Backed out 2 changesets (bug 1418243) for failing mochitest at dom/security/test/csp/test_frame_ancestors_ro.html and mochitest devtools at devtools/client/webconsole/test/browser_webconsole_bug_1010953_cspro.js a=merge
authorAndreea Pavel <apavel@mozilla.com>
Tue, 16 Jan 2018 13:02:32 +0200
changeset 453726 9fcef08d7bfbac2b43524ab06bbcb0d1b78ca70b
parent 453725 090420884002e7e88f0f929290a21144dcc81536
child 453727 ca1b397bffcfba088c848692e455e551459bc0ae
push id1648
push usermtabara@mozilla.com
push dateThu, 01 Mar 2018 12:45:47 +0000
treeherdermozilla-release@cbb9688c2eeb [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersmerge
bugs1418243
milestone59.0a1
backs out5357dbb6df2b38e24d52c803ca0909adf6bc6f9a
778a37000696143dcf3e21d6ba822de35a4b26e9
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Backed out 2 changesets (bug 1418243) for failing mochitest at dom/security/test/csp/test_frame_ancestors_ro.html and mochitest devtools at devtools/client/webconsole/test/browser_webconsole_bug_1010953_cspro.js a=merge Backed out changeset 5357dbb6df2b (bug 1418243) Backed out changeset 778a37000696 (bug 1418243)
dom/security/nsCSPContext.cpp
dom/security/nsCSPUtils.cpp
dom/security/nsCSPUtils.h
testing/web-platform/meta/content-security-policy/base-uri/report-uri-does-not-respect-base-uri.sub.html.ini
testing/web-platform/meta/content-security-policy/blob/blob-urls-do-not-match-self.sub.html.ini
testing/web-platform/meta/content-security-policy/connect-src/connect-src-beacon-blocked.sub.html.ini
testing/web-platform/meta/content-security-policy/connect-src/connect-src-beacon-redirect-to-blocked.sub.html.ini
testing/web-platform/meta/content-security-policy/connect-src/connect-src-eventsource-blocked.sub.html.ini
testing/web-platform/meta/content-security-policy/connect-src/connect-src-eventsource-redirect-to-blocked.sub.html.ini
testing/web-platform/meta/content-security-policy/connect-src/connect-src-websocket-blocked.sub.html.ini
testing/web-platform/meta/content-security-policy/connect-src/connect-src-xmlhttprequest-blocked.sub.html.ini
testing/web-platform/meta/content-security-policy/connect-src/connect-src-xmlhttprequest-redirect-to-blocked.sub.html.ini
testing/web-platform/meta/content-security-policy/connect-src/worker-from-guid.sub.html.ini
testing/web-platform/meta/content-security-policy/font-src/font-stylesheet-font-blocked.sub.html.ini
testing/web-platform/meta/content-security-policy/form-action/form-action-src-blocked.sub.html.ini
testing/web-platform/meta/content-security-policy/form-action/form-action-src-get-blocked.sub.html.ini
testing/web-platform/meta/content-security-policy/form-action/form-action-src-javascript-blocked.sub.html.ini
testing/web-platform/meta/content-security-policy/generic/generic-0_10_1.sub.html.ini
testing/web-platform/meta/content-security-policy/generic/generic-0_2_2.sub.html.ini
testing/web-platform/meta/content-security-policy/generic/generic-0_2_3.html.ini
testing/web-platform/meta/content-security-policy/generic/generic-0_8_1.sub.html.ini
testing/web-platform/meta/content-security-policy/img-src/report-blocked-data-uri.sub.html.ini
testing/web-platform/meta/content-security-policy/object-src/object-src-url-blocked.sub.html.ini
testing/web-platform/meta/content-security-policy/reporting/reporting-api-report-only-sends-reports-on-violation.https.sub.html.ini
testing/web-platform/meta/content-security-policy/reporting/reporting-api-report-to-overrides-report-uri-1.https.sub.html.ini
testing/web-platform/meta/content-security-policy/reporting/reporting-api-report-to-overrides-report-uri-2.https.sub.html.ini
testing/web-platform/meta/content-security-policy/reporting/reporting-api-sends-reports-on-violation.https.sub.html.ini
testing/web-platform/meta/content-security-policy/script-src/injected-inline-script-blocked.sub.html.ini
testing/web-platform/meta/content-security-policy/script-src/script-src-1_1.html.ini
testing/web-platform/meta/content-security-policy/script-src/script-src-1_2.html.ini
testing/web-platform/meta/content-security-policy/script-src/script-src-1_2_1.html.ini
testing/web-platform/meta/content-security-policy/script-src/script-src-1_4.html.ini
testing/web-platform/meta/content-security-policy/script-src/script-src-1_4_1.html.ini
