Run subset of CSP tests by default. (#36402)

This will establish a baseline for the changes from #36363.

Testing: New tests in CI.
Fixes: Part of #4577

Signed-off-by: Josh Matthews <josh@joshmatthews.net>

tests/wpt/include.ini

@@ -12,6 +12,14 @@ skip: true
   [samesite]
     skip: true
 [content-security-policy]
+  [child-src]
+    skip: false
+  [connect-src]
+    skip: false
+  [default-src]
+    skip: false
+  [securitypolicyviolation]
+    skip: false
   [unsafe-eval]
     skip: false
   [wasm-unsafe-eval]

tests/wpt/meta/content-security-policy/child-src/child-src-blocked.sub.html.ini

@@ -0,0 +1,3 @@
+[child-src-blocked.sub.html]
+  [Expecting logs: ["PASS IFrame #1 generated a load event.", "violated-directive=frame-src"\]]
+    expected: FAIL

tests/wpt/meta/content-security-policy/child-src/child-src-conflicting-frame-src.sub.html.ini

@@ -0,0 +1,3 @@
+[child-src-conflicting-frame-src.sub.html]
+  [Expecting logs: ["PASS IFrame #1 generated a load event.", "violated-directive=frame-src"\]]
+    expected: FAIL

tests/wpt/meta/content-security-policy/child-src/child-src-cross-origin-load.sub.html.ini

@@ -0,0 +1,3 @@
+[child-src-cross-origin-load.sub.html]
+  [Two of the three iframe are expected to load.]
+    expected: FAIL

tests/wpt/meta/content-security-policy/child-src/child-src-redirect-blocked.sub.html.ini

@@ -0,0 +1,3 @@
+[child-src-redirect-blocked.sub.html]
+  [Expecting logs: ["PASS IFrame #1 generated a load event.", "violated-directive=frame-src"\]]
+    expected: FAIL

tests/wpt/meta/content-security-policy/child-src/child-src-worker-blocked.sub.html.ini

@@ -0,0 +1,7 @@
+[child-src-worker-blocked.sub.html]
+  expected: ERROR
+  [Should throw a securitypolicyviolation event]
+    expected: TIMEOUT
+
+  [Should block worker because it does not match any directive including the deprecated 'child-src']
+    expected: TIMEOUT

tests/wpt/meta/content-security-policy/connect-src/connect-src-beacon-allowed.sub.html.ini

@@ -0,0 +1,3 @@
+[connect-src-beacon-allowed.sub.html]
+  [Expecting logs: ["Pass"\]]
+    expected: NOTRUN

tests/wpt/meta/content-security-policy/connect-src/connect-src-beacon-blocked.sub.html.ini

@@ -0,0 +1,3 @@
+[connect-src-beacon-blocked.sub.html]
+  [Expecting logs: ["Pass", "violated-directive=connect-src"\]]
+    expected: NOTRUN

tests/wpt/meta/content-security-policy/connect-src/connect-src-beacon-redirect-to-blocked.sub.html.ini

@@ -0,0 +1,3 @@
+[connect-src-beacon-redirect-to-blocked.sub.html]
+  [Expecting logs: ["violated-directive=connect-src"\]]
+    expected: NOTRUN

tests/wpt/meta/content-security-policy/connect-src/connect-src-eventsource-blocked.sub.html.ini

@@ -0,0 +1,3 @@
+[connect-src-eventsource-blocked.sub.html]
+  [Expecting logs: ["blocked","violated-directive=connect-src"\]]
+    expected: FAIL

tests/wpt/meta/content-security-policy/connect-src/connect-src-eventsource-redirect-to-blocked.sub.html.ini

@@ -0,0 +1,3 @@
+[connect-src-eventsource-redirect-to-blocked.sub.html]
+  [Expecting logs: ["PASS EventSource() did not follow the disallowed redirect.","TEST COMPLETE", "violated-directive=connect-src"\]]
+    expected: FAIL

tests/wpt/meta/content-security-policy/connect-src/connect-src-json-import-allowed.sub.html.ini

