Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CSP: Improve WPTs inside workers #28169

Merged
merged 1 commit into from Apr 9, 2021

Conversation

@chromium-wpt-export-bot
Copy link
Collaborator

@chromium-wpt-export-bot chromium-wpt-export-bot commented Mar 22, 2021

This change improves Web Platform Tests for Content Security Policy
inside shared workers, by:

  1. Fixing a test with CSP: connect-src 'self' that could not fail
    because of CORS requests being blocked independently of CSP.

  2. Adding assertions that we raise securitypolicyviolation events for
    CSP violations.

  3. Adding a test for Content Security Policies in report-only mode.

While testing this, I noticed that debug versions of chrome would
crash when checking the disposition of a securitypolicyviolation event
from a Worker. This because of the thread-safety DCHECKs of
WTF::String. For addressing this, I needed to create new global static
strings "enforce" and "report".

Change-Id: I9c91b1a60eac82279dd74e8bb640dde2ada9cf6e
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2775564
Reviewed-by: Mike West <mkwst@chromium.org>
Commit-Queue: Antonio Sartori <antoniosartori@chromium.org>
Cr-Commit-Position: refs/heads/master@{#870899}

Copy link
Collaborator

@wpt-pr-bot wpt-pr-bot left a comment

The review process for this patch is being conducted in the Chromium project.

This change improves Web Platform Tests for Content Security Policy
inside shared workers, by:

1) Fixing a test with CSP: connect-src 'self' that could not fail
because of CORS requests being blocked independently of CSP.

2) Adding assertions that we raise securitypolicyviolation events for
CSP violations.

3) Adding a test for Content Security Policies in report-only mode.

While testing this, I noticed that debug versions of chrome would
crash when checking the disposition of a securitypolicyviolation event
from a Worker. This because of the thread-safety DCHECKs of
WTF::String. For addressing this, I needed to create new global static
strings "enforce" and "report".

Change-Id: I9c91b1a60eac82279dd74e8bb640dde2ada9cf6e
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2775564
Reviewed-by: Mike West <mkwst@chromium.org>
Commit-Queue: Antonio Sartori <antoniosartori@chromium.org>
Cr-Commit-Position: refs/heads/master@{#870899}
@chromium-wpt-export-bot chromium-wpt-export-bot force-pushed the chromium-export-cl-2775564 branch from 9a19886 to a365f40 Apr 9, 2021
@chromium-wpt-export-bot chromium-wpt-export-bot merged commit 947481c into master Apr 9, 2021
22 checks passed
22 checks passed
@staging-wpt-fyi
staging.wpt.fyi - firefox[experimental] Firefox results
Details
@staging-wpt-fyi
staging.wpt.fyi - safari[experimental] Safari results
Details
@wpt-fyi
wpt.fyi - firefox[experimental] Firefox results
Details
@wpt-fyi
wpt.fyi - safari[experimental] Safari results
Details
@azure-pipelines
Azure Pipelines Build #20210409.11 succeeded
Details
@azure-pipelines
Azure Pipelines (./wpt test-jobs) ./wpt test-jobs succeeded
Details
@azure-pipelines
Azure Pipelines (affected tests without changes: Safari Technology Preview) affected tests without changes: Safari Technology Preview succeeded
Details
@azure-pipelines
Azure Pipelines (affected tests: Safari Technology Preview) affected tests: Safari Technology Preview succeeded
Details
@azure-pipelines
Azure Pipelines (wpt.fyi hook: safari-preview-affected-tests) wpt.fyi hook: safari-preview-affected-tests succeeded
Details
@azure-pipelines
Azure Pipelines (wpt.fyi hook: safari-preview-affected-tests-without-changes) wpt.fyi hook: safari-preview-affected-tests-without-changes succeeded
Details
@community-tc-integration
download-firefox-nightly Community-TC (pull_request)
Details
@community-tc-integration
lint Community-TC (pull_request)
Details
@community-tc-integration
sink-task Community-TC (pull_request)
Details
@staging-wpt-fyi
staging.wpt.fyi - chrome[experimental] Chrome results
Details
@community-tc-integration
wpt-chrome-dev-results Community-TC (pull_request)
Details
@community-tc-integration
wpt-chrome-dev-results-without-changes Community-TC (pull_request)
Details
@community-tc-integration
wpt-chrome-dev-stability Community-TC (pull_request)
Details
@community-tc-integration
wpt-decision-task Community-TC (pull_request)
Details
@community-tc-integration
wpt-firefox-nightly-results Community-TC (pull_request)
Details
@community-tc-integration
wpt-firefox-nightly-results-without-changes Community-TC (pull_request)
Details
@community-tc-integration
wpt-firefox-nightly-stability Community-TC (pull_request)
Details
@wpt-fyi
wpt.fyi - chrome[experimental] Chrome results
Details
@chromium-wpt-export-bot chromium-wpt-export-bot deleted the chromium-export-cl-2775564 branch Apr 9, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

2 participants