testing/web-platform/meta/content-security-policy/script-src/script-src-1_4_2.html.ini
testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_discard_whitelist.html.ini
testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_double_policy_different_nonce.html.ini
testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_double_policy_report_only.html.ini
testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_javascript_uri.html.ini
testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_non_parser_inserted_incorrect_nonce.html.ini
testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_parser_inserted.html.ini
testing/web-platform/meta/content-security-policy/script-src/scripthash-unicode-normalization.sub.html.ini
testing/web-platform/meta/content-security-policy/script-src/scriptnonce-and-scripthash.sub.html.ini
testing/web-platform/meta/content-security-policy/script-src/scriptnonce-ignore-unsafeinline.sub.html.ini
testing/web-platform/meta/content-security-policy/securitypolicyviolation/securitypolicyviolation-block-image.sub.html.ini
testing/web-platform/meta/content-security-policy/securitypolicyviolation/upgrade-insecure-requests-reporting.https.html.ini
testing/web-platform/meta/content-security-policy/style-src/injected-inline-style-blocked.sub.html.ini
testing/web-platform/meta/content-security-policy/style-src/inline-style-allowed-while-cloning-objects.sub.html.ini
testing/web-platform/meta/content-security-policy/style-src/inline-style-attribute-blocked.sub.html.ini
testing/web-platform/meta/content-security-policy/style-src/style-blocked.sub.html.ini
testing/web-platform/meta/content-security-policy/style-src/style-src-hash-blocked.html.ini
testing/web-platform/meta/content-security-policy/style-src/style-src-imported-style-blocked.html.ini
testing/web-platform/meta/content-security-policy/style-src/style-src-injected-inline-style-blocked.html.ini
testing/web-platform/meta/content-security-policy/style-src/style-src-injected-stylesheet-blocked.sub.html.ini
testing/web-platform/meta/content-security-policy/style-src/style-src-inline-style-attribute-blocked.html.ini
testing/web-platform/meta/content-security-policy/style-src/style-src-inline-style-blocked.html.ini
testing/web-platform/meta/content-security-policy/style-src/style-src-inline-style-nonce-blocked-error-event.html.ini
testing/web-platform/meta/content-security-policy/style-src/style-src-inline-style-nonce-blocked.html.ini
testing/web-platform/meta/content-security-policy/style-src/style-src-none-blocked.html.ini
testing/web-platform/meta/content-security-policy/style-src/style-src-stylesheet-nonce-blocked.html.ini
testing/web-platform/meta/content-security-policy/style-src/stylehash-basic-blocked.sub.html.ini
testing/web-platform/meta/content-security-policy/style-src/stylenonce-allowed.sub.html.ini
testing/web-platform/meta/content-security-policy/style-src/stylenonce-blocked.sub.html.ini
testing/web-platform/meta/content-security-policy/svg/object-in-svg-foreignobject.sub.html.ini
testing/web-platform/meta/content-security-policy/svg/svg-inline.sub.html.ini
testing/web-platform/meta/content-security-policy/unsafe-eval/eval-blocked-and-sends-report.sub.html.ini
testing/web-platform/meta/content-security-policy/unsafe-eval/eval-blocked.sub.html.ini
testing/web-platform/meta/content-security-policy/unsafe-eval/eval-scripts-setInterval-blocked.sub.html.ini
testing/web-platform/meta/content-security-policy/unsafe-eval/eval-scripts-setTimeout-blocked.sub.html.ini
testing/web-platform/meta/content-security-policy/unsafe-eval/function-constructor-blocked.sub.html.ini
--- a/dom/security/nsCSPContext.cpp
+++ b/dom/security/nsCSPContext.cpp
@@ -1,17 +1,14 @@
 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
 /* vim: set ts=8 sts=2 et sw=2 tw=80: */
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
-#include <string>
-#include <unordered_set>
-
 #include "nsCOMPtr.h"
 #include "nsContentPolicyUtils.h"
 #include "nsContentUtils.h"
 #include "nsCSPContext.h"
 #include "nsCSPParser.h"
 #include "nsCSPService.h"
 #include "nsError.h"
 #include "nsIAsyncVerifyRedirectCallback.h"
@@ -62,39 +59,16 @@ GetCspContextLog()
   return gCspContextPRLog;
 }
 
