResponseBody}; use net_traits::{CookieSource, FetchTaskTarget, NetworkError, ReferrerPolicy}; @@ -100,24 +98,6 @@ pub fn expect_devtools_http_response( } } -fn create_request_body_with_content(content: IpcSharedMemory) -> RequestBody { - let content_len = content.len(); - - let (chunk_request_sender, chunk_request_receiver) = ipc::channel().unwrap(); - ROUTER.add_typed_route( - chunk_request_receiver, - Box::new(move |message| { - let request = message.unwrap(); - if let BodyChunkRequest::Connect(sender) = request { - let _ = sender.send(BodyChunkResponse::Chunk(content.clone())); - let _ = sender.send(BodyChunkResponse::Done); - } - }), - ); - - RequestBody::new(chunk_request_sender, BodySource::Object, Some(content_len)) -} - #[test] fn test_check_default_headers_loaded_in_every_request() { let expected_headers = Arc::new(Mutex::new(None)); @@ -591,8 +571,8 @@ fn test_load_doesnt_send_request_body_on_any_redirect() { }; let (pre_server, pre_url) = make_server(pre_handler); - let content = b"Body on POST!"; - let request_body = create_request_body_with_content(IpcSharedMemory::from_bytes(content)); + let content = "Body on POST!"; + let request_body = create_request_body_with_content(content); let request = RequestBuilder::new(None, pre_url.clone(), Referrer::NoReferrer) .body(Some(request_body)) @@ -891,20 +871,21 @@ fn test_when_cookie_received_marked_secure_is_ignored_for_http() { #[test] fn test_load_sets_content_length_to_length_of_request_body() { - let content = b"This is a request body"; + let content = "This is a request body"; + let content_bytes = content.as_bytes(); let handler = move |request: HyperRequest, response: &mut HyperResponse>| { - let content_length = ContentLength(content.len() as u64); + let content_length = ContentLength(content_bytes.len() as u64); assert_eq!( request.headers().typed_get::(), Some(content_length) ); - *response.body_mut() = make_body(content.to_vec()); + *response.body_mut() = make_body(content_bytes.to_vec()); }; let (server, url) = make_server(handler); - let request_body = create_request_body_with_content(IpcSharedMemory::from_bytes(content)); + let request_body = create_request_body_with_content(content); let request = RequestBuilder::new(None, url.clone(), Referrer::NoReferrer) .method(Method::POST) diff --git a/components/script/dom/globalscope.rs b/components/script/dom/globalscope.rs index 75abc67aef1..9bec85afe5b 100644 --- a/components/script/dom/globalscope.rs +++ b/components/script/dom/globalscope.rs @@ -3501,7 +3501,8 @@ impl GlobalScope { Some(event_target) => Trusted::new(event_target.upcast()), }; // Step 3: Queue a task to run the following steps: - let task = CSPViolationReportTask::new(Trusted::new(self), target, report); + let task = + CSPViolationReportTask::new(Trusted::new(self), target, report, violation.policy); self.task_manager() .dom_manipulation_task_source() .queue(task); diff --git a/components/script/security_manager.rs b/components/script/security_manager.rs index ee062594eb8..89a8ba6ed89 100644 --- a/components/script/security_manager.rs +++ b/components/script/security_manager.rs @@ -2,7 +2,16 @@ * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at https://mozilla.org/MPL/2.0/. */ -use net_traits::request::Referrer; +use std::sync::{Arc, Mutex}; + +use content_security_policy as csp; +use headers::{ContentType, HeaderMap, HeaderMapExt}; +use net_traits::request::{ + CredentialsMode, Referrer, RequestBody, RequestId, create_request_body_with_content, +}; +use net_traits::{ + FetchMetadata, FetchResponseListener, NetworkError, ResourceFetchTiming, ResourceTimingType, +}; use serde::Serialize; use servo_url::ServoUrl; use stylo_atoms::Atom; @@ -14,10 +23,14 @@ use crate::dom::bindings::codegen::Bindings::SecurityPolicyViolationEventBinding }; use crate::dom::bindings::inheritance::Castable; use crate::dom::bindings::refcounted::Trusted; +use crate::dom::bindings::root::DomRoot; use crate::dom::event::{Event, EventBubbles, EventCancelable, EventComposed}; use crate::dom::eventtarget::EventTarget; +use