Context Navigation

← Previous Changeset
Next Changeset →

Changeset 211700 in webkit

Timestamp:

Feb 5, 2017 9:25:14 PM (7 years ago)

Author:

matthew_hanson@apple.com

Message:

Merge r211616. rdar://problem/30060142

Location:

branches/safari-603-branch/LayoutTests

Files:

: 2 added
: 1 deleted
: 15 edited
: 2 moved

ChangeLog (modified) (1 diff)
http/tests/cache/disk-cache/resources/cache-test.js (modified) (2 diffs)
http/tests/misc/non-utf8-header-name.php (deleted)
http/tests/misc/nph-non-utf8-header-name-expected.txt (moved) (moved from branches/safari-603-branch/LayoutTests/http/tests/misc/non-utf8-header-name-expected.txt)
http/tests/misc/nph-non-utf8-header-name.pl (added)
http/tests/preload/resources/nph-invalid_resources_from_header.pl (added)
http/tests/security/contentSecurityPolicy/directive-parsing-01.html (modified) (1 diff)
http/tests/security/contentSecurityPolicy/directive-parsing-02.html (modified) (1 diff)
http/tests/security/contentSecurityPolicy/directive-parsing-03.html (modified) (1 diff)
http/tests/security/contentSecurityPolicy/directive-parsing-04.html (modified) (1 diff)
http/tests/security/contentSecurityPolicy/directive-parsing-05.html (modified) (1 diff)
http/tests/security/contentSecurityPolicy/resources/multiple-iframe-test.js (modified) (1 diff)
http/tests/security/contentSecurityPolicy/resources/nph-echo-script-src.pl (moved) (moved from branches/safari-603-branch/LayoutTests/http/tests/security/contentSecurityPolicy/resources/echo-script-src.pl) (1 diff)
http/tests/security/contentSecurityPolicy/script-loads-with-img-src.html (modified) (1 diff)
http/tests/security/contentSecurityPolicy/script-src-none.html (modified) (1 diff)
http/tests/security/contentSecurityPolicy/script-src-self-blocked-01.html (modified) (1 diff)
http/tests/security/contentSecurityPolicy/script-src-self-blocked-02.html (modified) (1 diff)
http/tests/security/contentSecurityPolicy/script-src-self-blocked-03.html (modified) (1 diff)
http/tests/security/contentSecurityPolicy/script-src-self.html (modified) (1 diff)
http/tests/security/contentSecurityPolicy/script-src-star-cross-scheme.html (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed

branches/safari-603-branch/LayoutTests/ChangeLog

-                      r211696
+                      r211700
+-02-05  Matthew Hanson  <matthew_hanson@apple.com>
+        Merge r211616. rdar://problem/30060142
+-02-02  Alexey Proskuryakov  <ap@apple.com>
+            Multiple HTTP tests fail with Apache 2.4.25
+            https://bugs.webkit.org/show_bug.cgi?id=167678
+            <rdar://problem/30060142>
+            Reviewed by Sam Weinig.
+            Newer versions of Apache have a security fix where they generate an internal server
+            error upon seeing an invalid HTTP header field. There is an opt-out configuration
+            option which didn't quite work in my testing, but regardless, we should only use
+            "nph-" CGIs for invalid responses. This is how Apache knows that it shouldn't
+            attempt to parse the response.
+            This also uncovered a test bug.
+            * http/tests/cache/disk-cache/resources/cache-test.js: (generateTestURL):
+            Without escaping, we were getting a broken response in attachment tests:
+               Content-Disposition: attachment
+                filename: "f.txt"
+            Note how ";" turned into a newline.
+            * http/tests/misc/non-utf8-header-name-expected.txt: Removed.
+            * http/tests/misc/non-utf8-header-name.php: Removed.
+            * http/tests/misc/nph-non-utf8-header-name-expected.txt: Copied from LayoutTests/http/tests/misc/non-utf8-header-name-expected.txt.
+            * http/tests/misc/nph-non-utf8-header-name.pl: Copied from LayoutTests/http/tests/misc/non-utf8-header-name.php.
+            * http/tests/preload/download_resources_from_invalid_headers.html:
+            * http/tests/preload/resources/invalid_resources_from_header.php: Removed.
+            * http/tests/preload/resources/nph-invalid_resources_from_header.pl: Copied from LayoutTests/http/tests/preload/resources/invalid_resources_from_header.php.
+            * http/tests/security/contentSecurityPolicy/directive-parsing-01.html:
+            * http/tests/security/contentSecurityPolicy/directive-parsing-02.html:
+            * http/tests/security/contentSecurityPolicy/directive-parsing-03.html:
+            * http/tests/security/contentSecurityPolicy/directive-parsing-04.html:
+            * http/tests/security/contentSecurityPolicy/directive-parsing-05.html:
+            * http/tests/security/contentSecurityPolicy/resources/echo-script-src.pl: Removed.
+            * http/tests/security/contentSecurityPolicy/resources/multiple-iframe-test.js:
+            * http/tests/security/contentSecurityPolicy/resources/nph-echo-script-src.pl: Copied from LayoutTests/http/tests/security/contentSecurityPolicy/resources/echo-script-src.pl.
+            * http/tests/security/contentSecurityPolicy/script-loads-with-img-src.html:
+            * http/tests/security/contentSecurityPolicy/script-src-none.html:
+            * http/tests/security/contentSecurityPolicy/script-src-self-blocked-01.html:
+            * http/tests/security/contentSecurityPolicy/script-src-self-blocked-02.html:
+            * http/tests/security/contentSecurityPolicy/script-src-self-blocked-03.html:
+            * http/tests/security/contentSecurityPolicy/script-src-self.html:
+            * http/tests/security/contentSecurityPolicy/script-src-star-cross-scheme.html:
+            Changed scripts that are used to generate invalid responses to "nph-" ones.
 -02-02  Matthew Hanson  <matthew_hanson@apple.com>

