mirror of
https://github.com/servo/servo.git
synced 2025-06-06 00:25:37 +00:00
Update FetchTaskTarget to propagate CSP violations. (#36409)
It also updates the FetchResponseListener to process CSP violations to ensure that iframe elements (amongst others) properly generate the CSP events. These iframe elements are used in the Trusted Types tests themselves and weren't propagating the violations before. However, the tests themselves are still not passing since they also use Websockets, which currently aren't using the fetch machinery itself. That is fixed as part of [1]. [1]: https://github.com/servo/servo/issues/35028 --------- Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com> Signed-off-by: Josh Matthews <josh@joshmatthews.net> Co-authored-by: Josh Matthews <josh@joshmatthews.net>
This commit is contained in:
Tim van der Lippe
GitHub
parent
5d84acc06e
commit
85e4a2b5c7
146 changed files with 511 additions and 612 deletions
3
Cargo.lock
generated
3
Cargo.lock
generated
|
|
@ -1224,8 +1224,7 @@ dependencies = [
|
|||
[[package]]
|
||||
name = "content-security-policy"
|
||||
version = "0.5.4"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "f33b8ed5a7a80fdf6b7b1946f0d804c08ba348d72725b09a58fe804c48b7354f"
|
||||
source = "git+https://github.com/servo/rust-content-security-policy/?branch=servo-csp#babd99e8fbafe42434186c252f14b17a3f8dad22"
|
||||
dependencies = [
|
||||
"base64 0.22.1",
|
||||
"bitflags 2.9.0",
|
||||
|
|
|
|||
|
|
@ -41,7 +41,7 @@ chrono = { version = "0.4", features = ["serde"] }
|
|||
cipher = { version = "0.4.4", features = ["alloc"] }
|
||||
compositing_traits = { path = "components/shared/compositing" }
|
||||
constellation_traits = { path = "components/shared/constellation" }
|
||||
content-security-policy = { version = "0.5", features = ["serde"] }
|
||||
content-security-policy = { git = "https://github.com/servo/rust-content-security-policy/", branch = "servo-csp", features = ["serde"] }
|
||||
cookie = { package = "cookie", version = "0.18" }
|
||||
crossbeam-channel = "0.5"
|
||||
cssparser = { version = "0.35", features = ["serde"] }
|
||||
|
|
|
|||
|
|
@ -900,9 +900,9 @@ impl RemoteWebFontDownloader {
|
|||
response_message: FetchResponseMsg,
|
||||
) -> DownloaderResponseResult {
|
||||
match response_message {
|
||||
FetchResponseMsg::ProcessRequestBody(..) | FetchResponseMsg::ProcessRequestEOF(..) => {
|
||||
DownloaderResponseResult::InProcess
|
||||
},
|
||||
FetchResponseMsg::ProcessRequestBody(..) |
|
||||
FetchResponseMsg::ProcessRequestEOF(..) |
|
||||
FetchResponseMsg::ProcessCspViolations(..) => DownloaderResponseResult::InProcess,
|
||||
FetchResponseMsg::ProcessResponse(_, meta_result) => {
|
||||
trace!(
|
||||
"@font-face {} metadata ok={:?}",
|
||||
|
|
|
|||
|
|
@ -173,9 +173,9 @@ pub async fn fetch_with_cors_cache(
|
|||
pub fn should_request_be_blocked_by_csp(
|
||||
request: &Request,
|
||||
policy_container: &PolicyContainer,
|
||||
) -> csp::CheckResult {
|
||||
) -> (csp::CheckResult, Vec<csp::Violation>) {
|
||||
let origin = match &request.origin {
|
||||
Origin::Client => return csp::CheckResult::Allowed,
|
||||
Origin::Client => return (csp::CheckResult::Allowed, Vec::new()),
|
||||
Origin::Origin(origin) => origin,
|
||||
};
|
||||
|
||||
|
|
@ -190,12 +190,11 @@ pub fn should_request_be_blocked_by_csp(
|
|||
parser_metadata: csp::ParserMetadata::None,
|
||||
};
|
||||
|
||||
// TODO: Instead of ignoring violations, report them.
|
||||
policy_container
|
||||
.csp_list
|
||||
.as_ref()
|
||||
.map(|c| c.should_request_be_blocked(&csp_request).0)
|
||||
.unwrap_or(csp::CheckResult::Allowed)
|
||||
.map(|c| c.should_request_be_blocked(&csp_request))
|
||||
.unwrap_or((csp::CheckResult::Allowed, Vec::new()))
|
||||
}
|
||||
|
||||
/// [Main fetch](https://fetch.spec.whatwg.org/#concept-main-fetch)
|
||||
|
|
@ -278,7 +277,13 @@ pub async fn main_fetch(
|
|||
// Step 7. If should request be blocked due to a bad port, should fetching request be blocked
|
||||
// as mixed content, or should request be blocked by Content Security Policy returns blocked,
|
||||
// then set response to a network error.
|
||||
if should_request_be_blocked_by_csp(request, &policy_container) == csp::CheckResult::Blocked {
|
||||
let (check_result, violations) = should_request_be_blocked_by_csp(request, &policy_container);
|
||||
|
||||
if !violations.is_empty() {
|
||||
target.process_csp_violations(request, violations);
|
||||
}
|
||||
|
||||
if check_result == csp::CheckResult::Blocked {
|
||||
warn!("Request blocked by CSP");
|
||||
response = Some(Response::network_error(NetworkError::Internal(
|
||||
"Blocked by Content-Security-Policy".into(),
|
||||
|
|
|
|||
|
|
@ -546,7 +546,8 @@ impl ImageCache for ImageCacheImpl {
|
|||
fn notify_pending_response(&self, id: PendingImageId, action: FetchResponseMsg) {
|
||||
match (action, id) {
|
||||
(FetchResponseMsg::ProcessRequestBody(..), _) |
|
||||
(FetchResponseMsg::ProcessRequestEOF(..), _) => (),
|
||||
(FetchResponseMsg::ProcessRequestEOF(..), _) |
|
||||
(FetchResponseMsg::ProcessCspViolations(..), _) => (),
|
||||
(FetchResponseMsg::ProcessResponse(_, response), _) => {
|
||||
debug!("Received {:?} for {:?}", response.as_ref().map(|_| ()), id);
|
||||
let mut store = self.store.lock().unwrap();
|
||||
|
|
|
|||
|
|
@ -12,6 +12,7 @@ use std::sync::{Arc, Mutex, Weak};
|
|||
use std::time::{Duration, SystemTime};
|
||||
|
||||
use base::id::TEST_PIPELINE_ID;
|
||||
use content_security_policy as csp;
|
||||
use crossbeam_channel::{Sender, unbounded};
|
||||
use devtools_traits::{HttpRequest as DevtoolsHttpRequest, HttpResponse as DevtoolsHttpResponse};
|
||||
use headers::{
|
||||
|
|
@ -163,6 +164,7 @@ fn test_fetch_blob() {
|
|||
assert_eq!(self.buffer, self.expected);
|
||||
let _ = self.sender.send(response.clone());
|
||||
}
|
||||
fn process_csp_violations(&mut self, _: &Request, _: Vec<csp::Violation>) {}
|
||||
}
|
||||
|
||||
let context = new_fetch_context(None, None, None);
|
||||
|
|
|
|||
|
|
@ -11,6 +11,7 @@ use std::sync::{Arc, Mutex, RwLock};
|
|||
use std::time::Duration;
|
||||
|
||||
use base::id::{TEST_PIPELINE_ID, TEST_WEBVIEW_ID};
|
||||
use content_security_policy as csp;
|
||||
use cookie::Cookie as CookiePair;
|
||||
use crossbeam_channel::{Receiver, unbounded};
|
||||
use devtools_traits::{
|
||||
|
|
@ -1537,6 +1538,7 @@ fn test_fetch_compressed_response_update_count() {
|
|||
fn process_response_eof(&mut self, _: &Request, _: &Response) {
|
||||
let _ = self.sender.take().unwrap().send(self.update_count);
|
||||
}
|
||||
fn process_csp_violations(&mut self, _: &Request, _: Vec<csp::Violation>) {}
|
||||
}
|
||||
|
||||
let (sender, receiver) = tokio::sync::oneshot::channel();
|
||||
|
|
|
|||
|
|
@ -26,6 +26,7 @@ use std::net::TcpListener as StdTcpListener;
|
|||
use std::path::{Path, PathBuf};
|
||||
use std::sync::{Arc, LazyLock, Mutex, RwLock, Weak};
|
||||
|
||||
use content_security_policy as csp;
|
||||
use crossbeam_channel::{Receiver, Sender, unbounded};
|
||||
use devtools_traits::DevtoolsControlMsg;
|
||||
use embedder_traits::{AuthenticationResponse, EmbedderMsg, EmbedderProxy, EventLoopWaker};
|
||||
|
|
@ -196,6 +197,7 @@ impl FetchTaskTarget for FetchResponseCollector {
|
|||
fn process_response_eof(&mut self, _: &Request, response: &Response) {
|
||||
let _ = self.sender.take().unwrap().send(response.clone());
|
||||
}
|
||||
fn process_csp_violations(&mut self, _: &Request, _: Vec<csp::Violation>) {}
|
||||
}
|
||||
|
||||
fn fetch(request: Request, dc: Option<Sender<DevtoolsControlMsg>>) -> Response {
|
||||
|
|
|
|||
|
|
@ -11,19 +11,22 @@
|
|||
//! over events from the network and events from the DOM, using async/await to avoid
|
||||
//! the need for a dedicated thread per websocket.
