Bug 1509201 [wpt PR 14171] - Inherit the navigation initiator when navigating instead of the parent/opener, a=testonly
☠☠ backed out by fb94ec981a7d ☠ ☠
authorAndy Paicu <andypaicu@chromium.org>
Fri, 30 Nov 2018 18:03:04 +0000
changeset 449809 57aedf21b9c55daee12265aa274ff9528ffed30a
parent 449808 39dc1e17f38859e860ff1ffca2fd356627458ae8
child 449810 7eea409daa8b2027593029cb275aaee8f6042b97
push id110426
push userwptsync@mozilla.com
push dateTue, 11 Dec 2018 03:07:11 +0000
treeherdermozilla-inbound@fcd0236d7afa [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerstestonly
bugs1509201, 14171, 905301, 894228, 836148, 1314633, 610850
milestone66.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1509201 [wpt PR 14171] - Inherit the navigation initiator when navigating instead of the parent/opener, a=testonly Automatic update from web-platform-tests Inherit the navigation initiator when navigating instead of the parent/opener Spec PR: https://github.com/w3c/webappsec-csp/pull/358 Bug: 905301, 894228, 836148 Change-Id: I43ada2266d42d1cd56dbe3c6dd89d115e878a83a Reviewed-on: https://chromium-review.googlesource.com/c/1314633 Commit-Queue: Andy Paicu <andypaicu@chromium.org> Reviewed-by: Mike West <mkwst@chromium.org> Cr-Commit-Position: refs/heads/master@{#610850} -- wpt-commits: 75b92bf3d1791dc0e47cd8a716a135e98d2d2937 wpt-pr: 14171
testing/web-platform/tests/content-security-policy/inheritance/blob-url-in-child-frame-self-navigate-inherits.sub.html
testing/web-platform/tests/content-security-policy/inheritance/blob-url-in-main-window-self-navigate-inherits.sub.html
testing/web-platform/tests/content-security-policy/inheritance/blob-url-self-navigate-inherits.sub.html
testing/web-platform/tests/content-security-policy/inheritance/sandboxed-blob-scheme.html
testing/web-platform/tests/content-security-policy/inheritance/sandboxed-blob-scheme.html.sub.headers
testing/web-platform/tests/content-security-policy/inheritance/sandboxed-data-scheme.html
testing/web-platform/tests/content-security-policy/inheritance/sandboxed-data-scheme.html.sub.headers
testing/web-platform/tests/content-security-policy/inheritance/unsandboxed-blob-scheme.html
testing/web-platform/tests/content-security-policy/inheritance/unsandboxed-blob-scheme.html.sub.headers
testing/web-platform/tests/content-security-policy/inheritance/unsandboxed-data-scheme.html
testing/web-platform/tests/content-security-policy/inheritance/unsandboxed-data-scheme.html.sub.headers
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/inheritance/blob-url-in-child-frame-self-navigate-inherits.sub.html
@@ -0,0 +1,17 @@
+<!DOCTYPE html>
+<html>
+
+<head>
+    <script nonce="abc" src="/resources/testharness.js"></script>
+    <script nonce="abc" src="/resources/testharnessreport.js"></script>
+</head>
+
+<!-- This tests that navigating a main window to a local scheme preserves the current CSP.
+     We need to test this in a main window with no parent/opener so we use
+     a link with target=_blank and rel=noopener. -->
+<body>
+    <iframe src="support/navigate-self-to-blob.html?csp=script-src%20%27nonce-abc%27&report_id={{$id:uuid()}}"></iframe>
+    <script async defer src='../support/checkReport.sub.js?reportField=violated-directive&reportValue=script-src%20%27nonce-abc%27&reportID={{$id}}'></script>
+</body>
+
+</html>
rename from testing/web-platform/tests/content-security-policy/inheritance/blob-url-self-navigate-inherits.sub.html
rename to testing/web-platform/tests/content-security-policy/inheritance/blob-url-in-main-window-self-navigate-inherits.sub.html
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/inheritance/sandboxed-blob-scheme.html
@@ -0,0 +1,23 @@
+<!DOCTYPE html>
+<html>
+
+<head>
+    <script nonce="abc" src="/resources/testharness.js"></script>
+    <script nonce="abc" src="/resources/testharnessreport.js"></script>
+</head>
+
+<body>
+    <script nonce='abc'>
+      var blob_string = "<script>alert(document.domain)<\/scr"+"ipt>";
+      var blob = new Blob([blob_string], {type : 'text/html'});
+      var url = URL.createObjectURL(blob);
+
+      var i = document.createElement('iframe');
+      i.src = url;
+      i.sandbox = "allow-scripts";
+      document.body.appendChild(i);
+    </script>
+    <script nonce='abc' async defer src='../support/checkReport.sub.js?reportField=violated-directive&reportValue=script-src%20%27nonce-abc%27'></script>
+</body>
+
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/inheritance/sandboxed-blob-scheme.html.sub.headers
@@ -0,0 +1,5 @@
+Expires: Mon, 26 Jul 1997 05:00:00 GMT
+Cache-Control: no-store, no-cache, must-revalidate
+Pragma: no-cache
+Set-Cookie: sandboxed-blob-scheme={{$id:uuid()}}; Path=/content-security-policy/inheritance/
+Content-Security-Policy: script-src 'nonce-abc'; report-uri http://{{host}}:{{ports[http][0]}}/content-security-policy/support/report.py?op=put&reportID={{$id}}
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/inheritance/sandboxed-data-scheme.html
@@ -0,0 +1,21 @@
+<!DOCTYPE html>
+<html>
+
+<head>
+    <script nonce="abc" src="/resources/testharness.js"></script>
+    <script nonce="abc" src="/resources/testharnessreport.js"></script>
+</head>
+
+<body>
+    <script nonce='abc'>
+      var url = "data:text/html,<script>alert(document.domain)<\/scr"+"ipt>";
+
+      var i = document.createElement('iframe');
+      i.src = url;
+      i.sandbox = "allow-scripts";
+      document.body.appendChild(i);
+    </script>
+    <script nonce='abc' async defer src='../support/checkReport.sub.js?reportField=violated-directive&reportValue=script-src%20%27nonce-abc%27'></script>
+</body>
+
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/inheritance/sandboxed-data-scheme.html.sub.headers
@@ -0,0 +1,5 @@
+Expires: Mon, 26 Jul 1997 05:00:00 GMT
+Cache-Control: no-store, no-cache, must-revalidate
+Pragma: no-cache
+Set-Cookie: sandboxed-data-scheme={{$id:uuid()}}; Path=/content-security-policy/inheritance/
+Content-Security-Policy: script-src 'nonce-abc'; report-uri http://{{host}}:{{ports[http][0]}}/content-security-policy/support/report.py?op=put&reportID={{$id}}
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/inheritance/unsandboxed-blob-scheme.html
@@ -0,0 +1,22 @@
+<!DOCTYPE html>
+<html>
+
+<head>
+    <script nonce="abc" src="/resources/testharness.js"></script>
+    <script nonce="abc" src="/resources/testharnessreport.js"></script>
+</head>
+
+<body>
+    <script nonce='abc'>
+      var blob_string = "<script>alert(document.domain)<\/scr"+"ipt>";
+      var blob = new Blob([blob_string], {type : 'text/html'});
+      var url = URL.createObjectURL(blob);
+
+      var i = document.createElement('iframe');
+      i.src = url;
+      document.body.appendChild(i);
+    </script>
+    <script nonce='abc' async defer src='../support/checkReport.sub.js?reportField=violated-directive&reportValue=script-src%20%27nonce-abc%27'></script>
+</body>
+
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/inheritance/unsandboxed-blob-scheme.html.sub.headers
@@ -0,0 +1,5 @@
+Expires: Mon, 26 Jul 1997 05:00:00 GMT
+Cache-Control: no-store, no-cache, must-revalidate
+Pragma: no-cache
+Set-Cookie: unsandboxed-blob-scheme={{$id:uuid()}}; Path=/content-security-policy/inheritance/
+Content-Security-Policy: script-src 'nonce-abc'; report-uri http://{{host}}:{{ports[http][0]}}/content-security-policy/support/report.py?op=put&reportID={{$id}}
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/inheritance/unsandboxed-data-scheme.html
@@ -0,0 +1,20 @@
+<!DOCTYPE html>
+<html>
+
+<head>
+    <script nonce="abc" src="/resources/testharness.js"></script>
+    <script nonce="abc" src="/resources/testharnessreport.js"></script>
+</head>
+
+<body>
+    <script nonce='abc'>
+      var url = "data:text/html,<script>alert(document.domain)<\/scri"+"pt>";
+
+      var i = document.createElement('iframe');
+      i.src = url;
+      document.body.appendChild(i);
+    </script>
+    <script nonce='abc' async defer src='../support/checkReport.sub.js?reportField=violated-directive&reportValue=script-src%20%27nonce-abc%27'></script>
+</body>
+
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/inheritance/unsandboxed-data-scheme.html.sub.headers
@@ -0,0 +1,5 @@
+Expires: Mon, 26 Jul 1997 05:00:00 GMT
+Cache-Control: no-store, no-cache, must-revalidate
+Pragma: no-cache
+Set-Cookie: unsandboxed-data-scheme={{$id:uuid()}}; Path=/content-security-policy/inheritance/
+Content-Security-Policy: script-src 'nonce-abc'; report-uri http://{{host}}:{{ports[http][0]}}/content-security-policy/support/report.py?op=put&reportID={{$id}}