зеркало из https://github.com/mozilla/gecko-dev.git
Bug 1491127 [wpt PR 12995] - Implemented the correct 'self' matching logic according to the spec, a=testonly
Automatic update from web-platform-testsImplemented the correct 'self' matching logic according to the spec Spec: https://w3c.github.io/webappsec-csp/#match-url-to-source-expression The 'self' matching logic is similar to the host/scheme-source expression but different enough where it's causing issues because we're just reusing the csp_source Matches logic. This is incorrect as causes issues such as the related bug. This CL covers: * Added a new MatchesAsSelf function that is used for 'self' expression matching * Added unit tests for this function * Added new test covering the scenario in the bug (wss scheme that matches scheme) * Drive-by fixes to some connect-src tests There is similar work that needs to be done in the content/ CSP but since I don't want to duplicate any feedback, I will wait until this patch looks finalized. Bug: 815142 Change-Id: Ie1d6579e29b9d320e56fcdb556893c7675bd11b8 Reviewed-on: https://chromium-review.googlesource.com/1225570 Commit-Queue: Andy Paicu <andypaicu@chromium.org> Reviewed-by: Mike West <mkwst@chromium.org> Cr-Commit-Position: refs/heads/master@{#591710} -- wpt-commits: aaa732df618787dbcbc6f7ce96a3bf95bd6b03b4 wpt-pr: 12995
This commit is contained in:
Родитель
23e414194d
Коммит
84b9f2db40
|
@ -328823,6 +328823,12 @@
|
|||
{}
|
||||
]
|
||||
],
|
||||
"content-security-policy/connect-src/connect-src-websocket-self.sub.html": [
|
||||
[
|
||||
"/content-security-policy/connect-src/connect-src-websocket-self.sub.html",
|
||||
{}
|
||||
]
|
||||
],
|
||||
"content-security-policy/connect-src/connect-src-xmlhttprequest-allowed.sub.html": [
|
||||
[
|
||||
"/content-security-policy/connect-src/connect-src-xmlhttprequest-allowed.sub.html",
|
||||
|
@ -461003,11 +461009,11 @@
|
|||
"testharness"
|
||||
],
|
||||
"content-security-policy/connect-src/connect-src-eventsource-allowed.sub.html": [
|
||||
"3025e8a571a5dbcc016d831e590e5df45b20416e",
|
||||
"8922d99e0392fa6a4ecd30663981208d88e33d1f",
|
||||
"testharness"
|
||||
],
|
||||
"content-security-policy/connect-src/connect-src-eventsource-blocked.sub.html": [
|
||||
"9b08365cec961473754beb5592ab7573376b6a0d",
|
||||
"df8a9a1e3db136aaa43c62e8629ff46b1c230dfa",
|
||||
"testharness"
|
||||
],
|
||||
"content-security-policy/connect-src/connect-src-eventsource-redirect-to-blocked.sub.html": [
|
||||
|
@ -461015,11 +461021,15 @@
|
|||
"testharness"
|
||||
],
|
||||
"content-security-policy/connect-src/connect-src-websocket-allowed.sub.html": [
|
||||
"6216444e08ec3555089e5536fc58eff913bec548",
|
||||
"4263d97fe2dfbb9e2a0f0851c07798d40a5671a9",
|
||||
"testharness"
|
||||
],
|
||||
"content-security-policy/connect-src/connect-src-websocket-blocked.sub.html": [
|
||||
"249c7a346a4e2bddab6d97f546ec6eeafab7623d",
|
||||
"02c52837bb8bd5cbc26f54f899fe25b5d68bd561",
|
||||
"testharness"
|
||||
],
|
||||
"content-security-policy/connect-src/connect-src-websocket-self.sub.html": [
|
||||
"6db324ea0e70350b1781b036afc14cc37f588dfc",
|
||||
"testharness"
|
||||
],
|
||||
"content-security-policy/connect-src/connect-src-xmlhttprequest-allowed.sub.html": [
|
||||
|
|
|
@ -7,23 +7,31 @@
|
|||
<title>connect-src-eventsource-allowed</title>
|
||||
<script src="/resources/testharness.js"></script>
|
||||
<script src="/resources/testharnessreport.js"></script>
|
||||
<script src='../support/logTest.sub.js?logs=["Pass"]'></script>
|
||||
<script src='../support/logTest.sub.js?logs=["allowed"]'></script>
|
||||
<script src="../support/alertAssert.sub.js?alerts=[]"></script>
