Run all CSP tests in CI by default. (#36436)

Extending the original set from #36402 since there are additional tests relevant to the work happening in #36409 and #36363. Testing: New tests in CI. Fixes: Part of https://github.com/servo/servo/issues/4577 Signed-off-by: Josh Matthews <josh@joshmatthews.net>
2025-09-30 16:49:16 +01:00 · 2025-04-10 04:09:23 -04:00 · 2025-04-10 04:09:23 -04:00 · c16ca22970
commit c16ca22970
parent a0730d7154
509 changed files with 5492 additions and 12 deletions
--- a/tests/wpt/meta/content-security-policy/generic/304-response-should-update-csp.sub.html.ini
+++ b/tests/wpt/meta/content-security-policy/generic/304-response-should-update-csp.sub.html.ini
@ -0,0 +1,7 @@
+[304-response-should-update-csp.sub.html]
+  expected: TIMEOUT
+  [Test that the first frame does not use nonce def]
+    expected: NOTRUN
+
+  [Test that the second frame does not use nonce abc]
+    expected: NOTRUN
--- a/tests/wpt/meta/content-security-policy/generic/directive-name-case-insensitive.sub.html.ini
+++ b/tests/wpt/meta/content-security-policy/generic/directive-name-case-insensitive.sub.html.ini
@ -0,0 +1,7 @@
+[directive-name-case-insensitive.sub.html]
+  expected: TIMEOUT
+  [Test that the www2 image is not allowed to load]
+    expected: FAIL
+
+  [Test that the www2 image throws a violation event]
+    expected: NOTRUN
--- a/tests/wpt/meta/content-security-policy/generic/filesystem-urls-do-not-match-self.sub.html.ini
+++ b/tests/wpt/meta/content-security-policy/generic/filesystem-urls-do-not-match-self.sub.html.ini
@ -0,0 +1,7 @@
+[filesystem-urls-do-not-match-self.sub.html]
+  expected: TIMEOUT
+  [Expecting logs: ["violated-directive=script-src-elem"\]]
+    expected: NOTRUN
+
+  [filesystem-urls-do-not-match-self]
+    expected: NOTRUN
--- a/tests/wpt/meta/content-security-policy/generic/filesystem-urls-match-filesystem.sub.html.ini
+++ b/tests/wpt/meta/content-security-policy/generic/filesystem-urls-match-filesystem.sub.html.ini
@ -0,0 +1,3 @@
+[filesystem-urls-match-filesystem.sub.html]
+  [Expecting logs: ["PASS (1/1)"\]]
+    expected: NOTRUN
--- a/tests/wpt/meta/content-security-policy/generic/generic-0_1-img-src.html.ini
+++ b/tests/wpt/meta/content-security-policy/generic/generic-0_1-img-src.html.ini
@ -0,0 +1,7 @@
+[generic-0_1-img-src.html]
+  expected: TIMEOUT
+  [Verify cascading of default-src to img-src policy]
+    expected: FAIL
+
+  [Should fire violation events for every failed violation]
+    expected: NOTRUN
--- a/tests/wpt/meta/content-security-policy/generic/generic-0_1-script-src.html.ini
+++ b/tests/wpt/meta/content-security-policy/generic/generic-0_1-script-src.html.ini
@ -0,0 +1,4 @@
+[generic-0_1-script-src.html]
+  expected: TIMEOUT
+  [Should fire violation events for every failed violation]
+    expected: NOTRUN
--- a/tests/wpt/meta/content-security-policy/generic/generic-0_10_1.sub.html.ini
+++ b/tests/wpt/meta/content-security-policy/generic/generic-0_10_1.sub.html.ini
@ -0,0 +1,4 @@
+[generic-0_10_1.sub.html]
+  expected: TIMEOUT
+  [Should fire violation events for every failed violation]
+    expected: NOTRUN
--- a/tests/wpt/meta/content-security-policy/generic/generic-0_2_2.sub.html.ini
+++ b/tests/wpt/meta/content-security-policy/generic/generic-0_2_2.sub.html.ini
@ -0,0 +1,4 @@
+[generic-0_2_2.sub.html]
+  expected: TIMEOUT
+  [Should fire violation events for every failed violation]
+    expected: NOTRUN
--- a/tests/wpt/meta/content-security-policy/generic/generic-0_2_3.html.ini
+++ b/tests/wpt/meta/content-security-policy/generic/generic-0_2_3.html.ini
@ -0,0 +1,4 @@
+[generic-0_2_3.html]
+  expected: TIMEOUT
+  [Should fire violation events for every failed violation]
+    expected: NOTRUN
--- a/tests/wpt/meta/content-security-policy/generic/invalid-characters-in-policy.html.ini
+++ b/tests/wpt/meta/content-security-policy/generic/invalid-characters-in-policy.html.ini
@ -0,0 +1,18 @@
+[invalid-characters-in-policy.html]
+  [Should not load image with 'none' CSP - meta tag]
+    expected: FAIL
+
+  [Should not load image with 'none' CSP - HTTP header]
+    expected: FAIL
+
+  [Non-ASCII character in directive value should not affect other directives. - meta tag]
+    expected: FAIL
+
+  [Non-ASCII character in directive value should not affect other directives. - HTTP header]
+    expected: FAIL
+
+  [Non-ASCII character in directive name should not affect other directives. - meta tag]
+    expected: FAIL
+
+  [Non-ASCII character in directive name should not affect other directives. - HTTP header]
+    expected: FAIL
--- a/tests/wpt/meta/content-security-policy/generic/only-valid-whitespaces-are-allowed.html.ini
+++ b/tests/wpt/meta/content-security-policy/generic/only-valid-whitespaces-are-allowed.html.ini
@ -0,0 +1,55 @@
+[only-valid-whitespaces-are-allowed.html]
+  expected: TIMEOUT
+  [Should not load image with 'none' CSP - meta tag]
+    expected: FAIL
+
+  [Should not load image with 'none' CSP - HTTP header]
+    expected: FAIL
+
+  [U+0009 TAB   should be properly parsed between directive name and value - meta tag]
+    expected: FAIL
+
+  [U+0009 TAB   should be properly parsed between directive name and value - HTTP header]
+    expected: FAIL
+
+  [U+000C FF    should be properly parsed between directive name and value - meta tag]
+    expected: FAIL
+
+  [U+000C FF    should be properly parsed between directive name and value - HTTP header]
+    expected: TIMEOUT
+
+  [U+000A LF    should be properly parsed between directive name and value - meta tag]
+    expected: FAIL
+
+  [U+000D CR    should be properly parsed between directive name and value - meta tag]
+    expected: FAIL
+
+  [U+0020 SPACE should be properly parsed between directive name and value - meta tag]
+    expected: FAIL
+
+  [U+0020 SPACE should be properly parsed between directive name and value - HTTP header]
+    expected: FAIL
+
+  [U+0009 TAB   should be properly parsed inside directive value - meta tag]
+    expected: FAIL
+
+  [U+0009 TAB   should be properly parsed inside directive value - HTTP header]
+    expected: FAIL
+
+  [U+000C FF    should be properly parsed inside directive value - meta tag]
+    expected: FAIL
+
+  [U+000C FF    should be properly parsed inside directive value - HTTP header]
+    expected: TIMEOUT
+
+  [U+000A LF    should be properly parsed inside directive value - meta tag]
+    expected: FAIL
+
+  [U+000D CR    should be properly parsed inside directive value - meta tag]
+    expected: FAIL
+
+  [U+0020 SPACE should be properly parsed inside directive value - meta tag]
+    expected: FAIL
+
+  [U+0020 SPACE should be properly parsed inside directive value - HTTP header]
+    expected: FAIL
--- a/tests/wpt/meta/content-security-policy/generic/policy-inherited-correctly-by-plznavigate.html.ini
+++ b/tests/wpt/meta/content-security-policy/generic/policy-inherited-correctly-by-plznavigate.html.ini
@ -0,0 +1,7 @@
+[policy-inherited-correctly-by-plznavigate.html]
+  expected: ERROR
+  [iframe still inherits correct CSP]
+    expected: NOTRUN
+
+  [Violation report status OK.]
+    expected: FAIL
--- a/tests/wpt/meta/content-security-policy/generic/src-trailing-dot.sub.any.js.ini
+++ b/tests/wpt/meta/content-security-policy/generic/src-trailing-dot.sub.any.js.ini
@ -0,0 +1,14 @@
+[src-trailing-dot.sub.any.serviceworker.html]
+  expected: ERROR
+
+[src-trailing-dot.sub.any.sharedworker.html]
+  expected: ERROR
+
+[src-trailing-dot.sub.any.html]
+  [Fetch from host with trailing dot should be allowed by CSP.]
+    expected: FAIL
+
+
+[src-trailing-dot.sub.any.worker.html]
+  [Fetch from host with trailing dot should be allowed by CSP.]
+    expected: FAIL