-
Notifications
You must be signed in to change notification settings - Fork 3.1k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[WPT/mixed-content] Add tests for SharedWorkers with no opt-in headers
Manual change: wpt/mixed-content/spec.src.json. Previously, it omitted `http-rp/unset` tests because it expected redundant tests `meta/unset`. However, in certain worker-related tests, there are no `meta` tests, and thus `http-rp/unset` is not redundant. This CL enables generating such non-redundant `http-rp/unset` tests, namely `sharedworker-{classic,module}.http-rp/unset`, i.e. SharedWorkers served from HTTPS origin without no opt-in CSP headers. All other changes are mechanical. Bug: 1061679, 1056500 Change-Id: Ib8c323cf06e1c6e0a0bdeae713bd13848335b95a Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2103967 Commit-Queue: Hiroshige Hayashizaki <hiroshige@chromium.org> Reviewed-by: Kenichi Ishibashi <bashi@chromium.org> Cr-Commit-Position: refs/heads/master@{#750486}
- Loading branch information
1 parent
8948c38
commit 370b686
Showing
77 changed files
with
1,534 additions
and
1 deletion.
There are no files selected for viewing
39 changes: 39 additions & 0 deletions
39
mixed-content/gen/sharedworker-classic.http-rp/unset/fetch/cross-http.keep-scheme.https.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,39 @@ | ||
<!DOCTYPE html> | ||
<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> | ||
<html> | ||
<head> | ||
<title>Mixed-Content: Blockable content</title> | ||
<meta charset='utf-8'> | ||
<meta name="description" content="Test behavior of blockable content."> | ||
<link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> | ||
<link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> | ||
<meta name="assert" content="Mixed-Content: Expects blocked for fetch to cross-http origin and keep-scheme redirection from https context."> | ||
<script src="/resources/testharness.js"></script> | ||
<script src="/resources/testharnessreport.js"></script> | ||
<script src="/common/security-features/resources/common.sub.js"></script> | ||
<script src="../../../../generic/test-case.sub.js"></script> | ||
</head> | ||
<body> | ||
<script> | ||
TestCase( | ||
{ | ||
"expectation": "blocked", | ||
"origin": "cross-http", | ||
"redirection": "keep-scheme", | ||
"source_context_list": [ | ||
{ | ||
"policyDeliveries": [], | ||
"sourceContextType": "sharedworker-classic" | ||
} | ||
], | ||
"source_scheme": "https", | ||
"subresource": "fetch", | ||
"subresource_policy_deliveries": [] | ||
}, | ||
document.querySelector("meta[name=assert]").content, | ||
new SanityChecker() | ||
).start(); | ||
</script> | ||
<div id="log"></div> | ||
</body> | ||
</html> |
1 change: 1 addition & 0 deletions
1
...nt/gen/sharedworker-classic.http-rp/unset/fetch/cross-http.keep-scheme.https.html.headers
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
Content-Security-Policy: block-all-mixed-content |
39 changes: 39 additions & 0 deletions
39
mixed-content/gen/sharedworker-classic.http-rp/unset/fetch/cross-http.no-redirect.https.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,39 @@ | ||
<!DOCTYPE html> | ||
<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> | ||
<html> | ||
<head> | ||
<title>Mixed-Content: Blockable content</title> | ||
<meta charset='utf-8'> | ||
<meta name="description" content="Test behavior of blockable content."> | ||
<link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> | ||
<link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> | ||
<meta name="assert" content="Mixed-Content: Expects blocked for fetch to cross-http origin and no-redirect redirection from https context."> | ||
<script src="/resources/testharness.js"></script> | ||
<script src="/resources/testharnessreport.js"></script> | ||
<script src="/common/security-features/resources/common.sub.js"></script> | ||
<script src="../../../../generic/test-case.sub.js"></script> | ||
</head> | ||
<body> | ||
<script> | ||
TestCase( | ||
{ | ||
"expectation": "blocked", | ||
"origin": "cross-http", | ||
"redirection": "no-redirect", | ||
"source_context_list": [ | ||
{ | ||
"policyDeliveries": [], | ||
"sourceContextType": "sharedworker-classic" | ||
} | ||
], | ||
"source_scheme": "https", | ||
"subresource": "fetch", | ||
"subresource_policy_deliveries": [] | ||
