Changeset 211616 in webkit
- Timestamp:
- Feb 2, 2017 5:46:25 PM (7 years ago)
- Location:
- trunk/LayoutTests
- Files:
-
- 2 added
- 2 deleted
- 16 edited
- 2 moved
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r211612 r211616 1 2017-02-02 Alexey Proskuryakov <ap@apple.com> 2 3 Multiple HTTP tests fail with Apache 2.4.25 4 https://bugs.webkit.org/show_bug.cgi?id=167678 5 <rdar://problem/30060142> 6 7 Reviewed by Sam Weinig. 8 9 Newer versions of Apache have a security fix where they generate an internal server 10 error upon seeing an invalid HTTP header field. There is an opt-out configuration 11 option which didn't quite work in my testing, but regardless, we should only use 12 "nph-" CGIs for invalid responses. This is how Apache knows that it shouldn't 13 attempt to parse the response. 14 15 This also uncovered a test bug. 16 17 * http/tests/cache/disk-cache/resources/cache-test.js: (generateTestURL): 18 Without escaping, we were getting a broken response in attachment tests: 19 Content-Disposition: attachment 20 filename: "f.txt" 21 Note how ";" turned into a newline. 22 23 * http/tests/misc/non-utf8-header-name-expected.txt: Removed. 24 * http/tests/misc/non-utf8-header-name.php: Removed. 25 * http/tests/misc/nph-non-utf8-header-name-expected.txt: Copied from LayoutTests/http/tests/misc/non-utf8-header-name-expected.txt. 26 * http/tests/misc/nph-non-utf8-header-name.pl: Copied from LayoutTests/http/tests/misc/non-utf8-header-name.php. 27 * http/tests/preload/download_resources_from_invalid_headers.html: 28 * http/tests/preload/resources/invalid_resources_from_header.php: Removed. 29 * http/tests/preload/resources/nph-invalid_resources_from_header.pl: Copied from LayoutTests/http/tests/preload/resources/invalid_resources_from_header.php. 30 * http/tests/security/contentSecurityPolicy/directive-parsing-01.html: 31 * http/tests/security/contentSecurityPolicy/directive-parsing-02.html: 32 * http/tests/security/contentSecurityPolicy/directive-parsing-03.html: 33 * http/tests/security/contentSecurityPolicy/directive-parsing-04.html: 34 * http/tests/security/contentSecurityPolicy/directive-parsing-05.html: 35 * http/tests/security/contentSecurityPolicy/resources/echo-script-src.pl: Removed. 36 * http/tests/security/contentSecurityPolicy/resources/multiple-iframe-test.js: 37 * http/tests/security/contentSecurityPolicy/resources/nph-echo-script-src.pl: Copied from LayoutTests/http/tests/security/contentSecurityPolicy/resources/echo-script-src.pl. 38 * http/tests/security/contentSecurityPolicy/script-loads-with-img-src.html: 39 * http/tests/security/contentSecurityPolicy/script-src-none.html: 40 * http/tests/security/contentSecurityPolicy/script-src-self-blocked-01.html: 41 * http/tests/security/contentSecurityPolicy/script-src-self-blocked-02.html: 42 * http/tests/security/contentSecurityPolicy/script-src-self-blocked-03.html: 43 * http/tests/security/contentSecurityPolicy/script-src-self.html: 44 * http/tests/security/contentSecurityPolicy/script-src-star-cross-scheme.html: 45 Changed scripts that are used to generate invalid responses to "nph-" ones. 46 1 47 2017-02-02 Chris Dumez <cdumez@apple.com> 2 48 -
trunk/LayoutTests/http/tests/cache/disk-cache/resources/cache-test.js
r189177 r211616 43 43 function generateTestURL(test) 44 44 { 45 var body = typeof test.body !== 'undefined' ? test.body: "";45 var body = typeof test.body !== 'undefined' ? escape(test.body) : ""; 46 46 var expiresInFutureIn304 = typeof test.expiresInFutureIn304 !== 'undefined' ? test.expiresInFutureIn304 : false; 47 47 var uniqueTestId = Math.floor((Math.random() * 1000000000000)); … … 55 55 testURL += "&Content-Type=text/plain"; 56 56 for (var header in test.responseHeaders) 57 testURL += '&' + header + '=' + makeHeaderValue(test.responseHeaders[header]);57 testURL += '&' + header + '=' + escape(makeHeaderValue(test.responseHeaders[header])); 58 58 return testURL; 59 59 } -
trunk/LayoutTests/http/tests/preload/download_resources_from_invalid_headers.html
r211341 r211616 6 6 } 7 7 </script> 8 <iframe src="resources/ invalid_resources_from_header.php">8 <iframe src="resources/nph-invalid_resources_from_header.pl"> 9 9 -
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/directive-parsing-01.html
