CSP: Move 'worker-src' onto 'script-src' #5175

chromium-wpt-export-bot · 2017-03-20T09:01:42Z

Based on the discussion in w3c/webappsec-csp#146,
we're deprecating 'child-src' and moving 'worker-src' onto 'script-src'.

Intent to Ship: https://groups.google.com/a/chromium.org/d/msg/blink-dev/npKDoKVOUAs/ogtlIFmLBAAJ

BUG=662930,694525

Review-Url: https://codereview.chromium.org/2533313002
Cr-Commit-Position: refs/heads/master@{#458026}

Based on the discussion in w3c/webappsec-csp#146, we're deprecating 'child-src' and moving 'worker-src' onto 'script-src'. Intent to Ship: https://groups.google.com/a/chromium.org/d/msg/blink-dev/npKDoKVOUAs/ogtlIFmLBAAJ BUG=662930,694525 Review-Url: https://codereview.chromium.org/2533313002 Cr-Commit-Position: refs/heads/master@{#458026}

wpt-pr-bot · 2017-03-20T09:01:48Z

Notifying @hillbrad. (Learn how reviewing works.)

w3c-bots · 2017-03-20T09:05:32Z

View the complete job log.

Firefox (nightly channel)

Testing web-platform-tests at revision 4eb696b
Using browser at version BuildID 20170319110229; SourceStamp e1576dd8bd9d3a4ca418cf347133b8a4957ddeca
Starting 10 test iterations
All results were stable

All results

3 tests ran

/content-security-policy/worker-src/service-child.https.sub.html

Subtest	Results	Messages
	OK
`Same-origin service worker allowed by host-source expression.`	PASS

/content-security-policy/worker-src/service-fallback.https.sub.html

Subtest	Results	Messages
	OK
`Same-origin service worker allowed by host-source expression.`	FAIL	`promise_test: Unhandled rejection with value: object "[Exception... "<no message>" nsresult: "0x805e0006 (<unknown>)" location: "JS frame :: https://web-platform.test:8443/content-security-policy/support/testharness-helper.js :: assert_service_worker_is_loaded/< :: line 64" data: no]"`

/content-security-policy/worker-src/service-list.https.sub.html

Subtest	Results	Messages
	OK
`Same-origin service worker allowed by host-source expression.`	PASS

w3c-bots · 2017-03-20T09:05:33Z

View the complete job log.

Chrome (unstable channel)

Testing web-platform-tests at revision 4eb696b
Using browser at version 59.0.3043.0 dev
Starting 10 test iterations
All results were stable

All results

3 tests ran

/content-security-policy/worker-src/service-child.https.sub.html

Subtest	Results	Messages
	OK
`Same-origin service worker allowed by host-source expression.`	PASS

/content-security-policy/worker-src/service-fallback.https.sub.html

Subtest	Results	Messages
	OK
`Same-origin service worker allowed by host-source expression.`	FAIL	`promise_test: Unhandled rejection with value: object "SecurityError: Failed to register a ServiceWorker: The provided scriptURL ('https://web-platform.test:8443/content-security-policy/support/ping.js') violates the Content Security Policy."`

/content-security-policy/worker-src/service-list.https.sub.html

Subtest	Results	Messages
	OK
`Same-origin service worker allowed by host-source expression.`	PASS

chromium-wpt-export-bot added the chromium-export label Mar 20, 2017

wpt-pr-bot added the content-security-policy label Mar 20, 2017

chromium-wpt-export-bot merged commit d708ee6 into master Mar 20, 2017

dreamofabear mentioned this pull request May 12, 2017

https://cdn.ampproject.org CSP prevent a worker from creating when use amp-bind ampproject/amphtml#9290

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CSP: Move 'worker-src' onto 'script-src' #5175

CSP: Move 'worker-src' onto 'script-src' #5175

chromium-wpt-export-bot commented Mar 20, 2017

wpt-pr-bot commented Mar 20, 2017

w3c-bots commented Mar 20, 2017

w3c-bots commented Mar 20, 2017

CSP: Move 'worker-src' onto 'script-src' #5175

CSP: Move 'worker-src' onto 'script-src' #5175

Conversation

chromium-wpt-export-bot commented Mar 20, 2017

wpt-pr-bot commented Mar 20, 2017

w3c-bots commented Mar 20, 2017

Firefox (nightly channel)

All results

w3c-bots commented Mar 20, 2017

Chrome (unstable channel)

All results