|
||||
|
||||
use std::mem;
|
||||
use std::sync::Arc;
|
||||
use std::sync::atomic::{AtomicBool, Ordering};
|
||||
|
||||
use async_tungstenite::WebSocketStream;
|
||||
use async_tungstenite::tokio::{ConnectStream, client_async_tls_with_connector_and_config};
|
||||
use base64::Engine;
|
||||
use content_security_policy as csp;
|
||||
use futures::future::TryFutureExt;
|
||||
use futures::stream::StreamExt;
|
||||
use http::header::{self, HeaderName, HeaderValue};
|
||||
use ipc_channel::ipc::{IpcReceiver, IpcSender};
|
||||
use ipc_channel::router::ROUTER;
|
||||
use log::{debug, trace, warn};
|
||||
use net_traits::request::{RequestBuilder, RequestMode};
|
||||
use net_traits::policy_container::{PolicyContainer, RequestPolicyContainer};
|
||||
use net_traits::request::{Origin, RequestBuilder, RequestMode};
|
||||
use net_traits::{CookieSource, MessageData, WebSocketDomAction, WebSocketNetworkEvent};
|
||||
use servo_url::ServoUrl;
|
||||
use tokio::net::TcpStream;
|
||||
|
|
@ -39,7 +42,9 @@ use url::Url;
|
|||
use crate::async_runtime::HANDLE;
|
||||
use crate::connector::{CACertificates, TlsConfig, create_tls_config};
|
||||
use crate::cookie::ServoCookie;
|
||||
use crate::fetch::methods::should_request_be_blocked_due_to_a_bad_port;
|
||||
use crate::fetch::methods::{
|
||||
should_request_be_blocked_by_csp, should_request_be_blocked_due_to_a_bad_port,
|
||||
};
|
||||
use crate::hosts::replace_host;
|
||||
use crate::http_loader::HttpState;
|
||||
/// Create a tungstenite Request object for the initial HTTP request.
|
||||
|
|
@ -353,7 +358,7 @@ fn connect(
|
|||
ignore_certificate_errors: bool,
|
||||
) -> Result<(), String> {
|
||||
let protocols = match req_builder.mode {
|
||||
RequestMode::WebSocket { protocols } => protocols,
|
||||
RequestMode::WebSocket { ref mut protocols } => mem::take(protocols),
|
||||
_ => {
|
||||
return Err(
|
||||
"Received a RequestBuilder with a non-websocket mode in websocket_loader"
|
||||
|
|
@ -368,16 +373,36 @@ fn connect(
|
|||
.read()
|
||||
.unwrap()
|
||||
.apply_hsts_rules(&mut req_builder.url);
|
||||
let request = req_builder.build();
|
||||
|
||||
let req_url = req_builder.url.clone();
|
||||
let req_url = request.url();
|
||||
let req_origin = match request.origin {
|
||||
Origin::Client => unreachable!(),
|
||||
Origin::Origin(ref origin) => origin,
|
||||
};
|
||||
|
||||
if should_request_be_blocked_due_to_a_bad_port(&req_url) {
|
||||
return Err("Port blocked".to_string());
|
||||
}
|
||||
|
||||
let policy_container = match &request.policy_container {
|
||||
RequestPolicyContainer::Client => PolicyContainer::default(),
|
||||
RequestPolicyContainer::PolicyContainer(container) => container.to_owned(),
|
||||
};
|
||||
|
||||
let (check_result, violations) = should_request_be_blocked_by_csp(&request, &policy_container);
|
||||
|
||||
if !violations.is_empty() {
|
||||
let _ = resource_event_sender.send(WebSocketNetworkEvent::ReportCSPViolations(violations));
|
||||
}
|
||||
|
||||
if check_result == csp::CheckResult::Blocked {
|
||||
return Err("Blocked by Content-Security-Policy".to_string());
|
||||
}
|
||||
|
||||
let client = match create_request(
|
||||
&req_url,
|
||||
&req_builder.origin.ascii_serialization(),
|
||||
&req_origin.ascii_serialization(),
|
||||
&protocols,
|
||||
&http_state,
|
||||
) {
|
||||
|
|
@ -397,7 +422,7 @@ fn connect(
|
|||
Some(handle) => handle.spawn(
|
||||
start_websocket(
|
||||
http_state,
|
||||
req_builder.url.clone(),
|
||||
req_url.clone(),
|
||||
resource_event_sender,
|
||||
protocols,
|
||||
client,
|
||||
|
|
|
|||
|
|
@ -18,6 +18,7 @@ use js::jsval::UndefinedValue;
|
|||
use js::rust::{CustomAutoRooter, CustomAutoRooterGuard, HandleValue};
|
||||
use net_traits::IpcSend;
|
||||
use net_traits::image_cache::ImageCache;
|
||||
use net_traits::policy_container::PolicyContainer;
|
||||
use net_traits::request::{
|
||||
CredentialsMode, Destination, InsecureRequestsPolicy, ParserMetadata, Referrer, RequestBuilder,
|
||||
RequestMode,
|
||||
|
|
@ -347,6 +348,7 @@ impl DedicatedWorkerGlobalScope {
|
|||
control_receiver: Receiver<DedicatedWorkerControlMsg>,
|
||||
context_sender: Sender<ThreadSafeJSContext>,
|
||||
insecure_requests_policy: InsecureRequestsPolicy,
|
||||
policy_container: PolicyContainer,
|
||||
) -> JoinHandle<()> {
|
||||
let serialized_worker_url = worker_url.to_string();
|
||||
let webview_id = WebViewId::installed();
|
||||
|
|
@ -388,6 +390,7 @@ impl DedicatedWorkerGlobalScope {
|
|||
.referrer_policy(referrer_policy)
|
||||
.insecure_requests_policy(insecure_requests_policy)
|
||||
.has_trustworthy_ancestor_origin(current_global_ancestor_trustworthy)
|
||||
.policy_container(policy_container)
|
||||
.origin(origin);
|
||||
|
||||
let runtime = unsafe {
|
||||
|
|
|
|||
|
|
@ -8,6 +8,7 @@ use std::str::{Chars, FromStr};
|
|||
use std::sync::{Arc, Mutex};
|
||||
use std::time::Duration;
|
||||
|
||||
use content_security_policy as csp;
|
||||
use dom_struct::dom_struct;
|
||||
use headers::ContentType;
|
||||
use http::header::{self, HeaderName, HeaderValue};
|
||||
|
|
@ -431,6 +432,11 @@ impl FetchResponseListener for EventSourceContext {
|
|||
fn submit_resource_timing(&mut self) {
|
||||
network_listener::submit_timing(self, CanGc::note())
|
||||
}
|
||||
|
||||
fn process_csp_violations(&mut self, _request_id: RequestId, violations: Vec<csp::Violation>) {
|
||||
let global = &self.resource_timing_global();
|
||||
global.report_csp_violations(violations);
|
||||
}
|
||||
}
|
||||
|
||||
impl ResourceTimingListener for EventSourceContext {
|
||||
|
|
@ -562,6 +568,7 @@ impl EventSourceMethods<crate::DomTypeHolder> for EventSource {
|
|||
global.get_referrer(),
|
||||
global.insecure_requests_policy(),
|
||||
global.has_trustworthy_ancestor_or_current_origin(),
|
||||
global.policy_container(),
|
||||
)
|
||||
.origin(global.origin().immutable().clone())
|
||||
.pipeline_id(Some(global.pipeline_id()));
|
||||
|
|
|
|||
|
|
@ -21,7 +21,9 @@ use constellation_traits::{
|
|||
BlobData, BlobImpl, BroadcastMsg, FileBlob, MessagePortImpl, MessagePortMsg, PortMessageTask,
|
||||
ScriptToConstellationChan, ScriptToConstellationMessage,
|
||||
};
|
||||
use content_security_policy::{CheckResult, CspList, PolicyDisposition};
|
||||
use content_security_policy::{
|
||||
CheckResult, CspList, PolicyDisposition, Violation, ViolationResource,
|
||||
};
|
||||
use crossbeam_channel::Sender;
|
||||
use devtools_traits::{PageError, ScriptToDevtoolsControlMsg};
|
||||
use dom_struct::dom_struct;
|
||||
|
|
@ -3310,6 +3312,24 @@ impl GlobalScope {
|
|||
}
|
||||
unreachable!();
|
||||
}
|
||||
|
||||
pub(crate) fn report_csp_violations(&self, violations: Vec<Violation>) {
|
||||
for violation in violations {
|
||||
let sample = match violation.resource {
|
||||
ViolationResource::Inline { .. } | ViolationResource::Url(_) => None,
|
||||
ViolationResource::TrustedTypePolicy { sample } => Some(sample),
|
||||
};
|
||||
let report = CSPViolationReportBuilder::default()
|
||||
.resource("eval".to_owned())
|
||||
.sample(sample)
|
||||
.effective_directive(violation.directive.name)
|
||||
.build(self);
|
||||
let task = CSPViolationReportTask::new(self, report);
|
||||
self.task_manager()
|
||||
.dom_manipulation_task_source()
|
||||
.queue(task);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/// Returns the Rust global scope from a JS global object.
|
||||
|
|
|
|||
|
|
@ -10,6 +10,7 @@ use std::sync::Arc;
|
|||
use std::{char, mem};
|
||||
|
||||
use app_units::{AU_PER_PX, Au};
|
||||
use content_security_policy as csp;
|
||||
use cssparser::{Parser, ParserInput};
|
||||
use dom_struct::dom_struct;
|
||||
use euclid::Point2D;
|
||||
|
|
@ -294,6 +295,11 @@ impl FetchResponseListener for ImageContext {
|
|||
fn submit_resource_timing(&mut self) {
|
||||
network_listener::submit_timing(self, CanGc::note())
|
||||
}
|
||||
|
||||
fn process_csp_violations(&mut self, _request_id: RequestId, violations: Vec<csp::Violation>) {
|
||||
let global = &self.resource_timing_global();
|
||||
global.report_csp_violations(violations);
|
||||
}
|
||||
}
|
||||
|
||||
impl ResourceTimingListener for ImageContext {
|
||||
|
|
@ -416,15 +422,17 @@ impl HTMLImageElement {
|
|||
|
||||
// https://html.spec.whatwg.org/multipage/#update-the-image-data steps 17-20
|
||||
// This function is also used to prefetch an image in `script::dom::servoparser::prefetch`.
