Run all CSP tests in CI by default. (#36436)

Extending the original set from #36402 since there are additional tests relevant to the work happening in #36409 and #36363. Testing: New tests in CI. Fixes: Part of https://github.com/servo/servo/issues/4577 Signed-off-by: Josh Matthews <josh@joshmatthews.net>
2025-09-30 16:49:16 +01:00 · 2025-04-10 04:09:23 -04:00 · 2025-04-10 04:09:23 -04:00 · c16ca22970
commit c16ca22970
parent a0730d7154
509 changed files with 5492 additions and 12 deletions
--- a/tests/wpt/meta/content-security-policy/reporting/multiple-report-policies.html.ini
+++ b/tests/wpt/meta/content-security-policy/reporting/multiple-report-policies.html.ini
@ -0,0 +1,6 @@
+[multiple-report-policies.html]
+  [2-Violation report status OK]
+    expected: FAIL
+
+  [1-Violation report status OK]
+    expected: FAIL
--- a/tests/wpt/meta/content-security-policy/reporting/post-redirect-stacktrace.https.html.ini
+++ b/tests/wpt/meta/content-security-policy/reporting/post-redirect-stacktrace.https.html.ini
@ -0,0 +1,13 @@
+[post-redirect-stacktrace.https.html]
+  expected: ERROR
+  [StackTrace do not leak cross-origin post-redirect URL]
+    expected: FAIL
+
+  [StackTrace do not leak cross-site post-redirect URL]
+    expected: FAIL
+
+  [CSP report do not leak cross-origin post-redirect URL]
+    expected: NOTRUN
+
+  [CSP report do not leak cross-site post-redirect URL]
+    expected: NOTRUN
--- a/tests/wpt/meta/content-security-policy/reporting/report-and-enforce.html.ini
+++ b/tests/wpt/meta/content-security-policy/reporting/report-and-enforce.html.ini
@ -0,0 +1,6 @@
+[report-and-enforce.html]
+  [The image should be blocked]
+    expected: FAIL
+
+  [Violation report status OK.]
+    expected: FAIL
--- a/tests/wpt/meta/content-security-policy/reporting/report-blocked-data-uri.html.ini
+++ b/tests/wpt/meta/content-security-policy/reporting/report-blocked-data-uri.html.ini
@ -0,0 +1,3 @@
+[report-blocked-data-uri.html]
+  [Violation report status OK.]
+    expected: FAIL
--- a/tests/wpt/meta/content-security-policy/reporting/report-blocked-uri-cross-origin.sub.html.ini
+++ b/tests/wpt/meta/content-security-policy/reporting/report-blocked-uri-cross-origin.sub.html.ini
@ -0,0 +1,3 @@
+[report-blocked-uri-cross-origin.sub.html]
+  [Violation report status OK.]
+    expected: FAIL
--- a/tests/wpt/meta/content-security-policy/reporting/report-blocked-uri.html.ini
+++ b/tests/wpt/meta/content-security-policy/reporting/report-blocked-uri.html.ini
@ -0,0 +1,3 @@
+[report-blocked-uri.html]
+  [Violation report status OK.]
+    expected: FAIL
--- a/tests/wpt/meta/content-security-policy/reporting/report-clips-sample.https.html.ini
+++ b/tests/wpt/meta/content-security-policy/reporting/report-clips-sample.https.html.ini
@ -0,0 +1,21 @@
+[report-clips-sample.https.html]
+  [Unsafe eval violation sample is clipped to 40 characters.]
+    expected: FAIL
+
+  [Unsafe indirect eval violation sample is clipped to 40 characters.]
+    expected: FAIL
+
+  [Function constructor - the other kind of eval - is clipped.]
+    expected: FAIL
+
+  [Async Function constructor is also clipped.]
+    expected: FAIL
+
+  [Generator Function constructor is also clipped.]
+    expected: FAIL
+
+  [AsyncGenerator Function constructor is also clipped.]
+    expected: FAIL
+
+  [Trusted Types violation sample is clipped to 40 characters excluded the sink name.]