 #define CSPCONTEXTLOG(args) MOZ_LOG(GetCspContextLog(), mozilla::LogLevel::Debug, args)
 #define CSPCONTEXTLOGENABLED() MOZ_LOG_TEST(GetCspContextLog(), mozilla::LogLevel::Debug)
 
 static const uint32_t CSP_CACHE_URI_CUTOFF_SIZE = 512;
 
-#ifdef DEBUG
-/**
- * This function is only used for verification purposes within
- * GatherSecurityPolicyViolationEventData.
- */
-static bool
-ValidateDirectiveName(const nsAString& aDirective)
-{
-  static const auto directives = [] () {
-    std::unordered_set<std::string> directives;
-    constexpr size_t dirLen = sizeof(CSPStrDirectives) / sizeof(CSPStrDirectives[0]);
-    for (size_t i = 0; i < dirLen; ++i) {
-      directives.insert(CSPStrDirectives[i]);
-    }
-    return directives;
-  } ();
-
-  nsAutoString directive(aDirective);
-  auto itr = directives.find(NS_ConvertUTF16toUTF8(directive).get());
-  return itr != directives.end();
-}
-#endif // DEBUG
-
 /**
  * Creates a key for use in the ShouldLoad cache.
  * Looks like: <uri>!<nsIContentPolicy::LOAD_TYPE>
  */
 nsresult
 CreateCacheKey_Internal(nsIURI* aContentLocation,
                         nsContentPolicyType aContentType,
                         nsACString& outCacheKey)
@@ -890,18 +864,16 @@ nsCSPContext::GatherSecurityPolicyViolat
   uint32_t aViolatedPolicyIndex,
   nsAString& aSourceFile,
   nsAString& aScriptSample,
   uint32_t aLineNum,
   mozilla::dom::SecurityPolicyViolationEventInit& aViolationEventInit)
 {
   NS_ENSURE_ARG_MAX(aViolatedPolicyIndex, mPolicies.Length() - 1);
 
-  MOZ_ASSERT(ValidateDirectiveName(aViolatedDirective), "Invalid directive name");
-
   nsresult rv;
 
   // document-uri
   nsAutoCString reportDocumentURI;
   StripURIForReporting(mSelfURI, mSelfURI, reportDocumentURI);
   aViolationEventInit.mDocumentURI = NS_ConvertUTF8toUTF16(reportDocumentURI);
 
   // referrer
@@ -923,24 +895,21 @@ nsCSPContext::GatherSecurityPolicyViolat
     if (reportBlockedURI.IsEmpty()) {
       // this can happen for frame-ancestors violation where the violating
       // ancestor is cross-origin.
       NS_WARNING("No blocked URI (null aBlockedContentSource) for CSP violation report.");
     }
     aViolationEventInit.mBlockedURI = NS_ConvertUTF8toUTF16(reportBlockedURI);
   }
 
-  // effective-directive
-  // The name of the policy directive that was violated.
-  aViolationEventInit.mEffectiveDirective = aViolatedDirective;
+  // violated-directive
+  aViolationEventInit.mViolatedDirective = aViolatedDirective;
 
-  // violated-directive
-  // In CSP2, the policy directive that was violated, as it appears in the policy.
-  // In CSP3, the same as effective-directive.
-  aViolationEventInit.mViolatedDirective = aViolatedDirective;
+  // effective-directive
+  aViolationEventInit.mEffectiveDirective = aViolatedDirective;
 
   // original-policy
   nsAutoString originalPolicy;
   rv = this->GetPolicyString(aViolatedPolicyIndex, originalPolicy);
   NS_ENSURE_SUCCESS(rv, rv);
   aViolationEventInit.mOriginalPolicy = originalPolicy;
 
   // source-file
@@ -1242,31 +1211,28 @@ class CSPReportSenderRunnable final : pu
         mObserverSubject = do_QueryInterface(supportscstr);
       }
     }
 
     NS_IMETHOD Run() override
     {
       MOZ_ASSERT(NS_IsMainThread());
 
-      nsresult rv;
-
       // 0) prepare violation data
       mozilla::dom::SecurityPolicyViolationEventInit init;
-      rv = mCSPContext->GatherSecurityPolicyViolationEventData(
+      mCSPContext->GatherSecurityPolicyViolationEventData(
         mBlockedContentSource, mOriginalURI,
         mViolatedDirective, mViolatedPolicyIndex,
         mSourceFile, mScriptSample, mLineNum,
         init);
-      NS_ENSURE_SUCCESS(rv, rv);
 
       // 1) notify observers
       nsCOMPtr<nsIObserverService> observerService = mozilla::services::GetObserverService();
       NS_ASSERTION(observerService, "needs observer service");
-      rv = observerService->NotifyObservers(mObserverSubject,
+      nsresult rv = observerService->NotifyObservers(mObserverSubject,
                                                      CSP_VIOLATION_TOPIC,
                                                      mViolatedDirective.get());
       NS_ENSURE_SUCCESS(rv, rv);
 
       // 2) send reports for the policy that was violated
       mCSPContext->SendReports(init, mViolatedPolicyIndex);
 
       // 3) log to console (one per policy violation)
--- a/dom/security/nsCSPUtils.cpp
+++ b/dom/security/nsCSPUtils.cpp
@@ -1238,22 +1238,16 @@ nsCSPDirective::visitSrcs(nsCSPSrcVisito
   return true;
 }
 
 bool nsCSPDirective::equals(CSPDirective aDirective) const
 {
   return (mDirective == aDirective);
 }
 