branches/safari-603-branch/LayoutTests/http/tests/cache/disk-cache/resources/cache-test.js

-                      r189177
+                      r211700
 function generateTestURL(test)
+{
     var body = typeof test.body !== 'undefined' ? test.body : "";
+    var body = typeof test.body !== 'undefined' ? escape(test.body) : "";
     var expiresInFutureIn304 = typeof test.expiresInFutureIn304 !== 'undefined' ? test.expiresInFutureIn304 : false;
     var uniqueTestId = Math.floor((Math.random() * 1000000000000));
 …
         testURL += "&Content-Type=text/plain";
     for (var header in test.responseHeaders)
         testURL += '&' + header + '=' + makeHeaderValue(test.responseHeaders[header]);
+        testURL += '&' + header + '=' + escape(makeHeaderValue(test.responseHeaders[header]));
     return testURL;
+}

branches/safari-603-branch/LayoutTests/http/tests/security/contentSecurityPolicy/directive-parsing-01.html

r120174	r211700
13	13	This script should not execute even though there are parse errors in the policy.
14	14	</p>
15		<iframe src="http://127.0.0.1:8000/security/contentSecurityPolicy/resources/echo-script-src.pl?should_run=no&q=http://127.0.0.1:8000/security/contentSecurityPolicy/resources/script.js&csp=allow%20*%3B%20script-src%20'none'%3B%20%20%3B%20"></iframe>
	15	<iframe src="http://127.0.0.1:8000/security/contentSecurityPolicy/resources/nph-echo-script-src.pl?should_run=no&q=http://127.0.0.1:8000/security/contentSecurityPolicy/resources/script.js&csp=allow%20*%3B%20script-src%20'none'%3B%20%20%3B%20"></iframe>
16	16	</body>
17	17	</html>

branches/safari-603-branch/LayoutTests/http/tests/security/contentSecurityPolicy/directive-parsing-02.html

r120174	r211700
13	13	This script should not execute even though there are parse errors in the policy.
14	14	</p>
15		<iframe src="http://127.0.0.1:8000/security/contentSecurityPolicy/resources/echo-script-src.pl?should_run=no&q=http://127.0.0.1:8000/security/contentSecurityPolicy/resources/script.js&csp=script-src%20'none'%3B%20aaa%20%3B%20"></iframe>
	15	<iframe src="http://127.0.0.1:8000/security/contentSecurityPolicy/resources/nph-echo-script-src.pl?should_run=no&q=http://127.0.0.1:8000/security/contentSecurityPolicy/resources/script.js&csp=script-src%20'none'%3B%20aaa%20%3B%20"></iframe>
16	16	</body>
17	17	</html>

branches/safari-603-branch/LayoutTests/http/tests/security/contentSecurityPolicy/directive-parsing-03.html

