| author | Chung-Sheng Fu <cfu@mozilla.com> |
| Wed, 29 Nov 2017 16:55:00 +0200 | |
| changeset 448676 | 3f2598dad67c2ed8c521ce68c8f383385a2a088f |
| parent 448675 | fd99633486a59a1771e84214998043e1a3684945 |
| child 448677 | dab9aa2ed975046aba9507d1d68efc8f95d98496 |
| push id | 1648 |
| push user | mtabara@mozilla.com |
| push date | Thu, 01 Mar 2018 12:45:47 +0000 |
| treeherder | mozilla-release@cbb9688c2eeb [default view] [failures only] |
| perfherder | [talos] [build metrics] [platform microbench] (compared to previous push) |
| reviewers | ckerschb, smaug |
| bugs | 1037335 |
| milestone | 59.0a1 |
| first release with | nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
|
| last release without | nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
|
--- a/dom/security/nsCSPContext.cpp +++ b/dom/security/nsCSPContext.cpp @@ -268,28 +268,31 @@ NS_IMPL_CLASSINFO(nsCSPContext, nsIClassInfo::MAIN_THREAD_ONLY, NS_CSPCONTEXT_CID) NS_IMPL_ISUPPORTS_CI(nsCSPContext, nsIContentSecurityPolicy, nsISerializable) int32_t nsCSPContext::sScriptSampleMaxLength; +bool nsCSPContext::sViolationEventsEnabled = false; nsCSPContext::nsCSPContext() : mInnerWindowID(0) , mLoadingContext(nullptr) , mLoadingPrincipal(nullptr) , mQueueUpMessages(true) { static bool sInitialized = false; if (!sInitialized) { Preferences::AddIntVarCache(&sScriptSampleMaxLength, "security.csp.reporting.script-sample.max-length", 40); + Preferences::AddBoolVarCache(&sViolationEventsEnabled, + "security.csp.enable_violation_events"); sInitialized = true; } CSPCONTEXTLOG(("nsCSPContext::nsCSPContext")); } nsCSPContext::~nsCSPContext() { @@ -1132,16 +1135,20 @@ nsCSPContext::SendReports( } return NS_OK; } nsresult nsCSPContext::FireViolationEvent( const mozilla::dom::SecurityPolicyViolationEventInit& aViolationEventInit) { + if (!sViolationEventsEnabled) { + return NS_OK; + } + nsCOMPtr<nsIDocument> doc = do_QueryReferent(mLoadingContext); if (!doc) { return NS_OK; } RefPtr<mozilla::dom::Event> event = mozilla::dom::SecurityPolicyViolationEvent::Constructor( doc,
--- a/dom/security/nsCSPContext.h +++ b/dom/security/nsCSPContext.h @@ -139,16 +139,18 @@ class nsCSPContext : public nsIContentSe static int32_t sScriptSampleMaxLength; static uint32_t ScriptSampleMaxLength() { return std::max(sScriptSampleMaxLength, 0); } + static bool sViolationEventsEnabled; + nsString mReferrer; uint64_t mInnerWindowID; // used for web console logging nsTArray<nsCSPPolicy*> mPolicies; nsCOMPtr<nsIURI> mSelfURI; nsDataHashtable<nsCStringHashKey, int16_t> mShouldLoadCache; nsCOMPtr<nsILoadGroup> mCallingChannelLoadGroup; nsWeakPtr mLoadingContext; // The CSP hangs off the principal, so let's store a raw pointer of the principal
--- a/dom/security/test/csp/test_security_policy_violation_event.html +++ b/dom/security/test/csp/test_security_policy_violation_event.html @@ -1,14 +1,19 @@ <!DOCTYPE html> <meta charset="utf-8"> <meta http-equiv="Content-Security-Policy" content="img-src 'none'"> <script src="/tests/SimpleTest/SimpleTest.js"></script> <script> SimpleTest.waitForExplicitFinish(); +SpecialPowers.pushPrefEnv({ + set: [ + ["security.csp.enable_violation_events", true] + ] +}); document.addEventListener("securitypolicyviolation", (e) => { SimpleTest.is(e.blockedURI, "http://mochi.test:8888/foo/bar.jpg", "blockedURI"); SimpleTest.todo_is(e.violatedDirective, "img-src", "violatedDirective") SimpleTest.is(e.originalPolicy, "img-src 'none'", "originalPolicy"); SimpleTest.finish(); }); </script> <img src="http://mochi.test:8888/foo/bar.jpg">
--- a/dom/webidl/SecurityPolicyViolationEvent.webidl +++ b/dom/webidl/SecurityPolicyViolationEvent.webidl @@ -2,17 +2,18 @@ * License, v. 2.0. If a copy of the MPL was not distributed with this file, * You can obtain one at http://mozilla.org/MPL/2.0/. */ enum SecurityPolicyViolationEventDisposition { "enforce", "report" }; -[Constructor(DOMString type, optional SecurityPolicyViolationEventInit eventInitDict)] +[Constructor(DOMString type, optional SecurityPolicyViolationEventInit eventInitDict), + Pref="security.csp.enable_violation_events"] interface SecurityPolicyViolationEvent : Event { readonly attribute DOMString documentURI; readonly attribute DOMString referrer; readonly attribute DOMString blockedURI; readonly attribute DOMString violatedDirective; readonly attribute DOMString effectiveDirective; readonly attribute DOMString originalPolicy;
