зеркало из https://github.com/mozilla/gecko-dev.git
Bug 1624639 [wpt PR 22420] - UpgradeInsecureRequest: Add WPTs for static-import in dedicated/shared workers, a=testonly
Automatic update from web-platform-tests UpgradeInsecureRequest: Add WPTs for static-import in dedicated/shared workers This CL adds upgrade-insecure-request wpts to test static-import from dedicated workers and shared workers. The test scheme is implemented in the previous CL: https://chromium-review.googlesource.com/c/chromium/src/+/2102036. This CL only removes 'worker-import' and 'sharedworker-import' from the excluded subresource list in spec.src.json and auto-generates tests. Bug: 989399 Change-Id: I3b799d7743306a8b5fca0d7292360a88d9b36ded Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2117591 Reviewed-by: Hiroki Nakagawa <nhiroki@chromium.org> Reviewed-by: Hiroshige Hayashizaki <hiroshige@chromium.org> Commit-Queue: Eriko Kurimoto <elkurin@google.com> Cr-Commit-Position: refs/heads/master@{#753164} -- wpt-commits: 19a0095b86b988a1afa5833c691a102ccde8cd68 wpt-pr: 22420
This commit is contained in:
Eriko Kurimoto
moz-wptsync-bot
Родитель
1c1cff4e05
Коммит
b946746e5e
|
|
@ -0,0 +1,112 @@
|
|||
<!DOCTYPE html>
|
||||
<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
|
||||
<html>
|
||||
<head>
|
||||
<meta charset="utf-8">
|
||||
<meta name="timeout" content="long">
|
||||
<script src="/resources/testharness.js"></script>
|
||||
<script src="/resources/testharnessreport.js"></script>
|
||||
<script src="/common/security-features/resources/common.sub.js"></script>
|
||||
<script src="../../../generic/test-case.sub.js"></script>
|
||||
</head>
|
||||
<body>
|
||||
<script>
|
||||
TestCase(
|
||||
[
|
||||
{
|
||||
"expectation": "blocked",
|
||||
"origin": "cross-http-downgrade",
|
||||
"redirection": "downgrade",
|
||||
"source_context_list": [
|
||||
{
|
||||
"policyDeliveries": [],
|
||||
"sourceContextType": "iframe-blank"
|
||||
}
|
||||
],
|
||||
"source_scheme": "https",
|
||||
"subresource": "sharedworker-import",
|
||||
"subresource_policy_deliveries": [],
|
||||
"test_description": "Upgrade-Insecure-Requests: Expects blocked for sharedworker-import to cross-http-downgrade origin and downgrade redirection from https context."
|
||||
},
|
||||
{
|
||||
"expectation": "blocked",
|
||||
"origin": "cross-http-downgrade",
|
||||
"redirection": "no-redirect",
|
||||
"source_context_list": [
|
||||
{
|
||||
"policyDeliveries": [],
|
||||
"sourceContextType": "iframe-blank"
|
||||
}
|
||||
],
|
||||
"source_scheme": "https",
|
||||
"subresource": "sharedworker-import",
|
||||
"subresource_policy_deliveries": [],
|
||||
"test_description": "Upgrade-Insecure-Requests: Expects blocked for sharedworker-import to cross-http-downgrade origin and no-redirect redirection from https context."
|
||||
},
|
||||
{
|
||||
"expectation": "blocked",
|
||||
"origin": "cross-https",
|
||||
"redirection": "downgrade",
|
||||
"source_context_list": [
|
||||
{
|
||||
"policyDeliveries": [],
|
||||
"sourceContextType": "iframe-blank"
|
||||
}
|
||||
],
|
||||
"source_scheme": "https",
|
||||
"subresource": "sharedworker-import",
|
||||
"subresource_policy_deliveries": [],
|
||||
"test_description": "Upgrade-Insecure-Requests: Expects blocked for sharedworker-import to cross-https origin and downgrade redirection from https context."
|
||||
},
|
||||
{
|
||||
"expectation": "blocked",
|
||||
"origin": "same-http-downgrade",
|
||||
"redirection": "downgrade",
|
||||
"source_context_list": [
|
||||
{
|
||||
"policyDeliveries": [],
|
||||
"sourceContextType": "iframe-blank"
|
||||
}
|
||||
],
|
||||
"source_scheme": "https",
|
||||
"subresource": "sharedworker-import",
|
||||
"subresource_policy_deliveries": [],
|
||||
"test_description": "Upgrade-Insecure-Requests: Expects blocked for sharedworker-import to same-http-downgrade origin and downgrade redirection from https context."
|
||||
},
|
||||
{
|
||||
"expectation": "blocked",
|
||||
"origin": "same-http-downgrade",
|
||||
"redirection": "no-redirect",
|
||||
"source_context_list": [
|
||||
{
|
||||
"policyDeliveries": [],
|
||||
"sourceContextType": "iframe-blank"
|
||||
}
|
||||
],
|
||||
"source_scheme": "https",
|
||||
"subresource": "sharedworker-import",
|
||||
"subresource_policy_deliveries": [],
|
||||
"test_description": "Upgrade-Insecure-Requests: Expects blocked for sharedworker-import to same-http-downgrade origin and no-redirect redirection from https context."
|
||||
},
|
||||
{
|
||||
"expectation": "blocked",
|
||||
"origin": "same-https",
|
||||
"redirection": "downgrade",
|
||||
"source_context_list": [
|
||||
{
|
||||
"policyDeliveries": [],
|
||||
"sourceContextType": "iframe-blank"
|
||||
}
|
||||
],
|
||||
"source_scheme": "https",
|
||||
"subresource": "sharedworker-import",
|
||||
"subresource_policy_deliveries": [],
|
||||
"test_description": "Upgrade-Insecure-Requests: Expects blocked for sharedworker-import to same-https origin and downgrade redirection from https context."
|
||||
}
|
||||
],
|
||||
new SanityChecker()
|
||||
).start();
|
||||
</script>
|
||||
<div id="log"></div>
|
||||
</body>
|
||||
</html>
|
||||
|
|
@ -0,0 +1,112 @@
|
|||
<!DOCTYPE html>
|
||||
<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
|
||||
<html>
|
||||
<head>
|
||||
<meta charset="utf-8">
|
||||
<meta name="timeout" content="long">
|
||||
<script src="/resources/testharness.js"></script>
|
||||
<script src="/resources/testharnessreport.js"></script>
|
||||
<script src="/common/security-features/resources/common.sub.js"></script>
|
||||
<script src="../../../generic/test-case.sub.js"></script>
|
||||
</head>
|
||||
<body>
|
||||
<script>
|
||||
TestCase(
|
||||
[
|
||||
{
|
||||
"expectation": "blocked",
|
||||
"origin": "cross-http-downgrade",
|
||||
"redirection": "downgrade",
|
||||
"source_context_list": [
|
||||
{
|
||||
"policyDeliveries": [],
|
||||
"sourceContextType": "iframe-blank"
|
||||
}
|
||||
],
|
||||
"source_scheme": "https",
|
||||
"subresource": "worker-import",
|
||||
"subresource_policy_deliveries": [],
|
||||
"test_description": "Upgrade-Insecure-Requests: Expects blocked for worker-import to cross-http-downgrade origin and downgrade redirection from https context."
|
||||
},
|
||||
{
|
||||
"expectation": "blocked",
|
||||
"origin": "cross-http-downgrade",
|
||||
"redirection": "no-redirect",
|
||||
"source_context_list": [
|
||||
{
|
||||
"policyDeliveries": [],
|
||||
"sourceContextType": "iframe-blank"
|
||||
}
|
||||
],
|
||||
"source_scheme": "https",
|
||||
"subresource": "worker-import",
|
||||
"subresource_policy_deliveries": [],
|
||||
"test_description": "Upgrade-Insecure-Requests: Expects blocked for worker-import to cross-http-downgrade origin and no-redirect redirection from https context."