r120174	r211700
13	13	This script should not execute even though there are parse errors in the policy.
14	14	</p>
15		<iframe src="http://127.0.0.1:8000/security/contentSecurityPolicy/resources/echo-script-src.pl?should_run=no&q=http://127.0.0.1:8000/security/contentSecurityPolicy/resources/script.js&csp=script-src%20'none'%3B%20a%07aa%20%3B%20"></iframe>
	15	<iframe src="http://127.0.0.1:8000/security/contentSecurityPolicy/resources/nph-echo-script-src.pl?should_run=no&q=http://127.0.0.1:8000/security/contentSecurityPolicy/resources/script.js&csp=script-src%20'none'%3B%20a%07aa%20%3B%20"></iframe>
16	16	</body>
17	17	</html>

branches/safari-603-branch/LayoutTests/http/tests/security/contentSecurityPolicy/directive-parsing-04.html

r123899	r211700
14	14	contain a colon. Since the directive is invalid, the script should run.
15	15	</p>
16		<iframe src="http://127.0.0.1:8000/security/contentSecurityPolicy/resources/echo-script-src.pl?should_run=yes&q=http://127.0.0.1:8000/security/contentSecurityPolicy/resources/script.js&csp=script-src%3A%20'none'"></iframe>
	16	<iframe src="http://127.0.0.1:8000/security/contentSecurityPolicy/resources/nph-echo-script-src.pl?should_run=yes&q=http://127.0.0.1:8000/security/contentSecurityPolicy/resources/script.js&csp=script-src%3A%20'none'"></iframe>
17	17	</body>
18	18	</html>

branches/safari-603-branch/LayoutTests/http/tests/security/contentSecurityPolicy/directive-parsing-05.html

r125195	r211700
13	13	Directives starting with an invalid character should be logged and ignored.
14	14	</p>
15		<iframe src="http://127.0.0.1:8000/security/contentSecurityPolicy/resources/echo-script-src.pl?should_run=yes&q=http://127.0.0.1:8000/security/contentSecurityPolicy/resources/script.js&csp=:script-src%20'none'"></iframe>
	15	<iframe src="http://127.0.0.1:8000/security/contentSecurityPolicy/resources/nph-echo-script-src.pl?should_run=yes&q=http://127.0.0.1:8000/security/contentSecurityPolicy/resources/script.js&csp=:script-src%20'none'"></iframe>
16	16	</body>
17	17	</html>

branches/safari-603-branch/LayoutTests/http/tests/security/contentSecurityPolicy/resources/multiple-iframe-test.js

r195367	r211700
33	33	scriptToLoad = encodeURIComponent(current[2]);
34	34
35		iframe.src = baseURL + "resources/echo-script-src.pl?" +
	35	iframe.src = baseURL + "resources/nph-echo-script-src.pl?" +
36	36	"experimental=" + (experimental ? "true" : "false") +
37	37	"&should_run=" + encodeURIComponent(current[0]) +

branches/safari-603-branch/LayoutTests/http/tests/security/contentSecurityPolicy/resources/nph-echo-script-src.pl

r211699	r211700
5	5	my $cgi = new CGI;
6	6
	7	print "HTTP/1.1 200 OK\n";
7	8	print "Content-Type: text/html; charset=UTF-8\n";
8	9	my $experimental = $cgi->param('experimental') \|\| "";

branches/safari-603-branch/LayoutTests/http/tests/security/contentSecurityPolicy/script-loads-with-img-src.html

r120174	r211700
10	10	</head>
11	11	<body>
12		<iframe src="http://127.0.0.1:8000/security/contentSecurityPolicy/resources/echo-script-src.pl?should_run=yes&q=http://127.0.0.1:8000/security/contentSecurityPolicy/resources/script.js&csp=script-img%20'none'"></iframe>
	12	<iframe src="http://127.0.0.1:8000/security/contentSecurityPolicy/resources/nph-echo-script-src.pl?should_run=yes&q=http://127.0.0.1:8000/security/contentSecurityPolicy/resources/script.js&csp=script-img%20'none'"></iframe>
13	13	</body>
14	14	</html>

branches/safari-603-branch/LayoutTests/http/tests/security/contentSecurityPolicy/script-src-none.html

