Mirrors/servo
1
0
Fork 0
mirror of https://github.com/servo/servo.git synced 2025-08-05 21:50:18 +01:00
Code Issues Projects Releases Packages Wiki Activity

Run all CSP tests in CI by default. (#36436)

Browse source 
Extending the original set from #36402 since there are additional tests
relevant to the work happening in #36409 and #36363.

Testing: New tests in CI.
Fixes: Part of https://github.com/servo/servo/issues/4577

Signed-off-by: Josh Matthews <josh@joshmatthews.net>
This commit is contained in:
Josh Matthews 2025-04-10 04:09:23 -04:00 committed by GitHub
parent a0730d7154
commit c16ca22970
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
509 changed files with 5492 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

13
tests/wpt/include.ini vendored
View file

@ -12,18 +12,7 @@ skip: true
[samesite]
skip: true
[content-security-policy]
[child-src]
skip: false
[connect-src]
skip: false
[default-src]
skip: false
[securitypolicyviolation]
skip: false
[unsafe-eval]
skip: false
[wasm-unsafe-eval]
skip: false
skip: false
[cors]
skip: false
[css]

7
tests/wpt/meta/content-security-policy/base-uri/base-uri-deny-url-encoded-host.sub.html.ini vendored Normal file
View file

@ -0,0 +1,7 @@
[base-uri-deny-url-encoded-host.sub.html]
expected: TIMEOUT
[Check that baseURI fires a securitypolicyviolation event when it does not match the csp directive due to a url encoded host character.]
expected: NOTRUN
[Check that the baseURI is not set when it does not match the csp directive]
expected: FAIL

7
tests/wpt/meta/content-security-policy/base-uri/base-uri-deny.sub.html.ini vendored Normal file
View file

@ -0,0 +1,7 @@
[base-uri-deny.sub.html]
expected: TIMEOUT
[Check that baseURI fires a securitypolicyviolation event when it does not match the csp directive]
expected: NOTRUN
[Check that the baseURI is not set when it does not match the csp directive]
expected: FAIL

7
tests/wpt/meta/content-security-policy/base-uri/base-uri_iframe_sandbox.sub.html.ini vendored Normal file
View file

@ -0,0 +1,7 @@
[base-uri_iframe_sandbox.sub.html]
expected: TIMEOUT
[base-uri 'self' works with same-origin sandboxed iframes.]
expected: TIMEOUT
[base-uri 'self' blocks foreign-origin sandboxed iframes.]
expected: TIMEOUT

10
tests/wpt/meta/content-security-policy/base-uri/report-uri-does-not-respect-base-uri.sub.html.ini vendored Normal file
View file

@ -0,0 +1,10 @@
[report-uri-does-not-respect-base-uri.sub.html]
expected: TIMEOUT
[Test that image does not load]
expected: NOTRUN
[Event is fired]
expected: TIMEOUT
[Violation report status OK.]
expected: FAIL

6
tests/wpt/meta/content-security-policy/blob/blob-urls-do-not-match-self.sub.html.ini vendored Normal file
View file

@ -0,0 +1,6 @@
[blob-urls-do-not-match-self.sub.html]
[Expecting logs: ["violated-directive=script-src-elem"\]]
expected: FAIL
[blob-urls-do-not-match-self]
expected: FAIL

9
tests/wpt/meta/content-security-policy/blob/self-doesnt-match-blob.sub.html.ini vendored Normal file
View file

@ -0,0 +1,9 @@
[self-doesnt-match-blob.sub.html]
[Expecting logs: ["violated-directive=worker-src","TEST COMPLETE"\]]
expected: FAIL
[worker-connect-src-blocked]
expected: FAIL
[worker-connect-src-blocked 1]
expected: FAIL

3
tests/wpt/meta/content-security-policy/blob/star-doesnt-match-blob.sub.html.ini vendored Normal file
View file

@ -0,0 +1,3 @@
[star-doesnt-match-blob.sub.html]
[Expecting logs: ["violated-directive=worker-src","TEST COMPLETE"\]]
expected: FAIL

25
tests/wpt/meta/content-security-policy/embedded-enforcement/allow_csp_from-header.html.ini vendored Normal file
View file

@ -0,0 +1,25 @@
[allow_csp_from-header.html]
expected: TIMEOUT
[Same origin iframes with an empty Allow-CSP-From header get blocked.]
expected: FAIL
[Same origin iframes without Allow-CSP-From header gets blocked.]
expected: FAIL
[Same origin iframes are blocked if Allow-CSP-From does not match origin.]
expected: FAIL
[Cross origin iframe with an empty Allow-CSP-From header gets blocked.]
expected: FAIL
[Cross origin iframe without Allow-CSP-From header gets blocked.]
expected: FAIL
[Iframe with improper Allow-CSP-From header gets blocked.]
expected: FAIL
[Star Allow-CSP-From header enforces EmbeddingCSP.]
expected: TIMEOUT
[Allow-CSP-From header enforces EmbeddingCSP.]
expected: TIMEOUT

6
tests/wpt/meta/content-security-policy/embedded-enforcement/blocked-iframe-are-cross-origin.html.ini vendored Normal file
View file

@ -0,0 +1,6 @@
[blocked-iframe-are-cross-origin.html]
[Document blocked by embedded enforcement and its parent are cross-origin]
expected: FAIL
[Two same-origin iframes must appear as cross-origin when one is blocked]
expected: FAIL

6
tests/wpt/meta/content-security-policy/embedded-enforcement/change-csp-attribute-and-history-navigation.html.ini vendored Normal file
View file

@ -0,0 +1,6 @@
[change-csp-attribute-and-history-navigation.html]
[Iframe csp attribute changed before history navigation of local scheme.]
expected: FAIL
[Iframe csp attribute changed before history navigation of network scheme.]
expected: FAIL

6
tests/wpt/meta/content-security-policy/embedded-enforcement/idlharness.window.js.ini vendored Normal file
View file

@ -0,0 +1,6 @@
[idlharness.window.html]
[HTMLIFrameElement interface: attribute csp]
expected: FAIL
[HTMLIFrameElement interface: document.createElement("iframe") must inherit property "csp" with the proper type]
expected: FAIL

12
tests/wpt/meta/content-security-policy/embedded-enforcement/iframe-csp-attribute.html.ini vendored Normal file
View file

@ -0,0 +1,12 @@
[iframe-csp-attribute.html]
[<iframe> has a 'csp' attibute which is an empty string if undefined.]
expected: FAIL
[<iframe>'s csp attribute is always a string.]
expected: FAIL
[<iframe>'s 'csp content attribute reflects the IDL attribute.]
expected: FAIL
[<iframe>'s IDL attribute reflects the DOM attribute.]
expected: FAIL

27
tests/wpt/meta/content-security-policy/embedded-enforcement/required-csp-header-cascade.html.ini vendored Normal file
View file

@ -0,0 +1,27 @@
[required-csp-header-cascade.html]
[Test same origin: Test same policy for both iframes]
expected: FAIL
[Test same origin: Test more restrictive policy on second iframe]
expected: FAIL
[Test same origin: Test less restrictive policy on second iframe]
expected: FAIL
[Test same origin: Test no policy on second iframe]
expected: FAIL
[Test same origin: Test no policy on first iframe]
expected: FAIL
[Test same origin: Test invalid policy on first iframe (bad directive name)]
expected: FAIL
[Test same origin: Test invalid policy on first iframe (report directive)]
expected: FAIL
[Test same origin: Test invalid policy on second iframe (bad directive name)]
expected: FAIL
[Test same origin: Test invalid policy on second iframe (report directive)]
expected: FAIL

141
tests/wpt/meta/content-security-policy/embedded-enforcement/required_csp-header.html.ini vendored Normal file
View file