-void
-nsCSPDirective::getDirName(nsAString& outStr) const
-{
-  outStr.AppendASCII(CSP_CSPDirectiveToString(mDirective));
-}
-
 /* =============== nsCSPChildSrcDirective ============= */
 
 nsCSPChildSrcDirective::nsCSPChildSrcDirective(CSPDirective aDirective)
   : nsCSPDirective(aDirective)
   , mRestrictFrames(false)
   , mRestrictWorkers(false)
 {
 }
@@ -1329,23 +1323,16 @@ nsBlockAllMixedContentDirective::~nsBloc
 
 void
 nsBlockAllMixedContentDirective::toString(nsAString& outStr) const
 {
   outStr.AppendASCII(CSP_CSPDirectiveToString(
     nsIContentSecurityPolicy::BLOCK_ALL_MIXED_CONTENT));
 }
 
-void
-nsBlockAllMixedContentDirective::getDirName(nsAString& outStr) const
-{
-  outStr.AppendASCII(CSP_CSPDirectiveToString(
-    nsIContentSecurityPolicy::BLOCK_ALL_MIXED_CONTENT));
-}
-
 /* =============== nsUpgradeInsecureDirective ============= */
 
 nsUpgradeInsecureDirective::nsUpgradeInsecureDirective(CSPDirective aDirective)
 : nsCSPDirective(aDirective)
 {
 }
 
 nsUpgradeInsecureDirective::~nsUpgradeInsecureDirective()
@@ -1354,23 +1341,16 @@ nsUpgradeInsecureDirective::~nsUpgradeIn
 
 void
 nsUpgradeInsecureDirective::toString(nsAString& outStr) const
 {
   outStr.AppendASCII(CSP_CSPDirectiveToString(
     nsIContentSecurityPolicy::UPGRADE_IF_INSECURE_DIRECTIVE));
 }
 
-void
-nsUpgradeInsecureDirective::getDirName(nsAString& outStr) const
-{
-  outStr.AppendASCII(CSP_CSPDirectiveToString(
-    nsIContentSecurityPolicy::UPGRADE_IF_INSECURE_DIRECTIVE));
-}
-
 /* ===== nsRequireSRIForDirective ========================= */
 
 nsRequireSRIForDirective::nsRequireSRIForDirective(CSPDirective aDirective)
 : nsCSPDirective(aDirective)
 {
 }
 
 nsRequireSRIForDirective::~nsRequireSRIForDirective()
@@ -1412,23 +1392,16 @@ nsRequireSRIForDirective::restrictsConte
 bool
 nsRequireSRIForDirective::allows(enum CSPKeyword aKeyword, const nsAString& aHashOrNonce,
                                  bool aParserCreated) const
 {
   // can only disallow CSP_REQUIRE_SRI_FOR.
   return (aKeyword != CSP_REQUIRE_SRI_FOR);
 }
 
-void
-nsRequireSRIForDirective::getDirName(nsAString& outStr) const
-{
-  outStr.AppendASCII(CSP_CSPDirectiveToString(
-    nsIContentSecurityPolicy::REQUIRE_SRI_FOR));
-}
-
 /* ===== nsCSPPolicy ========================= */
 
 nsCSPPolicy::nsCSPPolicy()
   : mUpgradeInsecDir(nullptr)
   , mReportOnly(false)
 {
   CSPUTILSLOG(("nsCSPPolicy::nsCSPPolicy"));
 }
@@ -1472,32 +1445,32 @@ nsCSPPolicy::permits(CSPDirective aDir,
   nsCSPDirective* defaultDir = nullptr;
 
   // Try to find a relevant directive
   // These directive arrays are short (1-5 elements), not worth using a hashtable.
   for (uint32_t i = 0; i < mDirectives.Length(); i++) {
     if (mDirectives[i]->equals(aDir)) {
       if (!mDirectives[i]->permits(aUri, aNonce, aWasRedirected, mReportOnly,
                                    mUpgradeInsecDir, aParserCreated)) {
-        mDirectives[i]->getDirName(outViolatedDirective);
+        mDirectives[i]->toString(outViolatedDirective);
         return false;
       }
       return true;
     }
     if (mDirectives[i]->isDefaultDirective()) {
       defaultDir = mDirectives[i];
     }
   }
 
   // If the above loop runs through, we haven't found a matching directive.
   // Avoid relooping, just store the result of default-src while looping.
   if (!aSpecific && defaultDir) {
     if (!defaultDir->permits(aUri, aNonce, aWasRedirected, mReportOnly,
                              mUpgradeInsecDir, aParserCreated)) {
-      defaultDir->getDirName(outViolatedDirective);
+      defaultDir->toString(outViolatedDirective);
       return false;
     }
     return true;
   }
 