crate::dom::performanceresourcetiming::InitiatorType; use crate::dom::securitypolicyviolationevent::SecurityPolicyViolationEvent; use crate::dom::types::GlobalScope; +use crate::fetch::create_a_potential_cors_request; +use crate::network_listener::{PreInvoke, ResourceTimingListener, submit_timing}; use crate::script_runtime::CanGc; use crate::task::TaskOnce; @@ -25,9 +38,10 @@ pub(crate) struct CSPViolationReportTask { global: Trusted, event_target: Trusted, violation_report: SecurityPolicyViolationReport, + violation_policy: csp::Policy, } -#[derive(Debug, Serialize)] +#[derive(Clone, Debug, Serialize)] #[serde(rename_all = "camelCase")] pub(crate) struct SecurityPolicyViolationReport { sample: Option, @@ -47,6 +61,30 @@ pub(crate) struct SecurityPolicyViolationReport { disposition: SecurityPolicyViolationEventDisposition, } +#[derive(Serialize)] +#[serde(rename_all = "kebab-case")] +struct CSPReportUriViolationReportBody { + document_uri: String, + referrer: String, + blocked_uri: String, + effective_directive: String, + violated_directive: String, + original_policy: String, + #[serde(serialize_with = "serialize_disposition")] + disposition: SecurityPolicyViolationEventDisposition, + status_code: u16, + script_sample: Option, + source_file: Option, + line_number: Option, + column_number: Option, +} + +#[derive(Serialize)] +#[serde(rename_all = "kebab-case")] +struct CSPReportUriViolationReport { + csp_report: CSPReportUriViolationReportBody, +} + #[derive(Default)] pub(crate) struct CSPViolationReportBuilder { pub report_only: bool, @@ -114,36 +152,19 @@ impl CSPViolationReportBuilder { self } - /// - fn strip_url_for_reports(&self, mut url: ServoUrl) -> String { - let scheme = url.scheme(); - // > Step 1: If url’s scheme is not an HTTP(S) scheme, then return url’s scheme. - if scheme != "https" && scheme != "http" { - return scheme.to_owned(); - } - // > Step 2: Set url’s fragment to the empty string. - url.set_fragment(None); - // > Step 3: Set url’s username to the empty string. - let _ = url.set_username(""); - // > Step 4: Set url’s password to the empty string. - let _ = url.set_password(None); - // > Step 5: Return the result of executing the URL serializer on url. - url.into_string() - } - pub fn build(self, global: &GlobalScope) -> SecurityPolicyViolationReport { SecurityPolicyViolationReport { violated_directive: self.effective_directive.clone(), effective_directive: self.effective_directive.clone(), - document_url: self.strip_url_for_reports(global.get_url()), + document_url: strip_url_for_reports(global.get_url()), disposition: match self.report_only { true => SecurityPolicyViolationEventDisposition::Report, false => SecurityPolicyViolationEventDisposition::Enforce, }, // https://w3c.github.io/webappsec-csp/#violation-referrer referrer: match global.get_referrer() { - Referrer::Client(url) => self.strip_url_for_reports(url), - Referrer::ReferrerUrl(url) => self.strip_url_for_reports(url), + Referrer::Client(url) => strip_url_for_reports(url), + Referrer::ReferrerUrl(url) => strip_url_for_reports(url), _ => "".to_owned(), }, sample: self.sample, @@ -162,22 +183,24 @@ impl CSPViolationReportTask { global: Trusted, event_target: Trusted, violation_report: SecurityPolicyViolationReport, + violation_policy: csp::Policy, ) -> CSPViolationReportTask { CSPViolationReportTask { global, event_target, violation_report, + violation_policy, } } - fn fire_violation_event(self, can_gc: CanGc) { + fn fire_violation_event(&self, can_gc: CanGc) { let event = SecurityPolicyViolationEvent::new( &self.global.root(), Atom::from("securitypolicyviolation"), EventBubbles::Bubbles, EventCancelable::Cancelable, EventComposed::Composed, - &self.violation_report.convert(), + &self.violation_report.clone().convert(), can_gc, ); @@ -185,6 +208,72 @@ impl CSPViolationReportTask { .upcast::() .fire(&self.event_target.root(), can_gc); } + + /// + fn serialize_violation(&self) -> Option { + let report_body = CSPReportUriViolationReport { + // Steps 1-3. + csp_report: self.violation_report.clone().into(), + }; + // Step 4. Return the result of serialize an infra value to JSON bytes given «[ "csp-report" → body ]». + Some(create_request_body_with_content( + &serde_json::to_string(&report_body).unwrap_or("".to_owned()), + )) + } + + /// Step 3.4 of + fn post_csp_violation_to_report_uri(&self, report_uri_directive: &csp::Directive) { + let global = self.global.root(); + // Step 3.4.1. If violation’s policy’s directive set contains a directive named + // "report-to", skip the remaining substeps. + if self + .violation_policy + .contains_a_directive_whose_name_is("report-to") + { + return; + } + // Step 3.4.2. For each token of directive’s value: + for token in &report_uri_directive.value { + // Step 3.4.2.1. Let endpoint be the result of executing the URL parser with token as the input, + // and violation’s url as the base URL. + let Ok(endpoint) = ServoUrl::parse_with_base(Some(&global.get_url()), token) else { + // Step 3.4.2.2. If endpoint is not a valid URL, skip the remaining substeps. + continue; + }; + // Step 3.4.2.3. Let request be a new request, initialized as follows: + let mut headers = HeaderMap::with_capacity(1); + headers.typed_insert(ContentType::from( + "application/csp-report".parse::().unwrap(), + )); + let request_body = self.serialize_violation(); + let request = create_a_potential_cors_request( + None, + endpoint.clone(), + csp::Destination::Report, + None, + None, + global.get_referrer(), + global.insecure_requests_policy(), + global.has_trustworthy_ancestor_or_current_origin(), + global.policy_container(), + ) + .method(http::Method::POST) + .body(request_body) + .origin(global.origin().immutable().clone()) + .credentials_mode(CredentialsMode::CredentialsSameOrigin) + .headers(headers); + // Step 3.4.2.4. Fetch request. The result will be ignored. + global.fetch( + request, + Arc::new(Mutex::new(CSPReportUriFetchListener { + endpoint, + global: Trusted::new(&global), + resource_timing: ResourceFetchTiming::new(ResourceTimingType::None), + })), + global.task_manager().networking_task_source().into(), + ); + } + } } /// Corresponds to the operation in 5.5 Report Violation @@ -196,7 +285,15 @@ impl TaskOnce for CSPViolationReportTask { // > that uses the SecurityPolicyViolationEvent interface // > at target with its attributes initialized as follows: self.fire_violation_event(CanGc::note()); - // TODO: Support `report-to` directive that corresponds to 5.5.3.5. + // Step 3.4. If violation’s policy’s directive set contains a directive named "report-uri" directive: + if let Some(report_uri_directive) = self + .violation_policy + .directive_set + .iter() + .find(|directive| directive.name == "report-uri") + { + self.post_csp_violation_to_report_uri(report_uri_directive); + } } } @@ -220,6 +317,62 @@ impl Convert for SecurityPolicyViolationReport } } +/// +impl From for CSPReportUriViolationReportBody { + fn from(value: SecurityPolicyViolationReport) -> Self { + // Step 1. Let body be a map with its keys initialized as follows: + let mut converted = Self { + document_uri: value.document_url, + referrer: value.referrer, + blocked_uri: value.blocked_url, + effective_directive: value.effective_directive, + violated_directive: value.violated_directive, + original_policy: value.original_policy, + disposition: value.disposition, + status_code: value.status_code, + script_sample: None, + source_file: None, + line_number: None, + column_number: None, + }; + + // Step 2. If violation’s source file is not null: + if !value.source_file.is_empty() { + // Step 2.1. Set body["source-file'] to the result of + // executing § 5.4 Strip URL for use in reports on violation’s source file. + converted.source_file = ServoUrl::parse(&value.source_file) + .map(strip_url_for_reports) + .ok(); + // Step 2.2. Set body["line-number"] to violation’s line number. + converted.line_number = Some(value.line_number); + // Step 2.3. Set body["column-number"] to violation’s column number. + converted.column_number = Some(value.column_number); + } + + // Step 3. Assert: If body["blocked-uri"] is not "inline", then body["sample"] is the empty string. + debug_assert!(converted.blocked_uri == "inline" || converted.script_sample.is_none()); + + converted + } +} + +/// +fn strip_url_for_reports(mut url: ServoUrl) -> String { + let scheme = url.scheme(); + // > Step 1: If url’s scheme is not an HTTP(S) scheme, then return url’s scheme. + if scheme != "https" && scheme != "http" { + return scheme.to_owned(); + } + // > Step 2: Set url’s fragment to the empty string. + url.set_fragment(None); + // > Step 3: Set url’s username to the empty string. + let _ = url.set_username(""); + // > Step 4: Set url’s password to the empty string. + let _ = url.set_password(None); + // > Step 5: Return the result of executing the URL serializer on url. + url.into_string() +} + fn serialize_disposition( val: &SecurityPolicyViolationEventDisposition, serializer: S, @@ -229,3 +382,71 @@ fn serialize_disposition( SecurityPolicyViolationEventDisposition::Enforce => serializer.serialize_str("enforce"), } } + +struct CSPReportUriFetchListener { + /// Endpoint URL of this request. + endpoint: ServoUrl, + /// Timing data for this resource. + resource_timing: ResourceFetchTiming, + /// The global object fetching the report uri violation + global: Trusted, +} + +impl FetchResponseListener for CSPReportUriFetchListener { + fn process_request_body(&mut self, _: RequestId) {} + + fn process_request_eof(&mut self, _: RequestId) {} + + fn process_response( + &mut self, + _: RequestId, + fetch_metadata: Result, + ) { + _ = fetch_metadata; + } + + fn process_response_chunk(&mut self, _: RequestId, chunk: Vec) { + _ = chunk; + } + + fn process_response_eof( + &mut self, + _: RequestId, + response: Result, + ) { + _ = response; + } + + fn resource_timing_mut(&mut self) -> &mut ResourceFetchTiming { + &mut self.resource_timing + } + + fn resource_timing(&self) -> &ResourceFetchTiming { + &self.resource_timing + } + + fn submit_resource_timing(&mut self) { + submit_timing(self, CanGc::note()) + } + + fn process_csp_violations(&mut self, _request_id: RequestId, violations: Vec) { + let global = &self.resource_timing_global(); + global.report_csp_violations(violations, None); + } +} + +impl ResourceTimingListener for CSPReportUriFetchListener { + fn resource_timing_information(&self) -> (InitiatorType, ServoUrl) { + (InitiatorType::Other, self.endpoint.clone()) + } + + fn resource_timing_global(&self) -> DomRoot { + self.global.root() + } +} + +impl PreInvoke for CSPReportUriFetchListener { + fn should_invoke(&self) -> bool { + true + } +} diff --git a/components/shared/net/request.rs b/components/shared/net/request.rs index 259132b55c4..7b39ac7b78d 100644 --- a/components/shared/net/request.rs +++ b/components/shared/net/request.rs @@ -9,6 +9,7 @@ use content_security_policy::{self as csp}; use http::header::{AUTHORIZATION, HeaderName}; use http::{HeaderMap, Method}; use ipc_channel::ipc::{self, IpcReceiver, IpcSender, IpcSharedMemory}; +use ipc_channel::router::ROUTER; use malloc_size_of_derive::MallocSizeOf; use mime::Mime; use serde::{Deserialize, Serialize}; @@ -925,3 +926,22 @@ pub fn convert_header_names_to_sorted_lowercase_set( ordered_set.dedup(); ordered_set.into_iter().cloned().collect() } + +pub fn create_request_body_with_content(content: &str) -> RequestBody { + let content_bytes = IpcSharedMemory::from_bytes(content.as_bytes()); + let content_len = content_bytes.len(); + + let (chunk_request_sender, chunk_request_receiver) = ipc::channel().unwrap(); + ROUTER.add_typed_route( + chunk_request_receiver, + Box::new(move |message| { + let request = message.unwrap(); + if let BodyChunkRequest::Connect(sender) = request { + let _ = sender.send(BodyChunkResponse::Chunk(content_bytes.clone())); + let _ = sender.send(BodyChunkResponse::Done); + } + }), + ); + + RequestBody::new(chunk_request_sender, BodySource::Object, Some(content_len)) +} diff --git a/tests/wpt/meta/content-security-policy/base-uri/report-uri-does-not-respect-base-uri.sub.html.ini b/tests/wpt/meta/content-security-policy/base-uri/report-uri-does-not-respect-base-uri.sub.html.ini deleted file mode 100644 index e3d7c23eef2..00000000000 --- a/tests/wpt/meta/content-security-policy/base-uri/report-uri-does-not-respect-base-uri.sub.html.ini +++ /dev/null @@ -1,3 +0,0 @@ -[report-uri-does-not-respect-base-uri.sub.html] - [Violation report status OK.] - expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/inside-worker/dedicatedworker-connect-src.html.ini b/tests/wpt/meta/content-security-policy/inside-worker/dedicatedworker-connect-src.html.ini index 72db221f4dd..c0755107957 100644 --- a/tests/wpt/meta/content-security-policy/inside-worker/dedicatedworker-connect-src.html.ini +++ b/tests/wpt/meta/content-security-policy/inside-worker/dedicatedworker-connect-src.html.ini @@ -1,7 +1,4 @@ [dedicatedworker-connect-src.html] - [Reports match in http: with connect-src 'self'] - expected: FAIL - [Cross-origin 'fetch()' in blob: with connect-src 'self'] expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/reporting/report-and-enforce.html.ini b/tests/wpt/meta/content-security-policy/reporting/report-and-enforce.html.ini deleted file mode 100644 index db4b7b25753..00000000000 --- a/tests/wpt/meta/content-security-policy/reporting/report-and-enforce.html.ini +++ /dev/null @@ -1,3 +0,0 @@ -[report-and-enforce.html] - [Violation report status OK.] - expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/reporting/report-blocked-data-uri.html.ini b/tests/wpt/meta/content-security-policy/reporting/report-blocked-data-uri.html.ini deleted file mode 100644 index d8269171239..00000000000 --- a/tests/wpt/meta/content-security-policy/reporting/report-blocked-data-uri.html.ini +++ /dev/null @@ -1,3 +0,0 @@ -[report-blocked-data-uri.html] - [Violation report status OK.] - expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/reporting/report-blocked-uri-cross-origin.sub.html.ini b/tests/wpt/meta/content-security-policy/reporting/report-blocked-uri-cross-origin.sub.html.ini deleted file mode 100644 index e70dcdeca70..00000000000 --- a/tests/wpt/meta/content-security-policy/reporting/report-blocked-uri-cross-origin.sub.html.ini +++ /dev/null @@ -1,3 +0,0 @@ -[report-blocked-uri-cross-origin.sub.html] - [Violation report status OK.] - expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/reporting/report-blocked-uri.html.ini b/tests/wpt/meta/content-security-policy/reporting/report-blocked-uri.html.ini deleted file mode 100644 index 2275d16dae2..00000000000 --- a/tests/wpt/meta/content-security-policy/reporting/report-blocked-uri.html.ini +++ /dev/null @@ -1,3 +0,0 @@ -[report-blocked-uri.html] - [Violation report status OK.] - expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/reporting/report-cross-origin-no-cookies.sub.html.ini b/tests/wpt/meta/content-security-policy/reporting/report-cross-origin-no-cookies.sub.html.ini deleted file mode 100644 index c7665aab918..00000000000 --- a/tests/wpt/meta/content-security-policy/reporting/report-cross-origin-no-cookies.sub.html.ini +++ /dev/null @@ -1,3 +0,0 @@ -[report-cross-origin-no-cookies.sub.html] - [Violation report status OK.] - expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/reporting/report-original-url.sub.html.ini b/tests/wpt/meta/content-security-policy/reporting/report-original-url.sub.html.ini deleted file mode 100644 index f160ad3d25d..00000000000 --- a/tests/wpt/meta/content-security-policy/reporting/report-original-url.sub.html.ini +++ /dev/null @@ -1,3 +0,0 @@ -[report-original-url.sub.html] - [Violation report status OK.] - expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/reporting/report-preload-and-consume.https.html.ini b/tests/wpt/meta/content-security-policy/reporting/report-preload-and-consume.https.html.ini deleted file mode 100644 index 2d09ea340b3..00000000000 --- a/tests/wpt/meta/content-security-policy/reporting/report-preload-and-consume.https.html.ini +++ /dev/null @@ -1,4 +0,0 @@ -[report-preload-and-consume.https.html] - expected: TIMEOUT - [Reporting endpoints received credentials.] - expected: TIMEOUT