--- a/modules/libpref/init/all.js +++ b/modules/libpref/init/all.js @@ -2527,16 +2527,21 @@ pref("security.directory", pref("signed.applets.codebase_principal_support", false); // security-sensitive dialogs should delay button enabling. In milliseconds. pref("security.dialog_enable_delay", 1000); pref("security.notification_enable_delay", 500); pref("security.csp.enable", true); pref("security.csp.experimentalEnabled", false); pref("security.csp.enableStrictDynamic", true); +#ifdef EARLY_BETA_OR_EARLIER +pref("security.csp.enable_violation_events", true); +#else +pref("security.csp.enable_violation_events", false); +#endif // Default Content Security Policy to apply to signed contents. pref("security.signed_content.CSP.default", "script-src 'self'; style-src 'self'"); // Mixed content blocking pref("security.mixed_content.block_active_content", false); pref("security.mixed_content.block_display_content", false);
--- a/testing/web-platform/meta/content-security-policy/base-uri/base-uri_iframe_sandbox.sub.html.ini +++ b/testing/web-platform/meta/content-security-policy/base-uri/base-uri_iframe_sandbox.sub.html.ini @@ -1,4 +1,5 @@ [base-uri_iframe_sandbox.sub.html] type: testharness + prefs: [security.csp.enable_violation_events:true] expected: ERROR
--- a/testing/web-platform/meta/content-security-policy/base-uri/report-uri-does-not-respect-base-uri.sub.html.ini +++ b/testing/web-platform/meta/content-security-policy/base-uri/report-uri-does-not-respect-base-uri.sub.html.ini @@ -1,4 +1,5 @@ [report-uri-does-not-respect-base-uri.sub.html] + prefs: [security.csp.enable_violation_events:true] [Event is fired] expected: FAIL
--- a/testing/web-platform/meta/content-security-policy/child-src/child-src-worker-blocked.sub.html.ini +++ b/testing/web-platform/meta/content-security-policy/child-src/child-src-worker-blocked.sub.html.ini @@ -1,5 +1,6 @@ [child-src-worker-blocked.sub.html] type: testharness + prefs: [security.csp.enable_violation_events:true] [Should throw a securitypolicyviolation event] expected: FAIL
--- a/testing/web-platform/meta/content-security-policy/connect-src/connect-src-xmlhttprequest-blocked.sub.html.ini +++ b/testing/web-platform/meta/content-security-policy/connect-src/connect-src-xmlhttprequest-blocked.sub.html.ini @@ -1,10 +1,11 @@ [connect-src-xmlhttprequest-blocked.sub.html] type: testharness + prefs: [security.csp.enable_violation_events:true] [XHR should fire onerror.] expected: TIMEOUT [XHR should fire onerror after a redirect.] expected: FAIL [Expecting logs: ["Pass","violated-directive=connect-src"\]] expected: FAIL
--- a/testing/web-platform/meta/content-security-policy/font-src/font-stylesheet-font-blocked.sub.html.ini +++ b/testing/web-platform/meta/content-security-policy/font-src/font-stylesheet-font-blocked.sub.html.ini @@ -1,5 +1,6 @@ [font-stylesheet-font-blocked.sub.html] type: testharness + prefs: [security.csp.enable_violation_events:true] [Test font does not load if it does not match font-src.] expected: FAIL
--- a/testing/web-platform/meta/content-security-policy/generic/generic-0_1-img-src.html.ini +++ b/testing/web-platform/meta/content-security-policy/generic/generic-0_1-img-src.html.ini @@ -1,8 +1,9 @@ [generic-0_1-img-src.html] type: testharness + prefs: [security.csp.enable_violation_events:true] [Violation report status OK.] expected: FAIL [Should fire violation events for every failed violation] expected: FAIL
--- a/testing/web-platform/meta/content-security-policy/generic/generic-0_1-script-src.html.ini +++ b/testing/web-platform/meta/content-security-policy/generic/generic-0_1-script-src.html.ini @@ -1,8 +1,9 @@ [generic-0_1-script-src.html] type: testharness + prefs: [security.csp.enable_violation_events:true] [Violation report status OK.] expected: FAIL [Should fire violation events for every failed violation] expected: FAIL
--- a/testing/web-platform/meta/content-security-policy/generic/generic-0_10_1.sub.html.ini +++ b/testing/web-platform/meta/content-security-policy/generic/generic-0_10_1.sub.html.ini @@ -1,4 +1,5 @@ [generic-0_10_1.sub.html] + prefs: [security.csp.enable_violation_events:true] [Should fire violation events for every failed violation] expected: FAIL
