Bug 1523562 [wpt PR 14984] - SignedExchange: Reject uncached-headers, a=testonly
authorKouhei Ueno <kouhei@chromium.org>
Thu, 31 Jan 2019 18:59:03 +0000
changeset 458079 d2652a6b3f77f3a7b4f663c53ab56d46ae936fb0
parent 458078 62f4234dae83d6e63d505fd2d38c9e0301f58985
child 458080 708bc2182c357dd98da3b80035956cbf257a3a9d
push id35518
push useropoprus@mozilla.com
push dateFri, 08 Feb 2019 09:55:14 +0000
treeherdermozilla-central@3a3e393396f4 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerstestonly
bugs1523562, 14984, 920897, 1425842, 624724
milestone67.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1523562 [wpt PR 14984] - SignedExchange: Reject uncached-headers, a=testonly Automatic update from web-platform-tests SignedExchange: Reject uncached-headers This CL aligns the response header filter with the signed exchange spec update: https://github.com/WICG/webpackage/pull/339 Bug: 920897 Change-Id: I7819b560f4f7ec9d75145e74780ad0fd85008944 Reviewed-on: https://chromium-review.googlesource.com/c/1425842 Reviewed-by: Kunihiko Sakamoto <ksakamoto@chromium.org> Reviewed-by: Tsuyoshi Horo <horo@chromium.org> Commit-Queue: Kouhei Ueno <kouhei@chromium.org> Cr-Commit-Position: refs/heads/master@{#624724} -- wpt-commits: 6f7e91a17cdd2f01105ccff43fc45a9db98507f3 wpt-pr: 14984
testing/web-platform/tests/signed-exchange/resources/generate-test-sxgs.sh
testing/web-platform/tests/signed-exchange/resources/sxg/sxg-hsts.sxg
testing/web-platform/tests/signed-exchange/sxg-hsts.tentative.html
--- a/testing/web-platform/tests/signed-exchange/resources/generate-test-sxgs.sh
+++ b/testing/web-platform/tests/signed-exchange/resources/generate-test-sxgs.sh
@@ -1,10 +1,9 @@
 #!/bin/sh
-
 sxg_version=1b3
 certfile=127.0.0.1.sxg.pem
 keyfile=127.0.0.1.sxg.key
 inner_url_origin=https://127.0.0.1:8444
 # TODO: Stop hard-coding "web-platform.test" in certUrl when generating
 # Signed Exchanges on the fly.
 cert_url_origin=https://web-platform.test:8444
 sxg_content_type='content-type: application/signed-exchange;v=b2'
@@ -159,9 +158,26 @@ gen-signedexchange \
   -certUrl $cert_url_origin/signed-exchange/resources/$certfile.cbor \
   -validityUrl $inner_url_origin/signed-exchange/resources/resource.validity.msg \
   -privateKey $keyfile \
   -date 2018-04-01T00:00:00Z \
   -expire 168h \
   -o sxg/sxg-noncacheable.sxg \
   -miRecordSize 100
 
+# Response has a strict-transport-security header.
+gen-signedexchange \
+  -version $sxg_version \
+  -uri $inner_url_origin/signed-exchange/resources/inner-url.html \
+  -status 200 \
+  -responseHeader "Strict-Transport-Security: max-age=31536000" \
+  -content sxg-location.html \
+  -certificate $certfile \
+  -certUrl $cert_url_origin/signed-exchange/resources/$certfile.cbor \
+  -validityUrl $inner_url_origin/signed-exchange/resources/resource.validity.msg \
+  -privateKey $keyfile \
+  -date 2018-04-01T00:00:00Z \
+  -expire 168h \
+  -o sxg/sxg-hsts.sxg \
+  -miRecordSize 100 \
+  -ignoreErrors true
+
 rm -fr $tmpdir
new file mode 100644
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..68650b8c3686a33c19234d18af78375b7a9cdb07
GIT binary patch
literal 987
zc$}3|J#W)c6b&#D{s2e}rc2wj{z&39X%ZK?soSJ&+O$cUv;)<%ePh4GU-EnTXsRv@
zER0=PKmr63VnZxQAhEGkLI?)_KnKRE5+im)P?->Zl6BwHIrrRi-XjAe&Z@~s<gQ7n
zN3uL0Poy~^Sn+H|6h)q3!vURzfo3Ad0Nw}Uc6|*9j~xemw(DD*No^}~<yj>1(LyR%
zIVK=Uv9eMxl$H~lt-_EVEES!$SLM|`!OIjqc}<k#-6CJd)iNxpojKm4Ycf{k^rF~I
zl`?!?mK!UmFUWGwS`-bXv*#r@lSVr+tgMuv-VxecQY^>xkcD+j55g&=iT`#muDEd@
z&L+l0j=>HE!w>e-gpLg$l(#WUOq58?u|hHcXyDVoHT$5lo`q=3^=*y@lz(ae8ImId
zgY&@VG}ZOTy+>kF%&XStyUmuKvKre~XV0D)f{E4#%~r!)R7<eBQdyRJ<(YYNnS^=h
zh=LSPB@!u7$OuA?fq{nu&G0N47gKYB@M3vnsX2eylhiTr%+7AXZp7P0skv&j-L#S(
zmS>c-yR+e}ZJ;u)m8v|#T1Q&R5{hV-6cU24uDL;24rS?q2hE!l29yt<L*T<iJ^?Cq
zX^YKN#xQU+SI3UAep$VFi%=hHK@%T2#B;*{K<kD#P_fZ~MFvR8cq$o;FGNP4p1-rS
zS*Yz+6eg5gh~_D#7AzD-I*i+5su$T8Yqg5<JN`UB0!8yg^RY)4qJ8Y>Zl6QCuJi)h
zIwk=d{HaMB2thBm&XQlZi$C5M=Z_z7pR@N*o?g56e0cKq)s1&&r|`yr$ysI!Lgq9h
zEii{shPl{r!9^f0G!py>Er-nvm^!pv4N>emSw?rYt{o!BN1W+HYnH)ezlAJIMOr7z
z1Qj8l9%uFo-;Zy<ZWMRUPpxm+SbppJheuD&C%#<WeE1WNrgPDw*$XTLWu6~<`vpJ(
BRAK-C
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/signed-exchange/sxg-hsts.tentative.html
@@ -0,0 +1,21 @@
+<!DOCTYPE html>
+<title>Loading SignedHTTPExchange with strict-transport-security must fail</title>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/common/get-host-info.sub.js"></script>
+<script src="./resources/sxg-util.js"></script>
+<body>
+<script>
+promise_test(async (t) => {
+  const sxgUrl = get_host_info().HTTPS_ORIGIN +
+                 '/signed-exchange/resources/sxg/sxg-hsts.sxg';
+  const message = await openSXGInIframeAndWaitForMessage(t, sxgUrl);
+  const innerURL = innerURLOrigin() +
+                   '/signed-exchange/resources/inner-url.html';
+  assert_equals(message.location, innerURL);
+  assert_true(message.is_fallback);
+}, 'Loading SignedHTTPExchange with an uncached header ' +
+   'Strict-Transport-Security must fail and fallback redirect.');
+
+</script>
+</body>