Mirrors/servo
1
0
Fork 0
mirror of https://github.com/servo/servo.git synced 2025-09-15 01:18:22 +01:00
Code Issues Projects Releases Packages Wiki Activity

Set correct policy-container for worker construction (#36603)

Browse source 
This makes sure that when workers are created, their global scope has
the correct policy-container set
so that we can do CSP-checks.

Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
This commit is contained in:
Tim van der Lippe 2025-04-21 14:47:06 +02:00 committed by GitHub
parent d724c8e9e3
commit 9a14ad8535
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
25 changed files with 67 additions and 136 deletions
Download patch file Download diff file Expand all files Collapse all files

3
tests/wpt/meta/content-security-policy/connect-src/worker-connect-src-blocked.sub.html.ini vendored
View file

@ -1,3 +0,0 @@
[worker-connect-src-blocked.sub.html]
[Expecting logs: ["xhr blocked","TEST COMPLETE"\]]
expected: FAIL

9
tests/wpt/meta/content-security-policy/inside-worker/dedicatedworker-connect-src.html.ini vendored
View file

@ -1,16 +1,7 @@
[dedicatedworker-connect-src.html]
[Cross-origin 'fetch()' in http: with connect-src 'self']
expected: FAIL
[Cross-origin XHR in http: with connect-src 'self']
expected: FAIL
[Same-origin => cross-origin 'fetch()' in http: with connect-src 'self']
expected: FAIL
[WebSocket in http: with connect-src 'self']
expected: FAIL
[Reports match in http: with connect-src 'self']
expected: FAIL

12
tests/wpt/meta/content-security-policy/inside-worker/dedicatedworker-script-src.html.ini vendored
View file

@ -1,15 +1,16 @@
[dedicatedworker-script-src.html]
expected: TIMEOUT
[Cross-origin `importScripts()` blocked in http: with script-src 'self']
expected: FAIL
expected: TIMEOUT
[`eval()` blocked in http: with script-src 'self']
expected: FAIL
expected: NOTRUN
[`setTimeout([string\])` blocked in http: with script-src 'self']
expected: FAIL
expected: NOTRUN
[Reports are sent for http: with script-src 'self']
expected: FAIL
expected: NOTRUN
[Cross-origin `importScripts()` blocked in blob: with script-src 'self']
expected: FAIL
@ -22,3 +23,6 @@
[Reports are sent for blob: with script-src 'self']
expected: FAIL
[dedicatedworker-script-src]
expected: TIMEOUT

3
tests/wpt/meta/content-security-policy/script-src/worker-eval-blocked.sub.html.ini vendored
View file

@ -1,3 +0,0 @@
[worker-eval-blocked.sub.html]
[Expecting logs: ["eval blocked"\]]
expected: FAIL

3
tests/wpt/meta/content-security-policy/script-src/worker-function-function-blocked.sub.html.ini vendored
View file

@ -1,3 +0,0 @@
[worker-function-function-blocked.sub.html]
[Expecting logs: ["Function() function blocked"\]]
expected: FAIL

3
tests/wpt/meta/content-security-policy/script-src/worker-importscripts.sub.html.ini vendored
View file

@ -1,6 +1,3 @@
[worker-importscripts.sub.html]
[Dedicated worker delivers its own CSP]
expected: FAIL
[Shared worker delivers its own CSP]
expected: FAIL

3
tests/wpt/meta/content-security-policy/script-src/worker-set-timeout.sub.html.ini vendored
View file

@ -1,6 +1,3 @@
[worker-set-timeout.sub.html]
[Dedicated worker delivers its own CSP]
expected: FAIL
[Shared worker delivers its own CSP]
expected: FAIL

3
tests/wpt/meta/content-security-policy/securitypolicyviolation/inside-dedicated-worker.html.ini vendored
View file

@ -1,7 +1,4 @@
[inside-dedicated-worker.html]
expected: TIMEOUT
[SecurityPolicyViolation event fired on global.]
expected: FAIL
[SecurityPolicyViolation event fired on global with the correct blockedURI.]
expected: TIMEOUT

3
tests/wpt/meta/content-security-policy/wasm-unsafe-eval/default-src-blocks-wasm.any.js.ini vendored
View file

@ -1,7 +1,4 @@
[default-src-blocks-wasm.any.worker.html]
[default-src-blocks-wasm]
expected: FAIL
[default-src-blocks-wasm.any.html]

3
tests/wpt/meta/content-security-policy/wasm-unsafe-eval/script-src-blocks-wasm.any.js.ini vendored
View file

@ -2,9 +2,6 @@
expected: ERROR
[script-src-blocks-wasm.any.worker.html]
[script-src-blocks-wasm]
expected: FAIL
[script-src-blocks-wasm.any.html]

3
tests/wpt/meta/content-security-policy/wasm-unsafe-eval/script-src-spv-asynch.any.js.ini vendored
View file

@ -7,9 +7,8 @@
[script-src-spv-asynch.any.worker.html]
expected: TIMEOUT
[Securitypolicyviolation event looks like it should]
expected: TIMEOUT
expected: FAIL
[script-src-spv-asynch.any.serviceworker.html]

3
tests/wpt/meta/fetch/api/policies/csp-blocked-worker.html.ini vendored
View file

@ -1,3 +0,0 @@
[csp-blocked-worker.html]
[Fetch is blocked by CSP, got a TypeError]
expected: FAIL

6
tests/wpt/meta/trusted-types/should-sink-type-mismatch-violation-be-blocked-by-csp-002-worker.html.ini vendored
View file

