-
Notifications
You must be signed in to change notification settings - Fork 3.1k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
UpgradeInsecureRequest: Add subresource fetch from data: URL workers …
…test (#22235) This CL adds WPTs to test subresource fetch from data: URL dedicated and shared workers with upgrade-insecure-request CSP. The manual change is only in upgrade-insecure-requests/spec.src.json. Others are automatically generated by generate.py. Bug: 989399 Change-Id: Iefb7764be8ce68b5aefb1ac83f253302050fe55e Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2102088 Commit-Queue: Eriko Kurimoto <elkurin@google.com> Reviewed-by: Hiroki Nakagawa <nhiroki@chromium.org> Reviewed-by: Hiroshige Hayashizaki <hiroshige@chromium.org> Cr-Commit-Position: refs/heads/master@{#751234} Co-authored-by: Eriko Kurimoto <elkurin@google.com>
- Loading branch information
1 parent
7d24ade
commit bd040f2
Showing
37 changed files
with
2,503 additions
and
4 deletions.
There are no files selected for viewing
112 changes: 112 additions & 0 deletions
112
upgrade-insecure-requests/gen/sharedworker-classic-data.http-rp/upgrade/fetch.https.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,112 @@ | ||
<!DOCTYPE html> | ||
<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> | ||
<html> | ||
<head> | ||
<meta charset="utf-8"> | ||
<meta name="timeout" content="long"> | ||
<script src="/resources/testharness.js"></script> | ||
<script src="/resources/testharnessreport.js"></script> | ||
<script src="/common/security-features/resources/common.sub.js"></script> | ||
<script src="../../../generic/test-case.sub.js"></script> | ||
</head> | ||
<body> | ||
<script> | ||
TestCase( | ||
[ | ||
{ | ||
"expectation": "allowed", | ||
"origin": "same-http-downgrade", | ||
"redirection": "no-redirect", | ||
"source_context_list": [ | ||
{ | ||
"policyDeliveries": [], | ||
"sourceContextType": "sharedworker-classic-data" | ||
} | ||
], | ||
"source_scheme": "https", | ||
"subresource": "fetch", | ||
"subresource_policy_deliveries": [], | ||
"test_description": "Upgrade-Insecure-Requests: Expects allowed for fetch to same-http-downgrade origin and no-redirect redirection from https context." | ||
}, | ||
{ | ||
"expectation": "allowed", | ||
"origin": "cross-https", | ||
"redirection": "downgrade", | ||
"source_context_list": [ | ||
{ | ||
"policyDeliveries": [], | ||
"sourceContextType": "sharedworker-classic-data" | ||
} | ||
], | ||
"source_scheme": "https", | ||
"subresource": "fetch", | ||
"subresource_policy_deliveries": [], | ||
"test_description": "Upgrade-Insecure-Requests: Expects allowed for fetch to cross-https origin and downgrade redirection from https context." | ||
}, | ||
{ | ||
"expectation": "allowed", | ||
"origin": "cross-http-downgrade", | ||
"redirection": "downgrade", | ||
"source_context_list": [ | ||
{ | ||
"policyDeliveries": [], | ||
"sourceContextType": "sharedworker-classic-data" | ||
} | ||
], | ||
"source_scheme": "https", | ||
"subresource": "fetch", | ||
"subresource_policy_deliveries": [], | ||
"test_description": "Upgrade-Insecure-Requests: Expects allowed for fetch to cross-http-downgrade origin and downgrade redirection from https context." | ||
}, | ||
{ | ||
"expectation": "allowed", | ||
"origin": "same-https", | ||
"redirection": "downgrade", | ||
"source_context_list": [ | ||
{ | ||
"policyDeliveries": [], | ||
"sourceContextType": "sharedworker-classic-data" | ||
} | ||
], | ||
"source_scheme": "https", | ||
"subresource": "fetch", | ||
"subresource_policy_deliveries": [], | ||
"test_description": "Upgrade-Insecure-Requests: Expects allowed for fetch to same-https origin and downgrade redirection from https context." | ||
}, | ||
{ | ||
"expectation": "allowed", | ||