--- a/testing/web-platform/meta/content-security-policy/generic/generic-0_2_2.sub.html.ini +++ b/testing/web-platform/meta/content-security-policy/generic/generic-0_2_2.sub.html.ini @@ -1,4 +1,5 @@ [generic-0_2_2.sub.html] + prefs: [security.csp.enable_violation_events:true] [Should fire violation events for every failed violation] expected: FAIL
--- a/testing/web-platform/meta/content-security-policy/generic/generic-0_2_3.html.ini +++ b/testing/web-platform/meta/content-security-policy/generic/generic-0_2_3.html.ini @@ -1,4 +1,5 @@ [generic-0_2_3.html] + prefs: [security.csp.enable_violation_events:true] [Should fire violation events for every failed violation] expected: FAIL
--- a/testing/web-platform/meta/content-security-policy/generic/generic-0_8_1.sub.html.ini +++ b/testing/web-platform/meta/content-security-policy/generic/generic-0_8_1.sub.html.ini @@ -1,4 +1,5 @@ [generic-0_8_1.sub.html] + prefs: [security.csp.enable_violation_events:true] [Should fire violation events for every failed violation] expected: FAIL
--- a/testing/web-platform/meta/content-security-policy/media-src/media-src-7_1_2.sub.html.ini +++ b/testing/web-platform/meta/content-security-policy/media-src/media-src-7_1_2.sub.html.ini @@ -1,4 +1,5 @@ [media-src-7_1_2.sub.html] + prefs: [security.csp.enable_violation_events:true] [Test that securitypolicyviolation events are fired] expected: FAIL
--- a/testing/web-platform/meta/content-security-policy/media-src/media-src-7_2_2.sub.html.ini +++ b/testing/web-platform/meta/content-security-policy/media-src/media-src-7_2_2.sub.html.ini @@ -1,4 +1,5 @@ [media-src-7_2_2.sub.html] + prefs: [security.csp.enable_violation_events:true] [Test that securitypolicyviolation events are fired] expected: FAIL
--- a/testing/web-platform/meta/content-security-policy/media-src/media-src-7_3_2.sub.html.ini +++ b/testing/web-platform/meta/content-security-policy/media-src/media-src-7_3_2.sub.html.ini @@ -1,4 +1,5 @@ [media-src-7_3_2.sub.html] + prefs: [security.csp.enable_violation_events:true] [Test that securitypolicyviolation events are fired] expected: FAIL
--- a/testing/web-platform/meta/content-security-policy/media-src/media-src-blocked.sub.html.ini +++ b/testing/web-platform/meta/content-security-policy/media-src/media-src-blocked.sub.html.ini @@ -1,4 +1,5 @@ [media-src-blocked.sub.html] + prefs: [security.csp.enable_violation_events:true] [Test that securitypolicyviolation events are fired] expected: FAIL
--- a/testing/web-platform/meta/content-security-policy/navigation/to-javascript-url-script-src.html.ini +++ b/testing/web-platform/meta/content-security-policy/navigation/to-javascript-url-script-src.html.ini @@ -1,11 +1,12 @@ [to-javascript-url-script-src.html] type: testharness expected: TIMEOUT + prefs: [security.csp.enable_violation_events:true] [<iframe src='javascript:'> blocked without 'unsafe-inline'.] expected: TIMEOUT [<iframe> navigated to 'javascript:' blocked without 'unsafe-inline'.] expected: TIMEOUT [<iframe src='...'> with 'unsafe-inline' navigated to 'javascript:' blocked in this document] expected: TIMEOUT
--- a/testing/web-platform/meta/content-security-policy/reporting/reporting-api-report-only-sends-reports-on-violation.https.sub.html.ini +++ b/testing/web-platform/meta/content-security-policy/reporting/reporting-api-report-only-sends-reports-on-violation.https.sub.html.ini @@ -1,7 +1,8 @@ [reporting-api-report-only-sends-reports-on-violation.https.sub.html] + prefs: [security.csp.enable_violation_events:true] [Event is fired] expected: FAIL [Violation report status OK.] expected: FAIL
--- a/testing/web-platform/meta/content-security-policy/reporting/reporting-api-report-to-overrides-report-uri-1.https.sub.html.ini +++ b/testing/web-platform/meta/content-security-policy/reporting/reporting-api-report-to-overrides-report-uri-1.https.sub.html.ini @@ -1,4 +1,5 @@ [reporting-api-report-to-overrides-report-uri-1.https.sub.html] + prefs: [security.csp.enable_violation_events:true] [Event is fired] expected: FAIL
--- a/testing/web-platform/meta/content-security-policy/reporting/reporting-api-report-to-overrides-report-uri-2.https.sub.html.ini +++ b/testing/web-platform/meta/content-security-policy/reporting/reporting-api-report-to-overrides-report-uri-2.https.sub.html.ini @@ -1,4 +1,5 @@ [reporting-api-report-to-overrides-report-uri-2.https.sub.html] + prefs: [security.csp.enable_violation_events:true] [Event is fired] expected: FAIL
