Bug 1635808 [wpt PR 23434] - CSP: Add WPT regression test (stale-while-revalidate), a=testonly
authorarthursonzogni <arthursonzogni@chromium.org>
Wed, 13 May 2020 09:43:46 +0000
changeset 531102 75c79e3f512b1c18ca3a9d6da9ba8acafe56001c
parent 531101 c010386f59381c12535dd3b2d950b4c7ca7b5e66
child 531103 93400fcbff690e3bbbb336035fbef7f833a0c081
push id37435
push userapavel@mozilla.com
push dateWed, 20 May 2020 15:28:23 +0000
treeherdermozilla-central@5415da14ec9a [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerstestonly
bugs1635808, 23434, 1070117, 2178576, 766019
milestone78.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1635808 [wpt PR 23434] - CSP: Add WPT regression test (stale-while-revalidate), a=testonly Automatic update from web-platform-tests CSP: Add WPT regression test (stale-while-revalidate) Adds a way to consistently reproduce bug 1070117 for every web browsers. Bug: 1070117 Change-Id: I1b3e634fe08afafb0d70eec1766ed2ee47de4aba Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2178576 Reviewed-by: Dave Tapuska <dtapuska@chromium.org> Commit-Queue: Arthur Sonzogni <arthursonzogni@chromium.org> Cr-Commit-Position: refs/heads/master@{#766019} -- wpt-commits: 2dfc66e434d6eea3348e46f851c242c09fd42c06 wpt-pr: 23434
testing/web-platform/tests/fetch/stale-while-revalidate/revalidate-not-blocked-by-csp.html
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/fetch/stale-while-revalidate/revalidate-not-blocked-by-csp.html
@@ -0,0 +1,67 @@
+<!DOCTYPE html>
+<meta charset="utf-8">
+<title>Test revalidations requests aren't blocked by CSP.</title>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/common/utils.js"></script>
+<body>
+<script>
+
+// Regression test for https://crbug.com/1070117.
+var request_token = token();
+let image_src = "resources/stale-image.py?token=" + request_token;
+
+let loadImage = async () => {
+  let img = document.createElement("img");
+  img.src = image_src;
+  let loaded = new Promise(r => img.onload = r);
+  document.body.appendChild(img);
+  await loaded;
+  return img;
+};
+
+promise_test(async t => {
+  await new Promise(r => window.onload = r);
+
+  // No CSP report must be sent from now.
+  //
+  // TODO(arthursonzogni): Some browser implementations do not support the
+  // ReportingObserver yet. Ideally, another way to access the reports should be
+  // used to test them.
+  const observer = new ReportingObserver(t.unreached_func(
+    "CSP reports aren't sent for revalidation requests"));
+  if (observer)
+    observer.observe();
+
+  let img1 = await loadImage(); // Load initial resource.
+  let img2 = loadImage();       // Request stale resource.
+
+  // Insert a <meta> CSP. This will block any image load starting from now.
+  const metaCSP = document.createElement("meta");
+  metaCSP.httpEquiv = "Content-Security-Policy";
+  metaCSP.content = "img-src 'none'";
+  document.getElementsByTagName("head")[0].appendChild(metaCSP)
+
+  // The images were requested before the <meta> CSP above was added. So they
+  // will load. Nevertheless, the resource will be stale. A revalidation request
+  // is going to be made after that.
+  assert_equals(img1.width, 16, "(initial version loaded)");
+  assert_equals((await img2).width, 16, "(stale version loaded)");
+
+  // At some point, the <img> resource is going to be revalidated. It must not
+  // be blocked nor trigger a CSP violation report.
+
+  // Query the server again and again. At some point it must have received the
+  // revalidation request. We poll, because we don't know when the revalidation
+  // will occur.
+  while(true) {
+    await new Promise(r => step_timeout(r, 25));
+    let response = await fetch(image_src + "&query");
+    let count = response.headers.get("Count");
+    if (count == "2")
+      break;
+  }
+}, "Request revalidation aren't blocked by CSP");
+
+</script>
+</body>