|
||||
</head>
|
||||
|
||||
<body>
|
||||
<script>
|
||||
window.addEventListener('securitypolicyviolation', function(e) {
|
||||
log("FAIL");
|
||||
log("allowed");
|
||||
});
|
||||
|
||||
try {
|
||||
var es = new EventSource("http://{{host}}:{{ports[http][0]}}/content-security-policy/connect-src/resources/simple-event-stream");
|
||||
log("Pass");
|
||||
} catch (e) {
|
||||
log("Fail");
|
||||
}
|
||||
|
||||
try {
|
||||
var es = new EventSource("http://{{domains[www1]}}:{{ports[http][0]}}/content-security-policy/connect-src/resources/simple-event-stream");
|
||||
// Firefox and Chrome don't throw an exception and takes some time to close async
|
||||
if (es.readyState == EventSource.CONNECTING) {
|
||||
setTimeout( function() {
|
||||
es.readyState != EventSource.CLOSED ? log("allowed") : log("blocked");
|
||||
}, 1000);
|
||||
} else if (es.readyState == EventSource.CLOSED) {
|
||||
log("blocked");
|
||||
} else {
|
||||
log("allowed");
|
||||
}
|
||||
} catch (e) {
|
||||
log("blocked");
|
||||
}
|
||||
</script>
|
||||
<div id="log"></div>
|
||||
</body>
|
||||
|
|
|
@ -7,7 +7,7 @@
|
|||
<title>connect-src-eventsource-blocked</title>
|
||||
<script src="/resources/testharness.js"></script>
|
||||
<script src="/resources/testharnessreport.js"></script>
|
||||
<script src='../support/logTest.sub.js?logs=["Pass","violated-directive=connect-src"]'></script>
|
||||
<script src='../support/logTest.sub.js?logs=["blocked","violated-directive=connect-src"]'></script>
|
||||
<script src="../support/alertAssert.sub.js?alerts=[]"></script>
|
||||
</head>
|
||||
|
||||
|
@ -16,21 +16,21 @@
|
|||
window.addEventListener('securitypolicyviolation', function(e) {
|
||||
log("violated-directive=" + e.violatedDirective);
|
||||
});
|
||||
|
||||
|
||||
try {
|
||||
var es = new EventSource("http://www1.{{host}}:{{ports[http][0]}}/content-security-policy/connect-src/resources/simple-event-stream");
|
||||
// Firefox doesn't throw an exception and takes some time to close async
|
||||
var es = new EventSource("http://{{domains[www1]}}:{{ports[http][0]}}/content-security-policy/connect-src/resources/simple-event-stream");
|
||||
// Firefox and Chrome don't throw an exception and takes some time to close async
|
||||
if (es.readyState == EventSource.CONNECTING) {
|
||||
setTimeout( function() {
|
||||
es.readyState != EventSource.CLOSED ? log("Fail") : log("Pass");
|
||||
}, 2);
|
||||
es.readyState != EventSource.CLOSED ? log("allowed") : log("blocked");
|
||||
}, 1000);
|
||||
} else if (es.readyState == EventSource.CLOSED) {
|
||||
log("Pass");
|
||||
log("blocked");
|
||||
} else {
|
||||
log("Fail");
|
||||
log("allowed");
|
||||
}
|
||||
} catch (e) {
|
||||
log("Pass");
|
||||
log("blocked");
|
||||
}
|
||||
</script>
|
||||
<div id="log"></div>
|
||||
|
|
|
@ -2,26 +2,31 @@
|
|||
<html>
|
||||
|
||||
<head>
|
||||
<!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.-->
|
||||
<meta http-equiv="Content-Security-Policy" content="connect-src 'self' ws://127.0.0.1:8880; script-src 'self' 'unsafe-inline';">
|
||||
<title>connect-src-websocket-allowed</title>
|
||||
<!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncraciws.-->
|
||||
<meta http-equiv="Content-Security-Policy" content="connect-src 'self' ws://{{domains[www1]}}:{{ports[http][0]}}/echo; script-src 'self' 'unsafe-inline';">
|
||||
<title>connect-src-websocket-blocked</title>
|
||||
<script src="/resources/testharness.js"></script>
|
||||
<script src="/resources/testharnessreport.js"></script>
|
||||
<script src='../support/logTest.sub.js?logs=["Pass"]'></script>
|
||||
<script src='../support/logTest.sub.js?logs=["allowed"]'></script>
