Run all CSP tests in CI by default. (#36436)

Extending the original set from #36402 since there are additional tests relevant to the work happening in #36409 and #36363. Testing: New tests in CI. Fixes: Part of https://github.com/servo/servo/issues/4577 Signed-off-by: Josh Matthews <josh@joshmatthews.net>
2025-09-30 00:29:14 +01:00 · 2025-04-10 04:09:23 -04:00 · 2025-04-10 04:09:23 -04:00 · c16ca22970
commit c16ca22970
parent a0730d7154
509 changed files with 5492 additions and 12 deletions
--- a/tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/sharedworker-classic.http.html.ini
+++ b/tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/sharedworker-classic.http.html.ini
@ -0,0 +1,6 @@
+[sharedworker-classic.http.html]
+  [Content Security Policy: Expects allowed for sharedworker-classic to same-http origin and keep-origin redirection from http context.]
+    expected: FAIL
+
+  [Content Security Policy: Expects allowed for sharedworker-classic to same-http origin and no-redirect redirection from http context.]
+    expected: FAIL
--- a/tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/sharedworker-classic.https.html.ini
+++ b/tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/sharedworker-classic.https.html.ini
@ -0,0 +1,6 @@
+[sharedworker-classic.https.html]
+  [Content Security Policy: Expects allowed for sharedworker-classic to same-https origin and keep-origin redirection from https context.]
+    expected: FAIL
+
+  [Content Security Policy: Expects allowed for sharedworker-classic to same-https origin and no-redirect redirection from https context.]
+    expected: FAIL
--- a/tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/sharedworker-import-data.http.html.ini
+++ b/tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/sharedworker-import-data.http.html.ini
@ -0,0 +1,18 @@
+[sharedworker-import-data.http.html]
+  [Content Security Policy: Expects blocked for sharedworker-import-data to cross-http origin and keep-origin redirection from http context.: securitypolicyviolation]
+    expected: FAIL
+
+  [Content Security Policy: Expects blocked for sharedworker-import-data to cross-http origin and no-redirect redirection from http context.: securitypolicyviolation]
+    expected: FAIL
+
+  [Content Security Policy: Expects blocked for sharedworker-import-data to cross-http origin and swap-origin redirection from http context.: securitypolicyviolation]
+    expected: FAIL
+
+  [Content Security Policy: Expects blocked for sharedworker-import-data to same-http origin and keep-origin redirection from http context.: securitypolicyviolation]
+    expected: FAIL
+
+  [Content Security Policy: Expects blocked for sharedworker-import-data to same-http origin and no-redirect redirection from http context.: securitypolicyviolation]
+    expected: FAIL
+
+  [Content Security Policy: Expects blocked for sharedworker-import-data to same-http origin and swap-origin redirection from http context.: securitypolicyviolation]
+    expected: FAIL
--- a/tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/sharedworker-import-data.https.html.ini
+++ b/tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/sharedworker-import-data.https.html.ini
@ -0,0 +1,18 @@
+[sharedworker-import-data.https.html]
+  [Content Security Policy: Expects blocked for sharedworker-import-data to cross-https origin and keep-origin redirection from https context.: securitypolicyviolation]
+    expected: FAIL
+
+  [Content Security Policy: Expects blocked for sharedworker-import-data to cross-https origin and no-redirect redirection from https context.: securitypolicyviolation]
+    expected: FAIL
+
+  [Content Security Policy: Expects blocked for sharedworker-import-data to cross-https origin and swap-origin redirection from https context.: securitypolicyviolation]
+    expected: FAIL
+
+  [Content Security Policy: Expects blocked for sharedworker-import-data to same-https origin and keep-origin redirection from https context.: securitypolicyviolation]
+    expected: FAIL
+
+  [Content Security Policy: Expects blocked for sharedworker-import-data to same-https origin and no-redirect redirection from https context.: securitypolicyviolation]
+    expected: FAIL
+
+  [Content Security Policy: Expects blocked for sharedworker-import-data to same-https origin and swap-origin redirection from https context.: securitypolicyviolation]
+    expected: FAIL
--- a/tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/sharedworker-import.http.html.ini
+++ b/tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/sharedworker-import.http.html.ini
@ -0,0 +1,18 @@
+[sharedworker-import.http.html]
+  [Content Security Policy: Expects allowed for sharedworker-import to cross-http origin and keep-origin redirection from http context.]