"origin": "cross-http-downgrade", | ||
"redirection": "no-redirect", | ||
"source_context_list": [ | ||
{ | ||
"policyDeliveries": [], | ||
"sourceContextType": "sharedworker-classic-data" | ||
} | ||
], | ||
"source_scheme": "https", | ||
"subresource": "fetch", | ||
"subresource_policy_deliveries": [], | ||
"test_description": "Upgrade-Insecure-Requests: Expects allowed for fetch to cross-http-downgrade origin and no-redirect redirection from https context." | ||
}, | ||
{ | ||
"expectation": "allowed", | ||
"origin": "same-http-downgrade", | ||
"redirection": "downgrade", | ||
"source_context_list": [ | ||
{ | ||
"policyDeliveries": [], | ||
"sourceContextType": "sharedworker-classic-data" | ||
} | ||
], | ||
"source_scheme": "https", | ||
"subresource": "fetch", | ||
"subresource_policy_deliveries": [], | ||
"test_description": "Upgrade-Insecure-Requests: Expects allowed for fetch to same-http-downgrade origin and downgrade redirection from https context." | ||
} | ||
], | ||
new SanityChecker() | ||
).start(); | ||
</script> | ||
<div id="log"></div> | ||
</body> | ||
</html> |
1 change: 1 addition & 0 deletions
1
...-insecure-requests/gen/sharedworker-classic-data.http-rp/upgrade/fetch.https.html.headers
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
Content-Security-Policy: upgrade-insecure-requests |
52 changes: 52 additions & 0 deletions
52
upgrade-insecure-requests/gen/sharedworker-classic-data.http-rp/upgrade/websocket.https.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,52 @@ | ||
<!DOCTYPE html> | ||
<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> | ||
<html> | ||
<head> | ||
<meta charset="utf-8"> | ||
<meta name="timeout" content="long"> | ||
<script src="/resources/testharness.js"></script> | ||
<script src="/resources/testharnessreport.js"></script> | ||
<script src="/common/security-features/resources/common.sub.js"></script> | ||
<script src="../../../generic/test-case.sub.js"></script> | ||
</head> | ||
<body> | ||
<script> | ||
TestCase( | ||
[ | ||
{ | ||
"expectation": "allowed", | ||
"origin": "same-ws-downgrade", | ||
"redirection": "no-redirect", | ||
"source_context_list": [ | ||
{ | ||
"policyDeliveries": [], | ||
"sourceContextType": "sharedworker-classic-data" | ||
} | ||
], | ||
"source_scheme": "https", | ||
"subresource": "websocket", | ||
"subresource_policy_deliveries": [], | ||
"test_description": "Upgrade-Insecure-Requests: Expects allowed for websocket to same-ws-downgrade origin and no-redirect redirection from https context." | ||
}, | ||
{ | ||
"expectation": "allowed", | ||
"origin": "cross-ws-downgrade", | ||
"redirection": "no-redirect", | ||
"source_context_list": [ | ||
{ | ||
"policyDeliveries": [], | ||
"sourceContextType": "sharedworker-classic-data" | ||
} | ||
], | ||
"source_scheme": "https", | ||
"subresource": "websocket", | ||
"subresource_policy_deliveries": [], | ||
"test_description": "Upgrade-Insecure-Requests: Expects allowed for websocket to cross-ws-downgrade origin and no-redirect redirection from https context." | ||
} | ||
], | ||
new SanityChecker() | ||
).start(); | ||
</script> | ||
<div id="log"></div> | ||
</body> | ||
</html> |
1 change: 1 addition & 0 deletions
1
...ecure-requests/gen/sharedworker-classic-data.http-rp/upgrade/websocket.https.html.headers
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
Content-Security-Policy: upgrade-insecure-requests |
112 changes: 112 additions & 0 deletions
112
upgrade-insecure-requests/gen/sharedworker-classic-data.http-rp/upgrade/xhr.https.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,112 @@ | ||
<!DOCTYPE html> | ||
<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> | ||
<html> | ||
<head> | ||
<meta charset="utf-8"> | ||
<meta name="timeout" content="long"> | ||
