Bug 1509766 [wpt PR 14226] - Signed Exchange: Disallow HEAD request method, a=testonly
☠☠ backed out by fb94ec981a7d ☠ ☠
authorKunihiko Sakamoto <ksakamoto@chromium.org>
Fri, 30 Nov 2018 18:02:44 +0000
changeset 449801 67220e78c452484ac222132331797052e8a904f9
parent 449800 cf1ab6cd9f83cc88610691a36ef0280afb6f30d1
child 449802 bff6346627871ac4adb63d48ffd489773d77de35
push id110426
push userwptsync@mozilla.com
push dateTue, 11 Dec 2018 03:07:11 +0000
treeherdermozilla-inbound@fcd0236d7afa [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerstestonly
bugs1509766, 14226, 803774, 1350017, 610767
milestone66.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1509766 [wpt PR 14226] - Signed Exchange: Disallow HEAD request method, a=testonly Automatic update from web-platform-tests Signed Exchange: Disallow HEAD request method As per the Loading Signed Exchanges spec [1], this patch makes SignedExchangeEnvelope::Parse() fail if the exchange's request method is not "GET". [1] https://wicg.github.io/webpackage/loading.html#parse-cbor-headers Bug: 803774 Change-Id: I4729403f3dae5038bae702b0359e1b98f9a11233 Reviewed-on: https://chromium-review.googlesource.com/c/1350017 Reviewed-by: Kouhei Ueno <kouhei@chromium.org> Reviewed-by: Tsuyoshi Horo <horo@chromium.org> Commit-Queue: Kunihiko Sakamoto <ksakamoto@chromium.org> Cr-Commit-Position: refs/heads/master@{#610767} -- wpt-commits: 4edb777ed3a216e6be6b8a7c13820a25340017dc wpt-pr: 14226
testing/web-platform/tests/signed-exchange/resources/generate-test-sxgs.sh
testing/web-platform/tests/signed-exchange/resources/sxg-head-request.sxg
testing/web-platform/tests/signed-exchange/resources/sxg-head-request.sxg.headers
testing/web-platform/tests/signed-exchange/sxg-head-request.tentative.html
--- a/testing/web-platform/tests/signed-exchange/resources/generate-test-sxgs.sh
+++ b/testing/web-platform/tests/signed-exchange/resources/generate-test-sxgs.sh
@@ -33,16 +33,32 @@ gen-signedexchange \
   -certUrl $cert_url_origin/signed-exchange/resources/$certfile.cbor \
   -validityUrl $inner_url_origin/signed-exchange/resources/resource.validity.msg \
   -privateKey $keyfile \
   -date 2018-04-01T00:00:00Z \
   -expire 168h \
   -o sxg-location.sxg \
   -miRecordSize 100
 
+# Request method is HEAD.
+gen-signedexchange \
+  -version 1b2 \
+  -method HEAD \
+  -uri $inner_url_origin/signed-exchange/resources/inner-url.html \
+  -status 200 \
+  -content sxg-location.html \
+  -certificate $certfile \
+  -certUrl $cert_url_origin/signed-exchange/resources/$certfile.cbor \
+  -validityUrl $inner_url_origin/signed-exchange/resources/resource.validity.msg \
+  -privateKey $keyfile \
+  -date 2018-04-01T00:00:00Z \
+  -expire 168h \
+  -o sxg-head-request.sxg \
+  -miRecordSize 100
+
 # validityUrl is different origin from request URL.
 gen-signedexchange \
   -version 1b2 \
   -uri $inner_url_origin/signed-exchange/resources/inner-url.html \
   -status 200 \
   -content failure.html \
   -certificate $certfile \
   -certUrl $cert_url_origin/signed-exchange/resources/$certfile.cbor \
new file mode 100644
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..9d09647481c18a0cf8c77af198b2eff15c950b96
GIT binary patch
literal 958
zc$}3|Id2m|7&TB~{s0BV;wHh4_i%jMYvlWgy|!b=b|{F(yR*Av@5RpejMAi_p-e*q
zQV2pqbchBCYPv`WLBStLK^aA&WF2D^D#VO5`eyXr_rCWuc&c#ze!%6ruM%S6IKyy(
z2+ca1i${aOAcK)&K*<lMq6!QJGB(8K$QB`HkYPaEKe9DiCA#Li_QK^l(Lf(+3Cbby
z-detyEth6$Q3zwDJ>IDcMIdOANEn*Zc5}v&@Vp>|>n(ZQ?U;p{kVcuh)Q(LCnM@i)
zAH@R0bhBUYDME=;wXNM~uA&4PdC(hI=7gQ_yf;COfrcbRW{W9!&wo2uRrIP4tz*TL
zppZeJVmo)<BOwK1!sy74RS*b;{p_X#5TQ-})||k;-_ih)O<SjlL;08XpCM^HRcH(9
zwAeT8Rqv%3@3mSxu~AQ!LRxoQ8$Qr|bEtyqv?q7fOuq~(#YQ1LuK8kW0Wb290D(Lg
z3IswyHp;RI3QjHLXfED1xnL;FvWLgTxDJVGO1V-#oqJhWI_$-+TI7cc@^yBzdY2n0
z<z7V@n2~&BUi0N6W=Al#1W-fma*F{-9P-6DCV-4^Ho&q~(R8vih@Z?X*t<>OlrW3m
z;n-4vjUnMjMD|A;D;P9HQ$mJPy{hh7E-868SI@S08+mHcBIQmJL^PPnF1eH`Q?1K*
zOYL?e|2yF%vjn-5ShSHvQtk;dBy&OoNy?8MS`}f34ej+c9byb#HP1J{ZkK+1D8-H*
z)1Tvqr^h!Qp3G0*y}tGS{0zQT;MxYY4j0UO6rZB@-4u0sqn)e)ZJ9Q44oqr`W(r*2
z*Gv%*WEycwGR2X;K(3x>)rRs0h47vXG_4QBVVrU*j6Xe#?q$Cp-Fee3buP}dZ*gz3
fdGq7b=NFzY*XvJy!h?GW_rb;`7CL2;S$X>f`v6ON
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/signed-exchange/resources/sxg-head-request.sxg.headers
@@ -0,0 +1,1 @@
+Content-Type: application/signed-exchange;v=b2
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/signed-exchange/sxg-head-request.tentative.html
@@ -0,0 +1,17 @@
+<!DOCTYPE html>
+<title>Loading SignedHTTPExchange with HEAD request method must fail</title>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/common/get-host-info.sub.js"></script>
+<script src="./resources/sxg-util.js"></script>
+<body>
+<script>
+promise_test(async (t) => {
+  const sxgUrl = get_host_info().HTTPS_ORIGIN + '/signed-exchange/resources/sxg-head-request.sxg';
+  const message = await openSXGInIframeAndWaitForMessage(t, sxgUrl);
+  assert_equals(message.location, innerURLOrigin() + '/signed-exchange/resources/inner-url.html');
+  assert_true(message.is_fallback);
+}, 'Loading SignedHTTPExchange with HEAD request method must fail');
+
+</script>
+</body>