|
||||
},
|
||||
{
|
||||
"expectation": "blocked",
|
||||
"origin": "cross-https",
|
||||
"redirection": "downgrade",
|
||||
"source_context_list": [
|
||||
{
|
||||
"policyDeliveries": [],
|
||||
"sourceContextType": "iframe-blank"
|
||||
}
|
||||
],
|
||||
"source_scheme": "https",
|
||||
"subresource": "worker-import",
|
||||
"subresource_policy_deliveries": [],
|
||||
"test_description": "Upgrade-Insecure-Requests: Expects blocked for worker-import to cross-https origin and downgrade redirection from https context."
|
||||
},
|
||||
{
|
||||
"expectation": "blocked",
|
||||
"origin": "same-http-downgrade",
|
||||
"redirection": "downgrade",
|
||||
"source_context_list": [
|
||||
{
|
||||
"policyDeliveries": [],
|
||||
"sourceContextType": "iframe-blank"
|
||||
}
|
||||
],
|
||||
"source_scheme": "https",
|
||||
"subresource": "worker-import",
|
||||
"subresource_policy_deliveries": [],
|
||||
"test_description": "Upgrade-Insecure-Requests: Expects blocked for worker-import to same-http-downgrade origin and downgrade redirection from https context."
|
||||
},
|
||||
{
|
||||
"expectation": "blocked",
|
||||
"origin": "same-http-downgrade",
|
||||
"redirection": "no-redirect",
|
||||
"source_context_list": [
|
||||
{
|
||||
"policyDeliveries": [],
|
||||
"sourceContextType": "iframe-blank"
|
||||
}
|
||||
],
|
||||
"source_scheme": "https",
|
||||
"subresource": "worker-import",
|
||||
"subresource_policy_deliveries": [],
|
||||
"test_description": "Upgrade-Insecure-Requests: Expects blocked for worker-import to same-http-downgrade origin and no-redirect redirection from https context."
|
||||
},
|
||||
{
|
||||
"expectation": "blocked",
|
||||
"origin": "same-https",
|
||||
"redirection": "downgrade",
|
||||
"source_context_list": [
|
||||
{
|
||||
"policyDeliveries": [],
|
||||
"sourceContextType": "iframe-blank"
|
||||
}
|
||||
],
|
||||
"source_scheme": "https",
|
||||
"subresource": "worker-import",
|
||||
"subresource_policy_deliveries": [],
|
||||
"test_description": "Upgrade-Insecure-Requests: Expects blocked for worker-import to same-https origin and downgrade redirection from https context."
|
||||
}
|
||||
],
|
||||
new SanityChecker()
|
||||
).start();
|
||||
</script>
|
||||
<div id="log"></div>
|
||||
</body>
|
||||
</html>
|
||||
|
|
@ -0,0 +1,113 @@
|
|||
<!DOCTYPE html>
|
||||
<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
|
||||
<html>
|
||||
<head>
|
||||
<meta charset="utf-8">
|
||||
<meta name="timeout" content="long">
|
||||
<meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
|
||||
<script src="/resources/testharness.js"></script>
|
||||
<script src="/resources/testharnessreport.js"></script>
|
||||
<script src="/common/security-features/resources/common.sub.js"></script>
|
||||
<script src="../../../generic/test-case.sub.js"></script>
|
||||
</head>
|
||||
<body>
|
||||
<script>
|
||||
TestCase(
|
||||
[
|
||||
{
|
||||
"expectation": "allowed",
|
||||
"origin": "cross-http-downgrade",
|
||||
"redirection": "downgrade",
|
||||
"source_context_list": [
|
||||
{
|
||||
"policyDeliveries": [],
|
||||
"sourceContextType": "iframe-blank"
|
||||
}
|
||||
],
|
||||
"source_scheme": "https",
|
||||
"subresource": "sharedworker-import",
|
||||
"subresource_policy_deliveries": [],
|
||||
"test_description": "Upgrade-Insecure-Requests: Expects allowed for sharedworker-import to cross-http-downgrade origin and downgrade redirection from https context."
|
||||
},
|
||||
{
|
||||
"expectation": "allowed",
|
||||
"origin": "cross-http-downgrade",
|
||||
"redirection": "no-redirect",
|
||||
"source_context_list": [
|
||||
{
|
||||
"policyDeliveries": [],
|
||||
"sourceContextType": "iframe-blank"
|
||||
}
|
||||
],
|
||||
"source_scheme": "https",
|
||||
"subresource": "sharedworker-import",
|
||||
"subresource_policy_deliveries": [],
|
||||
"test_description": "Upgrade-Insecure-Requests: Expects allowed for sharedworker-import to cross-http-downgrade origin and no-redirect redirection from https context."
|
||||
},
|
||||
{
|
||||
"expectation": "allowed",
|
||||
"origin": "cross-https",
|
||||
"redirection": "downgrade",
|
||||
"source_context_list": [
|
||||
{
|
||||
"policyDeliveries": [],
|
||||
"sourceContextType": "iframe-blank"
|
||||
}
|
||||
],
|
||||
"source_scheme": "https",
|
||||
"subresource": "sharedworker-import",
|
||||
"subresource_policy_deliveries": [],
|
||||
"test_description": "Upgrade-Insecure-Requests: Expects allowed for sharedworker-import to cross-https origin and downgrade redirection from https context."
|
||||
},
|
||||
{
|
||||
"expectation": "allowed",
|
||||
"origin": "same-http-downgrade",
|
||||
"redirection": "downgrade",
|
||||
"source_context_list": [
|
||||
{
|
||||
"policyDeliveries": [],
|
||||
"sourceContextType": "iframe-blank"
|
||||
}
|
||||
],
|
||||
"source_scheme": "https",
|
||||
"subresource": "sharedworker-import",
|
||||
"subresource_policy_deliveries": [],
|
||||
"test_description": "Upgrade-Insecure-Requests: Expects allowed for sharedworker-import to same-http-downgrade origin and downgrade redirection from https context."
|
||||
},
|
||||
{
|
||||
"expectation": "allowed",
|
||||
"origin": "same-http-downgrade",
|
||||
"redirection": "no-redirect",
|
||||
"source_context_list": [
|
||||
{
|
||||
"policyDeliveries": [],
|
||||
"sourceContextType": "iframe-blank"
|
||||
}
|
||||
],
|
||||
"source_scheme": "https",
|
||||
"subresource": "sharedworker-import",
|
||||
"subresource_policy_deliveries": [],
|
||||
"test_description": "Upgrade-Insecure-Requests: Expects allowed for sharedworker-import to same-http-downgrade origin and no-redirect redirection from https context."
|
||||
},
|
||||
{
|
||||
"expectation": "allowed",
|
||||
"origin": "same-https",
|
||||
"redirection": "downgrade",
|
||||
"source_context_list": [
|
||||
{
|
||||
"policyDeliveries": [],
|
||||
"sourceContextType": "iframe-blank"
|
||||
}
|
||||
],
|
||||
"source_scheme": "https",
|
||||
"subresource": "sharedworker-import",
|
||||
"subresource_policy_deliveries": [],
|
||||
"test_description": "Upgrade-Insecure-Requests: Expects allowed for sharedworker-import to same-https origin and downgrade redirection from https context."