@@ -0,0 +1,2 @@
+[connect-src-json-import-allowed.sub.html]
+  expected: ERROR

tests/wpt/meta/content-security-policy/connect-src/connect-src-json-import-blocked.sub.html.ini

@@ -0,0 +1,2 @@
+[connect-src-json-import-blocked.sub.html]
+  expected: ERROR

tests/wpt/meta/content-security-policy/connect-src/connect-src-syncxmlhttprequest-blocked.sub.html.ini

@@ -0,0 +1,3 @@
+[connect-src-syncxmlhttprequest-blocked.sub.html]
+  [Expecting logs: ["Pass","violated-directive=connect-src"\]]
+    expected: FAIL

tests/wpt/meta/content-security-policy/connect-src/connect-src-syncxmlhttprequest-redirect-to-blocked.sub.html.ini

@@ -0,0 +1,3 @@
+[connect-src-syncxmlhttprequest-redirect-to-blocked.sub.html]
+  [Expecting logs: ["PASS Sync XMLHttpRequest.send() did not follow the disallowed redirect.","TEST COMPLETE","violated-directive=connect-src"\]]
+    expected: FAIL

tests/wpt/meta/content-security-policy/connect-src/connect-src-websocket-blocked.sub.html.ini

@@ -0,0 +1,3 @@
+[connect-src-websocket-blocked.sub.html]
+  [Expecting logs: ["blocked","violated-directive=connect-src"\]]
+    expected: FAIL

tests/wpt/meta/content-security-policy/connect-src/connect-src-xmlhttprequest-blocked.sub.html.ini

@@ -0,0 +1,3 @@
+[connect-src-xmlhttprequest-blocked.sub.html]
+  [Expecting logs: ["Pass","violated-directive=connect-src"\]]
+    expected: FAIL

tests/wpt/meta/content-security-policy/connect-src/connect-src-xmlhttprequest-redirect-to-blocked.sub.html.ini

@@ -0,0 +1,3 @@
+[connect-src-xmlhttprequest-redirect-to-blocked.sub.html]
+  [Expecting logs: ["PASS XMLHttpRequest.send() did not follow the disallowed redirect.","TEST COMPLETE","violated-directive=connect-src"\]]
+    expected: FAIL

tests/wpt/meta/content-security-policy/connect-src/shared-worker-connect-src-allowed.sub.html.ini

@@ -0,0 +1,4 @@
+[shared-worker-connect-src-allowed.sub.html]
+  expected: ERROR
+  [Expecting logs: ["xhr allowed","TEST COMPLETE"\]]
+    expected: FAIL

tests/wpt/meta/content-security-policy/connect-src/shared-worker-connect-src-blocked.sub.html.ini

@@ -0,0 +1,3 @@
+[shared-worker-connect-src-blocked.sub.html]
+  [Expecting logs: ["xhr blocked","TEST COMPLETE"\]]
+    expected: NOTRUN

tests/wpt/meta/content-security-policy/connect-src/worker-connect-src-blocked.sub.html.ini

@@ -0,0 +1,3 @@
+[worker-connect-src-blocked.sub.html]
+  [Expecting logs: ["xhr blocked","TEST COMPLETE"\]]
+    expected: FAIL

tests/wpt/meta/content-security-policy/connect-src/worker-from-guid.sub.html.ini

@@ -0,0 +1,3 @@
+[worker-from-guid.sub.html]
+  [Expecting logs: ["violated-directive=connect-src","xhr blocked","TEST COMPLETE"\]]
+    expected: FAIL

tests/wpt/meta/content-security-policy/default-src/default-src-inline-blocked.sub.html.ini

@@ -0,0 +1,3 @@
+[default-src-inline-blocked.sub.html]
+  [Expecting logs: ["violated-directive=script-src-elem","violated-directive=script-src-elem"\]]
+    expected: FAIL

tests/wpt/meta/content-security-policy/default-src/default-src-sri_hash.sub.html.ini

