net: Perform CSP checks on fetch responses. (#37154)

Also add clarifying comments to the SRI WPT tests with regards to the `www.` domain and how that interacts with the integrity checks. Lastly, adjust the casing for `Strict-Dynamic`, as in the post-request check that should also be case-insensitive. Closes servo/servo#37200 Closes servo/servo#36760 Fixes servo/servo#36499 Part of w3c/webappsec-csp#727 Fixes w3c/webappsec-csp#728 Part of servo/servo#4577 Signed-off-by: Josh Matthews <josh@joshmatthews.net> Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com> Co-authored-by: Josh Matthews <josh@joshmatthews.net>
2025-08-19 12:25:33 +01:00 · 2025-06-01 19:25:13 +02:00 · 2025-06-01 19:25:13 +02:00 · f710e2cab4
commit f710e2cab4
parent ed888e284b
18 changed files with 104 additions and 88 deletions
--- a/tests/wpt/meta/content-security-policy/connect-src/connect-src-syncxmlhttprequest-redirect-to-blocked.sub.html.ini
+++ b/tests/wpt/meta/content-security-policy/connect-src/connect-src-syncxmlhttprequest-redirect-to-blocked.sub.html.ini
@ -1,3 +0,0 @@
-[connect-src-syncxmlhttprequest-redirect-to-blocked.sub.html]
-  [Expecting logs: ["PASS Sync XMLHttpRequest.send() did not follow the disallowed redirect.","TEST COMPLETE","violated-directive=connect-src"\]]
-    expected: FAIL
--- a/tests/wpt/meta/content-security-policy/connect-src/connect-src-xmlhttprequest-redirect-to-blocked.sub.html.ini
+++ b/tests/wpt/meta/content-security-policy/connect-src/connect-src-xmlhttprequest-redirect-to-blocked.sub.html.ini
@ -1,3 +0,0 @@
-[connect-src-xmlhttprequest-redirect-to-blocked.sub.html]
-  [Expecting logs: ["PASS XMLHttpRequest.send() did not follow the disallowed redirect.","TEST COMPLETE","violated-directive=connect-src"\]]
-    expected: FAIL