Mirrors/servo
1
0
Fork 0
mirror of https://github.com/servo/servo.git synced 2025-08-31 01:58:23 +01:00
Code Issues Projects Releases Packages Wiki Activity

net: Perform CSP checks on fetch responses. (#37154)

Browse source 
Also add clarifying comments to the SRI WPT tests with
regards to the `www.` domain and how that interacts with
the integrity checks.

Lastly, adjust the casing for `Strict-Dynamic`, as in
the post-request check that should also be case-insensitive.

Closes servo/servo#37200
Closes servo/servo#36760
Fixes servo/servo#36499
Part of w3c/webappsec-csp#727
Fixes w3c/webappsec-csp#728
Part of servo/servo#4577

Signed-off-by: Josh Matthews <josh@joshmatthews.net>
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
Co-authored-by: Josh Matthews <josh@joshmatthews.net>
This commit is contained in:
Tim van der Lippe 2025-06-01 19:25:13 +02:00 committed by GitHub
parent ed888e284b
commit f710e2cab4
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
18 changed files with 104 additions and 88 deletions
Download patch file Download diff file Expand all files Collapse all files

7
tests/wpt/meta/content-security-policy/reporting/report-original-url.sub.html.ini vendored
View file

@ -1,10 +1,3 @@
[report-original-url.sub.html]
expected: TIMEOUT
[Block after redirect, same-origin = original URL in report]
expected: TIMEOUT
[Block after redirect, cross-origin = original URL in report]
expected: TIMEOUT
[Violation report status OK.]
expected: FAIL