@ -0,0 +1,141 @@
[required_csp-header.html]
[Test Required-CSP value on `csp` change: Sec-Required-CSP is not sent if `csp` attribute is not set on <iframe>.]
expected: FAIL
[Test same origin: Send Sec-Required-CSP when `csp` attribute of <iframe> is not empty.]
expected: FAIL
[Test same origin redirect: Send Sec-Required-CSP when `csp` attribute of <iframe> is not empty.]
expected: FAIL
[Test cross origin redirect: Send Sec-Required-CSP when `csp` attribute of <iframe> is not empty.]
expected: FAIL
[Test cross origin redirect of cross origin iframe: Send Sec-Required-CSP when `csp` attribute of <iframe> is not empty.]
expected: FAIL
[Test Required-CSP value on `csp` change: Send Sec-Required-CSP when `csp` attribute of <iframe> is not empty.]
expected: FAIL
[Test same origin: Send Sec-Required-CSP Header on change of `src` attribute on iframe.]
expected: FAIL
[Test same origin redirect: Send Sec-Required-CSP Header on change of `src` attribute on iframe.]
expected: FAIL
[Test cross origin redirect: Send Sec-Required-CSP Header on change of `src` attribute on iframe.]
expected: FAIL
[Test cross origin redirect of cross origin iframe: Send Sec-Required-CSP Header on change of `src` attribute on iframe.]
expected: FAIL
[Test Required-CSP value on `csp` change: Send Sec-Required-CSP Header on change of `src` attribute on iframe.]
expected: FAIL
[Test same origin: Wrong but allowed value of `csp` should still trigger sending Sec-Required-CSP Header - gibberish csp]
expected: FAIL
[Test same origin redirect: Wrong but allowed value of `csp` should still trigger sending Sec-Required-CSP Header - gibberish csp]
expected: FAIL
[Test cross origin redirect: Wrong but allowed value of `csp` should still trigger sending Sec-Required-CSP Header - gibberish csp]
expected: FAIL
[Test cross origin redirect of cross origin iframe: Wrong but allowed value of `csp` should still trigger sending Sec-Required-CSP Header - gibberish csp]
expected: FAIL
[Test Required-CSP value on `csp` change: Wrong but allowed value of `csp` should still trigger sending Sec-Required-CSP Header - gibberish csp]
expected: FAIL
[Test same origin: Wrong but allowed value of `csp` should still trigger sending Sec-Required-CSP Header - unknown policy name]
expected: FAIL
[Test same origin redirect: Wrong but allowed value of `csp` should still trigger sending Sec-Required-CSP Header - unknown policy name]
expected: FAIL
[Test cross origin redirect: Wrong but allowed value of `csp` should still trigger sending Sec-Required-CSP Header - unknown policy name]
expected: FAIL
[Test cross origin redirect of cross origin iframe: Wrong but allowed value of `csp` should still trigger sending Sec-Required-CSP Header - unknown policy name]
expected: FAIL
[Test Required-CSP value on `csp` change: Wrong but allowed value of `csp` should still trigger sending Sec-Required-CSP Header - unknown policy name]
expected: FAIL
[Test same origin: Wrong but allowed value of `csp` should still trigger sending Sec-Required-CSP Header - unknown policy name in multiple directives]
expected: FAIL
[Test same origin redirect: Wrong but allowed value of `csp` should still trigger sending Sec-Required-CSP Header - unknown policy name in multiple directives]
expected: FAIL
[Test cross origin redirect: Wrong but allowed value of `csp` should still trigger sending Sec-Required-CSP Header - unknown policy name in multiple directives]
expected: FAIL
[Test cross origin redirect of cross origin iframe: Wrong but allowed value of `csp` should still trigger sending Sec-Required-CSP Header - unknown policy name in multiple directives]
expected: FAIL
[Test Required-CSP value on `csp` change: Wrong but allowed value of `csp` should still trigger sending Sec-Required-CSP Header - unknown policy name in multiple directives]
expected: FAIL
[Test same origin: Wrong but allowed value of `csp` should still trigger sending Sec-Required-CSP Header - misspeled 'none']
expected: FAIL
[Test same origin redirect: Wrong but allowed value of `csp` should still trigger sending Sec-Required-CSP Header - misspeled 'none']
expected: FAIL
[Test cross origin redirect: Wrong but allowed value of `csp` should still trigger sending Sec-Required-CSP Header - misspeled 'none']
expected: FAIL
[Test cross origin redirect of cross origin iframe: Wrong but allowed value of `csp` should still trigger sending Sec-Required-CSP Header - misspeled 'none']
expected: FAIL
[Test Required-CSP value on `csp` change: Wrong but allowed value of `csp` should still trigger sending Sec-Required-CSP Header - misspeled 'none']
expected: FAIL
[Test same origin: Wrong but allowed value of `csp` should still trigger sending Sec-Required-CSP Header - query values in path]
expected: FAIL
[Test same origin redirect: Wrong but allowed value of `csp` should still trigger sending Sec-Required-CSP Header - query values in path]
expected: FAIL
[Test cross origin redirect: Wrong but allowed value of `csp` should still trigger sending Sec-Required-CSP Header - query values in path]
expected: FAIL
[Test cross origin redirect of cross origin iframe: Wrong but allowed value of `csp` should still trigger sending Sec-Required-CSP Header - query values in path]
expected: FAIL
[Test Required-CSP value on `csp` change: Wrong but allowed value of `csp` should still trigger sending Sec-Required-CSP Header - query values in path]
expected: FAIL
[Test same origin: Wrong but allowed value of `csp` should still trigger sending Sec-Required-CSP Header - missing semicolon]
expected: FAIL
[Test same origin redirect: Wrong but allowed value of `csp` should still trigger sending Sec-Required-CSP Header - missing semicolon]
expected: FAIL
[Test cross origin redirect: Wrong but allowed value of `csp` should still trigger sending Sec-Required-CSP Header - missing semicolon]
expected: FAIL
[Test cross origin redirect of cross origin iframe: Wrong but allowed value of `csp` should still trigger sending Sec-Required-CSP Header - missing semicolon]
expected: FAIL
[Test Required-CSP value on `csp` change: Wrong but allowed value of `csp` should still trigger sending Sec-Required-CSP Header - missing semicolon]
expected: FAIL
[Test Required-CSP value on `csp` change: Wrong and dangerous value of `csp` should not trigger sending Sec-Required-CSP Header - comma separated]
expected: FAIL
[Test Required-CSP value on `csp` change: Wrong and dangerous value of `csp` should not trigger sending Sec-Required-CSP Header - invalid characters in directive names]
expected: FAIL
[Test Required-CSP value on `csp` change: Wrong and dangerous value of `csp` should not trigger sending Sec-Required-CSP Header - invalid character in directive name]
expected: FAIL
[Test Required-CSP value on `csp` change: Wrong and dangerous value of `csp` should not trigger sending Sec-Required-CSP Header - report-uri present]
expected: FAIL
[Test Required-CSP value on `csp` change: Wrong and dangerous value of `csp` should not trigger sending Sec-Required-CSP Header - report-to present]
expected: FAIL
[Test Required-CSP value on `csp` change: Sec-Required-CSP is not sent if `csp` attribute is longer than 4096 bytes]
expected: FAIL

21
tests/wpt/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-general.html.ini vendored Normal file
View file

@ -0,0 +1,21 @@
[subsumption_algorithm-general.html]
[Iframe with empty returned CSP should be blocked.]
expected: FAIL
[Iframe with less restricting CSP should be blocked.]
expected: FAIL
[Iframe with a different CSP should be blocked.]
expected: FAIL
[Host wildcard *.a.com does not match a.com]
expected: FAIL
[Iframe should block if intersection allows sources which are not in required_csp.]
expected: FAIL
[Iframe should block if intersection allows sources which are not in required_csp (other ordering).]
expected: FAIL
[Removed plugin-types directive should be ignored 3.]
expected: FAIL

18
tests/wpt/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-hashes.html.ini vendored Normal file
View file

@ -0,0 +1,18 @@
[subsumption_algorithm-hashes.html]
[Returned should not include hashes not present in required csp.]
expected: FAIL
[Hashes do not have to be present in returned csp but must not allow all inline behavior.]
expected: FAIL
[Other expressions have to be subsumed.]
expected: FAIL
[Required csp must allow 'sha256-abc123'.]
expected: FAIL
[Effective policy is properly found where 'sha256-abc123' is not subsumed.]
expected: FAIL
['sha256-abc123' is not subsumed by 'sha256-abc456'.]
expected: FAIL

12
tests/wpt/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-host_sources-hosts.html.ini vendored Normal file
View file

@ -0,0 +1,12 @@
[subsumption_algorithm-host_sources-hosts.html]
[Host must match.]
expected: FAIL
[Hosts without wildcards must match.]
expected: FAIL
[More specific subdomain should not match.]
expected: FAIL
[Specified host should not match a wildcard host.]
expected: FAIL

9
tests/wpt/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-host_sources-paths.html.ini vendored Normal file
View file

@ -0,0 +1,9 @@
[subsumption_algorithm-host_sources-paths.html]
[Returned CSP must specify a path.]
expected: FAIL
[Empty path is not subsumed by specified paths.]
expected: FAIL
[That should not be true when required csp specifies a specific page.]
expected: FAIL

12
tests/wpt/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-host_sources-ports.html.ini vendored Normal file
View file

@ -0,0 +1,12 @@
[subsumption_algorithm-host_sources-ports.html]
[Specified ports must match.]
expected: FAIL
[Returned CSP should be subsumed if the port is specified but is not default for a more secure scheme.]
expected: FAIL
[Wildcard port should not be subsumed by a default port.]
expected: FAIL
[Wildcard port should not be subsumed by a spcified port.]
expected: FAIL

12
tests/wpt/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-host_sources-protocols.html.ini vendored Normal file
View file

@ -0,0 +1,12 @@
[subsumption_algorithm-host_sources-protocols.html]
[`https` is more restrictive than `http`.]
expected: FAIL
[`http:` does not subsume other protocols.]
expected: FAIL
[If scheme source is present in returned csp, it must be specified in required csp too.]
expected: FAIL
[All scheme sources must be subsumed.]
expected: FAIL

9
tests/wpt/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-nonces.html.ini vendored Normal file
View file