|
||||
let global = document.global();
|
||||
let mut request = create_a_potential_cors_request(
|
||||
Some(window.webview_id()),
|
||||
img_url.clone(),
|
||||
Destination::Image,
|
||||
cors_setting_for_element(self.upcast()),
|
||||
None,
|
||||
document.global().get_referrer(),
|
||||
global.get_referrer(),
|
||||
document.insecure_requests_policy(),
|
||||
document.has_trustworthy_ancestor_or_current_origin(),
|
||||
global.policy_container(),
|
||||
)
|
||||
.origin(document.origin().immutable().clone())
|
||||
.pipeline_id(Some(document.global().pipeline_id()))
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ use std::cell::Cell;
|
|||
use std::default::Default;
|
||||
|
||||
use base::id::WebViewId;
|
||||
use content_security_policy as csp;
|
||||
use cssparser::{Parser as CssParser, ParserInput};
|
||||
use dom_struct::dom_struct;
|
||||
use embedder_traits::EmbedderMsg;
|
||||
|
|
@ -706,9 +707,9 @@ impl LinkProcessingOptions {
|
|||
Referrer::NoReferrer,
|
||||
self.insecure_requests_policy,
|
||||
self.has_trustworthy_ancestor_origin,
|
||||
self.policy_container,
|
||||
)
|
||||
.integrity_metadata(self.integrity)
|
||||
.policy_container(self.policy_container)
|
||||
.cryptographic_nonce_metadata(self.cryptographic_nonce_metadata)
|
||||
.referrer_policy(self.referrer_policy);
|
||||
|
||||
|
|
@ -788,6 +789,11 @@ impl FetchResponseListener for PrefetchContext {
|
|||
fn submit_resource_timing(&mut self) {
|
||||
submit_timing(self, CanGc::note())
|
||||
}
|
||||
|
||||
fn process_csp_violations(&mut self, _request_id: RequestId, violations: Vec<csp::Violation>) {
|
||||
let global = &self.resource_timing_global();
|
||||
global.report_csp_violations(violations);
|
||||
}
|
||||
}
|
||||
|
||||
impl ResourceTimingListener for PrefetchContext {
|
||||
|
|
|
|||
|
|
@ -10,6 +10,7 @@ use std::time::{Duration, Instant};
|
|||
use std::{f64, mem};
|
||||
|
||||
use compositing_traits::{CrossProcessCompositorApi, ImageUpdate, SerializableImageData};
|
||||
use content_security_policy as csp;
|
||||
use dom_struct::dom_struct;
|
||||
use embedder_traits::resources::{self, Resource as EmbedderResource};
|
||||
use embedder_traits::{MediaPositionState, MediaSessionEvent, MediaSessionPlaybackState};
|
||||
|
|
@ -892,15 +893,17 @@ impl HTMLMediaElement {
|
|||
};
|
||||
|
||||
let cors_setting = cors_setting_for_element(self.upcast());
|
||||
let global = self.global();
|
||||
let request = create_a_potential_cors_request(
|
||||
Some(document.webview_id()),
|
||||
url.clone(),
|
||||
destination,
|
||||
cors_setting,
|
||||
None,
|
||||
self.global().get_referrer(),
|
||||
global.get_referrer(),
|
||||
document.insecure_requests_policy(),
|
||||
document.has_trustworthy_ancestor_or_current_origin(),
|
||||
global.policy_container(),
|
||||
)
|
||||
.headers(headers)
|
||||
.origin(document.origin().immutable().clone())
|
||||
|
|
@ -2903,6 +2906,11 @@ impl FetchResponseListener for HTMLMediaElementFetchListener {
|
|||
fn submit_resource_timing(&mut self) {
|
||||
network_listener::submit_timing(self, CanGc::note())
|
||||
}
|
||||
|
||||
fn process_csp_violations(&mut self, _request_id: RequestId, violations: Vec<csp::Violation>) {
|
||||
let global = &self.resource_timing_global();
|
||||
global.report_csp_violations(violations);
|
||||
}
|
||||
}
|
||||
|
||||
impl ResourceTimingListener for HTMLMediaElementFetchListener {
|
||||
|
|
|
|||
|
|
@ -21,6 +21,7 @@ use ipc_channel::ipc;
|
|||
use js::jsval::UndefinedValue;
|
||||
use js::rust::{CompileOptionsWrapper, HandleObject, Stencil, transform_str_to_source_text};
|
||||
use net_traits::http_status::HttpStatus;
|
||||
use net_traits::policy_container::PolicyContainer;
|
||||
use net_traits::request::{
|
||||
CorsSettings, CredentialsMode, Destination, InsecureRequestsPolicy, ParserMetadata,
|
||||
RequestBuilder, RequestId,
|
||||
|
|
@ -536,6 +537,11 @@ impl FetchResponseListener for ClassicContext {
|
|||
fn submit_resource_timing(&mut self) {
|
||||
network_listener::submit_timing(self, CanGc::note())
|
||||
}
|
||||
|
||||
fn process_csp_violations(&mut self, _request_id: RequestId, violations: Vec<csp::Violation>) {
|
||||
let global = &self.resource_timing_global();
|
||||
global.report_csp_violations(violations);
|
||||
}
|
||||
}
|
||||
|
||||
impl ResourceTimingListener for ClassicContext {
|
||||
|
|
@ -569,6 +575,7 @@ pub(crate) fn script_fetch_request(
|
|||
options: ScriptFetchOptions,
|
||||
insecure_requests_policy: InsecureRequestsPolicy,
|
||||
has_trustworthy_ancestor_origin: bool,
|
||||
policy_container: PolicyContainer,
|
||||
) -> RequestBuilder {
|
||||
// We intentionally ignore options' credentials_mode member for classic scripts.
|
||||
// The mode is initialized by create_a_potential_cors_request.
|
||||
|
|
@ -581,6 +588,7 @@ pub(crate) fn script_fetch_request(
|
|||
options.referrer,
|
||||
insecure_requests_policy,
|
||||
has_trustworthy_ancestor_origin,
|
||||
policy_container,
|
||||
)
|
||||
.origin(origin)
|
||||
.pipeline_id(Some(pipeline_id))
|
||||
|
|
@ -601,15 +609,17 @@ fn fetch_a_classic_script(
|
|||
) {
|
||||
// Step 1, 2.
