This test loads a secure iframe that triggers an insecure beacon load. We should trigger a +mixed content block because the child frame has CSP directive block-all-mixed-content.
+ + + diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-ping-in-iframe-expected.txt b/LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-ping-in-iframe-expected.txt new file mode 100644 index 000000000000..db4398db037b --- /dev/null +++ b/LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-ping-in-iframe-expected.txt @@ -0,0 +1,3 @@ +This test loads a secure iframe that triggers an insecure ping load. We should trigger a mixed content block because the child frame has CSP directive block-all-mixed-content. + + diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-ping-in-iframe.https-expected.txt b/LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-ping-in-iframe.https-expected.txt new file mode 100644 index 000000000000..51c6b58eec79 --- /dev/null +++ b/LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-ping-in-iframe.https-expected.txt @@ -0,0 +1,5 @@ +CONSOLE MESSAGE: [blocked] The page at https://127.0.0.1:8443/security/contentSecurityPolicy/block-all-mixed-content/resources/frame-with-insecure-ping.html# requested insecure content from http://127.0.0.1:8000/xmlhttprequest/resources/access-control-basic-allow-star.cgi. This content was blocked and must be served over HTTPS. + +This test loads a secure iframe that triggers an insecure ping load. We should trigger a mixed content block because the child frame has CSP directive block-all-mixed-content. + + diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-ping-in-iframe.https.html b/LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-ping-in-iframe.https.html new file mode 100644 index 000000000000..5b5987ccefe7 --- /dev/null +++ b/LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-ping-in-iframe.https.html @@ -0,0 +1,40 @@ + + + + + + +This test loads a secure iframe that triggers an insecure ping load. We should trigger a +mixed content block because the child frame has CSP directive block-all-mixed-content.
+ + + + diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/resources/frame-with-insecure-beacon.html b/LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/resources/frame-with-insecure-beacon.html new file mode 100644 index 000000000000..8fe6b5b4279f --- /dev/null +++ b/LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/resources/frame-with-insecure-beacon.html @@ -0,0 +1,25 @@ + + + + + + + + + + + diff --git a/LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/resources/frame-with-insecure-ping.html b/LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/resources/frame-with-insecure-ping.html new file mode 100644 index 000000000000..df806ee05416 --- /dev/null +++ b/LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/resources/frame-with-insecure-ping.html @@ -0,0 +1,14 @@ + + + + + + + + + link + + diff --git a/LayoutTests/platform/ios/TestExpectations b/LayoutTests/platform/ios/TestExpectations index 3b5993c7c860..e9d3058e22f4 100644 --- a/LayoutTests/platform/ios/TestExpectations +++ b/LayoutTests/platform/ios/TestExpectations @@ -2724,6 +2724,8 @@ fast/visual-viewport/client-rects-relative-to-layout-viewport-zoomed.html [ Skip fast/selectors/040.html webkit.org/b/165691 http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-iframe-in-main-frame.html [ Pass Failure ] +# Test is using eventSender +http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-ping-in-iframe.https.html [ Skip ] webkit.org/b/245610 http/tests/security/xss-DENIED-xsl-external-entity.xml [ Failure ] diff --git a/LayoutTests/platform/mac-wk1/TestExpectations b/LayoutTests/platform/mac-wk1/TestExpectations index eaca58f04790..ddc5fd1c8d1d 100644 --- a/LayoutTests/platform/mac-wk1/TestExpectations +++ b/LayoutTests/platform/mac-wk1/TestExpectations @@ -959,6 +959,7 @@ imported/w3c/web-platform-tests/mixed-content/gen/top.meta/unset/beacon.https.ht http/tests/security/contentSecurityPolicy/connect-src-beacon-allowed.html [ Skip ] http/tests/security/contentSecurityPolicy/connect-src-beacon-blocked.html [ Skip ] http/tests/security/contentSecurityPolicy/report-only-connect-src-beacon-redirect-blocked.py [ Skip ] +http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-beacon-in-iframe.html [ Skip ] # testRunner.setStatisticsShouldDowngradeReferrer() is not supported on WK1 http/tests/referrer-policy-script/ [ Skip ] @@ -978,6 +979,9 @@ http/tests/referrer-policy-img/unsafe-url/cross-origin-http-http.html [ Skip ] http/tests/referrer-policy-img/unsafe-url/cross-origin-http.https.html [ Skip ] http/tests/referrer-policy-img/unsafe-url/cross-origin-http-UpgradeMixedContent.https.html [ Skip ] +# Cross origin HTTPS loads require certificate validation, which are not supported for WK1 ping loads. +http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-ping-in-iframe.https.html [ Failure ] + # Cross-Origin requests receive a didReceiveAuthenticationChallenge callback on the first iteration http/tests/referrer-policy-img/no-referrer/cross-origin-http-UpgradeMixedContent.https.html [ Pass Failure ] http/tests/referrer-policy-img/origin-when-cross-origin/cross-origin-http-UpgradeMixedContent.https.html [ Pass Failure ]