}, | ||
document.querySelector("meta[name=assert]").content, | ||
new SanityChecker() | ||
).start(); | ||
</script> | ||
<div id="log"></div> | ||
</body> | ||
</html> |
1 change: 1 addition & 0 deletions
1
...nt/gen/sharedworker-classic.http-rp/unset/fetch/cross-http.no-redirect.https.html.headers
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
Content-Security-Policy: block-all-mixed-content |
39 changes: 39 additions & 0 deletions
39
mixed-content/gen/sharedworker-classic.http-rp/unset/fetch/cross-http.swap-scheme.https.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,39 @@ | ||
<!DOCTYPE html> | ||
<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> | ||
<html> | ||
<head> | ||
<title>Mixed-Content: Blockable content</title> | ||
<meta charset='utf-8'> | ||
<meta name="description" content="Test behavior of blockable content."> | ||
<link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> | ||
<link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> | ||
<meta name="assert" content="Mixed-Content: Expects blocked for fetch to cross-http origin and swap-scheme redirection from https context."> | ||
<script src="/resources/testharness.js"></script> | ||
<script src="/resources/testharnessreport.js"></script> | ||
<script src="/common/security-features/resources/common.sub.js"></script> | ||
<script src="../../../../generic/test-case.sub.js"></script> | ||
</head> | ||
<body> | ||
<script> | ||
TestCase( | ||
{ | ||
"expectation": "blocked", | ||
"origin": "cross-http", | ||
"redirection": "swap-scheme", | ||
"source_context_list": [ | ||
{ | ||
"policyDeliveries": [], | ||
"sourceContextType": "sharedworker-classic" | ||
} | ||
], | ||
"source_scheme": "https", | ||
"subresource": "fetch", | ||
"subresource_policy_deliveries": [] | ||
}, | ||
document.querySelector("meta[name=assert]").content, | ||
new SanityChecker() | ||
).start(); | ||
</script> | ||
<div id="log"></div> | ||
</body> | ||
</html> |
1 change: 1 addition & 0 deletions
1
...nt/gen/sharedworker-classic.http-rp/unset/fetch/cross-http.swap-scheme.https.html.headers
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
Content-Security-Policy: block-all-mixed-content |
39 changes: 39 additions & 0 deletions
39
mixed-content/gen/sharedworker-classic.http-rp/unset/fetch/same-http.keep-scheme.https.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,39 @@ | ||
<!DOCTYPE html> | ||
<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> | ||
<html> | ||
<head> | ||
<title>Mixed-Content: Blockable content</title> | ||
<meta charset='utf-8'> | ||
<meta name="description" content="Test behavior of blockable content."> | ||
<link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> | ||
<link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> | ||
<meta name="assert" content="Mixed-Content: Expects blocked for fetch to same-http origin and keep-scheme redirection from https context."> | ||
<script src="/resources/testharness.js"></script> | ||
<script src="/resources/testharnessreport.js"></script> | ||
<script src="/common/security-features/resources/common.sub.js"></script> | ||
<script src="../../../../generic/test-case.sub.js"></script> | ||
</head> | ||
<body> | ||
<script> | ||
TestCase( | ||
{ | ||
"expectation": "blocked", | ||
"origin": "same-http", | ||
"redirection": "keep-scheme", | ||
"source_context_list": [ | ||
{ | ||
"policyDeliveries": [], | ||
"sourceContextType": "sharedworker-classic" | ||
} | ||
], | ||
"source_scheme": "https", | ||
"subresource": "fetch", | ||
"subresource_policy_deliveries": [] | ||
}, | ||
document.querySelector("meta[name=assert]").content, | ||
new SanityChecker() | ||
).start(); | ||
</script> | ||
<div id="log"></div> | ||
</body> | ||
</html> |
1 change: 1 addition & 0 deletions
1
...ent/gen/sharedworker-classic.http-rp/unset/fetch/same-http.keep-scheme.https.html.headers
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
Content-Security-Policy: block-all-mixed-content |
39 changes: 39 additions & 0 deletions
39
mixed-content/gen/sharedworker-classic.http-rp/unset/fetch/same-http.no-redirect.https.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,39 @@ | ||
<!DOCTYPE html> | ||
<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> | ||
<html> | ||
<head> | ||
<title>Mixed-Content: Blockable content</title> | ||