@ -0,0 +1,9 @@
[subsumption_algorithm-nonces.html]
[A nonce has to be returned if required by the embedder.]
expected: FAIL
[Nonce intersection is still done on exact match - matching nonces.]
expected: FAIL
[Other expressions still have to be subsumed - negative test]
expected: FAIL

21
tests/wpt/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-none.html.ini vendored Normal file
View file

@ -0,0 +1,21 @@
[subsumption_algorithm-none.html]
[Required policy that allows `none` does not subsume empty list of policies.]
expected: FAIL
[Required csp with effective `none` does not subsume a host source expression.]
expected: FAIL
[Required csp with `none` does not subsume a host source expression.]
expected: FAIL
[Required csp with effective `none` does not subsume `none` of another directive.]
expected: FAIL
[Required csp with `none` does not subsume `none` of another directive.]
expected: FAIL
[Required csp with `none` does not subsume `none` of different directives.]
expected: FAIL
[Both required and returned csp are `none` for only one directive.]
expected: FAIL

6
tests/wpt/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-self.html.ini vendored Normal file
View file

@ -0,0 +1,6 @@
[subsumption_algorithm-self.html]
[Returned CSP must not allow 'self' if required CSP does not.]
expected: FAIL
[Returned 'self' should not be subsumed by a more secure version of origin's url.]
expected: FAIL

45
tests/wpt/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-source_list-wildcards.html.ini vendored Normal file
View file

@ -0,0 +1,45 @@
[subsumption_algorithm-source_list-wildcards.html]
[Wildcard does not subsume empty list.]
expected: FAIL
[Empty source list does not subsume a wildcard source list.]
expected: FAIL
['none' does not subsume a wildcard source list.]
expected: FAIL
[Wildcard source list does not subsume `data:` scheme source expression.]
expected: FAIL
[Wildcard source list does not subsume `blob:` scheme source expression.]
expected: FAIL
[Source expressions do not subsume effective nonce expressions.]
expected: FAIL
[Wildcard source list is not subsumed by a host expression.]
expected: FAIL
[Wildcard list with keywords is not subsumed by a wildcard list.]
expected: FAIL
[Wildcard list with 'unsafe-hashes' is not subsumed by a wildcard list.]
expected: FAIL
[Wildcard list with 'unsafe-inline' is not subsumed by a wildcard list.]
expected: FAIL
[Wildcard list with 'unsafe-eval' is not subsumed by a wildcard list.]
expected: FAIL
[Wildcard list with 'unsafe-eval' is not subsumed by list with a single expression.]
expected: FAIL
[The same as above but for 'unsafe-inline'.]
expected: FAIL
[`data:` is not subsumed by a wildcard list.]
expected: FAIL
[`blob:` is not subsumed by a wildcard list.]
expected: FAIL

9
tests/wpt/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-strict_dynamic.html.ini vendored Normal file
View file

@ -0,0 +1,9 @@
[subsumption_algorithm-strict_dynamic.html]
['strict-dynamic' is effective only for `script-src`.]
expected: FAIL
['strict-dynamic' is properly handled for finding effective policy.]
expected: FAIL
['strict-dynamic' has to be allowed by required csp if it is present in returned csp.]
expected: FAIL

12
tests/wpt/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-unsafe_eval.html.ini vendored Normal file
View file

@ -0,0 +1,12 @@
[subsumption_algorithm-unsafe_eval.html]
[No other keyword has the same effect as 'unsafe-eval'.]
expected: FAIL
[Other expressions have to be subsumed.]
expected: FAIL
[Required csp must allow 'unsafe-eval'.]
expected: FAIL
[Effective policy is properly found where 'unsafe-eval' is not subsumed.]
expected: FAIL

12
tests/wpt/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-unsafe_hashes.html.ini vendored Normal file
View file

@ -0,0 +1,12 @@
[subsumption_algorithm-unsafe_hashes.html]
[No other keyword has the same effect as 'unsafe-hashes'.]
expected: FAIL
[Other expressions have to be subsumed.]
expected: FAIL
[Required csp must allow 'unsafe-hashes'.]
expected: FAIL
[Effective policy is properly found where 'unsafe-hashes' is not subsumed.]
expected: FAIL

18
tests/wpt/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-unsafe_inline.html.ini vendored Normal file
View file

@ -0,0 +1,18 @@
[subsumption_algorithm-unsafe_inline.html?9-last]
[Required csp allows `strict-dynamic`, but retuned csp does.]
expected: FAIL
[Required csp does not allow `unsafe-inline`, but retuned csp does.]
expected: FAIL
[Returned csp allows a nonce.]
expected: FAIL
[Returned csp allows a hash.]
expected: FAIL
[Effective returned csp allows 'unsafe-inline']
expected: FAIL
[subsumption_algorithm-unsafe_inline.html?1-8]

4
tests/wpt/meta/content-security-policy/font-src/font-match-allowed.sub.html.ini vendored Normal file
View file

@ -0,0 +1,4 @@
[font-match-allowed.sub.html]
expected: TIMEOUT
[Test font loads if it matches font-src.]
expected: TIMEOUT

4
tests/wpt/meta/content-security-policy/font-src/font-mismatch-blocked.sub.html.ini vendored Normal file
View file

@ -0,0 +1,4 @@
[font-mismatch-blocked.sub.html]
expected: TIMEOUT
[Test font does not load if it does not match font-src.]
expected: TIMEOUT

4
tests/wpt/meta/content-security-policy/font-src/font-none-blocked.sub.html.ini vendored Normal file
View file

@ -0,0 +1,4 @@
[font-none-blocked.sub.html]
expected: TIMEOUT
[Test font does not load if it does not match font-src.]
expected: TIMEOUT

4
tests/wpt/meta/content-security-policy/font-src/font-self-allowed.html.ini vendored Normal file
View file

@ -0,0 +1,4 @@
[font-self-allowed.html]
expected: TIMEOUT
[Test font loads if it matches font-src.]
expected: TIMEOUT

4
tests/wpt/meta/content-security-policy/font-src/font-stylesheet-font-blocked.sub.html.ini vendored Normal file
View file

@ -0,0 +1,4 @@
[font-stylesheet-font-blocked.sub.html]
expected: TIMEOUT
[Test font does not load if it does not match font-src.]
expected: TIMEOUT

6
tests/wpt/meta/content-security-policy/form-action/form-action-src-blocked.sub.html.ini vendored Normal file
View file

@ -0,0 +1,6 @@
[form-action-src-blocked.sub.html]
[Expecting logs: ["violated-directive=form-action","TEST COMPLETE"\]]
expected: FAIL
[form-action-src-blocked]
expected: FAIL

3
tests/wpt/meta/content-security-policy/form-action/form-action-src-get-blocked.sub.html.ini vendored Normal file
View file

@ -0,0 +1,3 @@
[form-action-src-get-blocked.sub.html]
[Expecting logs: ["violated-directive=form-action","TEST COMPLETE"\]]
expected: FAIL

3
tests/wpt/meta/content-security-policy/form-action/form-action-src-javascript-blocked.sub.html.ini vendored Normal file
View file

@ -0,0 +1,3 @@
[form-action-src-javascript-blocked.sub.html]
[Expecting logs: ["violated-directive=form-action","TEST COMPLETE"\]]
expected: FAIL

6
tests/wpt/meta/content-security-policy/form-action/form-action-src-redirect-blocked.sub.html.ini vendored Normal file
View file

@ -0,0 +1,6 @@
[form-action-src-redirect-blocked.sub.html]
[Expecting logs: ["violated-directive=form-action","blocked-uri=http://web-platform.test:8000/common/redirect.py?location=http://www1.web-platform.test:8000/content-security-policy/support/postmessage-fail.html","TEST COMPLETE"\]]
expected: FAIL
[form-action-src-redirect-blocked]
expected: FAIL

4
tests/wpt/meta/content-security-policy/frame-ancestors/frame-ancestors-from-serviceworker.https.html.ini vendored Normal file
View file

@ -0,0 +1,4 @@
[frame-ancestors-from-serviceworker.https.html]
expected: ERROR
[A 'frame-ancestors' CSP directive set from a serviceworker response with a value 'none' should block rendering.]
expected: NOTRUN

3
tests/wpt/meta/content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-cross-none-block.html.ini vendored Normal file
View file

@ -0,0 +1,3 @@
[frame-ancestors-nested-cross-in-cross-none-block.html]
[A 'frame-ancestors' CSP directive with a value 'none' should block rendering in nested frames.]
expected: FAIL

3
tests/wpt/meta/content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-cross-self-block.html.ini vendored Normal file
View file

@ -0,0 +1,3 @@
[frame-ancestors-nested-cross-in-cross-self-block.html]
[A 'frame-ancestors' CSP directive with a value 'self' should block render in same-origin nested frames.]
expected: FAIL

3
tests/wpt/meta/content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-cross-url-block.html.ini vendored Normal file
View file

@ -0,0 +1,3 @@
[frame-ancestors-nested-cross-in-cross-url-block.html]
[A 'frame-ancestors' CSP directive with a URL value should block or allow rendering in nested frames as appropriate.]
expected: FAIL