@@ -0,0 +1,9 @@
+[default-src-sri_hash.sub.html]
+  [multiple matching integrity]
+    expected: FAIL
+
+  [partially matching integrity]
+    expected: FAIL
+
+  [External script in a script tag with matching SRI hash should run.]
+    expected: FAIL

tests/wpt/meta/content-security-policy/default-src/default-src-strict_dynamic_and_unsafe_inline.html.ini

@@ -0,0 +1,4 @@
+[default-src-strict_dynamic_and_unsafe_inline.html]
+  expected: TIMEOUT
+  [Should fire a security policy violation for the inline block]
+    expected: NOTRUN

tests/wpt/meta/content-security-policy/securitypolicyviolation/blockeduri-eval.html.ini

@@ -0,0 +1,4 @@
+[blockeduri-eval.html]
+  expected: TIMEOUT
+  [Eval violations have a blockedURI of 'eval']
+    expected: TIMEOUT

tests/wpt/meta/content-security-policy/securitypolicyviolation/blockeduri-inline.html.ini

@@ -0,0 +1,4 @@
+[blockeduri-inline.html]
+  expected: TIMEOUT
+  [Inline violations have a blockedURI of 'inline']
+    expected: TIMEOUT

tests/wpt/meta/content-security-policy/securitypolicyviolation/blockeduri-ws-wss-scheme.html.ini

@@ -0,0 +1,13 @@
+[blockeduri-ws-wss-scheme.html]
+  expected: TIMEOUT
+  [ws]
+    expected: FAIL
+
+  [wss]
+    expected: FAIL
+
+  [cross-origin]
+    expected: FAIL
+
+  [redirect]
+    expected: TIMEOUT

tests/wpt/meta/content-security-policy/securitypolicyviolation/idlharness.window.js.ini

@@ -0,0 +1,54 @@
+[idlharness.window.html]
+  [CSPViolationReportBody interface: existence and properties of interface object]
+    expected: FAIL
+
+  [CSPViolationReportBody interface object length]
+    expected: FAIL
+
+  [CSPViolationReportBody interface object name]
+    expected: FAIL
+
+  [CSPViolationReportBody interface: existence and properties of interface prototype object]
+    expected: FAIL
+
+  [CSPViolationReportBody interface: existence and properties of interface prototype object's "constructor" property]
+    expected: FAIL
+
+  [CSPViolationReportBody interface: existence and properties of interface prototype object's @@unscopables property]
+    expected: FAIL
+
+  [CSPViolationReportBody interface: operation toJSON()]
+    expected: FAIL
+
+  [CSPViolationReportBody interface: attribute documentURL]
+    expected: FAIL
+
+  [CSPViolationReportBody interface: attribute referrer]
+    expected: FAIL
+
+  [CSPViolationReportBody interface: attribute blockedURL]
+    expected: FAIL
+
+  [CSPViolationReportBody interface: attribute effectiveDirective]
+    expected: FAIL
+
+  [CSPViolationReportBody interface: attribute originalPolicy]
+    expected: FAIL
+
+  [CSPViolationReportBody interface: attribute sourceFile]
+    expected: FAIL
+
+  [CSPViolationReportBody interface: attribute sample]
+    expected: FAIL
+
+  [CSPViolationReportBody interface: attribute disposition]
+    expected: FAIL
+
+  [CSPViolationReportBody interface: attribute statusCode]
+    expected: FAIL
+
+  [CSPViolationReportBody interface: attribute lineNumber]
+    expected: FAIL
+
+  [CSPViolationReportBody interface: attribute columnNumber]
+    expected: FAIL

tests/wpt/meta/content-security-policy/securitypolicyviolation/img-src-redirect-upgrade-reporting.https.html.ini