<meta charset='utf-8'> | ||
<meta name="description" content="Test behavior of blockable content."> | ||
<link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> | ||
<link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> | ||
<meta name="assert" content="Mixed-Content: Expects blocked for fetch to same-http origin and no-redirect redirection from https context."> | ||
<script src="/resources/testharness.js"></script> | ||
<script src="/resources/testharnessreport.js"></script> | ||
<script src="/common/security-features/resources/common.sub.js"></script> | ||
<script src="../../../../generic/test-case.sub.js"></script> | ||
</head> | ||
<body> | ||
<script> | ||
TestCase( | ||
{ | ||
"expectation": "blocked", | ||
"origin": "same-http", | ||
"redirection": "no-redirect", | ||
"source_context_list": [ | ||
{ | ||
"policyDeliveries": [], | ||
"sourceContextType": "sharedworker-classic" | ||
} | ||
], | ||
"source_scheme": "https", | ||
"subresource": "fetch", | ||
"subresource_policy_deliveries": [] | ||
}, | ||
document.querySelector("meta[name=assert]").content, | ||
new SanityChecker() | ||
).start(); | ||
</script> | ||
<div id="log"></div> | ||
</body> | ||
</html> |
1 change: 1 addition & 0 deletions
1
...ent/gen/sharedworker-classic.http-rp/unset/fetch/same-http.no-redirect.https.html.headers
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
Content-Security-Policy: block-all-mixed-content |
39 changes: 39 additions & 0 deletions
39
mixed-content/gen/sharedworker-classic.http-rp/unset/fetch/same-http.swap-scheme.https.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,39 @@ | ||
<!DOCTYPE html> | ||
<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> | ||
<html> | ||
<head> | ||
<title>Mixed-Content: Blockable content</title> | ||
<meta charset='utf-8'> | ||
<meta name="description" content="Test behavior of blockable content."> | ||
<link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> | ||
<link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> | ||
<meta name="assert" content="Mixed-Content: Expects blocked for fetch to same-http origin and swap-scheme redirection from https context."> | ||
<script src="/resources/testharness.js"></script> | ||
<script src="/resources/testharnessreport.js"></script> | ||
<script src="/common/security-features/resources/common.sub.js"></script> | ||
<script src="../../../../generic/test-case.sub.js"></script> | ||
</head> | ||
<body> | ||
<script> | ||
TestCase( | ||
{ | ||
"expectation": "blocked", | ||
"origin": "same-http", | ||
"redirection": "swap-scheme", | ||
"source_context_list": [ | ||
{ | ||
"policyDeliveries": [], | ||
"sourceContextType": "sharedworker-classic" | ||
} | ||
], | ||
"source_scheme": "https", | ||
"subresource": "fetch", | ||
"subresource_policy_deliveries": [] | ||
}, | ||
document.querySelector("meta[name=assert]").content, | ||
new SanityChecker() | ||
).start(); | ||
</script> | ||
<div id="log"></div> | ||
</body> | ||
</html> |
1 change: 1 addition & 0 deletions
1
...ent/gen/sharedworker-classic.http-rp/unset/fetch/same-http.swap-scheme.https.html.headers
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
Content-Security-Policy: block-all-mixed-content |
39 changes: 39 additions & 0 deletions
39
mixed-content/gen/sharedworker-classic.http-rp/unset/fetch/same-https.keep-scheme.https.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,39 @@ | ||
<!DOCTYPE html> | ||
<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> | ||
<html> | ||
<head> | ||
<title>Mixed-Content: Allowed content</title> | ||
<meta charset='utf-8'> | ||
<meta name="description" content="Test behavior of allowed content."> | ||
<link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> | ||
<link rel="help" href="http://www.w3.org/TR/mixed-content/"> | ||
<meta name="assert" content="Mixed-Content: Expects allowed for fetch to same-https origin and keep-scheme redirection from https context."> | ||
<script src="/resources/testharness.js"></script> | ||
<script src="/resources/testharnessreport.js"></script> | ||
<script src="/common/security-features/resources/common.sub.js"></script> | ||
<script src="../../../../generic/test-case.sub.js"></script> | ||
</head> | ||
<body> | ||
<script> | ||
TestCase( | ||
{ | ||
"expectation": "allowed", | ||