|
||||
}
|
||||
],
|
||||
new SanityChecker()
|
||||
).start();
|
||||
</script>
|
||||
<div id="log"></div>
|
||||
</body>
|
||||
</html>
|
||||
|
|
@ -0,0 +1,113 @@
|
|||
<!DOCTYPE html>
|
||||
<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
|
||||
<html>
|
||||
<head>
|
||||
<meta charset="utf-8">
|
||||
<meta name="timeout" content="long">
|
||||
<meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
|
||||
<script src="/resources/testharness.js"></script>
|
||||
<script src="/resources/testharnessreport.js"></script>
|
||||
<script src="/common/security-features/resources/common.sub.js"></script>
|
||||
<script src="../../../generic/test-case.sub.js"></script>
|
||||
</head>
|
||||
<body>
|
||||
<script>
|
||||
TestCase(
|
||||
[
|
||||
{
|
||||
"expectation": "allowed",
|
||||
"origin": "cross-http-downgrade",
|
||||
"redirection": "downgrade",
|
||||
"source_context_list": [
|
||||
{
|
||||
"policyDeliveries": [],
|
||||
"sourceContextType": "iframe-blank"
|
||||
}
|
||||
],
|
||||
"source_scheme": "https",
|
||||
"subresource": "worker-import",
|
||||
"subresource_policy_deliveries": [],
|
||||
"test_description": "Upgrade-Insecure-Requests: Expects allowed for worker-import to cross-http-downgrade origin and downgrade redirection from https context."
|
||||
},
|
||||
{
|
||||
"expectation": "allowed",
|
||||
"origin": "cross-http-downgrade",
|
||||
"redirection": "no-redirect",
|
||||
"source_context_list": [
|
||||
{
|
||||
"policyDeliveries": [],
|
||||
"sourceContextType": "iframe-blank"
|
||||
}
|
||||
],
|
||||
"source_scheme": "https",
|
||||
"subresource": "worker-import",
|
||||
"subresource_policy_deliveries": [],
|
||||
"test_description": "Upgrade-Insecure-Requests: Expects allowed for worker-import to cross-http-downgrade origin and no-redirect redirection from https context."
|
||||
},
|
||||
{
|
||||
"expectation": "allowed",
|
||||
"origin": "cross-https",
|
||||
"redirection": "downgrade",
|
||||
"source_context_list": [
|
||||
{
|
||||
"policyDeliveries": [],
|
||||
"sourceContextType": "iframe-blank"
|
||||
}
|
||||
],
|
||||
"source_scheme": "https",
|
||||
"subresource": "worker-import",
|
||||
"subresource_policy_deliveries": [],
|
||||
"test_description": "Upgrade-Insecure-Requests: Expects allowed for worker-import to cross-https origin and downgrade redirection from https context."
|
||||
},
|
||||
{
|
||||
"expectation": "allowed",
|
||||
"origin": "same-http-downgrade",
|
||||
"redirection": "downgrade",
|
||||
"source_context_list": [
|
||||
{
|
||||
"policyDeliveries": [],
|
||||
"sourceContextType": "iframe-blank"
|
||||
}
|
||||
],
|
||||
"source_scheme": "https",
|
||||
"subresource": "worker-import",
|
||||
"subresource_policy_deliveries": [],
|
||||
"test_description": "Upgrade-Insecure-Requests: Expects allowed for worker-import to same-http-downgrade origin and downgrade redirection from https context."
|
||||
},
|
||||
{
|
||||
"expectation": "allowed",
|
||||
"origin": "same-http-downgrade",
|
||||
"redirection": "no-redirect",
|
||||
"source_context_list": [
|
||||
{
|
||||
"policyDeliveries": [],
|
||||
"sourceContextType": "iframe-blank"
|
||||
}
|
||||
],
|
||||
"source_scheme": "https",
|
||||
"subresource": "worker-import",
|
||||
"subresource_policy_deliveries": [],
|
||||
"test_description": "Upgrade-Insecure-Requests: Expects allowed for worker-import to same-http-downgrade origin and no-redirect redirection from https context."
|
||||
},
|
||||
{
|
||||
"expectation": "allowed",
|
||||
"origin": "same-https",
|
||||
"redirection": "downgrade",
|
||||
"source_context_list": [
|
||||
{
|
||||
"policyDeliveries": [],
|
||||
"sourceContextType": "iframe-blank"
|
||||
}
|
||||
],
|
||||
"source_scheme": "https",
|
||||
"subresource": "worker-import",
|
||||
"subresource_policy_deliveries": [],
|
||||
"test_description": "Upgrade-Insecure-Requests: Expects allowed for worker-import to same-https origin and downgrade redirection from https context."
|
||||
}
|
||||
],
|
||||
new SanityChecker()
|
||||
).start();
|
||||
</script>
|
||||
<div id="log"></div>
|
||||
</body>
|
||||
</html>
|
||||
|
|
@ -0,0 +1,112 @@
|
|||
<!DOCTYPE html>
|
||||
<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
|
||||
<html>
|
||||
<head>
|
||||
<meta charset="utf-8">
|
||||
<meta name="timeout" content="long">
|
||||
<script src="/resources/testharness.js"></script>
|
||||
<script src="/resources/testharnessreport.js"></script>
|
||||
<script src="/common/security-features/resources/common.sub.js"></script>
|
||||
<script src="../../../generic/test-case.sub.js"></script>
|
||||
</head>
|
||||
<body>
|
||||
<script>
|
||||
TestCase(
|
||||
[
|
||||
{
|
||||
"expectation": "blocked",
|
||||
"origin": "cross-http-downgrade",
|
||||
"redirection": "downgrade",
|
||||
"source_context_list": [
|
||||
{
|
||||
"policyDeliveries": [],
|
||||
"sourceContextType": "srcdoc"
|
||||
}
|
||||
],
|
||||
"source_scheme": "https",
|
||||
"subresource": "sharedworker-import",
|
||||
"subresource_policy_deliveries": [],
|
||||
"test_description": "Upgrade-Insecure-Requests: Expects blocked for sharedworker-import to cross-http-downgrade origin and downgrade redirection from https context."
|
||||
},
|
||||
{
|
||||
"expectation": "blocked",
|
||||
"origin": "cross-http-downgrade",
|
||||
"redirection": "no-redirect",
|
||||
"source_context_list": [
|
||||
{
|
||||
"policyDeliveries": [],
|
||||
"sourceContextType": "srcdoc"
|
||||
}
|
||||
],
|
||||
"source_scheme": "https",
|
||||
"subresource": "sharedworker-import",
|
||||
"subresource_policy_deliveries": [],
|
||||
"test_description": "Upgrade-Insecure-Requests: Expects blocked for sharedworker-import to cross-http-downgrade origin and no-redirect redirection from https context."
|
||||
},
|
||||
{
|
||||
"expectation": "blocked",
|
||||
"origin": "cross-https",
|
||||
"redirection": "downgrade",
|
||||
"source_context_list": [
|
||||
{
|
||||
"policyDeliveries": [],
|
||||
"sourceContextType": "srcdoc"
|
||||
}
|
||||
],
|
||||
"source_scheme": "https",
|
||||
"subresource": "sharedworker-import",
|
||||
"subresource_policy_deliveries": [],
|
||||
"test_description": "Upgrade-Insecure-Requests: Expects blocked for sharedworker-import to cross-https origin and downgrade redirection from https context."
|
||||
},
|
||||
{
|
||||
"expectation": "blocked",
|
||||
"origin": "same-http-downgrade",
|
||||
"redirection": "downgrade",
|
||||
"source_context_list": [
|
||||
{
|
||||
"policyDeliveries": [],
|
||||
"sourceContextType": "srcdoc"
|
||||
}
|
||||
],
|
||||
"source_scheme": "https",
|
||||
"subresource": "sharedworker-import",
|
||||
"subresource_policy_deliveries": [],
|
||||
"test_description": "Upgrade-Insecure-Requests: Expects blocked for sharedworker-import to same-http-downgrade origin and downgrade redirection from https context."