--- a/testing/web-platform/meta/content-security-policy/reporting/reporting-api-sends-reports-on-violation.https.sub.html.ini +++ b/testing/web-platform/meta/content-security-policy/reporting/reporting-api-sends-reports-on-violation.https.sub.html.ini @@ -1,7 +1,8 @@ [reporting-api-sends-reports-on-violation.https.sub.html] + prefs: [security.csp.enable_violation_events:true] [Event is fired] expected: FAIL [Violation report status OK.] expected: FAIL
--- a/testing/web-platform/meta/content-security-policy/reporting/securitypolicyviolation-idl.html.ini +++ b/testing/web-platform/meta/content-security-policy/reporting/securitypolicyviolation-idl.html.ini @@ -1,5 +1,6 @@ [securitypolicyviolation-idl.html] type: testharness + prefs: [security.csp.enable_violation_events:true] [SecurityPolicyViolationEvent IDL Tests] expected: FAIL
--- a/testing/web-platform/meta/content-security-policy/script-src/javascript-window-open-blocked.html.ini +++ b/testing/web-platform/meta/content-security-policy/script-src/javascript-window-open-blocked.html.ini @@ -1,5 +1,6 @@ [javascript-window-open-blocked.html] type: testharness + prefs: [security.csp.enable_violation_events:true] [Check that a securitypolicyviolation event is fired] expected: FAIL
--- a/testing/web-platform/meta/content-security-policy/script-src/script-src-1_1.html.ini +++ b/testing/web-platform/meta/content-security-policy/script-src/script-src-1_1.html.ini @@ -1,4 +1,5 @@ [script-src-1_1.html] + prefs: [security.csp.enable_violation_events:true] [Should not fire policy violation events] expected: FAIL
--- a/testing/web-platform/meta/content-security-policy/script-src/script-src-1_10.html.ini +++ b/testing/web-platform/meta/content-security-policy/script-src/script-src-1_10.html.ini @@ -1,4 +1,5 @@ [script-src-1_10.html] + prefs: [security.csp.enable_violation_events:true] [Test that securitypolicyviolation event is fired] expected: FAIL
--- a/testing/web-platform/meta/content-security-policy/script-src/script-src-1_2.html.ini +++ b/testing/web-platform/meta/content-security-policy/script-src/script-src-1_2.html.ini @@ -1,7 +1,8 @@ [script-src-1_2.html] type: testharness disabled: if os == "win": bug 1172411 + prefs: [security.csp.enable_violation_events:true] [Should not fire policy violation events] expected: FAIL
--- a/testing/web-platform/meta/content-security-policy/script-src/script-src-1_2_1.html.ini +++ b/testing/web-platform/meta/content-security-policy/script-src/script-src-1_2_1.html.ini @@ -1,7 +1,8 @@ [script-src-1_2_1.html] type: testharness disabled: if os == "win": bug 1094323 + prefs: [security.csp.enable_violation_events:true] [Test that securitypolicyviolation event is fired] expected: FAIL
--- a/testing/web-platform/meta/content-security-policy/script-src/script-src-1_4.html.ini +++ b/testing/web-platform/meta/content-security-policy/script-src/script-src-1_4.html.ini @@ -1,8 +1,9 @@ [script-src-1_4.html] type: testharness + prefs: [security.csp.enable_violation_events:true] [eval() should throw without 'unsafe-eval' keyword source in script-src directive.] expected: FAIL [Test that securitypolicyviolation event is fired] expected: FAIL
--- a/testing/web-platform/meta/content-security-policy/script-src/script-src-1_4_1.html.ini +++ b/testing/web-platform/meta/content-security-policy/script-src/script-src-1_4_1.html.ini @@ -1,7 +1,8 @@ [script-src-1_4_1.html] type: testharness disabled: if os == "win": bug 1094323 + prefs: [security.csp.enable_violation_events:true] [Test that securitypolicyviolation event is fired] expected: FAIL
--- a/testing/web-platform/meta/content-security-policy/script-src/script-src-1_4_2.html.ini +++ b/testing/web-platform/meta/content-security-policy/script-src/script-src-1_4_2.html.ini @@ -1,8 +1,9 @@ [script-src-1_4_2.html] type: testharness + prefs: [security.csp.enable_violation_events:true] [Unsafe eval ran in Function() constructor.] expected: FAIL [Test that securitypolicyviolation event is fired] expected: FAIL
--- a/testing/web-platform/meta/content-security-policy/script-src/script-src-report-only-policy-works-with-external-hash-policy.html.ini +++ b/testing/web-platform/meta/content-security-policy/script-src/script-src-report-only-policy-works-with-external-hash-policy.html.ini @@ -1,8 +1,9 @@ [script-src-report-only-policy-works-with-external-hash-policy.html] type: testharness + prefs: [security.csp.enable_violation_events:true] [External script in a script tag with matching SRI hash should run.] expected: FAIL [Should fire securitypolicyviolation event] expected: FAIL
--- a/testing/web-platform/meta/content-security-policy/script-src/script-src-report-only-policy-works-with-hash-policy.html.ini +++ b/testing/web-platform/meta/content-security-policy/script-src/script-src-report-only-policy-works-with-hash-policy.html.ini @@ -1,5 +1,6 @@ [script-src-report-only-policy-works-with-hash-policy.html] type: testharness + prefs: [security.csp.enable_violation_events:true] [Test that the securitypolicyviolation event is fired] expected: FAIL
--- a/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_discard_whitelist.html.ini +++ b/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_discard_whitelist.html.ini @@ -1,5 +1,6 @@ [script-src-strict_dynamic_discard_whitelist.html] type: testharness + prefs: [security.csp.enable_violation_events:true] [Whitelisted script without a correct nonce is not allowed with `strict-dynamic`.] expected: FAIL
--- a/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_double_policy_different_nonce.html.ini +++ b/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_double_policy_different_nonce.html.ini @@ -1,5 +1,6 @@ [script-src-strict_dynamic_double_policy_different_nonce.html] type: testharness + prefs: [security.csp.enable_violation_events:true] [Unnonced script injected via `appendChild` is not allowed with `strict-dynamic` + a nonce-only double policy.] expected: FAIL
--- a/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_double_policy_report_only.html.ini +++ b/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_double_policy_report_only.html.ini @@ -1,4 +1,5 @@ [script-src-strict_dynamic_double_policy_report_only.html] type: testharness + prefs: [security.csp.enable_violation_events:true] [Script injected via `appendChild` is allowed with `strict-dynamic` + Report-Only `script-src \'none\'` policy.] expected: FAIL
--- a/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_hashes.html.ini +++ b/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_hashes.html.ini @@ -1,4 +1,5 @@ [script-src-strict_dynamic_hashes.html] type: testharness expected: ERROR + prefs: [security.csp.enable_violation_events:true]
--- a/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_javascript_uri.html.ini +++ b/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_javascript_uri.html.ini @@ -1,5 +1,6 @@ [script-src-strict_dynamic_javascript_uri.html] type: testharness + prefs: [security.csp.enable_violation_events:true] [Script injected via `javascript:` URIs are not allowed with `strict-dynamic`.] expected: FAIL
--- a/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_non_parser_inserted_incorrect_nonce.html.ini +++ b/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_non_parser_inserted_incorrect_nonce.html.ini @@ -1,5 +1,6 @@ [script-src-strict_dynamic_non_parser_inserted_incorrect_nonce.html] type: testharness + prefs: [security.csp.enable_violation_events:true] [All the expected CSP violation reports have been fired.] expected: FAIL
--- a/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_parser_inserted.html.ini +++ b/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_parser_inserted.html.ini @@ -1,11 +1,12 @@ [script-src-strict_dynamic_parser_inserted.html] type: testharness expected: TIMEOUT + prefs: [security.csp.enable_violation_events:true] [Parser-inserted script via `document.write` without a correct nonce is not allowed with `strict-dynamic`.] expected: FAIL [Parser-inserted script via `document.writeln` without a correct nonce is not allowed with `strict-dynamic`.] expected: FAIL [Parser-inserted deferred script via `document.write` without a correct nonce is not allowed with `strict-dynamic`.] expected: FAIL
--- a/testing/web-platform/meta/content-security-policy/script-src/scripthash-unicode-normalization.sub.html.ini +++ b/testing/web-platform/meta/content-security-policy/script-src/scripthash-unicode-normalization.sub.html.ini @@ -1,4 +1,5 @@ [scripthash-unicode-normalization.sub.html] + prefs: [security.csp.enable_violation_events:true] [Should fire securitypolicyviolation] expected: FAIL
--- a/testing/web-platform/meta/content-security-policy/script-src/scriptnonce-and-scripthash.sub.html.ini +++ b/testing/web-platform/meta/content-security-policy/script-src/scriptnonce-and-scripthash.sub.html.ini @@ -1,4 +1,5 @@ [scriptnonce-and-scripthash.sub.html] + prefs: [security.csp.enable_violation_events:true] [Expecting alerts: ["PASS (1/3)","PASS (2/3)","PASS (3/3)"\]] expected: FAIL
--- a/testing/web-platform/meta/content-security-policy/script-src/scriptnonce-ignore-unsafeinline.sub.html.ini +++ b/testing/web-platform/meta/content-security-policy/script-src/scriptnonce-ignore-unsafeinline.sub.html.ini @@ -1,4 +1,5 @@ [scriptnonce-ignore-unsafeinline.sub.html] + prefs: [security.csp.enable_violation_events:true] [Expecting alerts: ["PASS (1/2)","PASS (2/2)", "violated-directive=script-src"\]] expected: FAIL
--- a/testing/web-platform/meta/content-security-policy/securitypolicyviolation/blockeduri-inline.html.ini +++ b/testing/web-platform/meta/content-security-policy/securitypolicyviolation/blockeduri-inline.html.ini @@ -1,5 +1,6 @@ [blockeduri-inline.html] type: testharness + prefs: [security.csp.enable_violation_events:true] [Inline violations have a blockedURI of 'inline'] expected: FAIL
--- a/testing/web-platform/meta/content-security-policy/securitypolicyviolation/idl.html.ini +++ b/testing/web-platform/meta/content-security-policy/securitypolicyviolation/idl.html.ini @@ -1,3 +1,4 @@ [idl.html] type: testharness + prefs: [security.csp.enable_violation_events:true]
--- a/testing/web-platform/meta/content-security-policy/securitypolicyviolation/img-src-redirect-upgrade-reporting.https.html.ini +++ b/testing/web-platform/meta/content-security-policy/securitypolicyviolation/img-src-redirect-upgrade-reporting.https.html.ini @@ -1,3 +1,4 @@ [img-src-redirect-upgrade-reporting.https.html] type: testharness + prefs: [security.csp.enable_violation_events:true]
--- a/testing/web-platform/meta/content-security-policy/securitypolicyviolation/securitypolicyviolation-block-cross-origin-image-from-script.sub.html.ini +++ b/testing/web-platform/meta/content-security-policy/securitypolicyviolation/securitypolicyviolation-block-cross-origin-image-from-script.sub.html.ini @@ -1,5 +1,6 @@ [securitypolicyviolation-block-cross-origin-image-from-script.sub.html] type: testharness + prefs: [security.csp.enable_violation_events:true] [Non-redirected cross-origin URLs are not stripped.] expected: FAIL
--- a/testing/web-platform/meta/content-security-policy/securitypolicyviolation/securitypolicyviolation-block-cross-origin-image.sub.html.ini +++ b/testing/web-platform/meta/content-security-policy/securitypolicyviolation/securitypolicyviolation-block-cross-origin-image.sub.html.ini @@ -1,5 +1,6 @@ [securitypolicyviolation-block-cross-origin-image.sub.html] type: testharness + prefs: [security.csp.enable_violation_events:true] [Non-redirected cross-origin URLs are not stripped.] expected: FAIL
--- a/testing/web-platform/meta/content-security-policy/securitypolicyviolation/securitypolicyviolation-block-image-from-script.sub.html.ini +++ b/testing/web-platform/meta/content-security-policy/securitypolicyviolation/securitypolicyviolation-block-image-from-script.sub.html.ini @@ -1,5 +1,6 @@ [securitypolicyviolation-block-image-from-script.sub.html] type: testharness + prefs: [security.csp.enable_violation_events:true] [Non-redirected cross-origin URLs are not stripped.] expected: FAIL
--- a/testing/web-platform/meta/content-security-policy/securitypolicyviolation/securitypolicyviolation-block-image.sub.html.ini +++ b/testing/web-platform/meta/content-security-policy/securitypolicyviolation/securitypolicyviolation-block-image.sub.html.ini @@ -1,5 +1,6 @@ [securitypolicyviolation-block-image.sub.html] type: testharness + prefs: [security.csp.enable_violation_events:true] [Non-redirected same-origin URLs are not stripped.] expected: FAIL
--- a/testing/web-platform/meta/content-security-policy/securitypolicyviolation/targeting.html.ini +++ b/testing/web-platform/meta/content-security-policy/securitypolicyviolation/targeting.html.ini @@ -1,11 +1,11 @@ [targeting.html] type: testharness - prefs: [dom.webcomponents.enabled:true] + prefs: [dom.webcomponents.enabled:true, security.csp.enable_violation_events:true] expected: TIMEOUT [These tests should not fail.] expected: NOTRUN [Inline violations target the right element.] expected: FAIL [Correct targeting inside shadow tree (inline handler).]