|
||||
let doc = script.owner_document();
|
||||
let global = script.global();
|
||||
let request = script_fetch_request(
|
||||
doc.webview_id(),
|
||||
url.clone(),
|
||||
cors_setting,
|
||||
doc.origin().immutable().clone(),
|
||||
script.global().pipeline_id(),
|
||||
global.pipeline_id(),
|
||||
options.clone(),
|
||||
doc.insecure_requests_policy(),
|
||||
doc.has_trustworthy_ancestor_origin(),
|
||||
global.policy_container(),
|
||||
);
|
||||
let request = doc.prepare_request(request);
|
||||
|
||||
|
|
|
|||
|
|
@ -5,6 +5,7 @@
|
|||
use std::cell::Cell;
|
||||
use std::sync::Arc;
|
||||
|
||||
use content_security_policy as csp;
|
||||
use dom_struct::dom_struct;
|
||||
use euclid::default::Size2D;
|
||||
use html5ever::{LocalName, Prefix, local_name, namespace_url, ns};
|
||||
|
|
@ -416,6 +417,11 @@ impl FetchResponseListener for PosterFrameFetchContext {
|
|||
fn submit_resource_timing(&mut self) {
|
||||
network_listener::submit_timing(self, CanGc::note())
|
||||
}
|
||||
|
||||
fn process_csp_violations(&mut self, _request_id: RequestId, violations: Vec<csp::Violation>) {
|
||||
let global = &self.resource_timing_global();
|
||||
global.report_csp_violations(violations);
|
||||
}
|
||||
}
|
||||
|
||||
impl ResourceTimingListener for PosterFrameFetchContext {
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ use std::rc::Rc;
|
|||
use std::sync::{Arc, Mutex};
|
||||
use std::time::{SystemTime, UNIX_EPOCH};
|
||||
|
||||
use content_security_policy as csp;
|
||||
use content_security_policy::Destination;
|
||||
use dom_struct::dom_struct;
|
||||
use embedder_traits::{
|
||||
|
|
@ -791,6 +792,11 @@ impl FetchResponseListener for ResourceFetchListener {
|
|||
fn submit_resource_timing(&mut self) {
|
||||
network_listener::submit_timing(self, CanGc::note())
|
||||
}
|
||||
|
||||
fn process_csp_violations(&mut self, _request_id: RequestId, violations: Vec<csp::Violation>) {
|
||||
let global = &self.resource_timing_global();
|
||||
global.report_csp_violations(violations);
|
||||
}
|
||||
}
|
||||
|
||||
impl ResourceTimingListener for ResourceFetchListener {
|
||||
|
|
@ -821,6 +827,7 @@ impl Notification {
|
|||
global.get_referrer(),
|
||||
global.insecure_requests_policy(),
|
||||
global.has_trustworthy_ancestor_or_current_origin(),
|
||||
global.policy_container(),
|
||||
)
|
||||
.origin(global.origin().immutable().clone())
|
||||
.pipeline_id(Some(global.pipeline_id()))
|
||||
|
|
|
|||
|
|
@ -1068,6 +1068,16 @@ impl FetchResponseListener for ParserContext {
|
|||
CanGc::note(),
|
||||
);
|
||||
}
|
||||
|
||||
fn process_csp_violations(&mut self, _request_id: RequestId, violations: Vec<csp::Violation>) {
|
||||
let parser = match self.parser.as_ref() {
|
||||
Some(parser) => parser.root(),
|
||||
None => return,
|
||||
};
|
||||
let document = &parser.document;
|
||||
let global = &document.global();
|
||||
global.report_csp_violations(violations);
|
||||
}
|
||||
}
|
||||
|
||||
impl PreInvoke for ParserContext {}
|
||||
|
|
|
|||
|
|
@ -15,6 +15,7 @@ use html5ever::tokenizer::{
|
|||
use html5ever::{Attribute, LocalName, local_name};
|
||||
use js::jsapi::JSTracer;
|
||||
use markup5ever::TokenizerResult;
|
||||
use net_traits::policy_container::PolicyContainer;
|
||||
use net_traits::request::{
|
||||
CorsSettings, CredentialsMode, InsecureRequestsPolicy, ParserMetadata, Referrer,
|
||||
};
|
||||
|
|
@ -60,13 +61,14 @@ unsafe impl CustomTraceable for PrefetchSink {
|
|||
|
||||
impl Tokenizer {
|
||||
pub(crate) fn new(document: &Document) -> Self {
|
||||
let global = document.global();
|
||||
let sink = PrefetchSink {
|
||||
origin: document.origin().immutable().clone(),
|
||||
pipeline_id: document.global().pipeline_id(),
|
||||
pipeline_id: global.pipeline_id(),
|
||||
webview_id: document.webview_id(),
|
||||
base_url: RefCell::new(None),
|
||||
document_url: document.url(),
|
||||
referrer: document.global().get_referrer(),
|
||||
referrer: global.get_referrer(),
|
||||
referrer_policy: document.get_referrer_policy(),
|
||||
resource_threads: document.loader().resource_threads().clone(),
|
||||
// Initially we set prefetching to false, and only set it
|
||||
|
|
@ -75,6 +77,7 @@ impl Tokenizer {
|
|||
prefetching: Cell::new(false),
|
||||
insecure_requests_policy: document.insecure_requests_policy(),
|
||||
has_trustworthy_ancestor_origin: document.has_trustworthy_ancestor_or_current_origin(),
|
||||
policy_container: global.policy_container(),
|
||||
};
|
||||
let options = Default::default();
|
||||
let inner = TraceableTokenizer(HtmlTokenizer::new(sink, options));
|
||||
|
|
@ -108,6 +111,8 @@ struct PrefetchSink {
|
|||
#[no_trace]
|
||||
insecure_requests_policy: InsecureRequestsPolicy,
|
||||
has_trustworthy_ancestor_origin: bool,
|
||||
#[no_trace]
|
||||
policy_container: PolicyContainer,
|
||||
}
|
||||
|
||||
/// The prefetch tokenizer produces trivial results
|
||||
|
|
@ -150,6 +155,7 @@ impl TokenSink for PrefetchSink {
|
|||
},
|
||||
self.insecure_requests_policy,
|
||||
self.has_trustworthy_ancestor_origin,
|
||||
self.policy_container.clone(),
|
||||
);
|
||||
let _ = self
|
||||
.resource_threads
|
||||
|
|
@ -169,6 +175,7 @@ impl TokenSink for PrefetchSink {
|
|||
self.referrer.clone(),
|
||||
self.insecure_requests_policy,
|
||||
self.has_trustworthy_ancestor_origin,
|
||||
self.policy_container.clone(),
|
||||
)
|
||||
.origin(self.origin.clone())
|
||||
.pipeline_id(Some(self.pipeline_id))
|
||||
|
|
@ -204,6 +211,7 @@ impl TokenSink for PrefetchSink {
|
|||
self.referrer.clone(),
|
||||
self.insecure_requests_policy,
|
||||
self.has_trustworthy_ancestor_origin,
|
||||
self.policy_container.clone(),
|
||||
)
|
||||
.origin(self.origin.clone())
|
||||
.pipeline_id(Some(self.pipeline_id))
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ use std::cell::Cell;
|
|||
use std::ptr;
|
||||
|
||||
use constellation_traits::BlobImpl;
|
||||
use content_security_policy::Violation;
|
||||
use dom_struct::dom_struct;
|
||||
use ipc_channel::ipc::{self, IpcReceiver, IpcSender};
|
||||
use ipc_channel::router::ROUTER;
|
||||
|
|
@ -266,6 +267,7 @@ impl WebSocketMethods<crate::DomTypeHolder> for WebSocket {
|
|||
.service_workers_mode(ServiceWorkersMode::None)
|
||||
.credentials_mode(CredentialsMode::Include)
|
||||
.cache_mode(CacheMode::NoCache)
|
||||
.policy_container(global.policy_container())
|
||||
.redirect_mode(RedirectMode::Error);
|
||||
|
||||
let channels = FetchChannels::WebSocket {
|
||||
|
|
@ -280,6 +282,13 @@ impl WebSocketMethods<crate::DomTypeHolder> for WebSocket {
|
|||
ROUTER.add_typed_route(
|
||||
dom_event_receiver.to_ipc_receiver(),
|
||||
Box::new(move |message| match message.unwrap() {
|
||||
WebSocketNetworkEvent::ReportCSPViolations(violations) => {
|
||||
let task = ReportCSPViolationTask {
|
||||
websocket: address.clone(),
|
||||
violations,
|
||||
};
|
||||
task_source.queue(task);
|
||||
},
|
||||
WebSocketNetworkEvent::ConnectionEstablished { protocol_in_use } => {
|
||||
let open_thread = ConnectionEstablishedTask {
|
||||
address: address.clone(),
|
||||
|
|
@ -454,6 +463,18 @@ impl WebSocketMethods<crate::DomTypeHolder> for WebSocket {
|
|||
}
|
||||
}
|
||||
|
||||
struct ReportCSPViolationTask {
|
||||
websocket: Trusted<WebSocket>,
|
||||
violations: Vec<Violation>,
|
||||
}
|
||||
|
||||
impl TaskOnce for ReportCSPViolationTask {
|
||||
fn run_once(self) {
|
||||
let global = self.websocket.root().global();
|
||||
global.report_csp_violations(self.violations);
|
||||
}
|
||||
}
|
||||
|
||||
/// Task queued when *the WebSocket connection is established*.
|
||||
/// <https://html.spec.whatwg.org/multipage/#feedback-from-the-protocol:concept-websocket-established>
|
||||
struct ConnectionEstablishedTask {
|
||||
|
|
|
|||
|
|
@ -243,6 +243,7 @@ impl WorkerMethods<crate::DomTypeHolder> for Worker {
|
|||
control_receiver,
|
||||
context_sender,
|
||||
global.insecure_requests_policy(),
|
||||
global.policy_container(),
|
||||
);
|
||||
|
||||
let context = context_receiver
|
||||
|
|
|
|||
|
|
@ -11,6 +11,7 @@ use std::sync::{Arc, Mutex};
|
|||
use std::time::{Duration, Instant};
|
||||
|
||||
use constellation_traits::BlobImpl;
|
||||
use content_security_policy as csp;
|
||||
use dom_struct::dom_struct;
|
||||
use encoding_rs::{Encoding, UTF_8};
|
||||
use headers::{ContentLength, ContentType, HeaderMapExt};
|
||||
|
|
@ -143,6 +144,11 @@ impl FetchResponseListener for XHRContext {
|
|||
fn submit_resource_timing(&mut self) {
|
||||
network_listener::submit_timing(self, CanGc::note())
|
||||
}
|
||||
|
||||
fn process_csp_violations(&mut self, _request_id: RequestId, violations: Vec<csp::Violation>) {
|
||||
let global = &self.resource_timing_global();
|
||||
global.report_csp_violations(violations);
|
||||
}
|
||||
}
|
||||
|
||||
impl ResourceTimingListener for XHRContext {
|
||||
|
|
@ -671,8 +677,9 @@ impl XMLHttpRequestMethods<crate::DomTypeHolder> for XMLHttpRequest {
|
|||
None => None,
|
||||
};
|
||||
|
||||
let global = self.global();
|
||||
let mut request = RequestBuilder::new(
|
||||
self.global().webview_id(),
|
||||
global.webview_id(),
|
||||
self.request_url.borrow().clone().unwrap(),
|
||||
self.referrer.clone(),