r120174	r211700
13	13	Loads an iframe which in turns tries to load an external script. The iframe has a content security policy disabling external scripts. So the script should not get executed.
14	14	</p>
15		<iframe src="http://127.0.0.1:8000/security/contentSecurityPolicy/resources/echo-script-src.pl?should_run=no&q=http://127.0.0.1:8000/security/contentSecurityPolicy/resources/script.js&csp=allow%20*%3B%20script-src%20'none'"></iframe>
	15	<iframe src="http://127.0.0.1:8000/security/contentSecurityPolicy/resources/nph-echo-script-src.pl?should_run=no&q=http://127.0.0.1:8000/security/contentSecurityPolicy/resources/script.js&csp=allow%20*%3B%20script-src%20'none'"></iframe>
16	16	</body>
17	17	</html>

branches/safari-603-branch/LayoutTests/http/tests/security/contentSecurityPolicy/script-src-self-blocked-01.html

r120174	r211700
10	10	</head>
11	11	<body>
12		<iframe src="http://127.0.0.1:8000/security/contentSecurityPolicy/resources/echo-script-src.pl?should_run=no&q=http://localhost:8000/security/contentSecurityPolicy/resources/script.js&csp=script-src%20'self'"></iframe>
	12	<iframe src="http://127.0.0.1:8000/security/contentSecurityPolicy/resources/nph-echo-script-src.pl?should_run=no&q=http://localhost:8000/security/contentSecurityPolicy/resources/script.js&csp=script-src%20'self'"></iframe>
13	13	</body>
14	14	</html>

branches/safari-603-branch/LayoutTests/http/tests/security/contentSecurityPolicy/script-src-self-blocked-02.html

r120174	r211700
10	10	</head>
11	11	<body>
12		<iframe src="http://127.0.0.1:8000/security/contentSecurityPolicy/resources/echo-script-src.pl?should_run=no&q=http://127.0.0.1:8080/security/contentSecurityPolicy/resources/script.js&csp=script-src%20'self'"></iframe>
	12	<iframe src="http://127.0.0.1:8000/security/contentSecurityPolicy/resources/nph-echo-script-src.pl?should_run=no&q=http://127.0.0.1:8080/security/contentSecurityPolicy/resources/script.js&csp=script-src%20'self'"></iframe>
13	13	</body>
14	14	</html>

branches/safari-603-branch/LayoutTests/http/tests/security/contentSecurityPolicy/script-src-self-blocked-03.html

r120174	r211700
10	10	</head>
11	11	<body>
12		<iframe src="http://127.0.0.1:8000/security/contentSecurityPolicy/resources/echo-script-src.pl?should_run=no&q=https://127.0.0.1:8443/security/contentSecurityPolicy/resources/script.js&csp=script-src%20'self'"></iframe>
	12	<iframe src="http://127.0.0.1:8000/security/contentSecurityPolicy/resources/nph-echo-script-src.pl?should_run=no&q=https://127.0.0.1:8443/security/contentSecurityPolicy/resources/script.js&csp=script-src%20'self'"></iframe>
13	13	</body>
14	14	</html>

branches/safari-603-branch/LayoutTests/http/tests/security/contentSecurityPolicy/script-src-self.html

r120174	r211700
10	10	</head>
11	11	<body>
12		<iframe src="http://127.0.0.1:8000/security/contentSecurityPolicy/resources/echo-script-src.pl?should_run=yes&q=http://127.0.0.1:8000/security/contentSecurityPolicy/resources/script.js&csp=script-src%20'self'"></iframe>
	12	<iframe src="http://127.0.0.1:8000/security/contentSecurityPolicy/resources/nph-echo-script-src.pl?should_run=yes&q=http://127.0.0.1:8000/security/contentSecurityPolicy/resources/script.js&csp=script-src%20'self'"></iframe>
13	13	</body>
14	14	</html>

branches/safari-603-branch/LayoutTests/http/tests/security/contentSecurityPolicy/script-src-star-cross-scheme.html

r120174	r211700
10	10	</head>
11	11	<body>
12		<iframe src="http://127.0.0.1:8000/security/contentSecurityPolicy/resources/echo-script-src.pl?should_run=yes&q=https://127.0.0.1:8443/security/contentSecurityPolicy/resources/script.js&csp=script-src%20*"></iframe>
	12	<iframe src="http://127.0.0.1:8000/security/contentSecurityPolicy/resources/nph-echo-script-src.pl?should_run=yes&q=https://127.0.0.1:8443/security/contentSecurityPolicy/resources/script.js&csp=script-src%20*"></iframe>
13	13	</body>
14	14	</html>

Note: See TracChangeset for help on using the changeset viewer.

Context Navigation

Changeset 211700 in webkit

Legend:

Download in other formats: