Changeset 204164 in webkit
- Timestamp:
- Aug 5, 2016 12:39:01 AM (8 years ago)
- Location:
- trunk
- Files:
-
- 5 added
- 10 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r204163 r204164 1 2016-08-05 Youenn Fablet <youenn@apple.com> 2 3 [Fetch API] Activate CSP checks 4 https://bugs.webkit.org/show_bug.cgi?id=160445 5 6 Reviewed by Daniel Bates. 7 8 * http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/resources/insecure-fetch-in-main-frame-window.html: Added. 9 * http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/resources/insecure-xhr-in-main-frame-window.html: 10 * http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/upgrade-insecure-fetch-in-main-frame-expected.txt: Added. 11 * http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/upgrade-insecure-fetch-in-main-frame.html: Added. 12 * http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/upgrade-insecure-fetch-in-worker-expected.txt: Added. 13 * http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/upgrade-insecure-fetch-in-worker.html: Added. 14 * http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/upgrade-insecure-xhr-in-main-frame-expected.txt: 15 * platform/mac-wk2/TestExpectations: Marking new worker test as failing at loading https resource from loader. 16 It gets a "The certificate for this server is invalid" error. 17 * platform/wk2/TestExpectations: Marking new frame test as timing out for WK2 as fetch is not activated in the pop-up window. 18 1 19 2016-08-05 Youenn Fablet <youenn@apple.com> 2 20 -
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/resources/insecure-xhr-in-main-frame-window.html
r201753 r204164 8 8 xhr.onload = function() { 9 9 alert("PASS: load was not blocked"); 10 }; 11 12 var testIsFinished = false; 13 xhr.onloadend = function() { 14 testIsFinished = true; 15 alert("PASS: onloadend called"); 10 16 if (window.testRunner) 11 17 testRunner.notifyDone(); 12 }; 13 14 // When XHR is blocked due to mixed content blocking, it just appears as if the load stalls, 15 // see https://bugs.webkit.org/show_bug.cgi?id=145717. 16 setTimeout(function() { 17 if (window.testRunner) 18 testRunner.notifyDone(); 19 }, 2000); 18 } 20 19 21 20 try { … … 27 26 } 28 27 28 // When running in normal environment, let's notify user if something went wrong 29 if (!window.testRunner) { 30 setTimeout(() => { 31 if (testIsFinished) 32 return; 33 alert("Test timed out"); 34 }, 2000); 35 } 36 29 37 xhr.send(null); 30 38 }; -
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/upgrade-insecure-xhr-in-main-frame-expected.txt
r201753 r204164 1 1 ALERT: PASS: load was not blocked 2 ALERT: PASS: onloadend called 2 3 This test opens a HTTPS window that loads insecure data via XHR. We should upgrade this request and thereby avoid a mixed content callback. -
trunk/LayoutTests/imported/w3c/ChangeLog
r204163 r204164 1 2016-08-05 Youenn Fablet <youenn@apple.com> 2 3 [Fetch API] Activate CSP checks 4 https://bugs.webkit.org/show_bug.cgi?id=160445 5 6 Reviewed by Daniel Bates. 7 8 * web-platform-tests/fetch/api/policies/csp-blocked-expected.txt: 9 * web-platform-tests/fetch/api/policies/csp-blocked-worker-expected.txt: 10 1 11 2016-08-05 Youenn Fablet <youenn@apple.com> 2 12 -
trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/policies/csp-blocked-expected.txt
r200195 r204164 1 CONSOLE MESSAGE: Refused to connect to http://localhost:8800/fetch/api/resources/top.txt because it does not appear in the connect-src directive of the Content Security Policy. 1 2 2 FAIL Fetch is blocked by CSP, got a TypeError assert_unreached: Should have rejected. Reached unreachable code 3 PASS Fetch is blocked by CSP, got a TypeError 3 4 -
trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/api/policies/csp-blocked-worker-expected.txt
r200195 r204164 1 CONSOLE MESSAGE: Refused to connect to http://localhost:8800/fetch/api/resources/top.txt because it does not appear in the connect-src directive of the Content Security Policy. 1 2 2 FAIL Fetch is blocked by CSP, got a TypeError assert_unreached: Should have rejected. Reached unreachable code 3 PASS Fetch is blocked by CSP, got a TypeError 3 4 -
trunk/LayoutTests/platform/mac-wk2/TestExpectations
r204127 r204164 377 377 [ ElCapitan ] fast/mediastream/MediaStream-video-element-video-tracks-disabled.html [ Skip ] 378 378 379 # Hitting "The certificate for this server is invalid" loading error (not happening in WK1) 380 webkit.org/b/160445 http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/upgrade-insecure-fetch-in-worker.html [ Failure Timeout ] 381 379 382 ### END OF (3) Unclassified failures 380 383 ######################################## -
trunk/LayoutTests/platform/wk2/TestExpectations
r202150 r204164 42 42 ######################################## 43 43 ### START OF (1) Classified failures with bug reports 44 45 webkit.org/b/160445 http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/upgrade-insecure-fetch-in-main-frame.html [ Timeout ] 44 46 45 47 webkit.org/b/156612 http/tests/security/contentSecurityPolicy/embed-redirect-blocked3.html [ Failure ] -
trunk/Source/WebCore/ChangeLog
r204163 r204164 1 2016-08-05 Youenn Fablet <youenn@apple.com> 2 3 [Fetch API] Activate CSP checks 4 https://bugs.webkit.org/show_bug.cgi?id=160445 5 6 Reviewed by Daniel Bates. 7 8 Tests: http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/upgrade-insecure-fetch-in-main-frame.html 9 http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/upgrade-insecure-fetch-in-worker.html 10 11 * Modules/fetch/FetchLoader.cpp: 12 (WebCore::FetchLoader::start): Adding CSP and URL upgrade checks. 13 1 14 2016-08-05 Youenn Fablet <youenn@apple.com> 2 15 -
trunk/Source/WebCore/Modules/fetch/FetchLoader.cpp
r204019 r204164 34 34 #include "BlobURL.h" 35 35 #include "CachedResourceRequestInitiators.h" 36 #include "ContentSecurityPolicy.h" 36 37 #include "FetchBody.h" 37 38 #include "FetchLoaderClient.h" … … 74 75 void FetchLoader::start(ScriptExecutionContext& context, const FetchRequest& request) 75 76 { 76 ThreadableLoaderOptions options(request.fetchOptions(), ConsiderPreflight, ContentSecurityPolicyEnforcement::DoNotEnforce, String(cachedResourceRequestInitiators().fetch)); 77 ThreadableLoaderOptions options(request.fetchOptions(), ConsiderPreflight, 78 context.shouldBypassMainWorldContentSecurityPolicy() ? ContentSecurityPolicyEnforcement::DoNotEnforce : ContentSecurityPolicyEnforcement::EnforceConnectSrcDirective, 79 String(cachedResourceRequestInitiators().fetch)); 77 80 options.sendLoadCallbacks = SendCallbacks; 78 81 options.dataBufferingPolicy = DoNotBufferData; 79 82 80 m_loader = ThreadableLoader::create(context, *this, request.internalRequest(), options); 83 ResourceRequest fetchRequest = request.internalRequest(); 84 85 ASSERT(context.contentSecurityPolicy()); 86 context.contentSecurityPolicy()->upgradeInsecureRequestIfNeeded(fetchRequest, ContentSecurityPolicy::InsecureRequestType::Load); 87 88 if (!context.contentSecurityPolicy()->allowConnectToSource(fetchRequest.url(), context.shouldBypassMainWorldContentSecurityPolicy())) { 89 m_client.didFail(); 90 return; 91 } 92 93 m_loader = ThreadableLoader::create(context, *this, WTFMove(fetchRequest), options); 81 94 m_isStarted = m_loader; 82 95 }
Note: See TracChangeset
for help on using the changeset viewer.