+    expected: FAIL
+
+  [Content Security Policy: Expects allowed for sharedworker-import to cross-http origin and no-redirect redirection from http context.]
+    expected: FAIL
+
+  [Content Security Policy: Expects allowed for sharedworker-import to cross-http origin and swap-origin redirection from http context.]
+    expected: FAIL
+
+  [Content Security Policy: Expects allowed for sharedworker-import to same-http origin and keep-origin redirection from http context.]
+    expected: FAIL
+
+  [Content Security Policy: Expects allowed for sharedworker-import to same-http origin and no-redirect redirection from http context.]
+    expected: FAIL
+
+  [Content Security Policy: Expects allowed for sharedworker-import to same-http origin and swap-origin redirection from http context.]
+    expected: FAIL
--- a/tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/sharedworker-import.https.html.ini
+++ b/tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/sharedworker-import.https.html.ini
@ -0,0 +1,18 @@
+[sharedworker-import.https.html]
+  [Content Security Policy: Expects allowed for sharedworker-import to cross-https origin and keep-origin redirection from https context.]
+    expected: FAIL
+
+  [Content Security Policy: Expects allowed for sharedworker-import to cross-https origin and no-redirect redirection from https context.]
+    expected: FAIL
+
+  [Content Security Policy: Expects allowed for sharedworker-import to cross-https origin and swap-origin redirection from https context.]
+    expected: FAIL
+
+  [Content Security Policy: Expects allowed for sharedworker-import to same-https origin and keep-origin redirection from https context.]
+    expected: FAIL
+
+  [Content Security Policy: Expects allowed for sharedworker-import to same-https origin and no-redirect redirection from https context.]
+    expected: FAIL
+
+  [Content Security Policy: Expects allowed for sharedworker-import to same-https origin and swap-origin redirection from https context.]
+    expected: FAIL
--- a/tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/sharedworker-module.http.html.ini
+++ b/tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/sharedworker-module.http.html.ini
@ -0,0 +1,6 @@
+[sharedworker-module.http.html]
+  [Content Security Policy: Expects allowed for sharedworker-module to same-http origin and keep-origin redirection from http context.]
+    expected: FAIL
+
+  [Content Security Policy: Expects allowed for sharedworker-module to same-http origin and no-redirect redirection from http context.]
+    expected: FAIL
--- a/tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/sharedworker-module.https.html.ini
+++ b/tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/sharedworker-module.https.html.ini
@ -0,0 +1,6 @@
+[sharedworker-module.https.html]
+  [Content Security Policy: Expects allowed for sharedworker-module to same-https origin and keep-origin redirection from https context.]
+    expected: FAIL
+
+  [Content Security Policy: Expects allowed for sharedworker-module to same-https origin and no-redirect redirection from https context.]