|
||||
},
|
||||
{
|
||||
"expectation": "blocked",
|
||||
"origin": "same-http-downgrade",
|
||||
"redirection": "no-redirect",
|
||||
"source_context_list": [
|
||||
{
|
||||
"policyDeliveries": [],
|
||||
"sourceContextType": "srcdoc"
|
||||
}
|
||||
],
|
||||
"source_scheme": "https",
|
||||
"subresource": "sharedworker-import",
|
||||
"subresource_policy_deliveries": [],
|
||||
"test_description": "Upgrade-Insecure-Requests: Expects blocked for sharedworker-import to same-http-downgrade origin and no-redirect redirection from https context."
|
||||
},
|
||||
{
|
||||
"expectation": "blocked",
|
||||
"origin": "same-https",
|
||||
"redirection": "downgrade",
|
||||
"source_context_list": [
|
||||
{
|
||||
"policyDeliveries": [],
|
||||
"sourceContextType": "srcdoc"
|
||||
}
|
||||
],
|
||||
"source_scheme": "https",
|
||||
"subresource": "sharedworker-import",
|
||||
"subresource_policy_deliveries": [],
|
||||
"test_description": "Upgrade-Insecure-Requests: Expects blocked for sharedworker-import to same-https origin and downgrade redirection from https context."
|
||||
}
|
||||
],
|
||||
new SanityChecker()
|
||||
).start();
|
||||
</script>
|
||||
<div id="log"></div>
|
||||
</body>
|
||||
</html>
|
||||
|
|
@ -0,0 +1,112 @@
|
|||
<!DOCTYPE html>
|
||||
<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
|
||||
<html>
|
||||
<head>
|
||||
<meta charset="utf-8">
|
||||
<meta name="timeout" content="long">
|
||||
<script src="/resources/testharness.js"></script>
|
||||
<script src="/resources/testharnessreport.js"></script>
|
||||
<script src="/common/security-features/resources/common.sub.js"></script>
|
||||
<script src="../../../generic/test-case.sub.js"></script>
|
||||
</head>
|
||||
<body>
|
||||
<script>
|
||||
TestCase(
|
||||
[
|
||||
{
|
||||
"expectation": "blocked",
|
||||
"origin": "cross-http-downgrade",
|
||||
"redirection": "downgrade",
|
||||
"source_context_list": [
|
||||
{
|
||||
"policyDeliveries": [],
|
||||
"sourceContextType": "srcdoc"
|
||||
}
|
||||
],
|
||||
"source_scheme": "https",
|
||||
"subresource": "worker-import",
|
||||
"subresource_policy_deliveries": [],
|
||||
"test_description": "Upgrade-Insecure-Requests: Expects blocked for worker-import to cross-http-downgrade origin and downgrade redirection from https context."
|
||||
},
|
||||
{
|
||||
"expectation": "blocked",
|
||||
"origin": "cross-http-downgrade",
|
||||
"redirection": "no-redirect",
|
||||
"source_context_list": [
|
||||
{
|
||||
"policyDeliveries": [],
|
||||
"sourceContextType": "srcdoc"
|
||||
}
|
||||
],
|
||||
"source_scheme": "https",
|
||||
"subresource": "worker-import",
|
||||
"subresource_policy_deliveries": [],
|
||||
"test_description": "Upgrade-Insecure-Requests: Expects blocked for worker-import to cross-http-downgrade origin and no-redirect redirection from https context."
|
||||
},
|
||||
{
|
||||
"expectation": "blocked",
|
||||
"origin": "cross-https",
|
||||
"redirection": "downgrade",
|
||||
"source_context_list": [
|
||||
{
|
||||
"policyDeliveries": [],
|
||||
"sourceContextType": "srcdoc"
|
||||
}
|
||||
],
|
||||
"source_scheme": "https",
|
||||
"subresource": "worker-import",
|
||||
"subresource_policy_deliveries": [],
|
||||
"test_description": "Upgrade-Insecure-Requests: Expects blocked for worker-import to cross-https origin and downgrade redirection from https context."
|
||||
},
|
||||
{
|
||||
"expectation": "blocked",
|
||||
"origin": "same-http-downgrade",
|
||||
"redirection": "downgrade",
|
||||
"source_context_list": [
|
||||
{
|
||||
"policyDeliveries": [],
|
||||
"sourceContextType": "srcdoc"
|
||||
}
|
||||
],
|
||||
"source_scheme": "https",
|
||||
"subresource": "worker-import",
|
||||
"subresource_policy_deliveries": [],
|
||||
"test_description": "Upgrade-Insecure-Requests: Expects blocked for worker-import to same-http-downgrade origin and downgrade redirection from https context."
|
||||
},
|
||||
{
|
||||
"expectation": "blocked",
|
||||
"origin": "same-http-downgrade",
|
||||
"redirection": "no-redirect",
|
||||
"source_context_list": [
|
||||
{
|
||||
"policyDeliveries": [],
|
||||
"sourceContextType": "srcdoc"
|
||||
}
|
||||
],
|
||||
"source_scheme": "https",
|
||||
"subresource": "worker-import",
|
||||
"subresource_policy_deliveries": [],
|
||||
"test_description": "Upgrade-Insecure-Requests: Expects blocked for worker-import to same-http-downgrade origin and no-redirect redirection from https context."
|
||||
},
|
||||
{
|
||||
"expectation": "blocked",
|
||||
"origin": "same-https",
|
||||
"redirection": "downgrade",
|
||||
"source_context_list": [
|
||||
{
|
||||
"policyDeliveries": [],
|
||||
"sourceContextType": "srcdoc"
|
||||
}
|
||||
],
|
||||
"source_scheme": "https",
|
||||
"subresource": "worker-import",
|
||||
"subresource_policy_deliveries": [],
|
||||
"test_description": "Upgrade-Insecure-Requests: Expects blocked for worker-import to same-https origin and downgrade redirection from https context."
|
||||
}
|
||||
],
|
||||
new SanityChecker()
|
||||
).start();
|
||||
</script>
|
||||
<div id="log"></div>
|
||||
</body>
|
||||
</html>
|
||||
|
|
@ -0,0 +1,113 @@
|
|||
<!DOCTYPE html>
|
||||
<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
|
||||
<html>
|
||||
<head>
|
||||
<meta charset="utf-8">
|
||||
<meta name="timeout" content="long">
|
||||
<meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
|
||||
<script src="/resources/testharness.js"></script>
|
||||
<script src="/resources/testharnessreport.js"></script>
|
||||
<script src="/common/security-features/resources/common.sub.js"></script>
|
||||
<script src="../../../generic/test-case.sub.js"></script>
|
||||
</head>
|
||||
<body>
|
||||
<script>
|
||||
TestCase(
|
||||
[
|
||||
{
|
||||
"expectation": "allowed",
|
||||
"origin": "cross-http-downgrade",
|
||||
"redirection": "downgrade",
|
||||
"source_context_list": [
|
||||
{
|
||||
"policyDeliveries": [],
|
||||
"sourceContextType": "srcdoc"
|
||||
}
|
||||
],
|
||||
"source_scheme": "https",
|
||||
"subresource": "sharedworker-import",
|
||||
"subresource_policy_deliveries": [],
|
||||
"test_description": "Upgrade-Insecure-Requests: Expects allowed for sharedworker-import to cross-http-downgrade origin and downgrade redirection from https context."
|
||||
},
|
||||
{
|
||||
"expectation": "allowed",
|
||||
"origin": "cross-http-downgrade",
|
||||
"redirection": "no-redirect",
|
||||
"source_context_list": [
|
||||
{
|
||||
"policyDeliveries": [],
|
||||
"sourceContextType": "srcdoc"
|
||||
}
|
||||
],
|
||||
"source_scheme": "https",
|
||||
"subresource": "sharedworker-import",
|
||||
"subresource_policy_deliveries": [],
|
||||
"test_description": "Upgrade-Insecure-Requests: Expects allowed for sharedworker-import to cross-http-downgrade origin and no-redirect redirection from https context."