3
tests/wpt/meta/content-security-policy/frame-ancestors/frame-ancestors-nested-same-in-cross-none-block.html.ini vendored Normal file
View file

@ -0,0 +1,3 @@
[frame-ancestors-nested-same-in-cross-none-block.html]
[A 'frame-ancestors' CSP directive with a value 'none' should block rendering in nested frames.]
expected: FAIL

3
tests/wpt/meta/content-security-policy/frame-ancestors/frame-ancestors-nested-same-in-cross-self-block.html.ini vendored Normal file
View file

@ -0,0 +1,3 @@
[frame-ancestors-nested-same-in-cross-self-block.html]
[A 'frame-ancestors' CSP directive with a value 'self' should block render in same-origin nested frames.]
expected: FAIL

3
tests/wpt/meta/content-security-policy/frame-ancestors/frame-ancestors-nested-same-in-cross-url-block.html.ini vendored Normal file
View file

@ -0,0 +1,3 @@
[frame-ancestors-nested-same-in-cross-url-block.html]
[A 'frame-ancestors' CSP directive with a URL value should block or allow rendering in nested frames as appropriate.]
expected: FAIL

3
tests/wpt/meta/content-security-policy/frame-ancestors/frame-ancestors-nested-same-in-same-none-block.html.ini vendored Normal file
View file

@ -0,0 +1,3 @@
[frame-ancestors-nested-same-in-same-none-block.html]
[A 'frame-ancestors' CSP directive with a value 'none' should block rendering in nested frames.]
expected: FAIL

3
tests/wpt/meta/content-security-policy/frame-ancestors/frame-ancestors-nested-same-in-same-url-block.html.ini vendored Normal file
View file

@ -0,0 +1,3 @@
[frame-ancestors-nested-same-in-same-url-block.html]
[A 'frame-ancestors' CSP directive with a URL value should block or allow rendering in nested frames as appropriate.]
expected: FAIL

3
tests/wpt/meta/content-security-policy/frame-ancestors/frame-ancestors-none-block.html.ini vendored Normal file
View file

@ -0,0 +1,3 @@
[frame-ancestors-none-block.html]
[A 'frame-ancestors' CSP directive with a value 'none' should block rendering.]
expected: FAIL

3
tests/wpt/meta/content-security-policy/frame-ancestors/frame-ancestors-overrides-xfo.html.ini vendored Normal file
View file

@ -0,0 +1,3 @@
[frame-ancestors-overrides-xfo.html]
[A 'frame-ancestors' CSP directive overrides an 'x-frame-options' header which would allow the page.]
expected: FAIL

3
tests/wpt/meta/content-security-policy/frame-ancestors/frame-ancestors-path-ignored.window.js.ini vendored Normal file
View file

@ -0,0 +1,3 @@
[frame-ancestors-path-ignored.window.html]
[A 'frame-ancestors' CSP directive with a URL that includes a path should be ignored.]
expected: FAIL

3
tests/wpt/meta/content-security-policy/frame-ancestors/report-blocked-frame.sub.html.ini vendored Normal file
View file

@ -0,0 +1,3 @@
[report-blocked-frame.sub.html]
[Violation report status OK.]
expected: FAIL

3
tests/wpt/meta/content-security-policy/frame-ancestors/report-only-frame.sub.html.ini vendored Normal file
View file

@ -0,0 +1,3 @@
[report-only-frame.sub.html]
[Violation report status OK.]
expected: FAIL

4
tests/wpt/meta/content-security-policy/frame-src/frame-src-blocked.sub.html.ini vendored Normal file
View file

@ -0,0 +1,4 @@
[frame-src-blocked.sub.html]
expected: ERROR
[Expecting logs: ["PASS IFrame #1 generated a load event.","violated-directive=frame-src"\]]
expected: FAIL

3
tests/wpt/meta/content-security-policy/frame-src/frame-src-cross-origin-same-document-navigation.window.js.ini vendored Normal file
View file

@ -0,0 +1,3 @@
[frame-src-cross-origin-same-document-navigation.window.html]
[frame-src-cross-origin-same-document-navigation]
expected: FAIL

4
tests/wpt/meta/content-security-policy/frame-src/frame-src-redirect.html.ini vendored Normal file
View file

@ -0,0 +1,4 @@
[frame-src-redirect.html]
expected: TIMEOUT
[Redirected iframe src should evaluate both enforced and report-only policies on both original request and when following redirect]
expected: TIMEOUT

4
tests/wpt/meta/content-security-policy/frame-src/frame-src-same-document-meta.sub.html.ini vendored Normal file
View file

@ -0,0 +1,4 @@
[frame-src-same-document-meta.sub.html]
expected: TIMEOUT
[Same-document navigations in an iframe blocked by CSP frame-src dynamically using the <meta> tag]
expected: TIMEOUT

4
tests/wpt/meta/content-security-policy/frame-src/frame-src-same-document.sub.html.ini vendored Normal file
View file

@ -0,0 +1,4 @@
[frame-src-same-document.sub.html]
expected: TIMEOUT
[Same-document navigation in an iframe blocked by CSP frame-src]
expected: TIMEOUT

4
tests/wpt/meta/content-security-policy/frame-src/frame-src-self-unique-origin.html.ini vendored Normal file
View file

@ -0,0 +1,4 @@
[frame-src-self-unique-origin.html]
expected: TIMEOUT
[Iframe's url must not match with 'self'. It must be blocked.]
expected: TIMEOUT

15
tests/wpt/meta/content-security-policy/gen/top.http-rp/script-src-self/script-tag.http.html.ini vendored Normal file
View file

@ -0,0 +1,15 @@
[script-tag.http.html]
[Content Security Policy: Expects blocked for script-tag to cross-http origin and keep-origin redirection from http context.: securitypolicyviolation]
expected: FAIL
[Content Security Policy: Expects blocked for script-tag to cross-http origin and no-redirect redirection from http context.: securitypolicyviolation]
expected: FAIL
[Content Security Policy: Expects blocked for script-tag to cross-http origin and swap-origin redirection from http context.: securitypolicyviolation]
expected: FAIL
[Content Security Policy: Expects blocked for script-tag to same-http origin and swap-origin redirection from http context.]
expected: FAIL
[Content Security Policy: Expects blocked for script-tag to same-http origin and swap-origin redirection from http context.: securitypolicyviolation]
expected: FAIL

15
tests/wpt/meta/content-security-policy/gen/top.http-rp/script-src-self/script-tag.https.html.ini vendored Normal file
View file

@ -0,0 +1,15 @@
[script-tag.https.html]
[Content Security Policy: Expects blocked for script-tag to cross-https origin and keep-origin redirection from https context.: securitypolicyviolation]
expected: FAIL
[Content Security Policy: Expects blocked for script-tag to cross-https origin and no-redirect redirection from https context.: securitypolicyviolation]
expected: FAIL
[Content Security Policy: Expects blocked for script-tag to cross-https origin and swap-origin redirection from https context.: securitypolicyviolation]
expected: FAIL
[Content Security Policy: Expects blocked for script-tag to same-https origin and swap-origin redirection from https context.]
expected: FAIL
[Content Security Policy: Expects blocked for script-tag to same-https origin and swap-origin redirection from https context.: securitypolicyviolation]
expected: FAIL

6
tests/wpt/meta/content-security-policy/gen/top.http-rp/script-src-self/sharedworker-classic.http.html.ini vendored Normal file
View file

@ -0,0 +1,6 @@
[sharedworker-classic.http.html]
[Content Security Policy: Expects allowed for sharedworker-classic to same-http origin and keep-origin redirection from http context.]
expected: FAIL
[Content Security Policy: Expects allowed for sharedworker-classic to same-http origin and no-redirect redirection from http context.]
expected: FAIL

6
tests/wpt/meta/content-security-policy/gen/top.http-rp/script-src-self/sharedworker-classic.https.html.ini vendored Normal file
View file

@ -0,0 +1,6 @@
[sharedworker-classic.https.html]
[Content Security Policy: Expects allowed for sharedworker-classic to same-https origin and keep-origin redirection from https context.]
expected: FAIL
[Content Security Policy: Expects allowed for sharedworker-classic to same-https origin and no-redirect redirection from https context.]
expected: FAIL

18
tests/wpt/meta/content-security-policy/gen/top.http-rp/script-src-self/sharedworker-import-data.http.html.ini vendored Normal file
View file

@ -0,0 +1,18 @@
[sharedworker-import-data.http.html]
[Content Security Policy: Expects blocked for sharedworker-import-data to cross-http origin and keep-origin redirection from http context.: securitypolicyviolation]
expected: FAIL
[Content Security Policy: Expects blocked for sharedworker-import-data to cross-http origin and no-redirect redirection from http context.: securitypolicyviolation]
expected: FAIL
[Content Security Policy: Expects blocked for sharedworker-import-data to cross-http origin and swap-origin redirection from http context.: securitypolicyviolation]
expected: FAIL
[Content Security Policy: Expects blocked for sharedworker-import-data to same-http origin and keep-origin redirection from http context.: securitypolicyviolation]
expected: FAIL
[Content Security Policy: Expects blocked for sharedworker-import-data to same-http origin and no-redirect redirection from http context.: securitypolicyviolation]
expected: FAIL
[Content Security Policy: Expects blocked for sharedworker-import-data to same-http origin and swap-origin redirection from http context.: securitypolicyviolation]
expected: FAIL