+    expected: FAIL
--- a/tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/worker-import-data.http.html.ini
+++ b/tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/worker-import-data.http.html.ini
@ -0,0 +1,18 @@
+[worker-import-data.http.html]
+  [Content Security Policy: Expects blocked for worker-import-data to cross-http origin and keep-origin redirection from http context.: securitypolicyviolation]
+    expected: FAIL
+
+  [Content Security Policy: Expects blocked for worker-import-data to cross-http origin and no-redirect redirection from http context.: securitypolicyviolation]
+    expected: FAIL
+
+  [Content Security Policy: Expects blocked for worker-import-data to cross-http origin and swap-origin redirection from http context.: securitypolicyviolation]
+    expected: FAIL
+
+  [Content Security Policy: Expects blocked for worker-import-data to same-http origin and keep-origin redirection from http context.: securitypolicyviolation]
+    expected: FAIL
+
+  [Content Security Policy: Expects blocked for worker-import-data to same-http origin and no-redirect redirection from http context.: securitypolicyviolation]
+    expected: FAIL
+
+  [Content Security Policy: Expects blocked for worker-import-data to same-http origin and swap-origin redirection from http context.: securitypolicyviolation]
+    expected: FAIL
--- a/tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/worker-import-data.https.html.ini
+++ b/tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/worker-import-data.https.html.ini
@ -0,0 +1,18 @@
+[worker-import-data.https.html]
+  [Content Security Policy: Expects blocked for worker-import-data to cross-https origin and keep-origin redirection from https context.: securitypolicyviolation]
+    expected: FAIL
+
+  [Content Security Policy: Expects blocked for worker-import-data to cross-https origin and no-redirect redirection from https context.: securitypolicyviolation]
+    expected: FAIL
+
+  [Content Security Policy: Expects blocked for worker-import-data to cross-https origin and swap-origin redirection from https context.: securitypolicyviolation]
+    expected: FAIL
+
+  [Content Security Policy: Expects blocked for worker-import-data to same-https origin and keep-origin redirection from https context.: securitypolicyviolation]
+    expected: FAIL
+
+  [Content Security Policy: Expects blocked for worker-import-data to same-https origin and no-redirect redirection from https context.: securitypolicyviolation]
+    expected: FAIL
+
+  [Content Security Policy: Expects blocked for worker-import-data to same-https origin and swap-origin redirection from https context.: securitypolicyviolation]
+    expected: FAIL
--- a/tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/worker-import.http.html.ini
+++ b/tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/worker-import.http.html.ini
@ -0,0 +1,18 @@
+[worker-import.http.html]
+  [Content Security Policy: Expects allowed for worker-import to cross-http origin and keep-origin redirection from http context.]
+    expected: FAIL
+
+  [Content Security Policy: Expects allowed for worker-import to cross-http origin and no-redirect redirection from http context.]
+    expected: FAIL
+
+  [Content Security Policy: Expects allowed for worker-import to cross-http origin and swap-origin redirection from http context.]
+    expected: FAIL
+
+  [Content Security Policy: Expects allowed for worker-import to same-http origin and keep-origin redirection from http context.]
+    expected: FAIL
+
+  [Content Security Policy: Expects allowed for worker-import to same-http origin and no-redirect redirection from http context.]
+    expected: FAIL
+
+  [Content Security Policy: Expects allowed for worker-import to same-http origin and swap-origin redirection from http context.]
+    expected: FAIL
--- a/tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/worker-import.https.html.ini
+++ b/tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/worker-import.https.html.ini
@ -0,0 +1,18 @@
+[worker-import.https.html]
+  [Content Security Policy: Expects allowed for worker-import to cross-https origin and keep-origin redirection from https context.]
+    expected: FAIL
+
+  [Content Security Policy: Expects allowed for worker-import to cross-https origin and no-redirect redirection from https context.]
+    expected: FAIL
+
+  [Content Security Policy: Expects allowed for worker-import to cross-https origin and swap-origin redirection from https context.]
+    expected: FAIL
+
+  [Content Security Policy: Expects allowed for worker-import to same-https origin and keep-origin redirection from https context.]
+    expected: FAIL
+
+  [Content Security Policy: Expects allowed for worker-import to same-https origin and no-redirect redirection from https context.]
+    expected: FAIL
+
+  [Content Security Policy: Expects allowed for worker-import to same-https origin and swap-origin redirection from https context.]
+    expected: FAIL
--- a/tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/worklet-animation-import-data.https.html.ini
+++ b/tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/worklet-animation-import-data.https.html.ini
@ -0,0 +1,18 @@
+[worklet-animation-import-data.https.html]
+  [Content Security Policy: Expects allowed for worklet-animation-import-data to cross-https origin and keep-origin redirection from https context.]
+    expected: FAIL
+
+  [Content Security Policy: Expects allowed for worklet-animation-import-data to cross-https origin and no-redirect redirection from https context.]
+    expected: FAIL
+
+  [Content Security Policy: Expects allowed for worklet-animation-import-data to cross-https origin and swap-origin redirection from https context.]