|
||||
},
|
||||
{
|
||||
"expectation": "allowed",
|
||||
"origin": "cross-https",
|
||||
"redirection": "downgrade",
|
||||
"source_context_list": [
|
||||
{
|
||||
"policyDeliveries": [],
|
||||
"sourceContextType": "srcdoc"
|
||||
}
|
||||
],
|
||||
"source_scheme": "https",
|
||||
"subresource": "sharedworker-import",
|
||||
"subresource_policy_deliveries": [],
|
||||
"test_description": "Upgrade-Insecure-Requests: Expects allowed for sharedworker-import to cross-https origin and downgrade redirection from https context."
|
||||
},
|
||||
{
|
||||
"expectation": "allowed",
|
||||
"origin": "same-http-downgrade",
|
||||
"redirection": "downgrade",
|
||||
"source_context_list": [
|
||||
{
|
||||
"policyDeliveries": [],
|
||||
"sourceContextType": "srcdoc"
|
||||
}
|
||||
],
|
||||
"source_scheme": "https",
|
||||
"subresource": "sharedworker-import",
|
||||
"subresource_policy_deliveries": [],
|
||||
"test_description": "Upgrade-Insecure-Requests: Expects allowed for sharedworker-import to same-http-downgrade origin and downgrade redirection from https context."
|
||||
},
|
||||
{
|
||||
"expectation": "allowed",
|
||||
"origin": "same-http-downgrade",
|
||||
"redirection": "no-redirect",
|
||||
"source_context_list": [
|
||||
{
|
||||
"policyDeliveries": [],
|
||||
"sourceContextType": "srcdoc"
|
||||
}
|
||||
],
|
||||
"source_scheme": "https",
|
||||
"subresource": "sharedworker-import",
|
||||
"subresource_policy_deliveries": [],
|
||||
"test_description": "Upgrade-Insecure-Requests: Expects allowed for sharedworker-import to same-http-downgrade origin and no-redirect redirection from https context."
|
||||
},
|
||||
{
|
||||
"expectation": "allowed",
|
||||
"origin": "same-https",
|
||||
"redirection": "downgrade",
|
||||
"source_context_list": [
|
||||
{
|
||||
"policyDeliveries": [],
|
||||
"sourceContextType": "srcdoc"
|
||||
}
|
||||
],
|
||||
"source_scheme": "https",
|
||||
"subresource": "sharedworker-import",
|
||||
"subresource_policy_deliveries": [],
|
||||
"test_description": "Upgrade-Insecure-Requests: Expects allowed for sharedworker-import to same-https origin and downgrade redirection from https context."
|
||||
}
|
||||
],
|
||||
new SanityChecker()
|
||||
).start();
|
||||
</script>
|
||||
<div id="log"></div>
|
||||
</body>
|
||||
</html>
|
||||
|
|
@ -0,0 +1,113 @@
|
|||
<!DOCTYPE html>
|
||||
<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
|
||||
<html>
|
||||
<head>
|
||||
<meta charset="utf-8">
|
||||
<meta name="timeout" content="long">
|
||||
<meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
|
||||
<script src="/resources/testharness.js"></script>
|
||||
<script src="/resources/testharnessreport.js"></script>
|
||||
<script src="/common/security-features/resources/common.sub.js"></script>
|
||||
<script src="../../../generic/test-case.sub.js"></script>
|
||||
</head>
|
||||
<body>
|
||||
<script>
|
||||
TestCase(
|
||||
[
|
||||
{
|
||||
"expectation": "allowed",
|
||||
"origin": "cross-http-downgrade",
|
||||
"redirection": "downgrade",
|
||||
"source_context_list": [
|
||||
{
|
||||
"policyDeliveries": [],
|
||||
"sourceContextType": "srcdoc"
|
||||
}
|
||||
],
|
||||
"source_scheme": "https",
|
||||
"subresource": "worker-import",
|
||||
"subresource_policy_deliveries": [],
|
||||
"test_description": "Upgrade-Insecure-Requests: Expects allowed for worker-import to cross-http-downgrade origin and downgrade redirection from https context."
|
||||
},
|
||||
{
|
||||
"expectation": "allowed",
|
||||
"origin": "cross-http-downgrade",
|
||||
"redirection": "no-redirect",
|
||||
"source_context_list": [
|
||||
{
|
||||
"policyDeliveries": [],
|
||||
"sourceContextType": "srcdoc"
|
||||
}
|
||||
],
|
||||
"source_scheme": "https",
|
||||
"subresource": "worker-import",
|
||||
"subresource_policy_deliveries": [],
|
||||
"test_description": "Upgrade-Insecure-Requests: Expects allowed for worker-import to cross-http-downgrade origin and no-redirect redirection from https context."
|
||||
},
|
||||
{
|
||||
"expectation": "allowed",
|
||||
"origin": "cross-https",
|
||||
"redirection": "downgrade",
|
||||
"source_context_list": [
|
||||
{
|
||||
"policyDeliveries": [],
|
||||
"sourceContextType": "srcdoc"
|
||||
}
|
||||
],
|
||||
"source_scheme": "https",
|
||||
"subresource": "worker-import",
|
||||
"subresource_policy_deliveries": [],
|
||||
"test_description": "Upgrade-Insecure-Requests: Expects allowed for worker-import to cross-https origin and downgrade redirection from https context."
|
||||
},
|
||||
{
|
||||
"expectation": "allowed",
|
||||
"origin": "same-http-downgrade",
|
||||
"redirection": "downgrade",
|
||||
"source_context_list": [
|
||||
{
|
||||
"policyDeliveries": [],
|
||||
"sourceContextType": "srcdoc"
|
||||
}
|
||||
],
|
||||
"source_scheme": "https",
|
||||
"subresource": "worker-import",
|
||||
"subresource_policy_deliveries": [],
|
||||
"test_description": "Upgrade-Insecure-Requests: Expects allowed for worker-import to same-http-downgrade origin and downgrade redirection from https context."
|
||||
},
|
||||
{
|
||||
"expectation": "allowed",
|
||||
"origin": "same-http-downgrade",
|
||||
"redirection": "no-redirect",
|
||||
"source_context_list": [
|
||||
{
|
||||
"policyDeliveries": [],
|
||||
"sourceContextType": "srcdoc"
|
||||
}
|
||||
],
|
||||
"source_scheme": "https",
|
||||
"subresource": "worker-import",
|
||||
"subresource_policy_deliveries": [],
|
||||
"test_description": "Upgrade-Insecure-Requests: Expects allowed for worker-import to same-http-downgrade origin and no-redirect redirection from https context."
|
||||
},
|
||||
{
|
||||
"expectation": "allowed",
|
||||
"origin": "same-https",
|
||||
"redirection": "downgrade",
|
||||
"source_context_list": [
|
||||
{
|
||||
"policyDeliveries": [],
|
||||
"sourceContextType": "srcdoc"
|
||||
}
|
||||
],
|
||||
"source_scheme": "https",
|
||||
"subresource": "worker-import",
|
||||
"subresource_policy_deliveries": [],
|
||||
"test_description": "Upgrade-Insecure-Requests: Expects allowed for worker-import to same-https origin and downgrade redirection from https context."