18
tests/wpt/meta/content-security-policy/gen/top.http-rp/script-src-self/sharedworker-import-data.https.html.ini vendored Normal file
View file

@ -0,0 +1,18 @@
[sharedworker-import-data.https.html]
[Content Security Policy: Expects blocked for sharedworker-import-data to cross-https origin and keep-origin redirection from https context.: securitypolicyviolation]
expected: FAIL
[Content Security Policy: Expects blocked for sharedworker-import-data to cross-https origin and no-redirect redirection from https context.: securitypolicyviolation]
expected: FAIL
[Content Security Policy: Expects blocked for sharedworker-import-data to cross-https origin and swap-origin redirection from https context.: securitypolicyviolation]
expected: FAIL
[Content Security Policy: Expects blocked for sharedworker-import-data to same-https origin and keep-origin redirection from https context.: securitypolicyviolation]
expected: FAIL
[Content Security Policy: Expects blocked for sharedworker-import-data to same-https origin and no-redirect redirection from https context.: securitypolicyviolation]
expected: FAIL
[Content Security Policy: Expects blocked for sharedworker-import-data to same-https origin and swap-origin redirection from https context.: securitypolicyviolation]
expected: FAIL

18
tests/wpt/meta/content-security-policy/gen/top.http-rp/script-src-self/sharedworker-import.http.html.ini vendored Normal file
View file

@ -0,0 +1,18 @@
[sharedworker-import.http.html]
[Content Security Policy: Expects allowed for sharedworker-import to same-http origin and keep-origin redirection from http context.]
expected: FAIL
[Content Security Policy: Expects allowed for sharedworker-import to same-http origin and no-redirect redirection from http context.]
expected: FAIL
[Content Security Policy: Expects blocked for sharedworker-import to cross-http origin and keep-origin redirection from http context.: securitypolicyviolation]
expected: FAIL
[Content Security Policy: Expects blocked for sharedworker-import to cross-http origin and no-redirect redirection from http context.: securitypolicyviolation]
expected: FAIL
[Content Security Policy: Expects blocked for sharedworker-import to cross-http origin and swap-origin redirection from http context.: securitypolicyviolation]
expected: FAIL
[Content Security Policy: Expects blocked for sharedworker-import to same-http origin and swap-origin redirection from http context.: securitypolicyviolation]
expected: FAIL

18
tests/wpt/meta/content-security-policy/gen/top.http-rp/script-src-self/sharedworker-import.https.html.ini vendored Normal file
View file

@ -0,0 +1,18 @@
[sharedworker-import.https.html]
[Content Security Policy: Expects allowed for sharedworker-import to same-https origin and keep-origin redirection from https context.]
expected: FAIL
[Content Security Policy: Expects allowed for sharedworker-import to same-https origin and no-redirect redirection from https context.]
expected: FAIL
[Content Security Policy: Expects blocked for sharedworker-import to cross-https origin and keep-origin redirection from https context.: securitypolicyviolation]
expected: FAIL
[Content Security Policy: Expects blocked for sharedworker-import to cross-https origin and no-redirect redirection from https context.: securitypolicyviolation]
expected: FAIL
[Content Security Policy: Expects blocked for sharedworker-import to cross-https origin and swap-origin redirection from https context.: securitypolicyviolation]
expected: FAIL
[Content Security Policy: Expects blocked for sharedworker-import to same-https origin and swap-origin redirection from https context.: securitypolicyviolation]
expected: FAIL

6
tests/wpt/meta/content-security-policy/gen/top.http-rp/script-src-self/sharedworker-module.http.html.ini vendored Normal file
View file

@ -0,0 +1,6 @@
[sharedworker-module.http.html]
[Content Security Policy: Expects allowed for sharedworker-module to same-http origin and keep-origin redirection from http context.]
expected: FAIL
[Content Security Policy: Expects allowed for sharedworker-module to same-http origin and no-redirect redirection from http context.]
expected: FAIL

6
tests/wpt/meta/content-security-policy/gen/top.http-rp/script-src-self/sharedworker-module.https.html.ini vendored Normal file
View file

@ -0,0 +1,6 @@
[sharedworker-module.https.html]
[Content Security Policy: Expects allowed for sharedworker-module to same-https origin and keep-origin redirection from https context.]
expected: FAIL
[Content Security Policy: Expects allowed for sharedworker-module to same-https origin and no-redirect redirection from https context.]
expected: FAIL

18
tests/wpt/meta/content-security-policy/gen/top.http-rp/script-src-self/worker-import-data.http.html.ini vendored Normal file
View file

@ -0,0 +1,18 @@
[worker-import-data.http.html]
[Content Security Policy: Expects blocked for worker-import-data to cross-http origin and keep-origin redirection from http context.: securitypolicyviolation]
expected: FAIL
[Content Security Policy: Expects blocked for worker-import-data to cross-http origin and no-redirect redirection from http context.: securitypolicyviolation]
expected: FAIL
[Content Security Policy: Expects blocked for worker-import-data to cross-http origin and swap-origin redirection from http context.: securitypolicyviolation]
expected: FAIL
[Content Security Policy: Expects blocked for worker-import-data to same-http origin and keep-origin redirection from http context.: securitypolicyviolation]
expected: FAIL
[Content Security Policy: Expects blocked for worker-import-data to same-http origin and no-redirect redirection from http context.: securitypolicyviolation]
expected: FAIL
[Content Security Policy: Expects blocked for worker-import-data to same-http origin and swap-origin redirection from http context.: securitypolicyviolation]
expected: FAIL

18
tests/wpt/meta/content-security-policy/gen/top.http-rp/script-src-self/worker-import-data.https.html.ini vendored Normal file
View file

@ -0,0 +1,18 @@
[worker-import-data.https.html]
[Content Security Policy: Expects blocked for worker-import-data to cross-https origin and keep-origin redirection from https context.: securitypolicyviolation]
expected: FAIL
[Content Security Policy: Expects blocked for worker-import-data to cross-https origin and no-redirect redirection from https context.: securitypolicyviolation]
expected: FAIL
[Content Security Policy: Expects blocked for worker-import-data to cross-https origin and swap-origin redirection from https context.: securitypolicyviolation]
expected: FAIL
[Content Security Policy: Expects blocked for worker-import-data to same-https origin and keep-origin redirection from https context.: securitypolicyviolation]
expected: FAIL
[Content Security Policy: Expects blocked for worker-import-data to same-https origin and no-redirect redirection from https context.: securitypolicyviolation]
expected: FAIL
[Content Security Policy: Expects blocked for worker-import-data to same-https origin and swap-origin redirection from https context.: securitypolicyviolation]
expected: FAIL

18
tests/wpt/meta/content-security-policy/gen/top.http-rp/script-src-self/worker-import.http.html.ini vendored Normal file
View file

@ -0,0 +1,18 @@
[worker-import.http.html]
[Content Security Policy: Expects allowed for worker-import to same-http origin and keep-origin redirection from http context.]
expected: FAIL
[Content Security Policy: Expects allowed for worker-import to same-http origin and no-redirect redirection from http context.]
expected: FAIL
[Content Security Policy: Expects blocked for worker-import to cross-http origin and keep-origin redirection from http context.: securitypolicyviolation]
expected: FAIL
[Content Security Policy: Expects blocked for worker-import to cross-http origin and no-redirect redirection from http context.: securitypolicyviolation]
expected: FAIL
[Content Security Policy: Expects blocked for worker-import to cross-http origin and swap-origin redirection from http context.: securitypolicyviolation]
expected: FAIL
[Content Security Policy: Expects blocked for worker-import to same-http origin and swap-origin redirection from http context.: securitypolicyviolation]
expected: FAIL

18
tests/wpt/meta/content-security-policy/gen/top.http-rp/script-src-self/worker-import.https.html.ini vendored Normal file
View file

@ -0,0 +1,18 @@
[worker-import.https.html]
[Content Security Policy: Expects allowed for worker-import to same-https origin and keep-origin redirection from https context.]
expected: FAIL
[Content Security Policy: Expects allowed for worker-import to same-https origin and no-redirect redirection from https context.]
expected: FAIL
[Content Security Policy: Expects blocked for worker-import to cross-https origin and keep-origin redirection from https context.: securitypolicyviolation]
expected: FAIL
[Content Security Policy: Expects blocked for worker-import to cross-https origin and no-redirect redirection from https context.: securitypolicyviolation]
expected: FAIL
[Content Security Policy: Expects blocked for worker-import to cross-https origin and swap-origin redirection from https context.: securitypolicyviolation]
expected: FAIL
[Content Security Policy: Expects blocked for worker-import to same-https origin and swap-origin redirection from https context.: securitypolicyviolation]
expected: FAIL