@ -1,4 +1,6 @@
[should-sink-type-mismatch-violation-be-blocked-by-csp-002-worker.html]
expected: TIMEOUT
[Checking reported violations for setTimeout(';;;;;') from DedicatedWorker]
expected: TIMEOUT
expected: FAIL
[Location of required-trusted-types-for violations.]
expected: FAIL

12
tests/wpt/meta/trusted-types/should-trusted-type-policy-creation-be-blocked-by-csp-004-worker.html.ini vendored
View file

@ -1,10 +1,6 @@
[should-trusted-type-policy-creation-be-blocked-by-csp-004-worker.html]
expected: TIMEOUT
[No violation/exception for allowed policy names (tt-policy-name-1 tt-policy-name-2 tt-policy-name-3).]
expected: TIMEOUT
[Exception and violations for CSP with multiple enforce and report-only policies.]
expected: FAIL
[Violation and exception for duplicate policy names (tt-policy-name-1 tt-policy-name-2 tt-policy-name-3).]
expected: NOTRUN
[Violation and exception for forbidden policy name (tt-policy-name-1 tt-policy-name-2 tt-policy-name-3).]
expected: NOTRUN
[Location of trusted-types violations.]
expected: FAIL

3
tests/wpt/meta/trusted-types/trusted-types-reporting-check-report-DedicatedWorker-sink-mismatch.html.ini vendored
View file

@ -1,7 +1,4 @@
[trusted-types-reporting-check-report-DedicatedWorker-sink-mismatch.html]
[Passing a plain string to eval throws.]
expected: FAIL
[Test report-uri works with require-trusted-types-for violation.]
expected: FAIL

6
tests/wpt/meta/trusted-types/trusted-types-reporting-for-DedicatedWorker-DedicatedWorker-constructor.html.ini vendored
View file

@ -1,7 +1,3 @@
[trusted-types-reporting-for-DedicatedWorker-DedicatedWorker-constructor.html]
expected: TIMEOUT
[No violation reported for Worker constructor with TrustedScriptURL.]
expected: TIMEOUT
[Violation report for Worker constructor with plain string.]
expected: NOTRUN
expected: FAIL

5
tests/wpt/meta/trusted-types/trusted-types-reporting-for-DedicatedWorker-ServiceWorkerContainer-register.https.html.ini vendored
View file

@ -1,7 +1,6 @@
[trusted-types-reporting-for-DedicatedWorker-ServiceWorkerContainer-register.https.html]
expected: TIMEOUT
[No violation reported for ServiceWorkerContainer register with TrustedScriptURL.]
expected: TIMEOUT
expected: FAIL
[Violation report for ServiceWorkerContainer register with plain string.]
expected: NOTRUN
expected: FAIL

5
tests/wpt/meta/trusted-types/trusted-types-reporting-for-DedicatedWorker-eval.html.ini vendored
View file

@ -1,7 +1,6 @@
[trusted-types-reporting-for-DedicatedWorker-eval.html]
expected: TIMEOUT
[No violation reported for eval with TrustedScript.]
expected: TIMEOUT
expected: FAIL
[Violation report for eval with plain string.]
expected: NOTRUN
expected: FAIL

33
tests/wpt/meta/trusted-types/trusted-types-reporting-for-DedicatedWorker-function-constructor.html.ini vendored
View file

@ -1,37 +1,12 @@
[trusted-types-reporting-for-DedicatedWorker-function-constructor.html]
expected: TIMEOUT
[No violation reported for Function with TrustedScript.]
expected: TIMEOUT
[No violation reported for Function with multiple TrustedScript args.]
expected: NOTRUN
[Violation report for Function with plain string.]
expected: NOTRUN
[No violation reported for AsyncFunction with TrustedScript.]
expected: NOTRUN
[No violation reported for AsyncFunction with multiple TrustedScript args.]
expected: NOTRUN
expected: FAIL
[Violation report for AsyncFunction with plain string.]
expected: NOTRUN
[No violation reported for GeneratorFunction with TrustedScript.]
expected: NOTRUN
[No violation reported for GeneratorFunction with multiple TrustedScript args.]
expected: NOTRUN
expected: FAIL
[Violation report for GeneratorFunction with plain string.]
expected: NOTRUN
[No violation reported for AsyncGeneratorFunction with TrustedScript.]
expected: NOTRUN
[No violation reported for AsyncGeneratorFunction with multiple TrustedScript args.]
expected: NOTRUN
expected: FAIL
[Violation report for AsyncGeneratorFunction with plain string.]
expected: NOTRUN
expected: FAIL

6
tests/wpt/meta/trusted-types/trusted-types-reporting-for-DedicatedWorker-importScripts.html.ini vendored
View file

@ -1,7 +1,3 @@
[trusted-types-reporting-for-DedicatedWorker-importScripts.html]
expected: TIMEOUT
[No violation reported for importScripts with TrustedScriptURL.]
expected: TIMEOUT
[Violation report for importScripts with plain string.]
expected: NOTRUN
expected: FAIL

11
tests/wpt/meta/trusted-types/trusted-types-reporting-for-DedicatedWorker-setTimeout-setInterval.html.ini vendored
View file

@ -1,13 +1,6 @@
[trusted-types-reporting-for-DedicatedWorker-setTimeout-setInterval.html]
expected: TIMEOUT
[No violation reported for setTimeout with TrustedScript.]
expected: TIMEOUT
[No violation reported for setInterval with TrustedScript.]
expected: NOTRUN
[Violation report for setTimeout with plain string.]
expected: NOTRUN
expected: FAIL
[Violation report for setInterval with plain string.]
expected: NOTRUN
expected: FAIL