   // Nothing restricts this, so we're allowing the load
   // See bug 764937
   return true;
@@ -1614,27 +1587,27 @@ nsCSPPolicy::hasDirective(CSPDirective a
  */
 void
 nsCSPPolicy::getDirectiveStringForContentType(nsContentPolicyType aContentType,
                                               nsAString& outDirective) const
 {
   nsCSPDirective* defaultDir = nullptr;
   for (uint32_t i = 0; i < mDirectives.Length(); i++) {
     if (mDirectives[i]->restrictsContentType(aContentType)) {
-      mDirectives[i]->getDirName(outDirective);
+      mDirectives[i]->toString(outDirective);
       return;
     }
     if (mDirectives[i]->isDefaultDirective()) {
       defaultDir = mDirectives[i];
     }
   }
   // if we haven't found a matching directive yet,
   // the contentType must be restricted by the default directive
   if (defaultDir) {
-    defaultDir->getDirName(outDirective);
+    defaultDir->toString(outDirective);
     return;
   }
   NS_ASSERTION(false, "Can not query directive string for contentType!");
   outDirective.AppendASCII("couldNotQueryViolatedDirective");
 }
 
 void
 nsCSPPolicy::getDirectiveAsString(CSPDirective aDir, nsAString& outDirective) const
--- a/dom/security/nsCSPUtils.h
+++ b/dom/security/nsCSPUtils.h
@@ -466,18 +466,16 @@ class nsCSPDirective {
      { return mDirective == nsIContentSecurityPolicy::DEFAULT_SRC_DIRECTIVE; }
 
     virtual bool equals(CSPDirective aDirective) const;
 
     void getReportURIs(nsTArray<nsString> &outReportURIs) const;
 
     bool visitSrcs(nsCSPSrcVisitor* aVisitor) const;
 
-    virtual void getDirName(nsAString& outStr) const;
-
   protected:
     CSPDirective            mDirective;
     nsTArray<nsCSPBaseSrc*> mSrcs;
 };
 
 /* =============== nsCSPChildSrcDirective ============= */
 
 /*
@@ -546,18 +544,16 @@ class nsBlockAllMixedContentDirective : 
     bool allows(enum CSPKeyword aKeyword, const nsAString& aHashOrNonce,
                 bool aParserCreated) const override
       { return false; }
 
     void toString(nsAString& outStr) const override;
 
     void addSrcs(const nsTArray<nsCSPBaseSrc*>& aSrcs) override
       {  MOZ_ASSERT(false, "block-all-mixed-content does not hold any srcs"); }
-
-    void getDirName(nsAString& outStr) const override;
 };
 
 /* =============== nsUpgradeInsecureDirective === */
 
 /*
  * Upgrading insecure requests includes the following actors:
  * (1) CSP:
  *     The CSP implementation whitelists the http-request
@@ -601,18 +597,16 @@ class nsUpgradeInsecureDirective : publi
     bool allows(enum CSPKeyword aKeyword, const nsAString& aHashOrNonce,
                 bool aParserCreated) const override
       { return false; }
 
     void toString(nsAString& outStr) const override;
 
     void addSrcs(const nsTArray<nsCSPBaseSrc*>& aSrcs) override
       {  MOZ_ASSERT(false, "upgrade-insecure-requests does not hold any srcs"); }
-
-    void getDirName(nsAString& outStr) const override;
 };
 
 /* ===== nsRequireSRIForDirective ========================= */
 
 class nsRequireSRIForDirective : public nsCSPDirective {
   public:
     explicit nsRequireSRIForDirective(CSPDirective aDirective);
     ~nsRequireSRIForDirective();
@@ -620,17 +614,16 @@ class nsRequireSRIForDirective : public 
     void toString(nsAString& outStr) const override;
 
     void addType(nsContentPolicyType aType)
       { mTypes.AppendElement(aType); }
     bool hasType(nsContentPolicyType aType) const;
     bool restrictsContentType(nsContentPolicyType aType) const override;
     bool allows(enum CSPKeyword aKeyword, const nsAString& aHashOrNonce,
                 bool aParserCreated) const override;
-    void getDirName(nsAString& outStr) const override;
 
   private:
     nsTArray<nsContentPolicyType> mTypes;
 };
 
 /* =============== nsCSPPolicy ================== */
 
 class nsCSPPolicy {
--- a/testing/web-platform/meta/content-security-policy/base-uri/report-uri-does-not-respect-base-uri.sub.html.ini
+++ b/testing/web-platform/meta/content-security-policy/base-uri/report-uri-does-not-respect-base-uri.sub.html.ini
@@ -1,3 +1,5 @@
 [report-uri-does-not-respect-base-uri.sub.html]
   prefs: [security.csp.enable_violation_events:true]
+  [Event is fired]
+    expected: FAIL
 
--- a/testing/web-platform/meta/content-security-policy/blob/blob-urls-do-not-match-self.sub.html.ini
+++ b/testing/web-platform/meta/content-security-policy/blob/blob-urls-do-not-match-self.sub.html.ini
@@ -1,3 +1,4 @@
 [blob-urls-do-not-match-self.sub.html]
-  prefs: [security.csp.enable_violation_events:true]
+  [Expecting logs: ["violated-directive=script-src"\]]
+    expected: FAIL
 
--- a/testing/web-platform/meta/content-security-policy/connect-src/connect-src-beacon-blocked.sub.html.ini
+++ b/testing/web-platform/meta/content-security-policy/connect-src/connect-src-beacon-blocked.sub.html.ini
@@ -1,9 +1,10 @@
 [connect-src-beacon-blocked.sub.html]
-  type: testharness
-  prefs: [security.csp.enable_violation_events:true]
   [sendBeacon should not throw.]
     expected: FAIL
 
   [redirect case]
     expected: TIMEOUT
 
+  [Expecting logs: ["Pass", "violated-directive=connect-src"\]]
+    expected: FAIL
+
--- a/testing/web-platform/meta/content-security-policy/connect-src/connect-src-beacon-redirect-to-blocked.sub.html.ini
+++ b/testing/web-platform/meta/content-security-policy/connect-src/connect-src-beacon-redirect-to-blocked.sub.html.ini
@@ -1,3 +1,4 @@
 [connect-src-beacon-redirect-to-blocked.sub.html]
-  prefs: [security.csp.enable_violation_events:true]
+  [Expecting logs: ["violated-directive=connect-src"\]]
+    expected: FAIL
 
--- a/testing/web-platform/meta/content-security-policy/connect-src/connect-src-eventsource-blocked.sub.html.ini
+++ b/testing/web-platform/meta/content-security-policy/connect-src/connect-src-eventsource-blocked.sub.html.ini
@@ -1,4 +1,4 @@
 [connect-src-eventsource-blocked.sub.html]
-  type: testharness
-  prefs: [security.csp.enable_violation_events:true]
+  [Expecting logs: ["Pass","violated-directive=connect-src"\]]
+    expected: FAIL
 
--- a/testing/web-platform/meta/content-security-policy/connect-src/connect-src-eventsource-redirect-to-blocked.sub.html.ini
+++ b/testing/web-platform/meta/content-security-policy/connect-src/connect-src-eventsource-redirect-to-blocked.sub.html.ini
@@ -1,6 +1,7 @@
 [connect-src-eventsource-redirect-to-blocked.sub.html]
-  type: testharness
-  prefs: [security.csp.enable_violation_events:true]
   [Expecting logs: ["PASS EventSource() did not follow the disallowed redirect.","PASS successfullyParsed is true","TEST COMPLETE"\]]
     expected: FAIL
 
+  [Expecting logs: ["PASS EventSource() did not follow the disallowed redirect.","TEST COMPLETE", "violated-directive=connect-src"\]]
+    expected: FAIL
+
--- a/testing/web-platform/meta/content-security-policy/connect-src/connect-src-websocket-blocked.sub.html.ini
+++ b/testing/web-platform/meta/content-security-policy/connect-src/connect-src-websocket-blocked.sub.html.ini
@@ -1,6 +1,7 @@
 [connect-src-websocket-blocked.sub.html]
-  type: testharness
-  prefs: [security.csp.enable_violation_events:true]
   [WebSocket should fire error event.]
     expected: FAIL
 
+  [Expecting logs: ["Pass","violated-directive=connect-src"\]]
+    expected: FAIL
+
--- a/testing/web-platform/meta/content-security-policy/connect-src/connect-src-xmlhttprequest-blocked.sub.html.ini
+++ b/testing/web-platform/meta/content-security-policy/connect-src/connect-src-xmlhttprequest-blocked.sub.html.ini
@@ -1,8 +1,11 @@
 [connect-src-xmlhttprequest-blocked.sub.html]
   prefs: [security.csp.enable_violation_events:true]
   [XHR should fire onerror.]
     expected: TIMEOUT
 
   [XHR should fire onerror after a redirect.]
     expected: FAIL
 
+  [Expecting logs: ["Pass","violated-directive=connect-src"\]]
+    expected: FAIL
+
--- a/testing/web-platform/meta/content-security-policy/connect-src/connect-src-xmlhttprequest-redirect-to-blocked.sub.html.ini
+++ b/testing/web-platform/meta/content-security-policy/connect-src/connect-src-xmlhttprequest-redirect-to-blocked.sub.html.ini
@@ -1,3 +1,4 @@
 [connect-src-xmlhttprequest-redirect-to-blocked.sub.html]
-  prefs: [security.csp.enable_violation_events:true]
+  [Expecting logs: ["PASS XMLHttpRequest.send() did not follow the disallowed redirect.","TEST COMPLETE","violated-directive=connect-src"\]]
+    expected: FAIL
 
--- a/testing/web-platform/meta/content-security-policy/connect-src/worker-from-guid.sub.html.ini
+++ b/testing/web-platform/meta/content-security-policy/connect-src/worker-from-guid.sub.html.ini
@@ -1,3 +1,4 @@
 [worker-from-guid.sub.html]
-  prefs: [security.csp.enable_violation_events:true]
+  [Expecting logs: ["violated-directive=connect-src","xhr blocked","TEST COMPLETE"\]]
+    expected: FAIL
 