|
||||
<script src="../support/alertAssert.sub.js?alerts=[]"></script>
|
||||
</head>
|
||||
|
||||
<body>
|
||||
<script>
|
||||
window.addEventListener('securitypolicyviolation', function(e) {
|
||||
log("Fail");
|
||||
log("violated-directive=" + e.violatedDirective);
|
||||
});
|
||||
|
||||
|
||||
try {
|
||||
var ws = new WebSocket("ws://127.0.0.1:8880/echo");
|
||||
log("Pass");
|
||||
var ws = new WebSocket("ws://{{domains[www1]}}:{{ports[http][0]}}/echo");
|
||||
|
||||
if (ws.readyState == WebSocket.CLOSING || ws.readyState == WebSocket.CLOSED) {
|
||||
log("blocked");
|
||||
} else {
|
||||
log("allowed");
|
||||
}
|
||||
} catch (e) {
|
||||
log("Fail");
|
||||
log("blocked");
|
||||
}
|
||||
|
||||
</script>
|
||||
|
|
|
@ -2,12 +2,12 @@
|
|||
<html>
|
||||
|
||||
<head>
|
||||
<!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.-->
|
||||
<meta http-equiv="Content-Security-Policy" content="connect-src 'self' ws://127.0.0.1:8880; script-src 'self' 'unsafe-inline';">
|
||||
<!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncraciws.-->
|
||||
<meta http-equiv="Content-Security-Policy" content="connect-src 'self'; script-src 'self' 'unsafe-inline';">
|
||||
<title>connect-src-websocket-blocked</title>
|
||||
<script src="/resources/testharness.js"></script>
|
||||
<script src="/resources/testharnessreport.js"></script>
|
||||
<script src='../support/logTest.sub.js?logs=["Pass","violated-directive=connect-src"]'></script>
|
||||
<script src='../support/logTest.sub.js?logs=["blocked","violated-directive=connect-src"]'></script>
|
||||
<script src="../support/alertAssert.sub.js?alerts=[]"></script>
|
||||
</head>
|
||||
|
||||
|
@ -18,10 +18,15 @@
|
|||
});
|
||||
|
||||
try {
|
||||
var ws = new WebSocket("ws://localhost:8880/echo");
|
||||
log("Fail");
|
||||
var ws = new WebSocket("ws://{{domains[www1]}}:{{ports[http][0]}}/echo");
|
||||
|
||||
if (ws.readyState == WebSocket.CLOSING || ws.readyState == WebSocket.CLOSED) {
|
||||
log("blocked");
|
||||
} else {
|
||||
log("allowed");
|
||||
}
|
||||
} catch (e) {
|
||||
log("Pass");
|
||||
log("blocked");
|
||||
}
|
||||
|
||||
</script>
|
||||
|
|
|
@ -0,0 +1,47 @@
|
|||
<!DOCTYPE html>
|
||||
<html>
|
||||
|
||||
<head>
|
||||
<meta http-equiv="Content-Security-Policy" content="connect-src 'self'; script-src 'self' 'unsafe-inline';">
|
||||
<title>connect-src-websocket-blocked</title>
|
||||
<script src="/resources/testharness.js"></script>
|
||||
<script src="/resources/testharnessreport.js"></script>
|
||||
<script src='../support/logTest.sub.js?logs=["allowed", "allowed"]'></script>
|
||||
<script src="../support/alertAssert.sub.js?alerts=[]"></script>
|
||||
</head>
|
||||
|
||||
<body>
|
||||
<script>
|
||||
window.addEventListener('securitypolicyviolation', function(e) {
|
||||
log("violated-directive=" + e.violatedDirective);
|
||||
});
|
||||
|
||||
try {
|
||||
var ws = new WebSocket("ws://{{host}}:{{location[port]}}/echo");
|
||||
|
||||
if (ws.readyState == WebSocket.CLOSING || ws.readyState == WebSocket.CLOSED) {
|
||||
log("blocked");
|
||||
} else {
|
||||
log("allowed");
|
||||
}
|
||||
} catch (e) {
|
||||
log("blocked");
|
||||
}
|
||||
|
||||
try {
|
||||
var wss = new WebSocket("wss://{{host}}:{{location[port]}}/echo");
|
||||
|
||||
if (wss.readyState == WebSocket.CLOSING || wss.readyState == WebSocket.CLOSED) {
|
||||
log("blocked");
|
||||
} else {
|
||||
log("allowed");
|
||||
}
|
||||
} catch (e) {
|
||||
log("blocked");
|
||||
}
|
||||
|
||||
</script>
|
||||
<div id="log"></div>
|
||||
</body>
|
||||
|
||||
</html>
|
Загрузка…
Ссылка в новой задаче