+    expected: FAIL
--- a/tests/wpt/meta/content-security-policy/reporting/report-cross-origin-no-cookies.sub.html.ini
+++ b/tests/wpt/meta/content-security-policy/reporting/report-cross-origin-no-cookies.sub.html.ini
@ -0,0 +1,3 @@
+[report-cross-origin-no-cookies.sub.html]
+  [Violation report status OK.]
+    expected: FAIL
--- a/tests/wpt/meta/content-security-policy/reporting/report-frame-ancestors-no-parent-cookies.sub.html.ini
+++ b/tests/wpt/meta/content-security-policy/reporting/report-frame-ancestors-no-parent-cookies.sub.html.ini
@ -0,0 +1,3 @@
+[report-frame-ancestors-no-parent-cookies.sub.html]
+  [Violation report status OK.]
+    expected: FAIL
--- a/tests/wpt/meta/content-security-policy/reporting/report-frame-ancestors-with-x-frame-options.sub.html.ini
+++ b/tests/wpt/meta/content-security-policy/reporting/report-frame-ancestors-with-x-frame-options.sub.html.ini
@ -0,0 +1,3 @@
+[report-frame-ancestors-with-x-frame-options.sub.html]
+  [Violation report status OK.]
+    expected: FAIL
--- a/tests/wpt/meta/content-security-policy/reporting/report-frame-ancestors.sub.html.ini
+++ b/tests/wpt/meta/content-security-policy/reporting/report-frame-ancestors.sub.html.ini
@ -0,0 +1,3 @@
+[report-frame-ancestors.sub.html]
+  [Violation report status OK.]
+    expected: FAIL
--- a/tests/wpt/meta/content-security-policy/reporting/report-multiple-violations-01.html.ini
+++ b/tests/wpt/meta/content-security-policy/reporting/report-multiple-violations-01.html.ini
@ -0,0 +1,6 @@
+[report-multiple-violations-01.html]
+  [Violation report status OK.]
+    expected: FAIL
+
+  [Test number of sent reports.]
+    expected: FAIL
--- a/tests/wpt/meta/content-security-policy/reporting/report-multiple-violations-02.html.ini
+++ b/tests/wpt/meta/content-security-policy/reporting/report-multiple-violations-02.html.ini
@ -0,0 +1,6 @@
+[report-multiple-violations-02.html]
+  [Violation report status OK.]
+    expected: FAIL
+
+  [Test number of sent reports.]
+    expected: FAIL
--- a/tests/wpt/meta/content-security-policy/reporting/report-only-cross-origin-frame.sub.html.ini
+++ b/tests/wpt/meta/content-security-policy/reporting/report-only-cross-origin-frame.sub.html.ini
@ -0,0 +1,7 @@
+[report-only-cross-origin-frame.sub.html]
+  expected: TIMEOUT
+  [The securitypolicyviolation is triggered.]
+    expected: NOTRUN
+
+  [Violation report status OK.]
+    expected: FAIL
--- a/tests/wpt/meta/content-security-policy/reporting/report-only-unsafe-eval.html.ini
+++ b/tests/wpt/meta/content-security-policy/reporting/report-only-unsafe-eval.html.ini
@ -0,0 +1,6 @@
+[report-only-unsafe-eval.html]
+  [SPV event is still raised]
+    expected: FAIL
+
+  [Violation report status OK.]
+    expected: FAIL
--- a/tests/wpt/meta/content-security-policy/reporting/report-original-url-on-mixed-content-frame.https.sub.html.ini
+++ b/tests/wpt/meta/content-security-policy/reporting/report-original-url-on-mixed-content-frame.https.sub.html.ini
@ -0,0 +1,3 @@
+[report-original-url-on-mixed-content-frame.https.sub.html]
+  [Violation report status OK.]
+    expected: FAIL
--- a/tests/wpt/meta/content-security-policy/reporting/report-original-url.sub.html.ini
+++ b/tests/wpt/meta/content-security-policy/reporting/report-original-url.sub.html.ini
@ -0,0 +1,16 @@
+[report-original-url.sub.html]
+  expected: TIMEOUT
+  [Direct block, same-origin = full URL in report]
+    expected: TIMEOUT
+
+  [Direct block, cross-origin = full URL in report]
+    expected: TIMEOUT
+
+  [Block after redirect, same-origin = original URL in report]
+    expected: TIMEOUT
+
+  [Block after redirect, cross-origin = original URL in report]
+    expected: TIMEOUT
+
+  [Violation report status OK.]