--- a/testing/web-platform/meta/content-security-policy/font-src/font-stylesheet-font-blocked.sub.html.ini
+++ b/testing/web-platform/meta/content-security-policy/font-src/font-stylesheet-font-blocked.sub.html.ini
@@ -1,3 +1,5 @@
 [font-stylesheet-font-blocked.sub.html]
   prefs: [security.csp.enable_violation_events:true]
+  [Test font does not load if it does not match font-src.]
+    expected: FAIL
 
--- a/testing/web-platform/meta/content-security-policy/form-action/form-action-src-blocked.sub.html.ini
+++ b/testing/web-platform/meta/content-security-policy/form-action/form-action-src-blocked.sub.html.ini
@@ -1,6 +1,7 @@
 [form-action-src-blocked.sub.html]
-  type: testharness
-  prefs: [security.csp.enable_violation_events:true]
   [form-action-src-blocked]
     expected: FAIL
 
+  [Expecting logs: ["violated-directive=form-action","TEST COMPLETE"\]]
+    expected: FAIL
+
--- a/testing/web-platform/meta/content-security-policy/form-action/form-action-src-get-blocked.sub.html.ini
+++ b/testing/web-platform/meta/content-security-policy/form-action/form-action-src-get-blocked.sub.html.ini
@@ -1,6 +1,7 @@
 [form-action-src-get-blocked.sub.html]
-  type: testharness
-  prefs: [security.csp.enable_violation_events:true]
   [form-action-src-allowed]
     expected: FAIL
 
+  [Expecting logs: ["violated-directive=form-action","TEST COMPLETE"\]]
+    expected: FAIL
+
--- a/testing/web-platform/meta/content-security-policy/form-action/form-action-src-javascript-blocked.sub.html.ini
+++ b/testing/web-platform/meta/content-security-policy/form-action/form-action-src-javascript-blocked.sub.html.ini
@@ -1,6 +1,7 @@
 [form-action-src-javascript-blocked.sub.html]
-  type: testharness
-  prefs: [security.csp.enable_violation_events:true]
   [form-action-src-javascript-blocked]
     expected: FAIL
 
+  [Expecting logs: ["violated-directive=form-action","TEST COMPLETE"\]]
+    expected: FAIL
+
--- a/testing/web-platform/meta/content-security-policy/generic/generic-0_10_1.sub.html.ini
+++ b/testing/web-platform/meta/content-security-policy/generic/generic-0_10_1.sub.html.ini
@@ -1,3 +1,5 @@
 [generic-0_10_1.sub.html]
   prefs: [security.csp.enable_violation_events:true]
+  [Should fire violation events for every failed violation]
+    expected: FAIL
 
--- a/testing/web-platform/meta/content-security-policy/generic/generic-0_2_2.sub.html.ini
+++ b/testing/web-platform/meta/content-security-policy/generic/generic-0_2_2.sub.html.ini
@@ -1,3 +1,5 @@
 [generic-0_2_2.sub.html]
   prefs: [security.csp.enable_violation_events:true]
+  [Should fire violation events for every failed violation]
+    expected: FAIL
 
--- a/testing/web-platform/meta/content-security-policy/generic/generic-0_2_3.html.ini
+++ b/testing/web-platform/meta/content-security-policy/generic/generic-0_2_3.html.ini
@@ -1,3 +1,5 @@
 [generic-0_2_3.html]
   prefs: [security.csp.enable_violation_events:true]
+  [Should fire violation events for every failed violation]
+    expected: FAIL
 
--- a/testing/web-platform/meta/content-security-policy/generic/generic-0_8_1.sub.html.ini
+++ b/testing/web-platform/meta/content-security-policy/generic/generic-0_8_1.sub.html.ini
@@ -1,3 +1,5 @@
 [generic-0_8_1.sub.html]
   prefs: [security.csp.enable_violation_events:true]
+  [Should fire violation events for every failed violation]
+    expected: FAIL
 
--- a/testing/web-platform/meta/content-security-policy/img-src/report-blocked-data-uri.sub.html.ini
+++ b/testing/web-platform/meta/content-security-policy/img-src/report-blocked-data-uri.sub.html.ini
@@ -1,3 +1,4 @@
 [report-blocked-data-uri.sub.html]
-  prefs: [security.csp.enable_violation_events:true]
+  [Expecting logs: ["violated-directive=img-src"\]]
+    expected: FAIL
 
--- a/testing/web-platform/meta/content-security-policy/object-src/object-src-url-blocked.sub.html.ini
+++ b/testing/web-platform/meta/content-security-policy/object-src/object-src-url-blocked.sub.html.ini
@@ -1,3 +1,4 @@
 [object-src-url-blocked.sub.html]
-  prefs: [security.csp.enable_violation_events:true]
+  [Expecting logs: ["violated-directive=object-src"\]]
+    expected: FAIL
 