r120174 r211616 13 13 This script should not execute even though there are parse errors in the policy. 14 14 </p> 15 <iframe src="http://127.0.0.1:8000/security/contentSecurityPolicy/resources/ echo-script-src.pl?should_run=no&q=http://127.0.0.1:8000/security/contentSecurityPolicy/resources/script.js&csp=allow%20*%3B%20script-src%20'none'%3B%20%20%3B%20"></iframe>15 <iframe src="http://127.0.0.1:8000/security/contentSecurityPolicy/resources/nph-echo-script-src.pl?should_run=no&q=http://127.0.0.1:8000/security/contentSecurityPolicy/resources/script.js&csp=allow%20*%3B%20script-src%20'none'%3B%20%20%3B%20"></iframe> 16 16 </body> 17 17 </html> -
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/directive-parsing-02.html
r120174 r211616 13 13 This script should not execute even though there are parse errors in the policy. 14 14 </p> 15 <iframe src="http://127.0.0.1:8000/security/contentSecurityPolicy/resources/ echo-script-src.pl?should_run=no&q=http://127.0.0.1:8000/security/contentSecurityPolicy/resources/script.js&csp=script-src%20'none'%3B%20aaa%20%3B%20"></iframe>15 <iframe src="http://127.0.0.1:8000/security/contentSecurityPolicy/resources/nph-echo-script-src.pl?should_run=no&q=http://127.0.0.1:8000/security/contentSecurityPolicy/resources/script.js&csp=script-src%20'none'%3B%20aaa%20%3B%20"></iframe> 16 16 </body> 17 17 </html> -
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/directive-parsing-03.html
r120174 r211616 13 13 This script should not execute even though there are parse errors in the policy. 14 14 </p> 15 <iframe src="http://127.0.0.1:8000/security/contentSecurityPolicy/resources/ echo-script-src.pl?should_run=no&q=http://127.0.0.1:8000/security/contentSecurityPolicy/resources/script.js&csp=script-src%20'none'%3B%20a%07aa%20%3B%20"></iframe>15 <iframe src="http://127.0.0.1:8000/security/contentSecurityPolicy/resources/nph-echo-script-src.pl?should_run=no&q=http://127.0.0.1:8000/security/contentSecurityPolicy/resources/script.js&csp=script-src%20'none'%3B%20a%07aa%20%3B%20"></iframe> 16 16 </body> 17 17 </html> -
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/directive-parsing-04.html
r123899 r211616 14 14 contain a colon. Since the directive is invalid, the script should run. 15 15 </p> 16 <iframe src="http://127.0.0.1:8000/security/contentSecurityPolicy/resources/ echo-script-src.pl?should_run=yes&q=http://127.0.0.1:8000/security/contentSecurityPolicy/resources/script.js&csp=script-src%3A%20'none'"></iframe>16 <iframe src="http://127.0.0.1:8000/security/contentSecurityPolicy/resources/nph-echo-script-src.pl?should_run=yes&q=http://127.0.0.1:8000/security/contentSecurityPolicy/resources/script.js&csp=script-src%3A%20'none'"></iframe> 17 17 </body> 18 18 </html> -
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/directive-parsing-05.html
r125195 r211616 13 13 Directives starting with an invalid character should be logged and ignored. 14 14 </p> 15 <iframe src="http://127.0.0.1:8000/security/contentSecurityPolicy/resources/ echo-script-src.pl?should_run=yes&q=http://127.0.0.1:8000/security/contentSecurityPolicy/resources/script.js&csp=:script-src%20'none'"></iframe>15 <iframe src="http://127.0.0.1:8000/security/contentSecurityPolicy/resources/nph-echo-script-src.pl?should_run=yes&q=http://127.0.0.1:8000/security/contentSecurityPolicy/resources/script.js&csp=:script-src%20'none'"></iframe> 16 16 </body> 17 17 </html> -
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/multiple-iframe-test.js
r195367 r211616 33 33 scriptToLoad = encodeURIComponent(current[2]); 34 34 35 iframe.src = baseURL + "resources/ echo-script-src.pl?" +35 iframe.src = baseURL + "resources/nph-echo-script-src.pl?" + 36 36 "experimental=" + (experimental ? "true" : "false") + 37 37 "&should_run=" + encodeURIComponent(current[0]) + -
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/nph-echo-script-src.pl
r211613 r211616 5 5 my $cgi = new CGI; 6 6 7 print "HTTP/1.1 200 OK\n"; 7 8 print "Content-Type: text/html; charset=UTF-8\n"; 8 9 my $experimental = $cgi->param('experimental') || ""; -
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/script-loads-with-img-src.html