@@ -0,0 +1,4 @@
+[img-src-redirect-upgrade-reporting.https.html]
+  expected: TIMEOUT
+  [Image that redirects to http:// URL prohibited by Report-Only must generate a violation report, even with upgrade-insecure-requests]
+    expected: TIMEOUT

tests/wpt/meta/content-security-policy/securitypolicyviolation/img-src-redirect.sub.html.ini

@@ -0,0 +1,3 @@
+[img-src-redirect.sub.html]
+  [The blocked URI in the security policy violation event should be the original URI before redirects.]
+    expected: FAIL

tests/wpt/meta/content-security-policy/securitypolicyviolation/inside-dedicated-worker.html.ini

@@ -0,0 +1,7 @@
+[inside-dedicated-worker.html]
+  expected: TIMEOUT
+  [SecurityPolicyViolation event fired on global.]
+    expected: FAIL
+
+  [SecurityPolicyViolation event fired on global with the correct blockedURI.]
+    expected: TIMEOUT

tests/wpt/meta/content-security-policy/securitypolicyviolation/inside-service-worker.https.html.ini

@@ -0,0 +1,2 @@
+[inside-service-worker.https.html]
+  expected: TIMEOUT

tests/wpt/meta/content-security-policy/securitypolicyviolation/inside-shared-worker.html.ini

@@ -0,0 +1,2 @@
+[inside-shared-worker.html]
+  expected: ERROR

tests/wpt/meta/content-security-policy/securitypolicyviolation/linenumber.tentative.html.ini

@@ -0,0 +1,3 @@
+[linenumber.tentative.html]
+  [linenumber]
+    expected: FAIL

tests/wpt/meta/content-security-policy/securitypolicyviolation/script-sample-no-opt-in.html.ini

@@ -0,0 +1,13 @@
+[script-sample-no-opt-in.html]
+  expected: ERROR
+  [Inline script should not have a sample.]
+    expected: TIMEOUT
+
+  [Inline event handlers should not have a sample.]
+    expected: TIMEOUT
+
+  [JavaScript URLs in iframes should not have a sample.]
+    expected: TIMEOUT
+
+  [eval()-alikes should not have a sample.]
+    expected: TIMEOUT

tests/wpt/meta/content-security-policy/securitypolicyviolation/script-sample.html.ini

@@ -0,0 +1,19 @@
+[script-sample.html]
+  expected: ERROR
+  [Inline script should have a sample.]
+    expected: TIMEOUT
+
+  [Inline event handlers should have a sample.]
+    expected: TIMEOUT
+
+  [JavaScript URLs in iframes should have a sample.]
+    expected: TIMEOUT
+
+  [eval() should have a sample.]
+    expected: TIMEOUT
+
+  [setInterval() should have a sample.]
+    expected: TIMEOUT
+
+  [setTimeout() should have a sample.]
+    expected: TIMEOUT

tests/wpt/meta/content-security-policy/securitypolicyviolation/securitypolicyviolation-block-cross-origin-image-from-script.sub.html.ini

@@ -0,0 +1,4 @@
+[securitypolicyviolation-block-cross-origin-image-from-script.sub.html]
+  expected: TIMEOUT
+  [Non-redirected cross-origin URLs are not stripped.]
+    expected: TIMEOUT

tests/wpt/meta/content-security-policy/securitypolicyviolation/securitypolicyviolation-block-cross-origin-image.sub.html.ini

@@ -0,0 +1,4 @@
+[securitypolicyviolation-block-cross-origin-image.sub.html]
+  expected: TIMEOUT
+  [Non-redirected cross-origin URLs are not stripped.]
+    expected: TIMEOUT

tests/wpt/meta/content-security-policy/securitypolicyviolation/securitypolicyviolation-block-image-from-script.sub.html.ini

@@ -0,0 +1,4 @@
+[securitypolicyviolation-block-image-from-script.sub.html]
+  expected: TIMEOUT
+  [Non-redirected cross-origin URLs are not stripped.]
+    expected: TIMEOUT

tests/wpt/meta/content-security-policy/securitypolicyviolation/securitypolicyviolation-block-image.sub.html.ini

