Skip to content

Commit

Permalink
UpgradeInsecureRequest: Add subresource fetch from data: URL workers …
Browse files Browse the repository at this point in the history 
…test (#22235)

This CL adds WPTs to test subresource fetch from data: URL dedicated and
shared workers with upgrade-insecure-request CSP.

The manual change is only in upgrade-insecure-requests/spec.src.json.
Others are automatically generated by generate.py.

Bug: 989399
Change-Id: Iefb7764be8ce68b5aefb1ac83f253302050fe55e
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2102088
Commit-Queue: Eriko Kurimoto <elkurin@google.com>
Reviewed-by: Hiroki Nakagawa <nhiroki@chromium.org>
Reviewed-by: Hiroshige Hayashizaki <hiroshige@chromium.org>
Cr-Commit-Position: refs/heads/master@{#751234}

Co-authored-by: Eriko Kurimoto <elkurin@google.com>
  • Loading branch information
@chromium-wpt-export-bot
chromium-wpt-export-bot and Eriko Kurimoto authored Mar 18, 2020
1 parent 7d24ade commit bd040f2
Show file tree
Hide file tree
Showing 37 changed files with 2,503 additions and 4 deletions.
112 changes: 112 additions & 0 deletions upgrade-insecure-requests/gen/sharedworker-classic-data.http-rp/upgrade/fetch.https.html
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,112 @@
<!DOCTYPE html>
<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
<html>
<head>
<meta charset="utf-8">
<meta name="timeout" content="long">
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="/common/security-features/resources/common.sub.js"></script>
<script src="../../../generic/test-case.sub.js"></script>
</head>
<body>
<script>
TestCase(
[
{
"expectation": "allowed",
"origin": "same-http-downgrade",
"redirection": "no-redirect",
"source_context_list": [
{
"policyDeliveries": [],
"sourceContextType": "sharedworker-classic-data"
}
],
"source_scheme": "https",
"subresource": "fetch",
"subresource_policy_deliveries": [],
"test_description": "Upgrade-Insecure-Requests: Expects allowed for fetch to same-http-downgrade origin and no-redirect redirection from https context."
},
{
"expectation": "allowed",
"origin": "cross-https",
"redirection": "downgrade",
"source_context_list": [
{
"policyDeliveries": [],
"sourceContextType": "sharedworker-classic-data"
}
],
"source_scheme": "https",
"subresource": "fetch",
"subresource_policy_deliveries": [],
"test_description": "Upgrade-Insecure-Requests: Expects allowed for fetch to cross-https origin and downgrade redirection from https context."
},
{
"expectation": "allowed",
"origin": "cross-http-downgrade",
"redirection": "downgrade",
"source_context_list": [
{
"policyDeliveries": [],
"sourceContextType": "sharedworker-classic-data"
}
],
"source_scheme": "https",
"subresource": "fetch",
"subresource_policy_deliveries": [],
"test_description": "Upgrade-Insecure-Requests: Expects allowed for fetch to cross-http-downgrade origin and downgrade redirection from https context."
},
{
"expectation": "allowed",
"origin": "same-https",
"redirection": "downgrade",
"source_context_list": [
{
"policyDeliveries": [],
"sourceContextType": "sharedworker-classic-data"
}
],
"source_scheme": "https",
"subresource": "fetch",
"subresource_policy_deliveries": [],
"test_description": "Upgrade-Insecure-Requests: Expects allowed for fetch to same-https origin and downgrade redirection from https context."
},
{
"expectation": "allowed",
"origin": "cross-http-downgrade",
"redirection": "no-redirect",
"source_context_list": [
{
"policyDeliveries": [],
"sourceContextType": "sharedworker-classic-data"
}
],
"source_scheme": "https",
"subresource": "fetch",
"subresource_policy_deliveries": [],
"test_description": "Upgrade-Insecure-Requests: Expects allowed for fetch to cross-http-downgrade origin and no-redirect redirection from https context."
},
{
"expectation": "allowed",
"origin": "same-http-downgrade",
"redirection": "downgrade",
"source_context_list": [
{
"policyDeliveries": [],
"sourceContextType": "sharedworker-classic-data"
}
],
"source_scheme": "https",
"subresource": "fetch",
"subresource_policy_deliveries": [],
"test_description": "Upgrade-Insecure-Requests: Expects allowed for fetch to same-http-downgrade origin and downgrade redirection from https context."
}
],
new SanityChecker()
).start();
</script>
<div id="log"></div>
</body>
</html>