<script src="/resources/testharness.js"></script> | ||
<script src="/resources/testharnessreport.js"></script> | ||
<script src="/common/security-features/resources/common.sub.js"></script> | ||
<script src="../../../generic/test-case.sub.js"></script> | ||
</head> | ||
<body> | ||
<script> | ||
TestCase( | ||
[ | ||
{ | ||
"expectation": "allowed", | ||
"origin": "same-http-downgrade", | ||
"redirection": "downgrade", | ||
"source_context_list": [ | ||
{ | ||
"policyDeliveries": [], | ||
"sourceContextType": "sharedworker-classic-data" | ||
} | ||
], | ||
"source_scheme": "https", | ||
"subresource": "xhr", | ||
"subresource_policy_deliveries": [], | ||
"test_description": "Upgrade-Insecure-Requests: Expects allowed for xhr to same-http-downgrade origin and downgrade redirection from https context." | ||
}, | ||
{ | ||
"expectation": "allowed", | ||
"origin": "cross-http-downgrade", | ||
"redirection": "no-redirect", | ||
"source_context_list": [ | ||
{ | ||
"policyDeliveries": [], | ||
"sourceContextType": "sharedworker-classic-data" | ||
} | ||
], | ||
"source_scheme": "https", | ||
"subresource": "xhr", | ||
"subresource_policy_deliveries": [], | ||
"test_description": "Upgrade-Insecure-Requests: Expects allowed for xhr to cross-http-downgrade origin and no-redirect redirection from https context." | ||
}, | ||
{ | ||
"expectation": "allowed", | ||
"origin": "same-http-downgrade", | ||
"redirection": "no-redirect", | ||
"source_context_list": [ | ||
{ | ||
"policyDeliveries": [], | ||
"sourceContextType": "sharedworker-classic-data" | ||
} | ||
], | ||
"source_scheme": "https", | ||
"subresource": "xhr", | ||
"subresource_policy_deliveries": [], | ||
"test_description": "Upgrade-Insecure-Requests: Expects allowed for xhr to same-http-downgrade origin and no-redirect redirection from https context." | ||
}, | ||
{ | ||
"expectation": "allowed", | ||
"origin": "same-https", | ||
"redirection": "downgrade", | ||
"source_context_list": [ | ||
{ | ||
"policyDeliveries": [], | ||
"sourceContextType": "sharedworker-classic-data" | ||
} | ||
], | ||
"source_scheme": "https", | ||
"subresource": "xhr", | ||
"subresource_policy_deliveries": [], | ||
"test_description": "Upgrade-Insecure-Requests: Expects allowed for xhr to same-https origin and downgrade redirection from https context." | ||
}, | ||
{ | ||
"expectation": "allowed", | ||
"origin": "cross-https", | ||
"redirection": "downgrade", | ||
"source_context_list": [ | ||
{ | ||
"policyDeliveries": [], | ||
"sourceContextType": "sharedworker-classic-data" | ||
} | ||
], | ||
"source_scheme": "https", | ||
"subresource": "xhr", | ||
"subresource_policy_deliveries": [], | ||
"test_description": "Upgrade-Insecure-Requests: Expects allowed for xhr to cross-https origin and downgrade redirection from https context." | ||
}, | ||
{ | ||
"expectation": "allowed", | ||
"origin": "cross-http-downgrade", | ||
"redirection": "downgrade", | ||
"source_context_list": [ | ||
{ | ||
"policyDeliveries": [], | ||
"sourceContextType": "sharedworker-classic-data" | ||
} | ||
], | ||
"source_scheme": "https", | ||
"subresource": "xhr", | ||
"subresource_policy_deliveries": [], | ||
"test_description": "Upgrade-Insecure-Requests: Expects allowed for xhr to cross-http-downgrade origin and downgrade redirection from https context." | ||
} | ||
], | ||
new SanityChecker() | ||
).start(); | ||
</script> | ||
<div id="log"></div> | ||
</body> | ||
</html> |
1 change: 1 addition & 0 deletions
1
...de-insecure-requests/gen/sharedworker-classic-data.http-rp/upgrade/xhr.https.html.headers
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
Content-Security-Policy: upgrade-insecure-requests |
112 changes: 112 additions & 0 deletions
112