18
tests/wpt/meta/content-security-policy/gen/top.http-rp/script-src-self/worklet-animation-import-data.https.html.ini vendored Normal file
View file

@ -0,0 +1,18 @@
[worklet-animation-import-data.https.html]
[Content Security Policy: Expects blocked for worklet-animation-import-data to cross-https origin and keep-origin redirection from https context.: securitypolicyviolation]
expected: FAIL
[Content Security Policy: Expects blocked for worklet-animation-import-data to cross-https origin and no-redirect redirection from https context.: securitypolicyviolation]
expected: FAIL
[Content Security Policy: Expects blocked for worklet-animation-import-data to cross-https origin and swap-origin redirection from https context.: securitypolicyviolation]
expected: FAIL
[Content Security Policy: Expects blocked for worklet-animation-import-data to same-https origin and keep-origin redirection from https context.: securitypolicyviolation]
expected: FAIL
[Content Security Policy: Expects blocked for worklet-animation-import-data to same-https origin and no-redirect redirection from https context.: securitypolicyviolation]
expected: FAIL
[Content Security Policy: Expects blocked for worklet-animation-import-data to same-https origin and swap-origin redirection from https context.: securitypolicyviolation]
expected: FAIL

18
tests/wpt/meta/content-security-policy/gen/top.http-rp/script-src-self/worklet-animation.https.html.ini vendored Normal file
View file

@ -0,0 +1,18 @@
[worklet-animation.https.html]
[Content Security Policy: Expects allowed for worklet-animation to same-https origin and keep-origin redirection from https context.]
expected: FAIL
[Content Security Policy: Expects allowed for worklet-animation to same-https origin and no-redirect redirection from https context.]
expected: FAIL
[Content Security Policy: Expects blocked for worklet-animation to cross-https origin and keep-origin redirection from https context.: securitypolicyviolation]
expected: FAIL
[Content Security Policy: Expects blocked for worklet-animation to cross-https origin and no-redirect redirection from https context.: securitypolicyviolation]
expected: FAIL
[Content Security Policy: Expects blocked for worklet-animation to cross-https origin and swap-origin redirection from https context.: securitypolicyviolation]
expected: FAIL
[Content Security Policy: Expects blocked for worklet-animation to same-https origin and swap-origin redirection from https context.: securitypolicyviolation]
expected: FAIL

18
tests/wpt/meta/content-security-policy/gen/top.http-rp/script-src-self/worklet-audio-import-data.https.html.ini vendored Normal file
View file

@ -0,0 +1,18 @@
[worklet-audio-import-data.https.html]
[Content Security Policy: Expects blocked for worklet-audio-import-data to cross-https origin and keep-origin redirection from https context.: securitypolicyviolation]
expected: FAIL
[Content Security Policy: Expects blocked for worklet-audio-import-data to cross-https origin and no-redirect redirection from https context.: securitypolicyviolation]
expected: FAIL
[Content Security Policy: Expects blocked for worklet-audio-import-data to cross-https origin and swap-origin redirection from https context.: securitypolicyviolation]
expected: FAIL
[Content Security Policy: Expects blocked for worklet-audio-import-data to same-https origin and keep-origin redirection from https context.: securitypolicyviolation]
expected: FAIL
[Content Security Policy: Expects blocked for worklet-audio-import-data to same-https origin and no-redirect redirection from https context.: securitypolicyviolation]
expected: FAIL
[Content Security Policy: Expects blocked for worklet-audio-import-data to same-https origin and swap-origin redirection from https context.: securitypolicyviolation]
expected: FAIL

18
tests/wpt/meta/content-security-policy/gen/top.http-rp/script-src-self/worklet-audio.https.html.ini vendored Normal file
View file

@ -0,0 +1,18 @@
[worklet-audio.https.html]
[Content Security Policy: Expects allowed for worklet-audio to same-https origin and keep-origin redirection from https context.]
expected: FAIL
[Content Security Policy: Expects allowed for worklet-audio to same-https origin and no-redirect redirection from https context.]
expected: FAIL
[Content Security Policy: Expects blocked for worklet-audio to cross-https origin and keep-origin redirection from https context.: securitypolicyviolation]
expected: FAIL
[Content Security Policy: Expects blocked for worklet-audio to cross-https origin and no-redirect redirection from https context.: securitypolicyviolation]
expected: FAIL
[Content Security Policy: Expects blocked for worklet-audio to cross-https origin and swap-origin redirection from https context.: securitypolicyviolation]
expected: FAIL
[Content Security Policy: Expects blocked for worklet-audio to same-https origin and swap-origin redirection from https context.: securitypolicyviolation]
expected: FAIL

18
tests/wpt/meta/content-security-policy/gen/top.http-rp/script-src-self/worklet-layout-import-data.https.html.ini vendored Normal file
View file

@ -0,0 +1,18 @@
[worklet-layout-import-data.https.html]
[Content Security Policy: Expects blocked for worklet-layout-import-data to cross-https origin and keep-origin redirection from https context.: securitypolicyviolation]
expected: FAIL
[Content Security Policy: Expects blocked for worklet-layout-import-data to cross-https origin and no-redirect redirection from https context.: securitypolicyviolation]
expected: FAIL
[Content Security Policy: Expects blocked for worklet-layout-import-data to cross-https origin and swap-origin redirection from https context.: securitypolicyviolation]
expected: FAIL
[Content Security Policy: Expects blocked for worklet-layout-import-data to same-https origin and keep-origin redirection from https context.: securitypolicyviolation]
expected: FAIL
[Content Security Policy: Expects blocked for worklet-layout-import-data to same-https origin and no-redirect redirection from https context.: securitypolicyviolation]
expected: FAIL
[Content Security Policy: Expects blocked for worklet-layout-import-data to same-https origin and swap-origin redirection from https context.: securitypolicyviolation]
expected: FAIL

18
tests/wpt/meta/content-security-policy/gen/top.http-rp/script-src-self/worklet-layout.https.html.ini vendored Normal file
View file

@ -0,0 +1,18 @@
[worklet-layout.https.html]
[Content Security Policy: Expects allowed for worklet-layout to same-https origin and keep-origin redirection from https context.]
expected: FAIL
[Content Security Policy: Expects allowed for worklet-layout to same-https origin and no-redirect redirection from https context.]
expected: FAIL
[Content Security Policy: Expects blocked for worklet-layout to cross-https origin and keep-origin redirection from https context.: securitypolicyviolation]
expected: FAIL
[Content Security Policy: Expects blocked for worklet-layout to cross-https origin and no-redirect redirection from https context.: securitypolicyviolation]
expected: FAIL
[Content Security Policy: Expects blocked for worklet-layout to cross-https origin and swap-origin redirection from https context.: securitypolicyviolation]
expected: FAIL
[Content Security Policy: Expects blocked for worklet-layout to same-https origin and swap-origin redirection from https context.: securitypolicyviolation]
expected: FAIL

18
tests/wpt/meta/content-security-policy/gen/top.http-rp/script-src-self/worklet-paint-import-data.https.html.ini vendored Normal file
View file

@ -0,0 +1,18 @@
[worklet-paint-import-data.https.html]
[Content Security Policy: Expects blocked for worklet-paint-import-data to cross-https origin and keep-origin redirection from https context.: securitypolicyviolation]
expected: FAIL
[Content Security Policy: Expects blocked for worklet-paint-import-data to cross-https origin and no-redirect redirection from https context.: securitypolicyviolation]
expected: FAIL
[Content Security Policy: Expects blocked for worklet-paint-import-data to cross-https origin and swap-origin redirection from https context.: securitypolicyviolation]
expected: FAIL
[Content Security Policy: Expects blocked for worklet-paint-import-data to same-https origin and keep-origin redirection from https context.: securitypolicyviolation]
expected: FAIL
[Content Security Policy: Expects blocked for worklet-paint-import-data to same-https origin and no-redirect redirection from https context.: securitypolicyviolation]
expected: FAIL
[Content Security Policy: Expects blocked for worklet-paint-import-data to same-https origin and swap-origin redirection from https context.: securitypolicyviolation]
expected: FAIL

18
tests/wpt/meta/content-security-policy/gen/top.http-rp/script-src-self/worklet-paint.https.html.ini vendored Normal file
View file

@ -0,0 +1,18 @@
[worklet-paint.https.html]
[Content Security Policy: Expects allowed for worklet-paint to same-https origin and keep-origin redirection from https context.]
expected: FAIL
[Content Security Policy: Expects allowed for worklet-paint to same-https origin and no-redirect redirection from https context.]
expected: FAIL
[Content Security Policy: Expects blocked for worklet-paint to cross-https origin and keep-origin redirection from https context.: securitypolicyviolation]
expected: FAIL
[Content Security Policy: Expects blocked for worklet-paint to cross-https origin and no-redirect redirection from https context.: securitypolicyviolation]
expected: FAIL
[Content Security Policy: Expects blocked for worklet-paint to cross-https origin and swap-origin redirection from https context.: securitypolicyviolation]
expected: FAIL
[Content Security Policy: Expects blocked for worklet-paint to same-https origin and swap-origin redirection from https context.: securitypolicyviolation]
expected: FAIL