+    expected: FAIL
+
+  [Content Security Policy: Expects allowed for worklet-animation-import-data to same-https origin and keep-origin redirection from https context.]
+    expected: FAIL
+
+  [Content Security Policy: Expects allowed for worklet-animation-import-data to same-https origin and no-redirect redirection from https context.]
+    expected: FAIL
+
+  [Content Security Policy: Expects allowed for worklet-animation-import-data to same-https origin and swap-origin redirection from https context.]
+    expected: FAIL
--- a/tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/worklet-animation.https.html.ini
+++ b/tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/worklet-animation.https.html.ini
@ -0,0 +1,18 @@
+[worklet-animation.https.html]
+  [Content Security Policy: Expects allowed for worklet-animation to cross-https origin and keep-origin redirection from https context.]
+    expected: FAIL
+
+  [Content Security Policy: Expects allowed for worklet-animation to cross-https origin and no-redirect redirection from https context.]
+    expected: FAIL
+
+  [Content Security Policy: Expects allowed for worklet-animation to cross-https origin and swap-origin redirection from https context.]
+    expected: FAIL
+
+  [Content Security Policy: Expects allowed for worklet-animation to same-https origin and keep-origin redirection from https context.]
+    expected: FAIL
+
+  [Content Security Policy: Expects allowed for worklet-animation to same-https origin and no-redirect redirection from https context.]
+    expected: FAIL
+
+  [Content Security Policy: Expects allowed for worklet-animation to same-https origin and swap-origin redirection from https context.]
+    expected: FAIL
--- a/tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/worklet-audio-import-data.https.html.ini
+++ b/tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/worklet-audio-import-data.https.html.ini
@ -0,0 +1,18 @@
+[worklet-audio-import-data.https.html]
+  [Content Security Policy: Expects allowed for worklet-audio-import-data to cross-https origin and keep-origin redirection from https context.]
+    expected: FAIL
+
+  [Content Security Policy: Expects allowed for worklet-audio-import-data to cross-https origin and no-redirect redirection from https context.]
+    expected: FAIL
+
+  [Content Security Policy: Expects allowed for worklet-audio-import-data to cross-https origin and swap-origin redirection from https context.]
+    expected: FAIL
+
+  [Content Security Policy: Expects allowed for worklet-audio-import-data to same-https origin and keep-origin redirection from https context.]
+    expected: FAIL
+
+  [Content Security Policy: Expects allowed for worklet-audio-import-data to same-https origin and no-redirect redirection from https context.]
+    expected: FAIL
+
+  [Content Security Policy: Expects allowed for worklet-audio-import-data to same-https origin and swap-origin redirection from https context.]
+    expected: FAIL
--- a/tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/worklet-audio.https.html.ini
+++ b/tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/worklet-audio.https.html.ini
@ -0,0 +1,18 @@
+[worklet-audio.https.html]
+  [Content Security Policy: Expects allowed for worklet-audio to cross-https origin and keep-origin redirection from https context.]
+    expected: FAIL
+
+  [Content Security Policy: Expects allowed for worklet-audio to cross-https origin and no-redirect redirection from https context.]
+    expected: FAIL
+
+  [Content Security Policy: Expects allowed for worklet-audio to cross-https origin and swap-origin redirection from https context.]
+    expected: FAIL
+
+  [Content Security Policy: Expects allowed for worklet-audio to same-https origin and keep-origin redirection from https context.]
+    expected: FAIL
+
+  [Content Security Policy: Expects allowed for worklet-audio to same-https origin and no-redirect redirection from https context.]
+    expected: FAIL
+
+  [Content Security Policy: Expects allowed for worklet-audio to same-https origin and swap-origin redirection from https context.]
+    expected: FAIL
--- a/tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/worklet-layout-import-data.https.html.ini
+++ b/tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/worklet-layout-import-data.https.html.ini
@ -0,0 +1,18 @@
+[worklet-layout-import-data.https.html]
+  [Content Security Policy: Expects allowed for worklet-layout-import-data to cross-https origin and keep-origin redirection from https context.]
+    expected: FAIL
+
+  [Content Security Policy: Expects allowed for worklet-layout-import-data to cross-https origin and no-redirect redirection from https context.]
+    expected: FAIL
+
+  [Content Security Policy: Expects allowed for worklet-layout-import-data to cross-https origin and swap-origin redirection from https context.]
+    expected: FAIL
+
+  [Content Security Policy: Expects allowed for worklet-layout-import-data to same-https origin and keep-origin redirection from https context.]
+    expected: FAIL
+
+  [Content Security Policy: Expects allowed for worklet-layout-import-data to same-https origin and no-redirect redirection from https context.]
+    expected: FAIL
+
+  [Content Security Policy: Expects allowed for worklet-layout-import-data to same-https origin and swap-origin redirection from https context.]
+    expected: FAIL
--- a/tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/worklet-layout.https.html.ini
+++ b/tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/worklet-layout.https.html.ini
@ -0,0 +1,18 @@
+[worklet-layout.https.html]
+  [Content Security Policy: Expects allowed for worklet-layout to cross-https origin and keep-origin redirection from https context.]
+    expected: FAIL
+
+  [Content Security Policy: Expects allowed for worklet-layout to cross-https origin and no-redirect redirection from https context.]
+    expected: FAIL
+
+  [Content Security Policy: Expects allowed for worklet-layout to cross-https origin and swap-origin redirection from https context.]
+    expected: FAIL
+
+  [Content Security Policy: Expects allowed for worklet-layout to same-https origin and keep-origin redirection from https context.]
+    expected: FAIL
+
+  [Content Security Policy: Expects allowed for worklet-layout to same-https origin and no-redirect redirection from https context.]
+    expected: FAIL
+
+  [Content Security Policy: Expects allowed for worklet-layout to same-https origin and swap-origin redirection from https context.]
+    expected: FAIL
--- a/tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/worklet-paint-import-data.https.html.ini
+++ b/tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/worklet-paint-import-data.https.html.ini
@ -0,0 +1,18 @@
+[worklet-paint-import-data.https.html]
+  [Content Security Policy: Expects allowed for worklet-paint-import-data to cross-https origin and keep-origin redirection from https context.]
+    expected: FAIL
+
+  [Content Security Policy: Expects allowed for worklet-paint-import-data to cross-https origin and no-redirect redirection from https context.]
+    expected: FAIL
+
+  [Content Security Policy: Expects allowed for worklet-paint-import-data to cross-https origin and swap-origin redirection from https context.]
+    expected: FAIL
+
+  [Content Security Policy: Expects allowed for worklet-paint-import-data to same-https origin and keep-origin redirection from https context.]
+    expected: FAIL
+
+  [Content Security Policy: Expects allowed for worklet-paint-import-data to same-https origin and no-redirect redirection from https context.]
+    expected: FAIL
+
+  [Content Security Policy: Expects allowed for worklet-paint-import-data to same-https origin and swap-origin redirection from https context.]
+    expected: FAIL
--- a/tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/worklet-paint.https.html.ini
+++ b/tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/worklet-paint.https.html.ini
@ -0,0 +1,18 @@
+[worklet-paint.https.html]
+  [Content Security Policy: Expects allowed for worklet-paint to cross-https origin and keep-origin redirection from https context.]
+    expected: FAIL
+
+  [Content Security Policy: Expects allowed for worklet-paint to cross-https origin and no-redirect redirection from https context.]
+    expected: FAIL
+
+  [Content Security Policy: Expects allowed for worklet-paint to cross-https origin and swap-origin redirection from https context.]
+    expected: FAIL
+
+  [Content Security Policy: Expects allowed for worklet-paint to same-https origin and keep-origin redirection from https context.]
+    expected: FAIL
+
+  [Content Security Policy: Expects allowed for worklet-paint to same-https origin and no-redirect redirection from https context.]
+    expected: FAIL
+
+  [Content Security Policy: Expects allowed for worklet-paint to same-https origin and swap-origin redirection from https context.]
+    expected: FAIL