upgrade-insecure-requests/gen/sharedworker-classic-data.meta/unset/fetch.https.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,112 @@ | ||
<!DOCTYPE html> | ||
<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` --> | ||
<html> | ||
<head> | ||
<meta charset="utf-8"> | ||
<meta name="timeout" content="long"> | ||
<script src="/resources/testharness.js"></script> | ||
<script src="/resources/testharnessreport.js"></script> | ||
<script src="/common/security-features/resources/common.sub.js"></script> | ||
<script src="../../../generic/test-case.sub.js"></script> | ||
</head> | ||
<body> | ||
<script> | ||
TestCase( | ||
[ | ||
{ | ||
"expectation": "blocked", | ||
"origin": "same-http-downgrade", | ||
"redirection": "no-redirect", | ||
"source_context_list": [ | ||
{ | ||
"policyDeliveries": [], | ||
"sourceContextType": "sharedworker-classic-data" | ||
} | ||
], | ||
"source_scheme": "https", | ||
"subresource": "fetch", | ||
"subresource_policy_deliveries": [], | ||
"test_description": "Upgrade-Insecure-Requests: Expects blocked for fetch to same-http-downgrade origin and no-redirect redirection from https context." | ||
}, | ||
{ | ||
"expectation": "blocked", | ||
"origin": "cross-http-downgrade", | ||
"redirection": "no-redirect", | ||
"source_context_list": [ | ||
{ | ||
"policyDeliveries": [], | ||
"sourceContextType": "sharedworker-classic-data" | ||
} | ||
], | ||
"source_scheme": "https", | ||
"subresource": "fetch", | ||
"subresource_policy_deliveries": [], | ||
"test_description": "Upgrade-Insecure-Requests: Expects blocked for fetch to cross-http-downgrade origin and no-redirect redirection from https context." | ||
}, | ||
{ | ||
"expectation": "blocked", | ||
"origin": "cross-https", | ||
"redirection": "downgrade", | ||
"source_context_list": [ | ||
{ | ||
"policyDeliveries": [], | ||
"sourceContextType": "sharedworker-classic-data" | ||
} | ||
], | ||
"source_scheme": "https", | ||
"subresource": "fetch", | ||
"subresource_policy_deliveries": [], | ||
"test_description": "Upgrade-Insecure-Requests: Expects blocked for fetch to cross-https origin and downgrade redirection from https context." | ||
}, | ||
{ | ||
"expectation": "blocked", | ||
"origin": "cross-http-downgrade", | ||
"redirection": "downgrade", | ||
"source_context_list": [ | ||
{ | ||
"policyDeliveries": [], | ||
"sourceContextType": "sharedworker-classic-data" | ||
} | ||
], | ||
"source_scheme": "https", | ||
"subresource": "fetch", | ||
"subresource_policy_deliveries": [], | ||
"test_description": "Upgrade-Insecure-Requests: Expects blocked for fetch to cross-http-downgrade origin and downgrade redirection from https context." | ||
}, | ||
{ | ||
"expectation": "blocked", | ||
"origin": "same-http-downgrade", | ||
"redirection": "downgrade", | ||
"source_context_list": [ | ||
{ | ||
"policyDeliveries": [], | ||
"sourceContextType": "sharedworker-classic-data" | ||
} | ||
], | ||
"source_scheme": "https", | ||
"subresource": "fetch", | ||
"subresource_policy_deliveries": [], | ||
"test_description": "Upgrade-Insecure-Requests: Expects blocked for fetch to same-http-downgrade origin and downgrade redirection from https context." | ||
}, | ||
{ | ||
"expectation": "blocked", | ||
"origin": "same-https", | ||
"redirection": "downgrade", | ||
"source_context_list": [ | ||
{ | ||
"policyDeliveries": [], | ||
"sourceContextType": "sharedworker-classic-data" | ||
} | ||
], | ||
"source_scheme": "https", | ||
"subresource": "fetch", | ||
"subresource_policy_deliveries": [], | ||
"test_description": "Upgrade-Insecure-Requests: Expects blocked for fetch to same-https origin and downgrade redirection from https context." | ||
} | ||
], | ||
new SanityChecker() | ||
).start(); | ||
</script> | ||
<div id="log"></div> | ||
</body> | ||
</html> |
Oops, something went wrong.