6
tests/wpt/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/sharedworker-classic.http.html.ini vendored Normal file
View file

@ -0,0 +1,6 @@
[sharedworker-classic.http.html]
[Content Security Policy: Expects allowed for sharedworker-classic to same-http origin and keep-origin redirection from http context.]
expected: FAIL
[Content Security Policy: Expects allowed for sharedworker-classic to same-http origin and no-redirect redirection from http context.]
expected: FAIL

6
tests/wpt/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/sharedworker-classic.https.html.ini vendored Normal file
View file

@ -0,0 +1,6 @@
[sharedworker-classic.https.html]
[Content Security Policy: Expects allowed for sharedworker-classic to same-https origin and keep-origin redirection from https context.]
expected: FAIL
[Content Security Policy: Expects allowed for sharedworker-classic to same-https origin and no-redirect redirection from https context.]
expected: FAIL

18
tests/wpt/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/sharedworker-import-data.http.html.ini vendored Normal file
View file

@ -0,0 +1,18 @@
[sharedworker-import-data.http.html]
[Content Security Policy: Expects blocked for sharedworker-import-data to cross-http origin and keep-origin redirection from http context.: securitypolicyviolation]
expected: FAIL
[Content Security Policy: Expects blocked for sharedworker-import-data to cross-http origin and no-redirect redirection from http context.: securitypolicyviolation]
expected: FAIL
[Content Security Policy: Expects blocked for sharedworker-import-data to cross-http origin and swap-origin redirection from http context.: securitypolicyviolation]
expected: FAIL
[Content Security Policy: Expects blocked for sharedworker-import-data to same-http origin and keep-origin redirection from http context.: securitypolicyviolation]
expected: FAIL
[Content Security Policy: Expects blocked for sharedworker-import-data to same-http origin and no-redirect redirection from http context.: securitypolicyviolation]
expected: FAIL
[Content Security Policy: Expects blocked for sharedworker-import-data to same-http origin and swap-origin redirection from http context.: securitypolicyviolation]
expected: FAIL

18
tests/wpt/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/sharedworker-import-data.https.html.ini vendored Normal file
View file

@ -0,0 +1,18 @@
[sharedworker-import-data.https.html]
[Content Security Policy: Expects blocked for sharedworker-import-data to cross-https origin and keep-origin redirection from https context.: securitypolicyviolation]
expected: FAIL
[Content Security Policy: Expects blocked for sharedworker-import-data to cross-https origin and no-redirect redirection from https context.: securitypolicyviolation]
expected: FAIL
[Content Security Policy: Expects blocked for sharedworker-import-data to cross-https origin and swap-origin redirection from https context.: securitypolicyviolation]
expected: FAIL
[Content Security Policy: Expects blocked for sharedworker-import-data to same-https origin and keep-origin redirection from https context.: securitypolicyviolation]
expected: FAIL
[Content Security Policy: Expects blocked for sharedworker-import-data to same-https origin and no-redirect redirection from https context.: securitypolicyviolation]
expected: FAIL
[Content Security Policy: Expects blocked for sharedworker-import-data to same-https origin and swap-origin redirection from https context.: securitypolicyviolation]
expected: FAIL

18
tests/wpt/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/sharedworker-import.http.html.ini vendored Normal file
View file

@ -0,0 +1,18 @@
[sharedworker-import.http.html]
[Content Security Policy: Expects allowed for sharedworker-import to cross-http origin and keep-origin redirection from http context.]
expected: FAIL
[Content Security Policy: Expects allowed for sharedworker-import to cross-http origin and no-redirect redirection from http context.]
expected: FAIL
[Content Security Policy: Expects allowed for sharedworker-import to cross-http origin and swap-origin redirection from http context.]
expected: FAIL
[Content Security Policy: Expects allowed for sharedworker-import to same-http origin and keep-origin redirection from http context.]
expected: FAIL
[Content Security Policy: Expects allowed for sharedworker-import to same-http origin and no-redirect redirection from http context.]
expected: FAIL
[Content Security Policy: Expects allowed for sharedworker-import to same-http origin and swap-origin redirection from http context.]
expected: FAIL

18
tests/wpt/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/sharedworker-import.https.html.ini vendored Normal file
View file

@ -0,0 +1,18 @@
[sharedworker-import.https.html]
[Content Security Policy: Expects allowed for sharedworker-import to cross-https origin and keep-origin redirection from https context.]
expected: FAIL
[Content Security Policy: Expects allowed for sharedworker-import to cross-https origin and no-redirect redirection from https context.]
expected: FAIL
[Content Security Policy: Expects allowed for sharedworker-import to cross-https origin and swap-origin redirection from https context.]
expected: FAIL
[Content Security Policy: Expects allowed for sharedworker-import to same-https origin and keep-origin redirection from https context.]
expected: FAIL
[Content Security Policy: Expects allowed for sharedworker-import to same-https origin and no-redirect redirection from https context.]
expected: FAIL
[Content Security Policy: Expects allowed for sharedworker-import to same-https origin and swap-origin redirection from https context.]
expected: FAIL

6
tests/wpt/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/sharedworker-module.http.html.ini vendored Normal file
View file

@ -0,0 +1,6 @@
[sharedworker-module.http.html]
[Content Security Policy: Expects allowed for sharedworker-module to same-http origin and keep-origin redirection from http context.]
expected: FAIL
[Content Security Policy: Expects allowed for sharedworker-module to same-http origin and no-redirect redirection from http context.]
expected: FAIL

6
tests/wpt/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/sharedworker-module.https.html.ini vendored Normal file
View file

@ -0,0 +1,6 @@
[sharedworker-module.https.html]
[Content Security Policy: Expects allowed for sharedworker-module to same-https origin and keep-origin redirection from https context.]
expected: FAIL
[Content Security Policy: Expects allowed for sharedworker-module to same-https origin and no-redirect redirection from https context.]
expected: FAIL

18
tests/wpt/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/worker-import-data.http.html.ini vendored Normal file
View file

@ -0,0 +1,18 @@
[worker-import-data.http.html]
[Content Security Policy: Expects blocked for worker-import-data to cross-http origin and keep-origin redirection from http context.: securitypolicyviolation]
expected: FAIL
[Content Security Policy: Expects blocked for worker-import-data to cross-http origin and no-redirect redirection from http context.: securitypolicyviolation]
expected: FAIL
[Content Security Policy: Expects blocked for worker-import-data to cross-http origin and swap-origin redirection from http context.: securitypolicyviolation]
expected: FAIL
[Content Security Policy: Expects blocked for worker-import-data to same-http origin and keep-origin redirection from http context.: securitypolicyviolation]
expected: FAIL
[Content Security Policy: Expects blocked for worker-import-data to same-http origin and no-redirect redirection from http context.: securitypolicyviolation]
expected: FAIL
[Content Security Policy: Expects blocked for worker-import-data to same-http origin and swap-origin redirection from http context.: securitypolicyviolation]
expected: FAIL

18
tests/wpt/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/worker-import-data.https.html.ini vendored Normal file
View file

@ -0,0 +1,18 @@
[worker-import-data.https.html]
[Content Security Policy: Expects blocked for worker-import-data to cross-https origin and keep-origin redirection from https context.: securitypolicyviolation]
expected: FAIL
[Content Security Policy: Expects blocked for worker-import-data to cross-https origin and no-redirect redirection from https context.: securitypolicyviolation]
expected: FAIL
[Content Security Policy: Expects blocked for worker-import-data to cross-https origin and swap-origin redirection from https context.: securitypolicyviolation]
expected: FAIL
[Content Security Policy: Expects blocked for worker-import-data to same-https origin and keep-origin redirection from https context.: securitypolicyviolation]
expected: FAIL
[Content Security Policy: Expects blocked for worker-import-data to same-https origin and no-redirect redirection from https context.: securitypolicyviolation]
expected: FAIL
[Content Security Policy: Expects blocked for worker-import-data to same-https origin and swap-origin redirection from https context.: securitypolicyviolation]
expected: FAIL

18
tests/wpt/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/worker-import.http.html.ini vendored Normal file
View file

@ -0,0 +1,18 @@
[worker-import.http.html]
[Content Security Policy: Expects allowed for worker-import to cross-http origin and keep-origin redirection from http context.]
expected: FAIL
[Content Security Policy: Expects allowed for worker-import to cross-http origin and no-redirect redirection from http context.]
expected: FAIL
[Content Security Policy: Expects allowed for worker-import to cross-http origin and swap-origin redirection from http context.]
expected: FAIL
[Content Security Policy: Expects allowed for worker-import to same-http origin and keep-origin redirection from http context.]
expected: FAIL
[Content Security Policy: Expects allowed for worker-import to same-http origin and no-redirect redirection from http context.]
expected: FAIL
[Content Security Policy: Expects allowed for worker-import to same-http origin and swap-origin redirection from http context.]
expected: FAIL

18
tests/wpt/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/worker-import.https.html.ini vendored Normal file
View file