--- a/testing/web-platform/meta/content-security-policy/style-src/inline-style-allowed-while-cloning-objects.sub.html.ini +++ b/testing/web-platform/meta/content-security-policy/style-src/inline-style-allowed-while-cloning-objects.sub.html.ini @@ -1,4 +1,5 @@ [inline-style-allowed-while-cloning-objects.sub.html] + prefs: [security.csp.enable_violation_events:true] [Test that violation report event was fired] expected: FAIL
--- a/testing/web-platform/meta/content-security-policy/style-src/style-src-hash-blocked.html.ini +++ b/testing/web-platform/meta/content-security-policy/style-src/style-src-hash-blocked.html.ini @@ -1,5 +1,6 @@ [style-src-hash-blocked.html] type: testharness + prefs: [security.csp.enable_violation_events:true] [Should fire a securitypolicyviolation event] expected: FAIL
--- a/testing/web-platform/meta/content-security-policy/style-src/style-src-injected-inline-style-blocked.html.ini +++ b/testing/web-platform/meta/content-security-policy/style-src/style-src-injected-inline-style-blocked.html.ini @@ -1,5 +1,6 @@ [style-src-injected-inline-style-blocked.html] type: testharness + prefs: [security.csp.enable_violation_events:true] [Should fire a securitypolicyviolation event] expected: FAIL
--- a/testing/web-platform/meta/content-security-policy/style-src/style-src-injected-stylesheet-blocked.sub.html.ini +++ b/testing/web-platform/meta/content-security-policy/style-src/style-src-injected-stylesheet-blocked.sub.html.ini @@ -1,5 +1,6 @@ [style-src-injected-stylesheet-blocked.sub.html] type: testharness + prefs: [security.csp.enable_violation_events:true] [Should fire a securitypolicyviolation event] expected: FAIL
--- a/testing/web-platform/meta/content-security-policy/style-src/style-src-inline-style-attribute-blocked.html.ini +++ b/testing/web-platform/meta/content-security-policy/style-src/style-src-inline-style-attribute-blocked.html.ini @@ -1,5 +1,6 @@ [style-src-inline-style-attribute-blocked.html] type: testharness + prefs: [security.csp.enable_violation_events:true] [Should fire a securitypolicyviolation event] expected: FAIL
--- a/testing/web-platform/meta/content-security-policy/style-src/style-src-inline-style-blocked.html.ini +++ b/testing/web-platform/meta/content-security-policy/style-src/style-src-inline-style-blocked.html.ini @@ -1,5 +1,6 @@ [style-src-inline-style-blocked.html] type: testharness + prefs: [security.csp.enable_violation_events:true] [Should fire a securitypolicyviolation event] expected: FAIL
--- a/testing/web-platform/meta/content-security-policy/style-src/style-src-inline-style-nonce-blocked-error-event.html.ini +++ b/testing/web-platform/meta/content-security-policy/style-src/style-src-inline-style-nonce-blocked-error-event.html.ini @@ -1,9 +1,10 @@ [style-src-inline-style-nonce-blocked-error-event.html] type: testharness expected: TIMEOUT + prefs: [security.csp.enable_violation_events:true] [Should fire a securitypolicyviolation event] expected: FAIL [Test that paragraph remains unmodified and error events received.] expected: NOTRUN
--- a/testing/web-platform/meta/content-security-policy/style-src/style-src-inline-style-nonce-blocked.html.ini +++ b/testing/web-platform/meta/content-security-policy/style-src/style-src-inline-style-nonce-blocked.html.ini @@ -1,5 +1,6 @@ [style-src-inline-style-nonce-blocked.html] type: testharness + prefs: [security.csp.enable_violation_events:true] [Should fire a securitypolicyviolation event] expected: FAIL
--- a/testing/web-platform/meta/content-security-policy/style-src/style-src-none-blocked.html.ini +++ b/testing/web-platform/meta/content-security-policy/style-src/style-src-none-blocked.html.ini @@ -1,5 +1,6 @@ [style-src-none-blocked.html] type: testharness + prefs: [security.csp.enable_violation_events:true] [Should fire a securitypolicyviolation event] expected: FAIL