1 change: 1 addition & 0 deletions ...-insecure-requests/gen/sharedworker-classic-data.http-rp/upgrade/fetch.https.html.headers
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Content-Security-Policy: upgrade-insecure-requests
52 changes: 52 additions & 0 deletions upgrade-insecure-requests/gen/sharedworker-classic-data.http-rp/upgrade/websocket.https.html
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
<!DOCTYPE html>
<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
<html>
<head>
<meta charset="utf-8">
<meta name="timeout" content="long">
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="/common/security-features/resources/common.sub.js"></script>
<script src="../../../generic/test-case.sub.js"></script>
</head>
<body>
<script>
TestCase(
[
{
"expectation": "allowed",
"origin": "same-ws-downgrade",
"redirection": "no-redirect",
"source_context_list": [
{
"policyDeliveries": [],
"sourceContextType": "sharedworker-classic-data"
}
],
"source_scheme": "https",
"subresource": "websocket",
"subresource_policy_deliveries": [],
"test_description": "Upgrade-Insecure-Requests: Expects allowed for websocket to same-ws-downgrade origin and no-redirect redirection from https context."
},
{
"expectation": "allowed",
"origin": "cross-ws-downgrade",
"redirection": "no-redirect",
"source_context_list": [
{
"policyDeliveries": [],
"sourceContextType": "sharedworker-classic-data"
}
],
"source_scheme": "https",
"subresource": "websocket",
"subresource_policy_deliveries": [],
"test_description": "Upgrade-Insecure-Requests: Expects allowed for websocket to cross-ws-downgrade origin and no-redirect redirection from https context."
}
],
new SanityChecker()
).start();
</script>
<div id="log"></div>
</body>
</html>
1 change: 1 addition & 0 deletions ...ecure-requests/gen/sharedworker-classic-data.http-rp/upgrade/websocket.https.html.headers
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Content-Security-Policy: upgrade-insecure-requests
112 changes: 112 additions & 0 deletions upgrade-insecure-requests/gen/sharedworker-classic-data.http-rp/upgrade/xhr.https.html
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,112 @@
<!DOCTYPE html>
<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
<html>
<head>
<meta charset="utf-8">
<meta name="timeout" content="long">
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="/common/security-features/resources/common.sub.js"></script>
<script src="../../../generic/test-case.sub.js"></script>
</head>
<body>
<script>
TestCase(
[
{
"expectation": "allowed",
"origin": "same-http-downgrade",
"redirection": "downgrade",
"source_context_list": [
{
"policyDeliveries": [],
"sourceContextType": "sharedworker-classic-data"
}
],
"source_scheme": "https",
"subresource": "xhr",
"subresource_policy_deliveries": [],
"test_description": "Upgrade-Insecure-Requests: Expects allowed for xhr to same-http-downgrade origin and downgrade redirection from https context."
},
{
"expectation": "allowed",
"origin": "cross-http-downgrade",
"redirection": "no-redirect",
"source_context_list": [
{
"policyDeliveries": [],
"sourceContextType": "sharedworker-classic-data"
}
],
"source_scheme": "https",
"subresource": "xhr",
"subresource_policy_deliveries": [],
"test_description": "Upgrade-Insecure-Requests: Expects allowed for xhr to cross-http-downgrade origin and no-redirect redirection from https context."
},
{
"expectation": "allowed",
"origin": "same-http-downgrade",
"redirection": "no-redirect",
"source_context_list": [
{
"policyDeliveries": [],
"sourceContextType": "sharedworker-classic-data"
}
],
"source_scheme": "https",
"subresource": "xhr",
"subresource_policy_deliveries": [],
"test_description": "Upgrade-Insecure-Requests: Expects allowed for xhr to same-http-downgrade origin and no-redirect redirection from https context."
},
{
"expectation": "allowed",
"origin": "same-https",
"redirection": "downgrade",
"source_context_list": [
{
"policyDeliveries": [],
"sourceContextType": "sharedworker-classic-data"
}
],
"source_scheme": "https",
"subresource": "xhr",
"subresource_policy_deliveries": [],
"test_description": "Upgrade-Insecure-Requests: Expects allowed for xhr to same-https origin and downgrade redirection from https context."
},
{
"expectation": "allowed",
"origin": "cross-https",
"redirection": "downgrade",
"source_context_list": [
{