r120174 r211616 10 10 </head> 11 11 <body> 12 <iframe src="http://127.0.0.1:8000/security/contentSecurityPolicy/resources/ echo-script-src.pl?should_run=yes&q=http://127.0.0.1:8000/security/contentSecurityPolicy/resources/script.js&csp=script-img%20'none'"></iframe>12 <iframe src="http://127.0.0.1:8000/security/contentSecurityPolicy/resources/nph-echo-script-src.pl?should_run=yes&q=http://127.0.0.1:8000/security/contentSecurityPolicy/resources/script.js&csp=script-img%20'none'"></iframe> 13 13 </body> 14 14 </html> -
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/script-src-none.html
r120174 r211616 13 13 Loads an iframe which in turns tries to load an external script. The iframe has a content security policy disabling external scripts. So the script should not get executed. 14 14 </p> 15 <iframe src="http://127.0.0.1:8000/security/contentSecurityPolicy/resources/ echo-script-src.pl?should_run=no&q=http://127.0.0.1:8000/security/contentSecurityPolicy/resources/script.js&csp=allow%20*%3B%20script-src%20'none'"></iframe>15 <iframe src="http://127.0.0.1:8000/security/contentSecurityPolicy/resources/nph-echo-script-src.pl?should_run=no&q=http://127.0.0.1:8000/security/contentSecurityPolicy/resources/script.js&csp=allow%20*%3B%20script-src%20'none'"></iframe> 16 16 </body> 17 17 </html> -
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/script-src-self-blocked-01.html
r120174 r211616 10 10 </head> 11 11 <body> 12 <iframe src="http://127.0.0.1:8000/security/contentSecurityPolicy/resources/ echo-script-src.pl?should_run=no&q=http://localhost:8000/security/contentSecurityPolicy/resources/script.js&csp=script-src%20'self'"></iframe>12 <iframe src="http://127.0.0.1:8000/security/contentSecurityPolicy/resources/nph-echo-script-src.pl?should_run=no&q=http://localhost:8000/security/contentSecurityPolicy/resources/script.js&csp=script-src%20'self'"></iframe> 13 13 </body> 14 14 </html> -
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/script-src-self-blocked-02.html
r120174 r211616 10 10 </head> 11 11 <body> 12 <iframe src="http://127.0.0.1:8000/security/contentSecurityPolicy/resources/ echo-script-src.pl?should_run=no&q=http://127.0.0.1:8080/security/contentSecurityPolicy/resources/script.js&csp=script-src%20'self'"></iframe>12 <iframe src="http://127.0.0.1:8000/security/contentSecurityPolicy/resources/nph-echo-script-src.pl?should_run=no&q=http://127.0.0.1:8080/security/contentSecurityPolicy/resources/script.js&csp=script-src%20'self'"></iframe> 13 13 </body> 14 14 </html> -
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/script-src-self-blocked-03.html
r120174 r211616 10 10 </head> 11 11 <body> 12 <iframe src="http://127.0.0.1:8000/security/contentSecurityPolicy/resources/ echo-script-src.pl?should_run=no&q=https://127.0.0.1:8443/security/contentSecurityPolicy/resources/script.js&csp=script-src%20'self'"></iframe>12 <iframe src="http://127.0.0.1:8000/security/contentSecurityPolicy/resources/nph-echo-script-src.pl?should_run=no&q=https://127.0.0.1:8443/security/contentSecurityPolicy/resources/script.js&csp=script-src%20'self'"></iframe> 13 13 </body> 14 14 </html> -
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/script-src-self.html
r120174 r211616 10 10 </head> 11 11 <body> 12 <iframe src="http://127.0.0.1:8000/security/contentSecurityPolicy/resources/ echo-script-src.pl?should_run=yes&q=http://127.0.0.1:8000/security/contentSecurityPolicy/resources/script.js&csp=script-src%20'self'"></iframe>12 <iframe src="http://127.0.0.1:8000/security/contentSecurityPolicy/resources/nph-echo-script-src.pl?should_run=yes&q=http://127.0.0.1:8000/security/contentSecurityPolicy/resources/script.js&csp=script-src%20'self'"></iframe> 13 13 </body> 14 14 </html> -
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/script-src-star-cross-scheme.html
r120174 r211616 10 10 </head> 11 11 <body> 12 <iframe src="http://127.0.0.1:8000/security/contentSecurityPolicy/resources/ echo-script-src.pl?should_run=yes&q=https://127.0.0.1:8443/security/contentSecurityPolicy/resources/script.js&csp=script-src%20*"></iframe>12 <iframe src="http://127.0.0.1:8000/security/contentSecurityPolicy/resources/nph-echo-script-src.pl?should_run=yes&q=https://127.0.0.1:8443/security/contentSecurityPolicy/resources/script.js&csp=script-src%20*"></iframe> 13 13 </body> 14 14 </html>
Note: See TracChangeset
for help on using the changeset viewer.