+    expected: FAIL
--- a/tests/wpt/meta/content-security-policy/reporting/report-preload-and-consume.https.html.ini
+++ b/tests/wpt/meta/content-security-policy/reporting/report-preload-and-consume.https.html.ini
@ -0,0 +1,4 @@
+[report-preload-and-consume.https.html]
+  expected: TIMEOUT
+  [Reporting endpoints received credentials.]
+    expected: TIMEOUT
--- a/tests/wpt/meta/content-security-policy/reporting/report-same-origin-with-cookies.html.ini
+++ b/tests/wpt/meta/content-security-policy/reporting/report-same-origin-with-cookies.html.ini
@ -0,0 +1,9 @@
+[report-same-origin-with-cookies.html]
+  [Image should not load]
+    expected: FAIL
+
+  [Violation report status OK.]
+    expected: FAIL
+
+  [Test report cookies.]
+    expected: FAIL
--- a/tests/wpt/meta/content-security-policy/reporting/report-strips-fragment.html.ini
+++ b/tests/wpt/meta/content-security-policy/reporting/report-strips-fragment.html.ini
@ -0,0 +1,4 @@
+[report-strips-fragment.html]
+  expected: TIMEOUT
+  [Reported document URI does not contain fragments.]
+    expected: TIMEOUT
--- a/tests/wpt/meta/content-security-policy/reporting/report-uri-effective-directive.html.ini
+++ b/tests/wpt/meta/content-security-policy/reporting/report-uri-effective-directive.html.ini
@ -0,0 +1,3 @@
+[report-uri-effective-directive.html]
+  [Violation report status OK.]
+    expected: FAIL
--- a/tests/wpt/meta/content-security-policy/reporting/report-uri-from-child-frame.html.ini
+++ b/tests/wpt/meta/content-security-policy/reporting/report-uri-from-child-frame.html.ini
@ -0,0 +1,3 @@
+[report-uri-from-child-frame.html]
+  [Violation report status OK.]
+    expected: FAIL
--- a/tests/wpt/meta/content-security-policy/reporting/report-uri-from-inline-javascript.html.ini
+++ b/tests/wpt/meta/content-security-policy/reporting/report-uri-from-inline-javascript.html.ini
@ -0,0 +1,3 @@
+[report-uri-from-inline-javascript.html]
+  [Violation report status OK.]
+    expected: FAIL
--- a/tests/wpt/meta/content-security-policy/reporting/report-uri-from-javascript.html.ini
+++ b/tests/wpt/meta/content-security-policy/reporting/report-uri-from-javascript.html.ini
@ -0,0 +1,3 @@
+[report-uri-from-javascript.html]
+  [Violation report status OK.]
+    expected: FAIL
--- a/tests/wpt/meta/content-security-policy/reporting/report-uri-multiple-reversed.html.ini
+++ b/tests/wpt/meta/content-security-policy/reporting/report-uri-multiple-reversed.html.ini
@ -0,0 +1,3 @@
+[report-uri-multiple-reversed.html]
+  [Violation report status OK.]
+    expected: FAIL
--- a/tests/wpt/meta/content-security-policy/reporting/report-uri-multiple.html.ini
+++ b/tests/wpt/meta/content-security-policy/reporting/report-uri-multiple.html.ini
@ -0,0 +1,3 @@
+[report-uri-multiple.html]
+  [Violation report status OK.]
+    expected: FAIL
--- a/tests/wpt/meta/content-security-policy/reporting/report-uri-scheme-relative.html.ini
+++ b/tests/wpt/meta/content-security-policy/reporting/report-uri-scheme-relative.html.ini
@ -0,0 +1,3 @@
+[report-uri-scheme-relative.html]
+  [Violation report status OK.]
+    expected: FAIL