"origin": "same-https", | ||
"redirection": "keep-scheme", | ||
"source_context_list": [ | ||
{ | ||
"policyDeliveries": [], | ||
"sourceContextType": "sharedworker-classic" | ||
} | ||
], | ||
"source_scheme": "https", | ||
"subresource": "fetch", | ||
"subresource_policy_deliveries": [] | ||
}, | ||
document.querySelector("meta[name=assert]").content, | ||
new SanityChecker() | ||
).start(); | ||
</script> | ||
<div id="log"></div> | ||
</body> | ||
</html> |
1 change: 1 addition & 0 deletions
1
...nt/gen/sharedworker-classic.http-rp/unset/fetch/same-https.keep-scheme.https.html.headers
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
Content-Security-Policy: block-all-mixed-content |
39 changes: 39 additions & 0 deletions
39
mixed-content/gen/sharedworker-classic.http-rp/unset/fetch/same-https.no-redirect.https.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,39 @@ | ||
<!DOCTYPE html> | ||
<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> | ||
<html> | ||
<head> | ||
<title>Mixed-Content: Allowed content</title> | ||
<meta charset='utf-8'> | ||
<meta name="description" content="Test behavior of allowed content."> | ||
<link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> | ||
<link rel="help" href="http://www.w3.org/TR/mixed-content/"> | ||
<meta name="assert" content="Mixed-Content: Expects allowed for fetch to same-https origin and no-redirect redirection from https context."> | ||
<script src="/resources/testharness.js"></script> | ||
<script src="/resources/testharnessreport.js"></script> | ||
<script src="/common/security-features/resources/common.sub.js"></script> | ||
<script src="../../../../generic/test-case.sub.js"></script> | ||
</head> | ||
<body> | ||
<script> | ||
TestCase( | ||
{ | ||
"expectation": "allowed", | ||
"origin": "same-https", | ||
"redirection": "no-redirect", | ||
"source_context_list": [ | ||
{ | ||
"policyDeliveries": [], | ||
"sourceContextType": "sharedworker-classic" | ||
} | ||
], | ||
"source_scheme": "https", | ||
"subresource": "fetch", | ||
"subresource_policy_deliveries": [] | ||
}, | ||
document.querySelector("meta[name=assert]").content, | ||
new SanityChecker() | ||
).start(); | ||
</script> | ||
<div id="log"></div> | ||
</body> | ||
</html> |
1 change: 1 addition & 0 deletions
1
...nt/gen/sharedworker-classic.http-rp/unset/fetch/same-https.no-redirect.https.html.headers
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
Content-Security-Policy: block-all-mixed-content |
39 changes: 39 additions & 0 deletions
39
...-content/gen/sharedworker-classic.http-rp/unset/websocket/cross-ws.no-redirect.https.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,39 @@ | ||
<!DOCTYPE html> | ||
<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` --> | ||
<html> | ||
<head> | ||
<title>Mixed-Content: Blockable content</title> | ||
<meta charset='utf-8'> | ||
<meta name="description" content="Test behavior of blockable content."> | ||
<link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> | ||
<link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable"> | ||
<meta name="assert" content="Mixed-Content: Expects blocked for websocket to cross-ws origin and no-redirect redirection from https context."> | ||
<script src="/resources/testharness.js"></script> | ||
<script src="/resources/testharnessreport.js"></script> | ||
<script src="/common/security-features/resources/common.sub.js"></script> | ||
<script src="../../../../generic/test-case.sub.js"></script> | ||
</head> | ||
<body> | ||
<script> | ||
TestCase( | ||
{ | ||
"expectation": "blocked", | ||
"origin": "cross-ws", | ||
"redirection": "no-redirect", | ||
"source_context_list": [ | ||
{ | ||
"policyDeliveries": [], | ||
"sourceContextType": "sharedworker-classic" | ||
} | ||
], | ||
"source_scheme": "https", | ||
"subresource": "websocket", | ||
"subresource_policy_deliveries": [] | ||
}, | ||
document.querySelector("meta[name=assert]").content, | ||
new SanityChecker() | ||
).start(); | ||
</script> | ||
<div id="log"></div> | ||
</body> | ||
</html> |
1 change: 1 addition & 0 deletions
1
.../gen/sharedworker-classic.http-rp/unset/websocket/cross-ws.no-redirect.https.html.headers
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
Content-Security-Policy: block-all-mixed-content |
Oops, something went wrong.