Bug 1602605 [wpt PR 20688] - CSP: Parse and report violations from Content-Security-Policy-Report-Only headers in the browser process., a=testonly
authorLucas Gadani <lfg@chromium.org>
Fri, 20 Dec 2019 11:39:56 +0000
changeset 508255 f7407fcab287c168cfd92f2a618bea759bee20c4
parent 508254 12ebf6317da9a716d9ab679d754af668908a48c7
child 508256 a3d27e58f2d62a91a2f0ff8fa812c88fb53ef860
push id36943
push useropoprus@mozilla.com
push dateMon, 23 Dec 2019 16:27:52 +0000
treeherdermozilla-central@6d2e33d632e7 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerstestonly
bugs1602605, 20688, 759184, 1958692, 726618
milestone73.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1602605 [wpt PR 20688] - CSP: Parse and report violations from Content-Security-Policy-Report-Only headers in the browser process., a=testonly Automatic update from web-platform-tests CSP: Parse and report violations from Content-Security-Policy-Report-Only headers in the browser process. Bug: 759184 Change-Id: Iefb33fa8ec2264f3e224d5a3ab92417160848fdf Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1958692 Reviewed-by: Arthur Sonzogni <arthursonzogni@chromium.org> Reviewed-by: Alex Moshchuk <alexmos@chromium.org> Reviewed-by: Daniel Cheng <dcheng@chromium.org> Commit-Queue: Lucas Gadani <lfg@chromium.org> Cr-Commit-Position: refs/heads/master@{#726618} -- wpt-commits: be373901c6e71b8a14e9e2235a4961ef2ab62bfb wpt-pr: 20688
testing/web-platform/tests/content-security-policy/frame-ancestors/report-only-frame.sub.html
testing/web-platform/tests/content-security-policy/frame-ancestors/support/content-security-policy-report-only.sub.html
testing/web-platform/tests/content-security-policy/frame-ancestors/support/content-security-policy-report-only.sub.html.sub.headers
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/report-only-frame.sub.html
@@ -0,0 +1,13 @@
+<!DOCTYPE html>
+<html>
+<meta name="timeout" content="long">
+<head>
+  <script src="/resources/testharness.js"></script>
+  <script src="/resources/testharnessreport.js"></script>
+  <title>Blocked frames are reported correctly</title>
+</head>
+<body>
+  <iframe src="support/content-security-policy-report-only.sub.html?policy=report-uri%20../../support/report.py%3Fop=put%26reportID={{$id:uuid()}}%3B%20frame-ancestors%20'none'"></iframe>
+  <script async defer src="../support/checkReport.sub.js?reportField=violated-directive&reportValue=frame-ancestors%20'none'&reportID={{$id}}"></script>
+</body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/support/content-security-policy-report-only.sub.html
@@ -0,0 +1,6 @@
+<!DOCTYPE html>
+<html>
+<body>
+    <p>This is an IFrame sending a Content-Security-Policy-Report-Only header containing "{{GET[policy]}}".</p>
+</body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/frame-ancestors/support/content-security-policy-report-only.sub.html.sub.headers
@@ -0,0 +1,1 @@
+Content-Security-Policy-Report-Only: {{GET[policy]}}