|
||||
}
|
||||
],
|
||||
new SanityChecker()
|
||||
).start();
|
||||
</script>
|
||||
<div id="log"></div>
|
||||
</body>
|
||||
</html>
|
||||
|
|
@ -0,0 +1,82 @@
|
|||
<!DOCTYPE html>
|
||||
<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
|
||||
<html>
|
||||
<head>
|
||||
<meta charset="utf-8">
|
||||
<meta name="timeout" content="long">
|
||||
<script src="/resources/testharness.js"></script>
|
||||
<script src="/resources/testharnessreport.js"></script>
|
||||
<script src="/common/security-features/resources/common.sub.js"></script>
|
||||
<script src="../../../generic/test-case.sub.js"></script>
|
||||
</head>
|
||||
<body>
|
||||
<script>
|
||||
TestCase(
|
||||
[
|
||||
{
|
||||
"expectation": "allowed",
|
||||
"origin": "cross-http-downgrade",
|
||||
"redirection": "downgrade",
|
||||
"source_context_list": [],
|
||||
"source_scheme": "https",
|
||||
"subresource": "sharedworker-import",
|
||||
"subresource_policy_deliveries": [],
|
||||
"test_description": "Upgrade-Insecure-Requests: Expects allowed for sharedworker-import to cross-http-downgrade origin and downgrade redirection from https context."
|
||||
},
|
||||
{
|
||||
"expectation": "allowed",
|
||||
"origin": "cross-http-downgrade",
|
||||
"redirection": "no-redirect",
|
||||
"source_context_list": [],
|
||||
"source_scheme": "https",
|
||||
"subresource": "sharedworker-import",
|
||||
"subresource_policy_deliveries": [],
|
||||
"test_description": "Upgrade-Insecure-Requests: Expects allowed for sharedworker-import to cross-http-downgrade origin and no-redirect redirection from https context."
|
||||
},
|
||||
{
|
||||
"expectation": "allowed",
|
||||
"origin": "cross-https",
|
||||
"redirection": "downgrade",
|
||||
"source_context_list": [],
|
||||
"source_scheme": "https",
|
||||
"subresource": "sharedworker-import",
|
||||
"subresource_policy_deliveries": [],
|
||||
"test_description": "Upgrade-Insecure-Requests: Expects allowed for sharedworker-import to cross-https origin and downgrade redirection from https context."
|
||||
},
|
||||
{
|
||||
"expectation": "allowed",
|
||||
"origin": "same-http-downgrade",
|
||||
"redirection": "downgrade",
|
||||
"source_context_list": [],
|
||||
"source_scheme": "https",
|
||||
"subresource": "sharedworker-import",
|
||||
"subresource_policy_deliveries": [],
|
||||
"test_description": "Upgrade-Insecure-Requests: Expects allowed for sharedworker-import to same-http-downgrade origin and downgrade redirection from https context."
|
||||
},
|
||||
{
|
||||
"expectation": "allowed",
|
||||
"origin": "same-http-downgrade",
|
||||
"redirection": "no-redirect",
|
||||
"source_context_list": [],
|
||||
"source_scheme": "https",
|
||||
"subresource": "sharedworker-import",
|
||||
"subresource_policy_deliveries": [],
|
||||
"test_description": "Upgrade-Insecure-Requests: Expects allowed for sharedworker-import to same-http-downgrade origin and no-redirect redirection from https context."
|
||||
},
|
||||
{
|
||||
"expectation": "allowed",
|
||||
"origin": "same-https",
|
||||
"redirection": "downgrade",
|
||||
"source_context_list": [],
|
||||
"source_scheme": "https",
|
||||
"subresource": "sharedworker-import",
|
||||
"subresource_policy_deliveries": [],
|
||||
"test_description": "Upgrade-Insecure-Requests: Expects allowed for sharedworker-import to same-https origin and downgrade redirection from https context."
|
||||
}
|
||||
],
|
||||
new SanityChecker()
|
||||
).start();
|
||||
</script>
|
||||
<div id="log"></div>
|
||||
</body>
|
||||
</html>
|
||||
|
|
@ -0,0 +1 @@
|
|||
Content-Security-Policy: upgrade-insecure-requests
|
||||
|
|
@ -0,0 +1,82 @@
|
|||
<!DOCTYPE html>
|
||||
<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
|
||||
<html>
|
||||
<head>
|
||||
<meta charset="utf-8">
|
||||
<meta name="timeout" content="long">
|
||||
<script src="/resources/testharness.js"></script>
|
||||
<script src="/resources/testharnessreport.js"></script>
|
||||
<script src="/common/security-features/resources/common.sub.js"></script>
|
||||
<script src="../../../generic/test-case.sub.js"></script>
|
||||
</head>
|
||||
<body>
|
||||
<script>
|
||||
TestCase(
|
||||
[
|
||||
{
|
||||
"expectation": "allowed",
|
||||
"origin": "cross-http-downgrade",
|
||||
"redirection": "downgrade",
|
||||
"source_context_list": [],
|
||||
"source_scheme": "https",
|
||||
"subresource": "worker-import",
|
||||
"subresource_policy_deliveries": [],
|
||||
"test_description": "Upgrade-Insecure-Requests: Expects allowed for worker-import to cross-http-downgrade origin and downgrade redirection from https context."
|
||||
},
|
||||
{
|
||||
"expectation": "allowed",
|
||||
"origin": "cross-http-downgrade",
|
||||
"redirection": "no-redirect",
|
||||
"source_context_list": [],
|
||||
"source_scheme": "https",
|
||||
"subresource": "worker-import",
|
||||
"subresource_policy_deliveries": [],
|
||||
"test_description": "Upgrade-Insecure-Requests: Expects allowed for worker-import to cross-http-downgrade origin and no-redirect redirection from https context."
|
||||
},
|
||||
{
|
||||
"expectation": "allowed",
|
||||
"origin": "cross-https",
|
||||
"redirection": "downgrade",
|
||||
"source_context_list": [],
|
||||
"source_scheme": "https",
|
||||
"subresource": "worker-import",
|
||||
"subresource_policy_deliveries": [],
|
||||
"test_description": "Upgrade-Insecure-Requests: Expects allowed for worker-import to cross-https origin and downgrade redirection from https context."
|
||||
},
|
||||
{
|
||||
"expectation": "allowed",
|
||||
"origin": "same-http-downgrade",
|
||||
"redirection": "downgrade",
|
||||
"source_context_list": [],
|
||||
"source_scheme": "https",
|
||||
"subresource": "worker-import",
|
||||
"subresource_policy_deliveries": [],
|
||||
"test_description": "Upgrade-Insecure-Requests: Expects allowed for worker-import to same-http-downgrade origin and downgrade redirection from https context."
|
||||
},
|
||||
{
|
||||
"expectation": "allowed",
|
||||
"origin": "same-http-downgrade",
|
||||
"redirection": "no-redirect",
|
||||
"source_context_list": [],
|
||||
"source_scheme": "https",
|
||||
"subresource": "worker-import",
|
||||
"subresource_policy_deliveries": [],
|
||||
"test_description": "Upgrade-Insecure-Requests: Expects allowed for worker-import to same-http-downgrade origin and no-redirect redirection from https context."
|
||||
},
|
||||
{
|
||||
"expectation": "allowed",
|
||||
"origin": "same-https",
|
||||
"redirection": "downgrade",
|
||||
"source_context_list": [],
|
||||
"source_scheme": "https",
|
||||
"subresource": "worker-import",
|
||||
"subresource_policy_deliveries": [],
|
||||
"test_description": "Upgrade-Insecure-Requests: Expects allowed for worker-import to same-https origin and downgrade redirection from https context."