--- a/testing/web-platform/meta/content-security-policy/style-src/style-src-stylesheet-nonce-blocked.html.ini +++ b/testing/web-platform/meta/content-security-policy/style-src/style-src-stylesheet-nonce-blocked.html.ini @@ -1,5 +1,6 @@ [style-src-stylesheet-nonce-blocked.html] type: testharness + prefs: [security.csp.enable_violation_events:true] [Should fire a securitypolicyviolation event] expected: FAIL
--- a/testing/web-platform/meta/content-security-policy/style-src/stylehash-basic-blocked.sub.html.ini +++ b/testing/web-platform/meta/content-security-policy/style-src/stylehash-basic-blocked.sub.html.ini @@ -1,5 +1,6 @@ [stylehash-basic-blocked.sub.html] type: testharness + prefs: [security.csp.enable_violation_events:true] [Expecting alerts: ["PASS: The 'p' element's text is green, which means the style was correctly applied.", "violated-directive=style-src"\]] expected: FAIL
--- a/testing/web-platform/meta/content-security-policy/style-src/stylenonce-allowed.sub.html.ini +++ b/testing/web-platform/meta/content-security-policy/style-src/stylenonce-allowed.sub.html.ini @@ -1,4 +1,5 @@ [stylenonce-allowed.sub.html] type: testharness + prefs: [security.csp.enable_violation_events:true] [Should fire securitypolicyviolation] expected: FAIL
--- a/testing/web-platform/meta/content-security-policy/style-src/stylenonce-blocked.sub.html.ini +++ b/testing/web-platform/meta/content-security-policy/style-src/stylenonce-blocked.sub.html.ini @@ -1,4 +1,5 @@ [stylenonce-blocked.sub.html] type: testharness + prefs: [security.csp.enable_violation_events:true] [Should fire securitypolicyviolation] expected: FAIL
--- a/testing/web-platform/meta/content-security-policy/svg/object-in-svg-foreignobject.sub.html.ini +++ b/testing/web-platform/meta/content-security-policy/svg/object-in-svg-foreignobject.sub.html.ini @@ -1,5 +1,6 @@ [object-in-svg-foreignobject.sub.html] type: testharness + prefs: [security.csp.enable_violation_events:true] [Should throw a securitypolicyviolation] expected: FAIL
--- a/testing/web-platform/meta/content-security-policy/svg/svg-inline.sub.html.ini +++ b/testing/web-platform/meta/content-security-policy/svg/svg-inline.sub.html.ini @@ -1,4 +1,5 @@ [svg-inline.sub.html] + prefs: [security.csp.enable_violation_events:true] [Should fire violation event] expected: FAIL
--- a/testing/web-platform/meta/content-security-policy/unsafe-hashed-attributes/script_event_handlers_allowed.html.ini +++ b/testing/web-platform/meta/content-security-policy/unsafe-hashed-attributes/script_event_handlers_allowed.html.ini @@ -1,4 +1,5 @@ [script_event_handlers_allowed.html] + prefs: [security.csp.enable_violation_events:true] [Test that the inline event handler is allowed to run] expected: FAIL
--- a/testing/web-platform/meta/content-security-policy/unsafe-hashed-attributes/script_event_handlers_denied_matching_hash_no_unsafe_inline_attribute.html.ini +++ b/testing/web-platform/meta/content-security-policy/unsafe-hashed-attributes/script_event_handlers_denied_matching_hash_no_unsafe_inline_attribute.html.ini @@ -1,4 +1,5 @@ [script_event_handlers_denied_matching_hash_no_unsafe_inline_attribute.html] + prefs: [security.csp.enable_violation_events:true] [Test that the inline event handler is not allowed to run] expected: FAIL
--- a/testing/web-platform/meta/content-security-policy/unsafe-hashed-attributes/script_event_handlers_denied_not_matching_hash.html.ini +++ b/testing/web-platform/meta/content-security-policy/unsafe-hashed-attributes/script_event_handlers_denied_not_matching_hash.html.ini @@ -1,4 +1,5 @@ [script_event_handlers_denied_not_matching_hash.html] + prefs: [security.csp.enable_violation_events:true] [Test that the inline event handler is not allowed to run] expected: FAIL