"policyDeliveries": [],
"sourceContextType": "sharedworker-classic-data"
}
],
"source_scheme": "https",
"subresource": "xhr",
"subresource_policy_deliveries": [],
"test_description": "Upgrade-Insecure-Requests: Expects allowed for xhr to cross-https origin and downgrade redirection from https context."
},
{
"expectation": "allowed",
"origin": "cross-http-downgrade",
"redirection": "downgrade",
"source_context_list": [
{
"policyDeliveries": [],
"sourceContextType": "sharedworker-classic-data"
}
],
"source_scheme": "https",
"subresource": "xhr",
"subresource_policy_deliveries": [],
"test_description": "Upgrade-Insecure-Requests: Expects allowed for xhr to cross-http-downgrade origin and downgrade redirection from https context."
}
],
new SanityChecker()
).start();
</script>
<div id="log"></div>
</body>
</html>
1 change: 1 addition & 0 deletions ...de-insecure-requests/gen/sharedworker-classic-data.http-rp/upgrade/xhr.https.html.headers
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Content-Security-Policy: upgrade-insecure-requests
112 changes: 112 additions & 0 deletions upgrade-insecure-requests/gen/sharedworker-classic-data.meta/unset/fetch.https.html
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,112 @@
<!DOCTYPE html>
<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
<html>
<head>
<meta charset="utf-8">
<meta name="timeout" content="long">
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="/common/security-features/resources/common.sub.js"></script>
<script src="../../../generic/test-case.sub.js"></script>
</head>
<body>
<script>
TestCase(
[
{
"expectation": "blocked",
"origin": "same-http-downgrade",
"redirection": "no-redirect",
"source_context_list": [
{
"policyDeliveries": [],
"sourceContextType": "sharedworker-classic-data"
}
],
"source_scheme": "https",
"subresource": "fetch",
"subresource_policy_deliveries": [],
"test_description": "Upgrade-Insecure-Requests: Expects blocked for fetch to same-http-downgrade origin and no-redirect redirection from https context."
},
{
"expectation": "blocked",
"origin": "cross-http-downgrade",
"redirection": "no-redirect",
"source_context_list": [
{
"policyDeliveries": [],
"sourceContextType": "sharedworker-classic-data"
}
],
"source_scheme": "https",
"subresource": "fetch",
"subresource_policy_deliveries": [],
"test_description": "Upgrade-Insecure-Requests: Expects blocked for fetch to cross-http-downgrade origin and no-redirect redirection from https context."
},
{
"expectation": "blocked",
"origin": "cross-https",
"redirection": "downgrade",
"source_context_list": [
{
"policyDeliveries": [],
"sourceContextType": "sharedworker-classic-data"
}
],
"source_scheme": "https",
"subresource": "fetch",
"subresource_policy_deliveries": [],
"test_description": "Upgrade-Insecure-Requests: Expects blocked for fetch to cross-https origin and downgrade redirection from https context."
},
{
"expectation": "blocked",
"origin": "cross-http-downgrade",
"redirection": "downgrade",
"source_context_list": [
{
"policyDeliveries": [],
"sourceContextType": "sharedworker-classic-data"
}
],
"source_scheme": "https",
"subresource": "fetch",
"subresource_policy_deliveries": [],
"test_description": "Upgrade-Insecure-Requests: Expects blocked for fetch to cross-http-downgrade origin and downgrade redirection from https context."
},
{
"expectation": "blocked",
"origin": "same-http-downgrade",
"redirection": "downgrade",
"source_context_list": [
{
"policyDeliveries": [],
"sourceContextType": "sharedworker-classic-data"
}
],
"source_scheme": "https",
"subresource": "fetch",
"subresource_policy_deliveries": [],
"test_description": "Upgrade-Insecure-Requests: Expects blocked for fetch to same-http-downgrade origin and downgrade redirection from https context."
},
{
"expectation": "blocked",
"origin": "same-https",
"redirection": "downgrade",
"source_context_list": [
{
"policyDeliveries": [],
"sourceContextType": "sharedworker-classic-data"
}
],
"source_scheme": "https",
"subresource": "fetch",
"subresource_policy_deliveries": [],
"test_description": "Upgrade-Insecure-Requests: Expects blocked for fetch to same-https origin and downgrade redirection from https context."
}
],
new SanityChecker()
).start();
</script>
<div id="log"></div>
</body>
</html>
Loading

0 comments on commit bd040f2

Please sign in to comment.