|
||||
}
|
||||
],
|
||||
new SanityChecker()
|
||||
).start();
|
||||
</script>
|
||||
<div id="log"></div>
|
||||
</body>
|
||||
</html>
|
||||
|
|
@ -0,0 +1 @@
|
|||
Content-Security-Policy: upgrade-insecure-requests
|
||||
|
|
@ -0,0 +1,82 @@
|
|||
<!DOCTYPE html>
|
||||
<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
|
||||
<html>
|
||||
<head>
|
||||
<meta charset="utf-8">
|
||||
<meta name="timeout" content="long">
|
||||
<script src="/resources/testharness.js"></script>
|
||||
<script src="/resources/testharnessreport.js"></script>
|
||||
<script src="/common/security-features/resources/common.sub.js"></script>
|
||||
<script src="../../../generic/test-case.sub.js"></script>
|
||||
</head>
|
||||
<body>
|
||||
<script>
|
||||
TestCase(
|
||||
[
|
||||
{
|
||||
"expectation": "blocked",
|
||||
"origin": "cross-http-downgrade",
|
||||
"redirection": "downgrade",
|
||||
"source_context_list": [],
|
||||
"source_scheme": "https",
|
||||
"subresource": "sharedworker-import",
|
||||
"subresource_policy_deliveries": [],
|
||||
"test_description": "Upgrade-Insecure-Requests: Expects blocked for sharedworker-import to cross-http-downgrade origin and downgrade redirection from https context."
|
||||
},
|
||||
{
|
||||
"expectation": "blocked",
|
||||
"origin": "cross-http-downgrade",
|
||||
"redirection": "no-redirect",
|
||||
"source_context_list": [],
|
||||
"source_scheme": "https",
|
||||
"subresource": "sharedworker-import",
|
||||
"subresource_policy_deliveries": [],
|
||||
"test_description": "Upgrade-Insecure-Requests: Expects blocked for sharedworker-import to cross-http-downgrade origin and no-redirect redirection from https context."
|
||||
},
|
||||
{
|
||||
"expectation": "blocked",
|
||||
"origin": "cross-https",
|
||||
"redirection": "downgrade",
|
||||
"source_context_list": [],
|
||||
"source_scheme": "https",
|
||||
"subresource": "sharedworker-import",
|
||||
"subresource_policy_deliveries": [],
|
||||
"test_description": "Upgrade-Insecure-Requests: Expects blocked for sharedworker-import to cross-https origin and downgrade redirection from https context."
|
||||
},
|
||||
{
|
||||
"expectation": "blocked",
|
||||
"origin": "same-http-downgrade",
|
||||
"redirection": "downgrade",
|
||||
"source_context_list": [],
|
||||
"source_scheme": "https",
|
||||
"subresource": "sharedworker-import",
|
||||
"subresource_policy_deliveries": [],
|
||||
"test_description": "Upgrade-Insecure-Requests: Expects blocked for sharedworker-import to same-http-downgrade origin and downgrade redirection from https context."
|
||||
},
|
||||
{
|
||||
"expectation": "blocked",
|
||||
"origin": "same-http-downgrade",
|
||||
"redirection": "no-redirect",
|
||||
"source_context_list": [],
|
||||
"source_scheme": "https",
|
||||
"subresource": "sharedworker-import",
|
||||
"subresource_policy_deliveries": [],
|
||||
"test_description": "Upgrade-Insecure-Requests: Expects blocked for sharedworker-import to same-http-downgrade origin and no-redirect redirection from https context."
|
||||
},
|
||||
{
|
||||
"expectation": "blocked",
|
||||
"origin": "same-https",
|
||||
"redirection": "downgrade",
|
||||
"source_context_list": [],
|
||||
"source_scheme": "https",
|
||||
"subresource": "sharedworker-import",
|
||||
"subresource_policy_deliveries": [],
|
||||
"test_description": "Upgrade-Insecure-Requests: Expects blocked for sharedworker-import to same-https origin and downgrade redirection from https context."
|
||||
}
|
||||
],
|
||||
new SanityChecker()
|
||||
).start();
|
||||
</script>
|
||||
<div id="log"></div>
|
||||
</body>
|
||||
</html>
|
||||
|
|
@ -0,0 +1,82 @@
|
|||
<!DOCTYPE html>
|
||||
<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
|
||||
<html>
|
||||
<head>
|
||||
<meta charset="utf-8">
|
||||
<meta name="timeout" content="long">
|
||||
<script src="/resources/testharness.js"></script>
|
||||
<script src="/resources/testharnessreport.js"></script>
|
||||
<script src="/common/security-features/resources/common.sub.js"></script>
|
||||
<script src="../../../generic/test-case.sub.js"></script>
|
||||
</head>
|
||||
<body>
|
||||
<script>
|
||||
TestCase(
|
||||
[
|
||||
{
|
||||
"expectation": "blocked",
|
||||
"origin": "cross-http-downgrade",
|
||||
"redirection": "downgrade",
|
||||
"source_context_list": [],
|
||||
"source_scheme": "https",
|
||||
"subresource": "worker-import",
|
||||
"subresource_policy_deliveries": [],
|
||||
"test_description": "Upgrade-Insecure-Requests: Expects blocked for worker-import to cross-http-downgrade origin and downgrade redirection from https context."
|
||||
},
|
||||
{
|
||||
"expectation": "blocked",
|
||||
"origin": "cross-http-downgrade",
|
||||
"redirection": "no-redirect",
|
||||
"source_context_list": [],
|
||||
"source_scheme": "https",
|
||||
"subresource": "worker-import",
|
||||
"subresource_policy_deliveries": [],
|
||||
"test_description": "Upgrade-Insecure-Requests: Expects blocked for worker-import to cross-http-downgrade origin and no-redirect redirection from https context."
|
||||
},
|
||||
{
|
||||
"expectation": "blocked",
|
||||
"origin": "cross-https",
|
||||
"redirection": "downgrade",
|
||||
"source_context_list": [],
|
||||
"source_scheme": "https",
|
||||
"subresource": "worker-import",
|
||||
"subresource_policy_deliveries": [],
|
||||
"test_description": "Upgrade-Insecure-Requests: Expects blocked for worker-import to cross-https origin and downgrade redirection from https context."
|
||||
},
|
||||
{
|
||||
"expectation": "blocked",
|
||||
"origin": "same-http-downgrade",
|
||||
"redirection": "downgrade",
|
||||
"source_context_list": [],
|
||||
"source_scheme": "https",
|
||||
"subresource": "worker-import",
|
||||
"subresource_policy_deliveries": [],
|
||||
"test_description": "Upgrade-Insecure-Requests: Expects blocked for worker-import to same-http-downgrade origin and downgrade redirection from https context."
|
||||
},
|
||||
{
|
||||
"expectation": "blocked",
|
||||
"origin": "same-http-downgrade",
|
||||
"redirection": "no-redirect",
|
||||
"source_context_list": [],
|
||||
"source_scheme": "https",
|
||||
"subresource": "worker-import",
|
||||
"subresource_policy_deliveries": [],
|
||||
"test_description": "Upgrade-Insecure-Requests: Expects blocked for worker-import to same-http-downgrade origin and no-redirect redirection from https context."
|
||||
},
|
||||
{
|
||||
"expectation": "blocked",
|
||||
"origin": "same-https",
|
||||
"redirection": "downgrade",
|
||||
"source_context_list": [],
|
||||
"source_scheme": "https",
|
||||
"subresource": "worker-import",
|
||||
"subresource_policy_deliveries": [],
|
||||
"test_description": "Upgrade-Insecure-Requests: Expects blocked for worker-import to same-https origin and downgrade redirection from https context."