|
||||
)
|
||||
|
|
@ -686,11 +693,12 @@ impl XMLHttpRequestMethods<crate::DomTypeHolder> for XMLHttpRequest {
|
|||
.use_cors_preflight(self.upload_listener.get())
|
||||
.credentials_mode(credentials_mode)
|
||||
.use_url_credentials(use_url_credentials)
|
||||
.origin(self.global().origin().immutable().clone())
|
||||
.origin(global.origin().immutable().clone())
|
||||
.referrer_policy(self.referrer_policy)
|
||||
.insecure_requests_policy(self.global().insecure_requests_policy())
|
||||
.has_trustworthy_ancestor_origin(self.global().has_trustworthy_ancestor_or_current_origin())
|
||||
.pipeline_id(Some(self.global().pipeline_id()));
|
||||
.insecure_requests_policy(global.insecure_requests_policy())
|
||||
.has_trustworthy_ancestor_origin(global.has_trustworthy_ancestor_or_current_origin())
|
||||
.policy_container(global.policy_container())
|
||||
.pipeline_id(Some(global.pipeline_id()));
|
||||
|
||||
// step 4 (second half)
|
||||
if let Some(content_type) = content_type {
|
||||
|
|
|
|||
|
|
@ -6,8 +6,9 @@ use std::rc::Rc;
|
|||
use std::sync::{Arc, Mutex};
|
||||
|
||||
use base::id::WebViewId;
|
||||
use content_security_policy as csp;
|
||||
use ipc_channel::ipc;
|
||||
use net_traits::policy_container::RequestPolicyContainer;
|
||||
use net_traits::policy_container::{PolicyContainer, RequestPolicyContainer};
|
||||
use net_traits::request::{
|
||||
CorsSettings, CredentialsMode, Destination, InsecureRequestsPolicy, Referrer,
|
||||
Request as NetTraitsRequest, RequestBuilder, RequestId, RequestMode, ServiceWorkersMode,
|
||||
|
|
@ -309,6 +310,11 @@ impl FetchResponseListener for FetchContext {
|
|||
network_listener::submit_timing(self, CanGc::note())
|
||||
}
|
||||
}
|
||||
|
||||
fn process_csp_violations(&mut self, _request_id: RequestId, violations: Vec<csp::Violation>) {
|
||||
let global = &self.resource_timing_global();
|
||||
global.report_csp_violations(violations);
|
||||
}
|
||||
}
|
||||
|
||||
impl ResourceTimingListener for FetchContext {
|
||||
|
|
@ -352,8 +358,9 @@ pub(crate) fn load_whole_resource(
|
|||
let mut metadata = None;
|
||||
loop {
|
||||
match action_receiver.recv().unwrap() {
|
||||
FetchResponseMsg::ProcessRequestBody(..) | FetchResponseMsg::ProcessRequestEOF(..) => {
|
||||
},
|
||||
FetchResponseMsg::ProcessRequestBody(..) |
|
||||
FetchResponseMsg::ProcessRequestEOF(..) |
|
||||
FetchResponseMsg::ProcessCspViolations(..) => {},
|
||||
FetchResponseMsg::ProcessResponse(_, Ok(m)) => {
|
||||
metadata = Some(match m {
|
||||
FetchMetadata::Unfiltered(m) => m,
|
||||
|
|
@ -385,6 +392,7 @@ pub(crate) fn create_a_potential_cors_request(
|
|||
referrer: Referrer,
|
||||
insecure_requests_policy: InsecureRequestsPolicy,
|
||||
has_trustworthy_ancestor_origin: bool,
|
||||
policy_container: PolicyContainer,
|
||||
) -> RequestBuilder {
|
||||
RequestBuilder::new(webview_id, url, referrer)
|
||||
// https://html.spec.whatwg.org/multipage/#create-a-potential-cors-request
|
||||
|
|
@ -405,4 +413,5 @@ pub(crate) fn create_a_potential_cors_request(
|
|||
.use_url_credentials(true)
|
||||
.insecure_requests_policy(insecure_requests_policy)
|
||||
.has_trustworthy_ancestor_origin(has_trustworthy_ancestor_origin)
|
||||
.policy_container(policy_container)
|
||||
}
|
||||
|
|
|
|||
|
|
@ -8,6 +8,7 @@
|
|||
|
||||
use std::sync::Arc;
|
||||
|
||||
use content_security_policy as csp;
|
||||
use net_traits::image_cache::{ImageCache, PendingImageId};
|
||||
use net_traits::request::{Destination, RequestBuilder as FetchRequestInit, RequestId};
|
||||
use net_traits::{
|
||||
|
|
@ -77,6 +78,11 @@ impl FetchResponseListener for LayoutImageContext {
|
|||
fn submit_resource_timing(&mut self) {
|
||||
network_listener::submit_timing(self, CanGc::note())
|
||||
}
|
||||
|
||||
fn process_csp_violations(&mut self, _request_id: RequestId, violations: Vec<csp::Violation>) {
|
||||
let global = &self.resource_timing_global();
|
||||
global.report_csp_violations(violations);
|
||||
}
|
||||
}
|
||||
|
||||
impl ResourceTimingListener for LayoutImageContext {
|
||||
|
|
|
|||
|
|
@ -11,6 +11,7 @@ use std::str::FromStr;
|
|||
use std::sync::{Arc, Mutex};
|
||||
use std::{mem, ptr};
|
||||
|
||||
use content_security_policy as csp;
|
||||
use encoding_rs::UTF_8;
|
||||
use headers::{HeaderMapExt, ReferrerPolicy as ReferrerPolicyHeader};
|
||||
use html5ever::local_name;
|
||||
|
|
@ -1273,6 +1274,11 @@ impl FetchResponseListener for ModuleContext {
|
|||
fn submit_resource_timing(&mut self) {
|
||||
network_listener::submit_timing(self, CanGc::note())
|
||||
}
|
||||
|
||||
fn process_csp_violations(&mut self, _request_id: RequestId, violations: Vec<csp::Violation>) {
|
||||
let global = &self.resource_timing_global();
|
||||
global.report_csp_violations(violations);
|
||||
}
|
||||
}
|
||||
|
||||
impl ResourceTimingListener for ModuleContext {
|
||||
|
|
|
|||
|
|
@ -41,6 +41,7 @@ use constellation_traits::{
|
|||
JsEvalResult, LoadData, LoadOrigin, NavigationHistoryBehavior, ScriptToConstellationChan,
|
||||
ScriptToConstellationMessage, ScrollState, StructuredSerializedData, WindowSizeType,
|
||||
};
|
||||
use content_security_policy::{self as csp};
|
||||
use crossbeam_channel::unbounded;
|
||||
use devtools_traits::{
|
||||
CSSError, DevtoolScriptControlMsg, DevtoolsPageInfo, NavigationState,
|
||||
|
|
@ -3420,8 +3421,11 @@ impl ScriptThread {
|
|||
FetchResponseMsg::ProcessResponseEOF(request_id, eof) => {
|
||||
self.handle_fetch_eof(pipeline_id, request_id, eof)
|
||||
},
|
||||
FetchResponseMsg::ProcessRequestBody(..) => {},
|
||||
FetchResponseMsg::ProcessRequestEOF(..) => {},
|
||||
FetchResponseMsg::ProcessCspViolations(request_id, violations) => {
|
||||
self.handle_csp_violations(pipeline_id, request_id, violations)
|
||||
},
|
||||
FetchResponseMsg::ProcessRequestBody(..) | FetchResponseMsg::ProcessRequestEOF(..) => {
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -3477,6 +3481,12 @@ impl ScriptThread {
|
|||
}
|
||||
}
|
||||
|
||||
fn handle_csp_violations(&self, id: PipelineId, _: RequestId, violations: Vec<csp::Violation>) {
|
||||
if let Some(global) = self.documents.borrow().find_global(id) {
|
||||
global.report_csp_violations(violations);
|
||||
}
|
||||
}
|
||||
|
||||
fn handle_navigation_redirect(&self, id: PipelineId, metadata: &Metadata) {
|
||||
// TODO(mrobinson): This tries to accomplish some steps from
|
||||
// <https://html.spec.whatwg.org/multipage/#process-a-navigate-fetch>, but it's
|
||||
|
|
|
|||
|
|
@ -5,6 +5,7 @@
|
|||
use std::io::{Read, Seek, Write};
|
||||
use std::sync::atomic::AtomicBool;
|
||||
|
||||
use content_security_policy as csp;
|
||||
use cssparser::SourceLocation;
|
||||
use encoding_rs::UTF_8;
|
||||
use mime::{self, Mime};
|
||||
|
|
@ -282,6 +283,11 @@ impl FetchResponseListener for StylesheetContext {
|
|||
fn submit_resource_timing(&mut self) {
|
||||
network_listener::submit_timing(self, CanGc::note())
|
||||
}
|
||||
|
||||
fn process_csp_violations(&mut self, _request_id: RequestId, violations: Vec<csp::Violation>) {
|
||||
let global = &self.resource_timing_global();
|
||||
global.report_csp_violations(violations);
|
||||
}
|
||||
}
|
||||
|
||||
impl ResourceTimingListener for StylesheetContext {
|
||||
|
|
@ -353,15 +359,17 @@ impl StylesheetLoader<'_> {
|
|||
}
|
||||
|
||||
// https://html.spec.whatwg.org/multipage/#default-fetch-and-process-the-linked-resource
|
||||
let global = self.elem.global();
|
||||
let request = create_a_potential_cors_request(
|
||||
Some(document.webview_id()),
|
||||
url.clone(),
|
||||
Destination::Style,
|
||||
cors_setting,
|
||||
None,
|
||||
self.elem.global().get_referrer(),
|
||||
global.get_referrer(),
|
||||
document.insecure_requests_policy(),
|
||||
document.has_trustworthy_ancestor_or_current_origin(),
|
||||
global.policy_container(),
|
||||
)
|
||||
.origin(document.origin().immutable().clone())
|
||||
.pipeline_id(Some(self.elem.global().pipeline_id()))
|
||||
|
|
|
|||
|
|
@ -11,6 +11,7 @@ use std::thread;
|
|||
|
||||
use base::cross_process_instant::CrossProcessInstant;
|
||||
use base::id::HistoryStateId;
|
||||
use content_security_policy::{self as csp};
|
||||
use cookie::Cookie;
|
||||
use crossbeam_channel::{Receiver, Sender, unbounded};
|
||||
use headers::{ContentType, HeaderMapExt, ReferrerPolicy as ReferrerPolicyHeader};
|
||||
|
|
@ -198,6 +199,7 @@ pub enum FetchResponseMsg {
|
|||
ProcessResponse(RequestId, Result<FetchMetadata, NetworkError>),
|
||||
ProcessResponseChunk(RequestId, Vec<u8>),
|
||||
ProcessResponseEOF(RequestId, Result<ResourceFetchTiming, NetworkError>),
|
||||
ProcessCspViolations(RequestId, Vec<csp::Violation>),
|
||||
}
|
||||
|
||||
impl FetchResponseMsg {
|
||||
|
|
@ -207,7 +209,8 @@ impl FetchResponseMsg {
|
|||
FetchResponseMsg::ProcessRequestEOF(id) |
|
||||
FetchResponseMsg::ProcessResponse(id, ..) |
|
||||
FetchResponseMsg::ProcessResponseChunk(id, ..) |
|
||||
FetchResponseMsg::ProcessResponseEOF(id, ..) => *id,
|
||||
FetchResponseMsg::ProcessResponseEOF(id, ..) |
|
||||
FetchResponseMsg::ProcessCspViolations(id, ..) => *id,
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -235,6 +238,8 @@ pub trait FetchTaskTarget {
|
|||
///
|
||||
/// Fired when the response is fully fetched
|
||||
fn process_response_eof(&mut self, request: &Request, response: &Response);
|
||||
|
||||
fn process_csp_violations(&mut self, request: &Request, violations: Vec<csp::Violation>);
|
||||
}
|
||||
|
||||
#[derive(Clone, Debug, Deserialize, Serialize)]
|
||||
|
|
@ -282,6 +287,7 @@ pub trait FetchResponseListener {
|
|||
fn resource_timing(&self) -> &ResourceFetchTiming;
|
||||
fn resource_timing_mut(&mut self) -> &mut ResourceFetchTiming;
|
||||
fn submit_resource_timing(&mut self);
|
||||
fn process_csp_violations(&mut self, request_id: RequestId, violations: Vec<csp::Violation>);
|
||||
}
|
||||
|
||||
impl FetchTaskTarget for IpcSender<FetchResponseMsg> {
|
||||
|
|
@ -313,6 +319,12 @@ impl FetchTaskTarget for IpcSender<FetchResponseMsg> {
|
|||
|
||||
let _ = self.send(FetchResponseMsg::ProcessResponseEOF(request.id, payload));
|
||||
}
|
||||
|
||||
fn process_csp_violations(&mut self, request: &Request, violations: Vec<csp::Violation>) {
|
||||
let _ = self.send(FetchResponseMsg::ProcessCspViolations(
|
||||
request.id, violations,
|
||||
));
|
||||
}
|
||||
}
|
||||
|
||||
/// A fetch task that discards all data it's sent,
|
||||
|
|
@ -326,6 +338,7 @@ impl FetchTaskTarget for DiscardFetch {
|
|||
fn process_response(&mut self, _: &Request, _: &Response) {}
|
||||
fn process_response_chunk(&mut self, _: &Request, _: Vec<u8>) {}
|
||||
fn process_response_eof(&mut self, _: &Request, _: &Response) {}
|
||||
fn process_csp_violations(&mut self, _: &Request, _: Vec<csp::Violation>) {}
|
||||
}
|
||||
|
||||
pub trait Action<Listener> {
|
||||
|
|
@ -366,6 +379,9 @@ impl<T: FetchResponseListener> Action<T> for FetchResponseMsg {
|
|||
Err(e) => listener.process_response_eof(request_id, Err(e)),
|
||||
}
|
||||
},
|
||||
FetchResponseMsg::ProcessCspViolations(request_id, violations) => {
|
||||
listener.process_csp_violations(request_id, violations)
|
||||
},
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -455,6 +471,7 @@ pub enum WebSocketDomAction {
|
|||
|
||||
#[derive(Debug, Deserialize, Serialize)]
|
||||
pub enum WebSocketNetworkEvent {
|
||||
ReportCSPViolations(Vec<csp::Violation>),
|
||||
ConnectionEstablished { protocol_in_use: Option<String> },
|
||||
MessageReceived(MessageData),
|
||||
Close(Option<u16>, String),
|
||||
|
|
|
|||
|
|
@ -14,3 +14,6 @@
|
|||
|
||||
[Opening a blob URL in a new window by clicking an <a> tag works immediately before revoking the URL.]
|
||||
expected: TIMEOUT
|
||||
|
||||
[Fetching a blob URL immediately before revoking it works in <script> tags.]
|
||||
expected: TIMEOUT
|
||||
|
|
|
|||
|
|
@ -12,3 +12,6 @@
|
|||
|
||||
[Revoke blob URL after creating Request, then clone Request, will fetch]
|
||||
expected: FAIL
|
||||
|
||||
[Revoke blob URL after calling fetch, fetch should succeed]
|
||||
expected: FAIL
|
||||
|
|
|
|||
4
tests/wpt/meta/MANIFEST.json
vendored
4
tests/wpt/meta/MANIFEST.json
vendored
|
|
@ -564105,14 +564105,14 @@
|
|||
]
|
||||
],
|
||||
"connect-src-websocket-allowed.sub.html": [
|
||||
"4263d97fe2dfbb9e2a0f0851c07798d40a5671a9",
|
||||
"1d83bdd18e379f9780cbf7a64e05433ad92dde8b",
|
||||
[
|
||||
null,
|
||||
{}
|
||||
]
|
||||
],
|
||||
"connect-src-websocket-blocked.sub.html": [
|
||||
"02c52837bb8bd5cbc26f54f899fe25b5d68bd561",
|
||||
"2cc3f1b5a054dd89c675d7564be8f52ef6d1daa7",
|
||||
[
|
||||
null,
|
||||
{}
|
||||
|
|
|
|||
|
|
@ -1,10 +1,6 @@
|
|||
[report-uri-does-not-respect-base-uri.sub.html]
|
||||
expected: TIMEOUT
|
||||
[Test that image does not load]
|
||||
expected: NOTRUN
|
||||
|
||||
[Event is fired]
|
||||
expected: TIMEOUT
|
||||
expected: FAIL
|
||||
|
||||
[Violation report status OK.]
|
||||
expected: FAIL
|
||||
|
|
|
|||
|
|
@ -1,7 +1,4 @@
|
|||
[child-src-worker-blocked.sub.html]
|
||||
expected: ERROR
|
||||
expected: TIMEOUT
|
||||
[Should throw a securitypolicyviolation event]
|
||||
expected: TIMEOUT
|
||||
|
||||
[Should block worker because it does not match any directive including the deprecated 'child-src']
|
||||
expected: TIMEOUT
|
||||
|
|
|
|||
|
|
@ -1,3 +0,0 @@
|
|||
[connect-src-syncxmlhttprequest-blocked.sub.html]
|
||||
[Expecting logs: ["Pass","violated-directive=connect-src"\]]
|
||||
expected: FAIL
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
[connect-src-websocket-blocked.sub.html]
|
||||
[Expecting logs: ["blocked","violated-directive=connect-src"\]]
|
||||
expected: FAIL
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
[connect-src-xmlhttprequest-blocked.sub.html]
|
||||
[Expecting logs: ["Pass","violated-directive=connect-src"\]]
|
||||
expected: FAIL
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
[frame-ancestors-path-ignored.window.html]
|
||||
[A 'frame-ancestors' CSP directive with a URL that includes a path should be ignored.]
|
||||
expected: FAIL
|
||||
|
|
@ -1,12 +1,6 @@
|
|||
[worker-classic.http.html]
|
||||
[Content Security Policy: Expects blocked for worker-classic to same-http origin and keep-origin redirection from http context.]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-classic to same-http origin and keep-origin redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-classic to same-http origin and no-redirect redirection from http context.]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-classic to same-http origin and no-redirect redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
|
|
|||
|
|
@ -1,12 +1,6 @@
|
|||
[worker-classic.https.html]
|
||||
[Content Security Policy: Expects blocked for worker-classic to same-https origin and keep-origin redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-classic to same-https origin and keep-origin redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-classic to same-https origin and no-redirect redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-classic to same-https origin and no-redirect redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
|
|
|||
|
|
@ -1,12 +1,6 @@
|
|||
[worker-module.http.html]
|
||||
[Content Security Policy: Expects blocked for worker-module to same-http origin and keep-origin redirection from http context.]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-module to same-http origin and keep-origin redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-module to same-http origin and no-redirect redirection from http context.]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-module to same-http origin and no-redirect redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
|
|
|||
|
|
@ -1,12 +1,6 @@
|
|||
[worker-module.https.html]
|
||||
[Content Security Policy: Expects blocked for worker-module to same-https origin and keep-origin redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-module to same-https origin and keep-origin redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-module to same-https origin and no-redirect redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-module to same-https origin and no-redirect redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
|
|
|||
|
|
@ -1,12 +1,6 @@
|
|||
[worker-classic.http.html]
|
||||
[Content Security Policy: Expects blocked for worker-classic to same-http origin and keep-origin redirection from http context.]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-classic to same-http origin and keep-origin redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-classic to same-http origin and no-redirect redirection from http context.]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-classic to same-http origin and no-redirect redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
|
|
|||
|
|
@ -1,12 +1,6 @@
|
|||
[worker-classic.https.html]
|
||||
[Content Security Policy: Expects blocked for worker-classic to same-https origin and keep-origin redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-classic to same-https origin and keep-origin redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-classic to same-https origin and no-redirect redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-classic to same-https origin and no-redirect redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
|
|
|||
|
|
@ -1,12 +1,6 @@
|
|||
[worker-module.http.html]
|
||||
[Content Security Policy: Expects blocked for worker-module to same-http origin and keep-origin redirection from http context.]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-module to same-http origin and keep-origin redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-module to same-http origin and no-redirect redirection from http context.]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-module to same-http origin and no-redirect redirection from http context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
|
|
|||
|
|
@ -1,12 +1,6 @@
|
|||
[worker-module.https.html]
|
||||
[Content Security Policy: Expects blocked for worker-module to same-https origin and keep-origin redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-module to same-https origin and keep-origin redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-module to same-https origin and no-redirect redirection from https context.]