@@ -0,0 +1,4 @@
+[securitypolicyviolation-block-image.sub.html]
+  expected: TIMEOUT
+  [Non-redirected same-origin URLs are not stripped.]
+    expected: TIMEOUT

tests/wpt/meta/content-security-policy/securitypolicyviolation/source-file-blob-scheme.html.ini

@@ -0,0 +1,4 @@
+[source-file-blob-scheme.html]
+  expected: TIMEOUT
+  [Violations from data:-URL scripts have a sourceFile of 'blob']
+    expected: TIMEOUT

tests/wpt/meta/content-security-policy/securitypolicyviolation/source-file-data-scheme.html.ini

@@ -0,0 +1,4 @@
+[source-file-data-scheme.html]
+  expected: TIMEOUT
+  [Violations from data:-URL scripts have a sourceFile of 'data']
+    expected: TIMEOUT

tests/wpt/meta/content-security-policy/securitypolicyviolation/source-file.html.ini

@@ -0,0 +1,51 @@
+[source-file.html]
+  [Basic HTTPS URL]
+    expected: FAIL
+
+  [Basic HTTP URL]
+    expected: FAIL
+
+  [Basic WSS URL]
+    expected: FAIL
+
+  [Basic WS URL]
+    expected: FAIL
+
+  [Fragment]
+    expected: FAIL
+
+  [Query]
+    expected: FAIL
+
+  [Port]
+    expected: FAIL
+
+  [User:password]
+    expected: FAIL
+
+  [User]
+    expected: FAIL
+
+  [Invalid URL]
+    expected: FAIL
+
+  [file:]
+    expected: FAIL
+
+  [Custom protocol]
+    expected: FAIL
+
+  [about:blank]
+    expected: FAIL
+
+  [about:custom]
+    expected: FAIL
+
+  [data:]
+    expected: FAIL
+
+  [blob:]
+    expected: FAIL
+
+  [javascript:]
+    expected: FAIL

tests/wpt/meta/content-security-policy/securitypolicyviolation/style-sample-no-opt-in.html.ini

@@ -0,0 +1,7 @@
+[style-sample-no-opt-in.html]
+  expected: TIMEOUT
+  [Inline style blocks should not have a sample.]
+    expected: TIMEOUT
+
+  [Inline style attributes should not have a sample.]
+    expected: TIMEOUT

tests/wpt/meta/content-security-policy/securitypolicyviolation/style-sample.html.ini

@@ -0,0 +1,7 @@
+[style-sample.html]
+  expected: TIMEOUT
+  [Inline style blocks should have a sample.]
+    expected: TIMEOUT
+
+  [Inline style attributes should have a sample.]
+    expected: TIMEOUT

tests/wpt/meta/content-security-policy/securitypolicyviolation/targeting.html.ini

@@ -0,0 +1,16 @@
+[targeting.html]
+  expected: TIMEOUT
+  [These tests should not fail.]
+    expected: NOTRUN
+
+  [Inline violations target the right element.]
+    expected: TIMEOUT
+
+  [Correct targeting inside shadow tree (inline handler).]
+    expected: TIMEOUT
+
+  [Correct targeting inside shadow tree (style).]
+    expected: TIMEOUT
+
+  [Elements created in this document, but pushed into a same-origin frame trigger on that frame's document, not on this frame's document.]
+    expected: TIMEOUT

tests/wpt/meta/content-security-policy/securitypolicyviolation/upgrade-insecure-requests-reporting.https.html.ini

@@ -0,0 +1,10 @@
+[upgrade-insecure-requests-reporting.https.html]
+  expected: TIMEOUT
+  [Upgraded image is reported]
+    expected: TIMEOUT
+
+  [Upgraded iframe is reported]
+    expected: TIMEOUT
+
+  [Navigated iframe is upgraded and reported]
+    expected: TIMEOUT