diff --git a/tests/wpt/meta/content-security-policy/reporting/report-same-origin-with-cookies.html.ini b/tests/wpt/meta/content-security-policy/reporting/report-same-origin-with-cookies.html.ini deleted file mode 100644 index 882211ab9fb..00000000000 --- a/tests/wpt/meta/content-security-policy/reporting/report-same-origin-with-cookies.html.ini +++ /dev/null @@ -1,6 +0,0 @@ -[report-same-origin-with-cookies.html] - [Violation report status OK.] - expected: FAIL - - [Test report cookies.] - expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/reporting/report-uri-effective-directive.html.ini b/tests/wpt/meta/content-security-policy/reporting/report-uri-effective-directive.html.ini deleted file mode 100644 index 1571539a4e4..00000000000 --- a/tests/wpt/meta/content-security-policy/reporting/report-uri-effective-directive.html.ini +++ /dev/null @@ -1,3 +0,0 @@ -[report-uri-effective-directive.html] - [Violation report status OK.] - expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/reporting/report-uri-from-child-frame.html.ini b/tests/wpt/meta/content-security-policy/reporting/report-uri-from-child-frame.html.ini deleted file mode 100644 index 4112d8054e5..00000000000 --- a/tests/wpt/meta/content-security-policy/reporting/report-uri-from-child-frame.html.ini +++ /dev/null @@ -1,3 +0,0 @@ -[report-uri-from-child-frame.html] - [Violation report status OK.] - expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/reporting/report-uri-from-inline-javascript.html.ini b/tests/wpt/meta/content-security-policy/reporting/report-uri-from-inline-javascript.html.ini deleted file mode 100644 index a37311b0d13..00000000000 --- a/tests/wpt/meta/content-security-policy/reporting/report-uri-from-inline-javascript.html.ini +++ /dev/null @@ -1,3 +0,0 @@ -[report-uri-from-inline-javascript.html] - [Violation report status OK.] - expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/reporting/report-uri-from-javascript.html.ini b/tests/wpt/meta/content-security-policy/reporting/report-uri-from-javascript.html.ini deleted file mode 100644 index 92daa7fe26d..00000000000 --- a/tests/wpt/meta/content-security-policy/reporting/report-uri-from-javascript.html.ini +++ /dev/null @@ -1,3 +0,0 @@ -[report-uri-from-javascript.html] - [Violation report status OK.] - expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/reporting/report-uri-multiple-reversed.html.ini b/tests/wpt/meta/content-security-policy/reporting/report-uri-multiple-reversed.html.ini deleted file mode 100644 index 1edf44b5887..00000000000 --- a/tests/wpt/meta/content-security-policy/reporting/report-uri-multiple-reversed.html.ini +++ /dev/null @@ -1,3 +0,0 @@ -[report-uri-multiple-reversed.html] - [Violation report status OK.] - expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/reporting/report-uri-multiple.html.ini b/tests/wpt/meta/content-security-policy/reporting/report-uri-multiple.html.ini deleted file mode 100644 index 1ea240219fa..00000000000 --- a/tests/wpt/meta/content-security-policy/reporting/report-uri-multiple.html.ini +++ /dev/null @@ -1,3 +0,0 @@ -[report-uri-multiple.html] - [Violation report status OK.] - expected: FAIL diff --git a/tests/wpt/meta/content-security-policy/reporting/report-uri-scheme-relative.html.ini b/tests/wpt/meta/content-security-policy/reporting/report-uri-scheme-relative.html.ini deleted file mode 100644 index 6a803717b04..00000000000 --- a/tests/wpt/meta/content-security-policy/reporting/report-uri-scheme-relative.html.ini +++ /dev/null @@ -1,3 +0,0 @@ -[report-uri-scheme-relative.html] - [Violation report status OK.] - expected: FAIL diff --git a/tests/wpt/meta/fetch/metadata/report.https.sub.html.ini b/tests/wpt/meta/fetch/metadata/report.https.sub.html.ini deleted file mode 100644 index 0348be9f384..00000000000 --- a/tests/wpt/meta/fetch/metadata/report.https.sub.html.ini +++ /dev/null @@ -1,10 +0,0 @@ -[report.https.sub.html] - expected: ERROR - [same-origin report] - expected: TIMEOUT - - [same-site report] - expected: TIMEOUT - - [cross-site report] - expected: TIMEOUT