|
||||
expected: FAIL
|
||||
|
||||
[Content Security Policy: Expects blocked for worker-module to same-https origin and no-redirect redirection from https context.: securitypolicyviolation]
|
||||
expected: FAIL
|
||||
|
|
|
|||
|
|
@ -1,7 +1,3 @@
|
|||
[directive-name-case-insensitive.sub.html]
|
||||
expected: TIMEOUT
|
||||
[Test that the www2 image is not allowed to load]
|
||||
expected: FAIL
|
||||
|
||||
[Test that the www2 image throws a violation event]
|
||||
expected: NOTRUN
|
||||
expected: FAIL
|
||||
|
|
|
|||
|
|
@ -1,7 +1,3 @@
|
|||
[generic-0_1-img-src.html]
|
||||
expected: TIMEOUT
|
||||
[Verify cascading of default-src to img-src policy]
|
||||
expected: FAIL
|
||||
|
||||
[Should fire violation events for every failed violation]
|
||||
expected: NOTRUN
|
||||
expected: FAIL
|
||||
|
|
|
|||
|
|
@ -1,4 +1,3 @@
|
|||
[generic-0_1-script-src.html]
|
||||
expected: TIMEOUT
|
||||
[Should fire violation events for every failed violation]
|
||||
expected: NOTRUN
|
||||
expected: FAIL
|
||||
|
|
|
|||
|
|
@ -1,4 +1,3 @@
|
|||
[generic-0_10_1.sub.html]
|
||||
expected: TIMEOUT
|
||||
[Should fire violation events for every failed violation]
|
||||
expected: NOTRUN
|
||||
expected: FAIL
|
||||
|
|
|
|||
|
|
@ -1,4 +1,3 @@
|
|||
[generic-0_2_2.sub.html]
|
||||
expected: TIMEOUT
|
||||
[Should fire violation events for every failed violation]
|
||||
expected: NOTRUN
|
||||
expected: FAIL
|
||||
|
|
|
|||
|
|
@ -1,4 +1,3 @@
|
|||
[generic-0_2_3.html]
|
||||
expected: TIMEOUT
|
||||
[Should fire violation events for every failed violation]
|
||||
expected: NOTRUN
|
||||
expected: FAIL
|
||||
|
|
|
|||
2
tests/wpt/meta/content-security-policy/generic/wildcard-host-part.sub.window.js.ini
vendored
Normal file
2
tests/wpt/meta/content-security-policy/generic/wildcard-host-part.sub.window.js.ini
vendored
Normal file
|
|
@ -0,0 +1,2 @@
|
|||
[wildcard-host-part.sub.window.html]
|
||||
expected: CRASH
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
[img-src-full-host-wildcard-blocked.sub.html]
|
||||
[img src does not match full host and wildcard csp directive]
|
||||
expected: FAIL
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
[img-src-none-blocks-data-uri.html]
|
||||
[img-src with 'none' source should not match]
|
||||
expected: FAIL
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
[img-src-none-blocks.html]
|
||||
[img-src with 'none' source should not match]
|
||||
expected: FAIL
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
[report-blocked-data-uri.sub.html]
|
||||
[Expecting logs: ["violated-directive=img-src"\]]
|
||||
expected: FAIL
|
||||
|
|
@ -1,7 +0,0 @@
|
|||
[inherited-csp-list-modifications-are-local.html]
|
||||
expected: TIMEOUT
|
||||
[Test that embedded iframe document image does not load]
|
||||
expected: FAIL
|
||||
|
||||
[Test that spv event is fired]
|
||||
expected: NOTRUN
|
||||
|
|
@ -1,7 +1,3 @@
|
|||
[media-src-7_1_2.sub.html]
|
||||
expected: TIMEOUT
|
||||
[Disallowed async video src]
|
||||
expected: FAIL
|
||||
|
||||
[Test that securitypolicyviolation events are fired]
|
||||
expected: NOTRUN
|
||||
expected: FAIL
|
||||
|
|
|
|||
|
|
@ -1,10 +1,7 @@
|
|||
[media-src-7_2_2.sub.html]
|
||||
expected: TIMEOUT
|
||||
[Disallaowed audio src]
|
||||
expected: FAIL
|
||||
|
||||
[Disallowed audio source element]
|
||||
expected: FAIL
|
||||
expected: NOTRUN
|
||||
|
||||
[Test that securitypolicyviolation events are fired]
|
||||
expected: NOTRUN
|
||||
expected: FAIL
|
||||
|
|
|
|||
|
|
@ -1,12 +1,13 @@
|
|||
[media-src-blocked.sub.html]
|
||||
expected: TIMEOUT
|
||||
[Disallowed async video src]
|
||||
expected: FAIL
|
||||
|
||||
[Disallowed async video source element]
|
||||
expected: FAIL
|
||||
expected: TIMEOUT
|
||||
|
||||
[Disallowed audio src]
|
||||
expected: FAIL
|
||||
expected: NOTRUN
|
||||
|
||||
[Disallowed audio source element]
|
||||
expected: FAIL
|
||||
expected: NOTRUN
|
||||
|
|
|
|||
|
|
@ -1,3 +0,0 @@
|
|||
[meta-img-src.html]
|
||||
[Expecting logs: ["PASS","TEST COMPLETE"\]]
|
||||
expected: FAIL
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
[meta-modified.html]
|
||||
[Expecting logs: ["PASS", "PASS","TEST COMPLETE"\]]
|
||||
expected: FAIL
|
||||
|
|
@ -1,3 +1,4 @@
|
|||
[invalid-directive.html]
|
||||
expected: TIMEOUT
|
||||
[Even if an unknown directive is specified, img-src is honored.]
|
||||
expected: FAIL
|
||||
expected: TIMEOUT
|
||||
|
|
|
|||
|
|
@ -1,10 +1,6 @@
|
|||
[report-to-directive-allowed-in-meta.https.sub.html]
|
||||
expected: TIMEOUT
|
||||
[Test that image does not load]
|
||||
expected: NOTRUN
|
||||
|
||||
[Event is fired]
|
||||
expected: TIMEOUT
|
||||
expected: FAIL
|
||||
|
||||
[Report is observable to ReportingObserver]
|
||||
expected: FAIL
|
||||
|
|
|
|||
|
|
@ -1,7 +1,3 @@
|
|||
[reporting-api-report-to-only-sends-reports-to-first-endpoint.https.sub.html]
|
||||
expected: TIMEOUT
|
||||
[Test that image does not load]
|
||||
expected: NOTRUN
|
||||
|
||||
[Event is fired]
|
||||
expected: TIMEOUT
|
||||
expected: FAIL
|
||||
|
|
|
|||
|
|
@ -1,7 +1,3 @@
|
|||
[reporting-api-report-to-overrides-report-uri-1.https.sub.html]
|
||||
expected: TIMEOUT
|
||||
[Test that image does not load]
|
||||
expected: NOTRUN
|
||||
|
||||
[Event is fired]
|
||||
expected: TIMEOUT
|
||||
expected: FAIL
|
||||
|
|
|
|||
|
|
@ -1,7 +1,3 @@
|
|||
[reporting-api-report-to-overrides-report-uri-2.https.sub.html]
|
||||
expected: TIMEOUT
|
||||
[Test that image does not load]
|
||||
expected: NOTRUN
|
||||
|
||||
[Event is fired]
|
||||
expected: TIMEOUT
|
||||
expected: FAIL
|
||||
|
|
|
|||
|
|
@ -1,10 +1,6 @@
|
|||
[reporting-api-sends-reports-on-violation.https.sub.html]
|
||||
expected: TIMEOUT
|
||||
[Test that image does not load]
|
||||
expected: NOTRUN
|
||||
|
||||
[Event is fired]
|
||||
expected: TIMEOUT
|
||||
expected: FAIL
|
||||
|
||||
[Report is observable to ReportingObserver]
|
||||
expected: FAIL
|
||||
|
|
|
|||
|
|
@ -1,6 +1,3 @@
|
|||
[report-and-enforce.html]
|
||||
[The image should be blocked]
|
||||
expected: FAIL
|
||||
|
||||
[Violation report status OK.]
|
||||
expected: FAIL
|
||||
|
|
|
|||
|
|
@ -1,7 +1,4 @@
|
|||
[report-same-origin-with-cookies.html]
|
||||
[Image should not load]
|
||||
expected: FAIL
|
||||
|
||||
[Violation report status OK.]
|
||||
expected: FAIL
|
||||
|
||||
|
|
|
|||
|
|
@ -1,4 +1,3 @@
|
|||
[strict-dynamic-elem-blocked-src-allowed.sub.html]
|
||||
expected: TIMEOUT
|
||||
[Should fire a security policy violation event]
|
||||
expected: NOTRUN
|
||||
expected: FAIL
|
||||
|
|
|
|||
|
|
@ -1,4 +1,3 @@
|
|||
[script-src-1_10.html]
|
||||
expected: TIMEOUT
|
||||
[Test that securitypolicyviolation event is fired]
|
||||
expected: NOTRUN
|
||||
expected: FAIL
|
||||
|
|
|
|||
|
|
@ -1,7 +1,6 @@
|
|||
[script-src-report-only-policy-works-with-external-hash-policy.html]
|
||||
expected: TIMEOUT
|
||||
[Should fire securitypolicyviolation event]
|
||||
expected: NOTRUN
|
||||
expected: FAIL
|
||||
|
||||
[External script in a script tag with matching SRI hash should run.]