|
||||
}
|
||||
],
|
||||
new SanityChecker()
|
||||
).start();
|
||||
</script>
|
||||
<div id="log"></div>
|
||||
</body>
|
||||
</html>
|
||||
|
|
@ -0,0 +1,83 @@
|
|||
<!DOCTYPE html>
|
||||
<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
|
||||
<html>
|
||||
<head>
|
||||
<meta charset="utf-8">
|
||||
<meta name="timeout" content="long">
|
||||
<meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
|
||||
<script src="/resources/testharness.js"></script>
|
||||
<script src="/resources/testharnessreport.js"></script>
|
||||
<script src="/common/security-features/resources/common.sub.js"></script>
|
||||
<script src="../../../generic/test-case.sub.js"></script>
|
||||
</head>
|
||||
<body>
|
||||
<script>
|
||||
TestCase(
|
||||
[
|
||||
{
|
||||
"expectation": "allowed",
|
||||
"origin": "cross-http-downgrade",
|
||||
"redirection": "downgrade",
|
||||
"source_context_list": [],
|
||||
"source_scheme": "https",
|
||||
"subresource": "sharedworker-import",
|
||||
"subresource_policy_deliveries": [],
|
||||
"test_description": "Upgrade-Insecure-Requests: Expects allowed for sharedworker-import to cross-http-downgrade origin and downgrade redirection from https context."
|
||||
},
|
||||
{
|
||||
"expectation": "allowed",
|
||||
"origin": "cross-http-downgrade",
|
||||
"redirection": "no-redirect",
|
||||
"source_context_list": [],
|
||||
"source_scheme": "https",
|
||||
"subresource": "sharedworker-import",
|
||||
"subresource_policy_deliveries": [],
|
||||
"test_description": "Upgrade-Insecure-Requests: Expects allowed for sharedworker-import to cross-http-downgrade origin and no-redirect redirection from https context."
|
||||
},
|
||||
{
|
||||
"expectation": "allowed",
|
||||
"origin": "cross-https",
|
||||
"redirection": "downgrade",
|
||||
"source_context_list": [],
|
||||
"source_scheme": "https",
|
||||
"subresource": "sharedworker-import",
|
||||
"subresource_policy_deliveries": [],
|
||||
"test_description": "Upgrade-Insecure-Requests: Expects allowed for sharedworker-import to cross-https origin and downgrade redirection from https context."
|
||||
},
|
||||
{
|
||||
"expectation": "allowed",
|
||||
"origin": "same-http-downgrade",
|
||||
"redirection": "downgrade",
|
||||
"source_context_list": [],
|
||||
"source_scheme": "https",
|
||||
"subresource": "sharedworker-import",
|
||||
"subresource_policy_deliveries": [],
|
||||
"test_description": "Upgrade-Insecure-Requests: Expects allowed for sharedworker-import to same-http-downgrade origin and downgrade redirection from https context."
|
||||
},
|
||||
{
|
||||
"expectation": "allowed",
|
||||
"origin": "same-http-downgrade",
|
||||
"redirection": "no-redirect",
|
||||
"source_context_list": [],
|
||||
"source_scheme": "https",
|
||||
"subresource": "sharedworker-import",
|
||||
"subresource_policy_deliveries": [],
|
||||
"test_description": "Upgrade-Insecure-Requests: Expects allowed for sharedworker-import to same-http-downgrade origin and no-redirect redirection from https context."
|
||||
},
|
||||
{
|
||||
"expectation": "allowed",
|
||||
"origin": "same-https",
|
||||
"redirection": "downgrade",
|
||||
"source_context_list": [],
|
||||
"source_scheme": "https",
|
||||
"subresource": "sharedworker-import",
|
||||
"subresource_policy_deliveries": [],
|
||||
"test_description": "Upgrade-Insecure-Requests: Expects allowed for sharedworker-import to same-https origin and downgrade redirection from https context."
|
||||
}
|
||||
],
|
||||
new SanityChecker()
|
||||
).start();
|
||||
</script>
|
||||
<div id="log"></div>
|
||||
</body>
|
||||
</html>
|
||||
|
|
@ -0,0 +1,83 @@
|
|||
<!DOCTYPE html>
|
||||
<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
|
||||
<html>
|
||||
<head>
|
||||
<meta charset="utf-8">
|
||||
<meta name="timeout" content="long">
|
||||
<meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
|
||||
<script src="/resources/testharness.js"></script>
|
||||
<script src="/resources/testharnessreport.js"></script>
|
||||
<script src="/common/security-features/resources/common.sub.js"></script>
|
||||
<script src="../../../generic/test-case.sub.js"></script>
|
||||
</head>
|
||||
<body>
|
||||
<script>
|
||||
TestCase(
|
||||
[
|
||||
{
|
||||
"expectation": "allowed",
|
||||
"origin": "cross-http-downgrade",
|
||||
"redirection": "downgrade",
|
||||
"source_context_list": [],
|
||||
"source_scheme": "https",
|
||||
"subresource": "worker-import",
|
||||
"subresource_policy_deliveries": [],
|
||||
"test_description": "Upgrade-Insecure-Requests: Expects allowed for worker-import to cross-http-downgrade origin and downgrade redirection from https context."
|
||||
},
|
||||
{
|
||||
"expectation": "allowed",
|
||||
"origin": "cross-http-downgrade",
|
||||
"redirection": "no-redirect",
|
||||
"source_context_list": [],
|
||||
"source_scheme": "https",
|
||||
"subresource": "worker-import",
|
||||
"subresource_policy_deliveries": [],
|
||||
"test_description": "Upgrade-Insecure-Requests: Expects allowed for worker-import to cross-http-downgrade origin and no-redirect redirection from https context."
|
||||
},
|
||||
{
|
||||
"expectation": "allowed",
|
||||
"origin": "cross-https",
|
||||
"redirection": "downgrade",
|
||||
"source_context_list": [],
|
||||
"source_scheme": "https",
|
||||
"subresource": "worker-import",
|
||||
"subresource_policy_deliveries": [],
|
||||
"test_description": "Upgrade-Insecure-Requests: Expects allowed for worker-import to cross-https origin and downgrade redirection from https context."
|
||||
},
|
||||
{
|
||||
"expectation": "allowed",
|
||||
"origin": "same-http-downgrade",
|
||||
"redirection": "downgrade",
|
||||
"source_context_list": [],
|
||||
"source_scheme": "https",
|
||||
"subresource": "worker-import",
|
||||
"subresource_policy_deliveries": [],
|
||||
"test_description": "Upgrade-Insecure-Requests: Expects allowed for worker-import to same-http-downgrade origin and downgrade redirection from https context."
|
||||
},
|
||||
{
|
||||
"expectation": "allowed",
|
||||
"origin": "same-http-downgrade",
|
||||
"redirection": "no-redirect",
|
||||
"source_context_list": [],
|
||||
"source_scheme": "https",
|
||||
"subresource": "worker-import",
|
||||
"subresource_policy_deliveries": [],
|
||||
"test_description": "Upgrade-Insecure-Requests: Expects allowed for worker-import to same-http-downgrade origin and no-redirect redirection from https context."
|
||||
},
|
||||
{
|
||||
"expectation": "allowed",
|
||||
"origin": "same-https",
|
||||
"redirection": "downgrade",
|
||||
"source_context_list": [],
|
||||
"source_scheme": "https",
|
||||
"subresource": "worker-import",
|
||||
"subresource_policy_deliveries": [],
|
||||
"test_description": "Upgrade-Insecure-Requests: Expects allowed for worker-import to same-https origin and downgrade redirection from https context."
|
||||
}
|
||||
],
|
||||
new SanityChecker()
|
||||
).start();
|
||||
</script>
|
||||
<div id="log"></div>
|
||||
</body>
|
||||
</html>
|
||||
|
|
@ -144,9 +144,7 @@
|
|||
"object-tag",
|
||||
"picture-tag",
|
||||
"script-tag",
|
||||
"sharedworker-import",
|
||||
"video-tag",
|
||||
"worker-import"
|
||||
"video-tag"
|
||||
],
|
||||
"origin": "*",
|
||||
"expectation": "*"
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче