Bug 1409706 - Files added for CSP WPT for worker-src,child-src,script-src,default fallback behaviour, r=ckerschb
authorcegvinoth <cegvinoth@gmail.com>
Fri, 02 Feb 2018 09:34:19 +0100
changeset 402239 588fec4c25f5
parent 402238 c2fdd805667d
child 402240 f812e5fec015
push id33372
push userccoroiu@mozilla.com
push dateFri, 02 Feb 2018 17:38:55 +0000
treeherdermozilla-central@2638ae89f86f [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersckerschb
bugs1409706
milestone60.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1409706 - Files added for CSP WPT for worker-src,child-src,script-src,default fallback behaviour, r=ckerschb
testing/web-platform/meta/MANIFEST.json
testing/web-platform/tests/content-security-policy/support/dedicated-worker-helper.js
testing/web-platform/tests/content-security-policy/support/service-worker-helper.js
testing/web-platform/tests/content-security-policy/support/shared-worker-helper.js
testing/web-platform/tests/content-security-policy/worker-src/dedicated-worker-src-child-fallback.sub.html
testing/web-platform/tests/content-security-policy/worker-src/dedicated-worker-src-default-fallback.sub.html
testing/web-platform/tests/content-security-policy/worker-src/dedicated-worker-src-script-fallback.sub.html
testing/web-platform/tests/content-security-policy/worker-src/dedicated-worker-src-self-fallback.sub.html
testing/web-platform/tests/content-security-policy/worker-src/service-worker-src-child-fallback.https.sub.html
testing/web-platform/tests/content-security-policy/worker-src/service-worker-src-default-fallback.https.sub.html
testing/web-platform/tests/content-security-policy/worker-src/service-worker-src-script-fallback.https.sub.html
testing/web-platform/tests/content-security-policy/worker-src/service-worker-src-self-fallback.https.sub.html
testing/web-platform/tests/content-security-policy/worker-src/shared-worker-src-child-fallback.sub.html
testing/web-platform/tests/content-security-policy/worker-src/shared-worker-src-default-fallback.sub.html
testing/web-platform/tests/content-security-policy/worker-src/shared-worker-src-script-fallback.sub.html
testing/web-platform/tests/content-security-policy/worker-src/shared-worker-src-self-fallback.sub.html
--- a/testing/web-platform/meta/MANIFEST.json
+++ b/testing/web-platform/meta/MANIFEST.json
@@ -210487,16 +210487,21 @@
      {}
     ]
    ],
    "content-security-policy/support/checkReport.sub.js": [
     [
      {}
     ]
    ],
+   "content-security-policy/support/dedicated-worker-helper.js": [
+    [
+     {}
+    ]
+   ],
    "content-security-policy/support/document-write-alert-fail.js": [
     [
      {}
     ]
    ],
    "content-security-policy/support/echo-policy.py": [
     [
      {}
@@ -210612,16 +210617,26 @@
      {}
     ]
    ],
    "content-security-policy/support/resource.py": [
     [
      {}
     ]
    ],
+   "content-security-policy/support/service-worker-helper.js": [
+    [
+     {}
+    ]
+   ],
+   "content-security-policy/support/shared-worker-helper.js": [
+    [
+     {}
+    ]
+   ],
    "content-security-policy/support/siblingPath.js": [
     [
      {}
     ]
    ],
    "content-security-policy/support/testharness-helper.js": [
     [
      {}
@@ -305155,16 +305170,40 @@
     ]
    ],
    "content-security-policy/worker-src/dedicated-self.sub.html": [
     [
      "/content-security-policy/worker-src/dedicated-self.sub.html",
      {}
     ]
    ],
+   "content-security-policy/worker-src/dedicated-worker-src-child-fallback.sub.html": [
+    [
+     "/content-security-policy/worker-src/dedicated-worker-src-child-fallback.sub.html",
+     {}
+    ]
+   ],
+   "content-security-policy/worker-src/dedicated-worker-src-default-fallback.sub.html": [
+    [
+     "/content-security-policy/worker-src/dedicated-worker-src-default-fallback.sub.html",
+     {}
+    ]
+   ],
+   "content-security-policy/worker-src/dedicated-worker-src-script-fallback.sub.html": [
+    [
+     "/content-security-policy/worker-src/dedicated-worker-src-script-fallback.sub.html",
+     {}
+    ]
+   ],
+   "content-security-policy/worker-src/dedicated-worker-src-self-fallback.sub.html": [
+    [
+     "/content-security-policy/worker-src/dedicated-worker-src-self-fallback.sub.html",
+     {}
+    ]
+   ],
    "content-security-policy/worker-src/service-child.https.sub.html": [
     [
      "/content-security-policy/worker-src/service-child.https.sub.html",
      {}
     ]
    ],
    "content-security-policy/worker-src/service-fallback.https.sub.html": [
     [
@@ -305185,16 +305224,40 @@
     ]
    ],
    "content-security-policy/worker-src/service-self.https.sub.html": [
     [
      "/content-security-policy/worker-src/service-self.https.sub.html",
      {}
     ]
    ],
+   "content-security-policy/worker-src/service-worker-src-child-fallback.https.sub.html": [
+    [
+     "/content-security-policy/worker-src/service-worker-src-child-fallback.https.sub.html",
+     {}
+    ]
+   ],
+   "content-security-policy/worker-src/service-worker-src-default-fallback.https.sub.html": [
+    [
+     "/content-security-policy/worker-src/service-worker-src-default-fallback.https.sub.html",
+     {}
+    ]
+   ],
+   "content-security-policy/worker-src/service-worker-src-script-fallback.https.sub.html": [
+    [
+     "/content-security-policy/worker-src/service-worker-src-script-fallback.https.sub.html",
+     {}
+    ]
+   ],
+   "content-security-policy/worker-src/service-worker-src-self-fallback.https.sub.html": [
+    [
+     "/content-security-policy/worker-src/service-worker-src-self-fallback.https.sub.html",
+     {}
+    ]
+   ],
    "content-security-policy/worker-src/shared-child.sub.html": [
     [
      "/content-security-policy/worker-src/shared-child.sub.html",
      {}
     ]
    ],
    "content-security-policy/worker-src/shared-fallback.sub.html": [
     [
@@ -305215,16 +305278,40 @@
     ]
    ],
    "content-security-policy/worker-src/shared-self.sub.html": [
     [
      "/content-security-policy/worker-src/shared-self.sub.html",
      {}
     ]
    ],
+   "content-security-policy/worker-src/shared-worker-src-child-fallback.sub.html": [
+    [
+     "/content-security-policy/worker-src/shared-worker-src-child-fallback.sub.html",
+     {}
+    ]
+   ],
+   "content-security-policy/worker-src/shared-worker-src-default-fallback.sub.html": [
+    [
+     "/content-security-policy/worker-src/shared-worker-src-default-fallback.sub.html",
+     {}
+    ]
+   ],
+   "content-security-policy/worker-src/shared-worker-src-script-fallback.sub.html": [
+    [
+     "/content-security-policy/worker-src/shared-worker-src-script-fallback.sub.html",
+     {}
+    ]
+   ],
+   "content-security-policy/worker-src/shared-worker-src-self-fallback.sub.html": [
+    [
+     "/content-security-policy/worker-src/shared-worker-src-self-fallback.sub.html",
+     {}
+    ]
+   ],
    "cookie-store/cookieStore_delete_arguments.tentative.window.js": [
     [
      "/cookie-store/cookieStore_delete_arguments.tentative.window.html",
      {}
     ]
    ],
    "cookie-store/cookieStore_getAll_arguments.tentative.window.js": [
     [
@@ -412732,16 +412819,20 @@
   "content-security-policy/support/alertAssert.sub.js": [
    "b2b693859bef7a60723d996bb5ccf9d3252fa6d9",
    "support"
   ],
   "content-security-policy/support/checkReport.sub.js": [
    "06b0c4f4a36a7bd4d323d1920a1a3e2caa9b52dc",
    "support"
   ],
+  "content-security-policy/support/dedicated-worker-helper.js": [
+   "c2ee371b1ca6b56d4579032db79470d38dc7fad9",
+   "support"
+  ],
   "content-security-policy/support/document-write-alert-fail.js": [
    "55f9e74adccef83969d5da859a05bf670f711671",
    "support"
   ],
   "content-security-policy/support/echo-policy.py": [
    "84ac41975c7c1f7958ea4431ea4bf4666f2d0b24",
    "support"
   ],
@@ -412832,16 +412923,24 @@
   "content-security-policy/support/report.py": [
    "1ad83e152ddc0e2e840862ba6ffc81d73f969725",
    "support"
   ],
   "content-security-policy/support/resource.py": [
    "e6e5eb285a3988173c49a116b1ae8a76f9f7ab1a",
    "support"
   ],
+  "content-security-policy/support/service-worker-helper.js": [
+   "dada4b697830bd56b771e02de8460dffcb3a494e",
+   "support"
+  ],
+  "content-security-policy/support/shared-worker-helper.js": [
+   "7e7b17341425d222d440f2f4607ee40ff020efe6",
+   "support"
+  ],
   "content-security-policy/support/siblingPath.js": [
    "1743309038e2aef21670a82973c1cea2fbc01253",
    "support"
   ],
   "content-security-policy/support/testharness-helper.js": [
    "c8b178ae8dd96aa4552b7ccdca8c53513cc3d713",
    "support"
   ],
@@ -412952,16 +413051,32 @@
   "content-security-policy/worker-src/dedicated-none.sub.html": [
    "06c39ca981f027f2d3aa4195c36d286f3ded9b8c",
    "testharness"
   ],
   "content-security-policy/worker-src/dedicated-self.sub.html": [
    "ec579a530ae0f44e387ed400d5b923cdb8203dc7",
    "testharness"
   ],
+  "content-security-policy/worker-src/dedicated-worker-src-child-fallback.sub.html": [
+   "1206a6f00c5cf43da1327625fb7c97ce9f63a868",
+   "testharness"
+  ],
+  "content-security-policy/worker-src/dedicated-worker-src-default-fallback.sub.html": [
+   "abc576c3a0adc9e3a68b5449aeb1477f6b50f6b1",
+   "testharness"
+  ],
+  "content-security-policy/worker-src/dedicated-worker-src-script-fallback.sub.html": [
+   "a5a34c8184397fc38b1949e798f23e0799aade1a",
+   "testharness"
+  ],
+  "content-security-policy/worker-src/dedicated-worker-src-self-fallback.sub.html": [
+   "8fee6e7d738c6cc9a22883cde366e395f346f5d4",
+   "testharness"
+  ],
   "content-security-policy/worker-src/service-child.https.sub.html": [
    "0ccf56794d55c4ea8800cbe8f0805fd02450549f",
    "testharness"
   ],
   "content-security-policy/worker-src/service-fallback.https.sub.html": [
    "84207a36ed3d686f14f88cda4725d3a97653dd3e",
    "testharness"
   ],
@@ -412972,16 +413087,32 @@
   "content-security-policy/worker-src/service-none.https.sub.html": [
    "accfac94cda22bc93f61db590cf2e8f329c2b695",
    "testharness"
   ],
   "content-security-policy/worker-src/service-self.https.sub.html": [
    "561c9a2ce0d4c1b9e148cad2ca5bad4b17517e9e",
    "testharness"
   ],
+  "content-security-policy/worker-src/service-worker-src-child-fallback.https.sub.html": [
+   "90d70a062e718daf5013f3b12662066b6edb1692",
+   "testharness"
+  ],
+  "content-security-policy/worker-src/service-worker-src-default-fallback.https.sub.html": [
+   "0a115336d748892edd4afc99467ae558080789f4",
+   "testharness"
+  ],
+  "content-security-policy/worker-src/service-worker-src-script-fallback.https.sub.html": [
+   "c770ac48a17b74d54bcde8a8f721fd506da81a6b",
+   "testharness"
+  ],
+  "content-security-policy/worker-src/service-worker-src-self-fallback.https.sub.html": [
+   "ee7276b72994909e0c504f5d3ef0fe526f898e7a",
+   "testharness"
+  ],
   "content-security-policy/worker-src/shared-child.sub.html": [
    "1bc3004b63255bdb75f6660ab81870d08b96e74c",
    "testharness"
   ],
   "content-security-policy/worker-src/shared-fallback.sub.html": [
    "0e39d2651a086dc987928b8458702d5c59098af8",
    "testharness"
   ],
@@ -412992,16 +413123,32 @@
   "content-security-policy/worker-src/shared-none.sub.html": [
    "2caec3d27e2dea2a9dcc066ee2bf0a3fdc165fdb",
    "testharness"
   ],
   "content-security-policy/worker-src/shared-self.sub.html": [
    "ff4d7ca289ea20fa00bca535fdcf929876a2278b",
    "testharness"
   ],
+  "content-security-policy/worker-src/shared-worker-src-child-fallback.sub.html": [
+   "8cc98872cd4fe0ed2e411d74ba4c79684fb1b312",
+   "testharness"
+  ],
+  "content-security-policy/worker-src/shared-worker-src-default-fallback.sub.html": [
+   "7ff188d280b8b5af15da54a75201ed5e68804c42",
+   "testharness"
+  ],
+  "content-security-policy/worker-src/shared-worker-src-script-fallback.sub.html": [
+   "d1a3d6e2848bd03fb46ad4be6e312ddc501e9f5c",
+   "testharness"
+  ],
+  "content-security-policy/worker-src/shared-worker-src-self-fallback.sub.html": [
+   "599143e3733f0ea7dc3cbaa6b03de0a7b8e93acf",
+   "testharness"
+  ],
   "cookie-store/OWNERS": [
    "9e68d9eb0784e10786bd8b0c6009afb42516acdc",
    "support"
   ],
   "cookie-store/README.md": [
    "f2c101203c2a2d82a4191164943e79734530d124",
    "support"
   ],
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/support/dedicated-worker-helper.js
@@ -0,0 +1,2 @@
+var url = new URL("../support/ping.js", document.baseURI).toString();
+assert_worker_is_loaded(url, document.getElementById("foo").getAttribute("data-desc-fallback"));
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/support/service-worker-helper.js
@@ -0,0 +1,2 @@
+var url = new URL("../support/ping.js", document.baseURI).toString();
+assert_service_worker_is_loaded(url, document.getElementById("foo").getAttribute("data-desc-fallback"));
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/support/shared-worker-helper.js
@@ -0,0 +1,2 @@
+var url = new URL("../support/ping.js", document.baseURI).toString();
+assert_shared_worker_is_loaded(url, document.getElementById("foo").getAttribute("data-desc-fallback"));
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/worker-src/dedicated-worker-src-child-fallback.sub.html
@@ -0,0 +1,9 @@
+<!doctype html>
+<meta charset=utf-8>
+<title>Web platform test for dedicated worker allowed by child-src self</title>
+<script src=/resources/testharness.js></script>
+<script src=/resources/testharnessreport.js></script>
+<script src="../support/testharness-helper.js"></script>
+<!-- Ideally we would use "script-src 'none'" alone but we have to whitelist the actual script that spawns the workers, hence the nonce.-->
+<meta http-equiv="Content-Security-Policy" content="child-src 'self'; script-src 'none' 'nonce-foo'; default-src 'none'; ">
+<script src="../support/dedicated-worker-helper.js" nonce="foo" id="foo" data-desc-fallback="Same-origin dedicated worker allowed by child-src 'self'."></script>
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/worker-src/dedicated-worker-src-default-fallback.sub.html
@@ -0,0 +1,8 @@
+<!doctype html>
+<meta charset=utf-8>
+<title>Web platform test for dedicated worker allowed by default-src self</title>
+<script src=/resources/testharness.js></script>
+<script src=/resources/testharnessreport.js></script>
+<script src="../support/testharness-helper.js"></script>
+<meta http-equiv="Content-Security-Policy" content="default-src 'self'">
+<script src="../support/dedicated-worker-helper.js" id="foo" data-desc-fallback="Same-origin dedicated worker allowed by default-src 'self'."></script>
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/worker-src/dedicated-worker-src-script-fallback.sub.html
@@ -0,0 +1,8 @@
+<!doctype html>
+<meta charset=utf-8>
+<title>Web platform test for dedicated worker allowed by script-src self</title>
+<script src=/resources/testharness.js></script>
+<script src=/resources/testharnessreport.js></script>
+<script src="../support/testharness-helper.js"></script>
+<meta http-equiv="Content-Security-Policy" content="script-src 'self'; default-src 'none'; ">
+<script src="../support/dedicated-worker-helper.js" id="foo" data-desc-fallback="Same-origin dedicated worker allowed by script-src 'self'."></script>
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/worker-src/dedicated-worker-src-self-fallback.sub.html
@@ -0,0 +1,9 @@
+<!doctype html>
+<meta charset=utf-8>
+<title>Web platform test for dedicated worker allowed by worker-src self</title>
+<script src=/resources/testharness.js></script>
+<script src=/resources/testharnessreport.js></script>
+<script src="../support/testharness-helper.js"></script>
+<!-- Ideally we would use "script-src 'none'" alone but we have to whitelist the actual script that spawns the workers, hence the nonce.-->
+<meta http-equiv="Content-Security-Policy" content="worker-src 'self'; child-src 'none'; script-src 'none' 'nonce-foo'; default-src 'none'; ">
+<script src="../support/dedicated-worker-helper.js" nonce="foo" id="foo" data-desc-fallback="Same-origin dedicated worker allowed by worker-src 'self'."></script>
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/worker-src/service-worker-src-child-fallback.https.sub.html
@@ -0,0 +1,9 @@
+<!doctype html>
+<meta charset=utf-8>
+<title>Web platform test for service worker allowed by child-src self</title>
+<script src=/resources/testharness.js></script>
+<script src=/resources/testharnessreport.js></script>
+<script src="../support/testharness-helper.js"></script>
+<!-- Ideally we would use "script-src 'none'" alone but we have to whitelist the actual script that spawns the workers, hence the nonce.-->
+<meta http-equiv="Content-Security-Policy" content="child-src 'self'; script-src 'none' 'nonce-foo'; default-src 'none'; ">
+<script src="../support/service-worker-helper.js" nonce="foo" id="foo" data-desc-fallback="Same-origin service worker allowed by child-src 'self'."></script>
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/worker-src/service-worker-src-default-fallback.https.sub.html
@@ -0,0 +1,8 @@
+<!doctype html>
+<meta charset=utf-8>
+<title>Web platform test for service worker allowed by default-src self</title>
+<script src=/resources/testharness.js></script>
+<script src=/resources/testharnessreport.js></script>
+<script src="../support/testharness-helper.js"></script>
+<meta http-equiv="Content-Security-Policy" content="default-src 'self'">
+<script src="../support/service-worker-helper.js" id="foo" data-desc-fallback="Same-origin service worker allowed by default-src 'self'."></script>
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/worker-src/service-worker-src-script-fallback.https.sub.html
@@ -0,0 +1,8 @@
+<!doctype html>
+<meta charset=utf-8>
+<title>Web platform test for service worker allowed by script-src self</title>
+<script src=/resources/testharness.js></script>
+<script src=/resources/testharnessreport.js></script>
+<script src="../support/testharness-helper.js"></script>
+<meta http-equiv="Content-Security-Policy" content="script-src 'self'; default-src 'none'; ">
+<script src="../support/service-worker-helper.js" id="foo" data-desc-fallback="Same-origin service worker allowed by script-src 'self'."></script>
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/worker-src/service-worker-src-self-fallback.https.sub.html
@@ -0,0 +1,9 @@
+<!doctype html>
+<meta charset=utf-8>
+<title>Web platform test for service worker allowed by worker-src self</title>
+<script src=/resources/testharness.js></script>
+<script src=/resources/testharnessreport.js></script>
+<script src="../support/testharness-helper.js"></script>
+<!-- Ideally we would use "script-src 'none'" alone but we have to whitelist the actual script that spawns the workers, hence the nonce.-->
+<meta http-equiv="Content-Security-Policy" content="worker-src 'self'; child-src 'none'; script-src 'none' 'nonce-foo'; default-src 'none'; ">
+<script src="../support/service-worker-helper.js" nonce="foo" id="foo" data-desc-fallback="Same-origin service worker allowed by worker-src 'self'."></script>
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/worker-src/shared-worker-src-child-fallback.sub.html
@@ -0,0 +1,9 @@
+<!doctype html>
+<meta charset=utf-8>
+<title>Web platform test for shared worker allowed by child-src self</title>
+<script src=/resources/testharness.js></script>
+<script src=/resources/testharnessreport.js></script>
+<script src="../support/testharness-helper.js"></script>
+<!-- Ideally we would use "script-src 'none'" alone but we have to whitelist the actual script that spawns the workers, hence the nonce.-->
+<meta http-equiv="Content-Security-Policy" content="child-src 'self'; script-src 'none' 'nonce-foo'; default-src 'none'; ">
+<script src="../support/shared-worker-helper.js" nonce="foo" id="foo" data-desc-fallback="Same-origin shared worker allowed by child-src 'self'."></script>
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/worker-src/shared-worker-src-default-fallback.sub.html
@@ -0,0 +1,8 @@
+<!doctype html>
+<meta charset=utf-8>
+<title>Web platform test for shared worker allowed by default-src self</title>
+<script src=/resources/testharness.js></script>
+<script src=/resources/testharnessreport.js></script>
+<script src="../support/testharness-helper.js"></script>
+<meta http-equiv="Content-Security-Policy" content="default-src 'self'">
+<script src="../support/shared-worker-helper.js" id="foo" data-desc-fallback="Same-origin shared worker allowed by default-src 'self'."></script>
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/worker-src/shared-worker-src-script-fallback.sub.html
@@ -0,0 +1,8 @@
+<!doctype html>
+<meta charset=utf-8>
+<title>Web platform test for shared worker allowed by script-src self</title>
+<script src=/resources/testharness.js></script>
+<script src=/resources/testharnessreport.js></script>
+<script src="../support/testharness-helper.js"></script>
+<meta http-equiv="Content-Security-Policy" content="script-src 'self'; default-src 'none'; ">
+<script src="../support/shared-worker-helper.js" id="foo" data-desc-fallback="Same-origin shared worker allowed by script-src 'self'."></script>
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/worker-src/shared-worker-src-self-fallback.sub.html
@@ -0,0 +1,9 @@
+<!doctype html>
+<meta charset=utf-8>
+<title>Web platform test for shared worker allowed by worker-src self</title>
+<script src=/resources/testharness.js></script>
+<script src=/resources/testharnessreport.js></script>
+<script src="../support/testharness-helper.js"></script>
+<!-- Ideally we would use "script-src 'none'" alone but we have to whitelist the actual script that spawns the workers, hence the nonce.-->
+<meta http-equiv="Content-Security-Policy" content="worker-src 'self'; child-src 'none'; script-src 'none' 'nonce-foo'; default-src 'none'; ">
+<script src="../support/shared-worker-helper.js" nonce="foo" id="foo" data-desc-fallback="Same-origin shared worker allowed by worker-src 'self'."></script>
\ No newline at end of file