|
||||
expected: FAIL
|
||||
|
|
|
|||
|
|
@ -1,4 +1,3 @@
|
|||
[securitypolicyviolation-block-cross-origin-image-from-script.sub.html]
|
||||
expected: TIMEOUT
|
||||
[Non-redirected cross-origin URLs are not stripped.]
|
||||
expected: TIMEOUT
|
||||
expected: FAIL
|
||||
|
|
|
|||
|
|
@ -1,4 +1,3 @@
|
|||
[securitypolicyviolation-block-cross-origin-image.sub.html]
|
||||
expected: TIMEOUT
|
||||
[Non-redirected cross-origin URLs are not stripped.]
|
||||
expected: TIMEOUT
|
||||
expected: FAIL
|
||||
|
|
|
|||
|
|
@ -1,4 +1,3 @@
|
|||
[securitypolicyviolation-block-image-from-script.sub.html]
|
||||
expected: TIMEOUT
|
||||
[Non-redirected cross-origin URLs are not stripped.]
|
||||
expected: TIMEOUT
|
||||
expected: FAIL
|
||||
|
|
|
|||
|
|
@ -1,4 +1,3 @@
|
|||
[securitypolicyviolation-block-image.sub.html]
|
||||
expected: TIMEOUT
|
||||
[Non-redirected same-origin URLs are not stripped.]
|
||||
expected: TIMEOUT
|
||||
expected: FAIL
|
||||
|
|
|
|||
|
|
@ -1,4 +1,6 @@
|
|||
[style-blocked.html]
|
||||
expected: TIMEOUT
|
||||
[Violated directive is script-src-elem.]
|
||||
expected: TIMEOUT
|
||||
expected: FAIL
|
||||
|
||||
[document.styleSheets should contain an item for the blocked CSS.]
|
||||
expected: FAIL
|
||||
|
|
|
|||
|
|
@ -1,7 +1,4 @@
|
|||
[style-src-error-event-fires.html]
|
||||
expected: TIMEOUT
|
||||
[Test error event fires on stylesheet link]
|
||||
expected: NOTRUN
|
||||
|
||||
[Test error event fires on inline style]
|
||||
expected: NOTRUN
|
||||
|
|
|
|||
|
|
@ -1,7 +1,4 @@
|
|||
[style-src-injected-stylesheet-blocked.sub.html]
|
||||
expected: TIMEOUT
|
||||
[Programatically injected stylesheet should not load]
|
||||
expected: FAIL
|
||||
|
||||
[Should fire a securitypolicyviolation event]
|
||||
expected: NOTRUN
|
||||
|
|
|
|||
|
|
@ -1,7 +1,4 @@
|
|||
[style-src-none-blocked.html]
|
||||
expected: TIMEOUT
|
||||
[Should not stylesheet when style-src is 'none']
|
||||
expected: FAIL
|
||||
|
||||
[Should fire a securitypolicyviolation event]
|
||||
expected: NOTRUN
|
||||
|
|
|
|||
3
tests/wpt/meta/content-security-policy/style-src/style-src-stylesheet-nonce-allowed.html.ini
vendored
Normal file
3
tests/wpt/meta/content-security-policy/style-src/style-src-stylesheet-nonce-allowed.html.ini
vendored
Normal file
|
|
@ -0,0 +1,3 @@
|
|||
[style-src-stylesheet-nonce-allowed.html]
|
||||
[Stylesheet link should load with correct nonce]
|
||||
expected: FAIL
|
||||
|
|
@ -1,7 +1,4 @@
|
|||
[style-src-stylesheet-nonce-blocked.html]
|
||||
expected: TIMEOUT
|
||||
[Should not load stylesheet without correct nonce]
|
||||
expected: FAIL
|
||||
|
||||
[Should fire a securitypolicyviolation event]
|
||||
expected: NOTRUN
|
||||
|
|
|
|||
|
|
@ -1,6 +1,7 @@
|
|||
[dedicated-none.sub.html]
|
||||
expected: TIMEOUT
|
||||
[Same-origin dedicated worker blocked by host-source expression.]
|
||||
expected: FAIL
|
||||
expected: TIMEOUT
|
||||
|
||||
[blob: dedicated worker blocked by 'blob:'.]
|
||||
expected: FAIL
|
||||
expected: TIMEOUT
|
||||
|
|
|
|||
|
|
@ -1,3 +1,4 @@
|
|||
[dedicated-worker-src-child-fallback-blocked.sub.html]
|
||||
expected: TIMEOUT
|
||||
[Same-origin dedicated worker allowed by worker-src 'self'.]
|
||||
expected: FAIL
|
||||
expected: TIMEOUT
|
||||
|
|
|
|||
2
tests/wpt/meta/css/css-tables/table-cell-overflow-auto-scrolled.html.ini
vendored
Normal file
2
tests/wpt/meta/css/css-tables/table-cell-overflow-auto-scrolled.html.ini
vendored
Normal file
|
|
@ -0,0 +1,2 @@
|
|||
[table-cell-overflow-auto-scrolled.html]
|
||||
expected: FAIL
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
[009.html]
|
||||
[Link with onclick form submit to javascript url with document.write and href navigation ]
|
||||
expected: FAIL
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
[navigation-unload-same-origin.window.html]
|
||||
[Same-origin navigation started from unload handler must be ignored]
|
||||
expected: FAIL
|
||||
|
|
@ -0,0 +1,3 @@
|
|||
[same-document-refresh.html]
|
||||
[Same-Document Referrer from Refresh]
|
||||
expected: FAIL
|
||||
3
tests/wpt/meta/html/browsers/history/the-history-interface/traverse_the_history_5.html.ini
vendored
Normal file
3
tests/wpt/meta/html/browsers/history/the-history-interface/traverse_the_history_5.html.ini
vendored
Normal file
|
|
@ -0,0 +1,3 @@
|
|||
[traverse_the_history_5.html]
|
||||
[Multiple history traversals, last would be aborted]
|
||||
expected: FAIL
|
||||
|
|
@ -1,2 +0,0 @@
|
|||
[2d.canvas.host.size.large.worker.html]
|
||||
expected: CRASH
|
||||
|
|
@ -1,15 +1,19 @@
|
|||
[supported-elements.html]
|
||||
expected: TIMEOUT
|
||||
[Contenteditable element should support autofocus]
|
||||
expected: FAIL
|
||||
|
||||
[Host element with delegatesFocus including no focusable descendants should be skipped]
|
||||
expected: FAIL
|
||||
expected: NOTRUN
|
||||
|
||||
[Element with tabindex should support autofocus]
|
||||
expected: FAIL
|
||||
|
||||
[Area element should support autofocus]
|
||||
expected: FAIL
|
||||
expected: NOTRUN
|
||||
|
||||
[Host element with delegatesFocus should support autofocus]
|
||||
expected: FAIL
|
||||
expected: NOTRUN
|
||||
|
||||
[Non-HTMLElement should not support autofocus]
|
||||
expected: TIMEOUT
|
||||
|
|
|
|||
2
tests/wpt/meta/html/rendering/replaced-elements/images/blocked-by-csp.html.ini
vendored
Normal file
2
tests/wpt/meta/html/rendering/replaced-elements/images/blocked-by-csp.html.ini
vendored
Normal file
|
|
@ -0,0 +1,2 @@
|
|||
[blocked-by-csp.html]
|
||||
expected: FAIL
|
||||
|
|
@ -1,4 +1,3 @@
|
|||
[iframe_sandbox_popups_escaping-1.html]
|
||||
expected: TIMEOUT
|
||||
[Check that popups from a sandboxed iframe escape the sandbox if\n allow-popups-to-escape-sandbox is used]
|
||||
expected: TIMEOUT
|
||||
|
|
|
|||
|
|
@ -1,4 +1,3 @@
|
|||
[iframe_sandbox_popups_escaping-2.html]
|
||||
expected: TIMEOUT
|
||||
[Check that popups from a sandboxed iframe escape the sandbox if\n allow-popups-to-escape-sandbox is used]
|
||||
expected: TIMEOUT
|
||||
expected: FAIL
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
[iframe_sandbox_popups_escaping-3.html]
|
||||
expected: CRASH
|
||||
expected: TIMEOUT
|
||||
[Check that popups from a sandboxed iframe escape the sandbox if\n allow-popups-to-escape-sandbox is used]
|
||||
expected: FAIL
|
||||
expected: TIMEOUT
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
[iframe_sandbox_popups_nonescaping-3.html]
|
||||
expected: TIMEOUT
|
||||
[Check that popups from a sandboxed iframe do not escape the sandbox]
|
||||
expected: NOTRUN
|
||||
expected: FAIL
|
||||
|
|
|
|||
|
|
@ -1,3 +0,0 @@
|
|||
[meta-csp-img-src-none.tentative.sub.html]
|
||||
[Speculative parsing, document.write(): meta-csp-img-src-none]
|
||||
expected: FAIL
|
||||
|
|
@ -1,7 +1,6 @@
|
|||
[TrustedTypePolicyFactory-createPolicy-cspTests-none.html]
|
||||
expected: TIMEOUT
|
||||
[Cannot create policy with name 'SomeName' - policy creation throws]
|
||||
expected: TIMEOUT
|
||||
expected: FAIL
|
||||
|
||||
[Cannot create policy with name 'default' - policy creation throws]
|
||||
expected: NOTRUN
|
||||
expected: FAIL
|
||||
|
|
|
|||
Some files were not shown because too many files have changed in this diff Show more
Loading…
Add table
Add a link
Reference in a new issue