@ -0,0 +1,18 @@
[worker-import.https.html]
[Content Security Policy: Expects allowed for worker-import to cross-https origin and keep-origin redirection from https context.]
expected: FAIL
[Content Security Policy: Expects allowed for worker-import to cross-https origin and no-redirect redirection from https context.]
expected: FAIL
[Content Security Policy: Expects allowed for worker-import to cross-https origin and swap-origin redirection from https context.]
expected: FAIL
[Content Security Policy: Expects allowed for worker-import to same-https origin and keep-origin redirection from https context.]
expected: FAIL
[Content Security Policy: Expects allowed for worker-import to same-https origin and no-redirect redirection from https context.]
expected: FAIL
[Content Security Policy: Expects allowed for worker-import to same-https origin and swap-origin redirection from https context.]
expected: FAIL

18
tests/wpt/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/worklet-animation-import-data.https.html.ini vendored Normal file
View file

@ -0,0 +1,18 @@
[worklet-animation-import-data.https.html]
[Content Security Policy: Expects blocked for worklet-animation-import-data to cross-https origin and keep-origin redirection from https context.: securitypolicyviolation]
expected: FAIL
[Content Security Policy: Expects blocked for worklet-animation-import-data to cross-https origin and no-redirect redirection from https context.: securitypolicyviolation]
expected: FAIL
[Content Security Policy: Expects blocked for worklet-animation-import-data to cross-https origin and swap-origin redirection from https context.: securitypolicyviolation]
expected: FAIL
[Content Security Policy: Expects blocked for worklet-animation-import-data to same-https origin and keep-origin redirection from https context.: securitypolicyviolation]
expected: FAIL
[Content Security Policy: Expects blocked for worklet-animation-import-data to same-https origin and no-redirect redirection from https context.: securitypolicyviolation]
expected: FAIL
[Content Security Policy: Expects blocked for worklet-animation-import-data to same-https origin and swap-origin redirection from https context.: securitypolicyviolation]
expected: FAIL

18
tests/wpt/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/worklet-animation.https.html.ini vendored Normal file
View file

@ -0,0 +1,18 @@
[worklet-animation.https.html]
[Content Security Policy: Expects allowed for worklet-animation to cross-https origin and keep-origin redirection from https context.]
expected: FAIL
[Content Security Policy: Expects allowed for worklet-animation to cross-https origin and no-redirect redirection from https context.]
expected: FAIL
[Content Security Policy: Expects allowed for worklet-animation to cross-https origin and swap-origin redirection from https context.]
expected: FAIL
[Content Security Policy: Expects allowed for worklet-animation to same-https origin and keep-origin redirection from https context.]
expected: FAIL
[Content Security Policy: Expects allowed for worklet-animation to same-https origin and no-redirect redirection from https context.]
expected: FAIL
[Content Security Policy: Expects allowed for worklet-animation to same-https origin and swap-origin redirection from https context.]
expected: FAIL

18
tests/wpt/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/worklet-audio-import-data.https.html.ini vendored Normal file
View file

@ -0,0 +1,18 @@
[worklet-audio-import-data.https.html]
[Content Security Policy: Expects blocked for worklet-audio-import-data to cross-https origin and keep-origin redirection from https context.: securitypolicyviolation]
expected: FAIL
[Content Security Policy: Expects blocked for worklet-audio-import-data to cross-https origin and no-redirect redirection from https context.: securitypolicyviolation]
expected: FAIL
[Content Security Policy: Expects blocked for worklet-audio-import-data to cross-https origin and swap-origin redirection from https context.: securitypolicyviolation]
expected: FAIL
[Content Security Policy: Expects blocked for worklet-audio-import-data to same-https origin and keep-origin redirection from https context.: securitypolicyviolation]
expected: FAIL
[Content Security Policy: Expects blocked for worklet-audio-import-data to same-https origin and no-redirect redirection from https context.: securitypolicyviolation]
expected: FAIL
[Content Security Policy: Expects blocked for worklet-audio-import-data to same-https origin and swap-origin redirection from https context.: securitypolicyviolation]
expected: FAIL

18
tests/wpt/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/worklet-audio.https.html.ini vendored Normal file
View file

@ -0,0 +1,18 @@
[worklet-audio.https.html]
[Content Security Policy: Expects allowed for worklet-audio to cross-https origin and keep-origin redirection from https context.]
expected: FAIL
[Content Security Policy: Expects allowed for worklet-audio to cross-https origin and no-redirect redirection from https context.]
expected: FAIL
[Content Security Policy: Expects allowed for worklet-audio to cross-https origin and swap-origin redirection from https context.]
expected: FAIL
[Content Security Policy: Expects allowed for worklet-audio to same-https origin and keep-origin redirection from https context.]
expected: FAIL
[Content Security Policy: Expects allowed for worklet-audio to same-https origin and no-redirect redirection from https context.]
expected: FAIL
[Content Security Policy: Expects allowed for worklet-audio to same-https origin and swap-origin redirection from https context.]
expected: FAIL

18
tests/wpt/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/worklet-layout-import-data.https.html.ini vendored Normal file
View file

@ -0,0 +1,18 @@
[worklet-layout-import-data.https.html]
[Content Security Policy: Expects blocked for worklet-layout-import-data to cross-https origin and keep-origin redirection from https context.: securitypolicyviolation]
expected: FAIL
[Content Security Policy: Expects blocked for worklet-layout-import-data to cross-https origin and no-redirect redirection from https context.: securitypolicyviolation]
expected: FAIL
[Content Security Policy: Expects blocked for worklet-layout-import-data to cross-https origin and swap-origin redirection from https context.: securitypolicyviolation]
expected: FAIL
[Content Security Policy: Expects blocked for worklet-layout-import-data to same-https origin and keep-origin redirection from https context.: securitypolicyviolation]
expected: FAIL
[Content Security Policy: Expects blocked for worklet-layout-import-data to same-https origin and no-redirect redirection from https context.: securitypolicyviolation]
expected: FAIL
[Content Security Policy: Expects blocked for worklet-layout-import-data to same-https origin and swap-origin redirection from https context.: securitypolicyviolation]
expected: FAIL

18
tests/wpt/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/worklet-layout.https.html.ini vendored Normal file
View file

@ -0,0 +1,18 @@
[worklet-layout.https.html]
[Content Security Policy: Expects allowed for worklet-layout to cross-https origin and keep-origin redirection from https context.]
expected: FAIL
[Content Security Policy: Expects allowed for worklet-layout to cross-https origin and no-redirect redirection from https context.]
expected: FAIL
[Content Security Policy: Expects allowed for worklet-layout to cross-https origin and swap-origin redirection from https context.]
expected: FAIL
[Content Security Policy: Expects allowed for worklet-layout to same-https origin and keep-origin redirection from https context.]
expected: FAIL
[Content Security Policy: Expects allowed for worklet-layout to same-https origin and no-redirect redirection from https context.]
expected: FAIL
[Content Security Policy: Expects allowed for worklet-layout to same-https origin and swap-origin redirection from https context.]
expected: FAIL

18
tests/wpt/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/worklet-paint-import-data.https.html.ini vendored Normal file
View file

@ -0,0 +1,18 @@
[worklet-paint-import-data.https.html]
[Content Security Policy: Expects blocked for worklet-paint-import-data to cross-https origin and keep-origin redirection from https context.: securitypolicyviolation]
expected: FAIL
[Content Security Policy: Expects blocked for worklet-paint-import-data to cross-https origin and no-redirect redirection from https context.: securitypolicyviolation]
expected: FAIL
[Content Security Policy: Expects blocked for worklet-paint-import-data to cross-https origin and swap-origin redirection from https context.: securitypolicyviolation]
expected: FAIL
[Content Security Policy: Expects blocked for worklet-paint-import-data to same-https origin and keep-origin redirection from https context.: securitypolicyviolation]
expected: FAIL
[Content Security Policy: Expects blocked for worklet-paint-import-data to same-https origin and no-redirect redirection from https context.: securitypolicyviolation]
expected: FAIL
[Content Security Policy: Expects blocked for worklet-paint-import-data to same-https origin and swap-origin redirection from https context.: securitypolicyviolation]
expected: FAIL

18
tests/wpt/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/worklet-paint.https.html.ini vendored Normal file
View file

@ -0,0 +1,18 @@
[worklet-paint.https.html]
[Content Security Policy: Expects allowed for worklet-paint to cross-https origin and keep-origin redirection from https context.]
expected: FAIL
[Content Security Policy: Expects allowed for worklet-paint to cross-https origin and no-redirect redirection from https context.]
expected: FAIL
[Content Security Policy: Expects allowed for worklet-paint to cross-https origin and swap-origin redirection from https context.]
expected: FAIL
[Content Security Policy: Expects allowed for worklet-paint to same-https origin and keep-origin redirection from https context.]
expected: FAIL
[Content Security Policy: Expects allowed for worklet-paint to same-https origin and no-redirect redirection from https context.]
expected: FAIL
[Content Security Policy: Expects allowed for worklet-paint to same-https origin and swap-origin redirection from https context.]
expected: FAIL

Some files were not shown because too many files have changed in this diff Show more