--- a/testing/web-platform/meta/content-security-policy/reporting/reporting-api-report-only-sends-reports-on-violation.https.sub.html.ini
+++ b/testing/web-platform/meta/content-security-policy/reporting/reporting-api-report-only-sends-reports-on-violation.https.sub.html.ini
@@ -1,5 +1,8 @@
 [reporting-api-report-only-sends-reports-on-violation.https.sub.html]
   prefs: [security.csp.enable_violation_events:true]
+  [Event is fired]
+    expected: FAIL
+
   [Violation report status OK.]
     expected: FAIL
 
--- a/testing/web-platform/meta/content-security-policy/reporting/reporting-api-report-to-overrides-report-uri-1.https.sub.html.ini
+++ b/testing/web-platform/meta/content-security-policy/reporting/reporting-api-report-to-overrides-report-uri-1.https.sub.html.ini
@@ -1,3 +1,5 @@
 [reporting-api-report-to-overrides-report-uri-1.https.sub.html]
   prefs: [security.csp.enable_violation_events:true]
+  [Event is fired]
+    expected: FAIL
 
--- a/testing/web-platform/meta/content-security-policy/reporting/reporting-api-report-to-overrides-report-uri-2.https.sub.html.ini
+++ b/testing/web-platform/meta/content-security-policy/reporting/reporting-api-report-to-overrides-report-uri-2.https.sub.html.ini
@@ -1,3 +1,5 @@
 [reporting-api-report-to-overrides-report-uri-2.https.sub.html]
   prefs: [security.csp.enable_violation_events:true]
+  [Event is fired]
+    expected: FAIL
 
--- a/testing/web-platform/meta/content-security-policy/reporting/reporting-api-sends-reports-on-violation.https.sub.html.ini
+++ b/testing/web-platform/meta/content-security-policy/reporting/reporting-api-sends-reports-on-violation.https.sub.html.ini
@@ -1,5 +1,8 @@
 [reporting-api-sends-reports-on-violation.https.sub.html]
   prefs: [security.csp.enable_violation_events:true]
+  [Event is fired]
+    expected: FAIL
+
   [Violation report status OK.]
     expected: FAIL
 
--- a/testing/web-platform/meta/content-security-policy/script-src/injected-inline-script-blocked.sub.html.ini
+++ b/testing/web-platform/meta/content-security-policy/script-src/injected-inline-script-blocked.sub.html.ini
@@ -1,3 +1,4 @@
 [injected-inline-script-blocked.sub.html]
-  prefs: [security.csp.enable_violation_events:true]
+  [Expecting logs: ["violated-directive=script-src",\]]
+    expected: FAIL
 
--- a/testing/web-platform/meta/content-security-policy/script-src/script-src-1_1.html.ini
+++ b/testing/web-platform/meta/content-security-policy/script-src/script-src-1_1.html.ini
@@ -1,3 +1,5 @@
 [script-src-1_1.html]
   prefs: [security.csp.enable_violation_events:true]
+  [Should not fire policy violation events]
+    expected: FAIL
 
--- a/testing/web-platform/meta/content-security-policy/script-src/script-src-1_2.html.ini
+++ b/testing/web-platform/meta/content-security-policy/script-src/script-src-1_2.html.ini
@@ -1,5 +1,7 @@
 [script-src-1_2.html]
   disabled:
     if os == "win": bug 1172411
   prefs: [security.csp.enable_violation_events:true]
+  [Should not fire policy violation events]
+    expected: FAIL
 
--- a/testing/web-platform/meta/content-security-policy/script-src/script-src-1_2_1.html.ini
+++ b/testing/web-platform/meta/content-security-policy/script-src/script-src-1_2_1.html.ini
@@ -1,5 +1,7 @@
 [script-src-1_2_1.html]
   disabled:
     if os == "win": bug 1094323
   prefs: [security.csp.enable_violation_events:true]
+  [Test that securitypolicyviolation event is fired]
+    expected: FAIL
 
--- a/testing/web-platform/meta/content-security-policy/script-src/script-src-1_4.html.ini
+++ b/testing/web-platform/meta/content-security-policy/script-src/script-src-1_4.html.ini
@@ -1,5 +1,8 @@
 [script-src-1_4.html]
   prefs: [security.csp.enable_violation_events:true]
   [eval() should throw without 'unsafe-eval' keyword source in script-src directive.]
     expected: FAIL
 
+  [Test that securitypolicyviolation event is fired]
+    expected: FAIL
+
--- a/testing/web-platform/meta/content-security-policy/script-src/script-src-1_4_1.html.ini
+++ b/testing/web-platform/meta/content-security-policy/script-src/script-src-1_4_1.html.ini
@@ -1,5 +1,7 @@
 [script-src-1_4_1.html]
   disabled:
     if os == "win": bug 1094323
   prefs: [security.csp.enable_violation_events:true]
+  [Test that securitypolicyviolation event is fired]
+    expected: FAIL
 
--- a/testing/web-platform/meta/content-security-policy/script-src/script-src-1_4_2.html.ini
+++ b/testing/web-platform/meta/content-security-policy/script-src/script-src-1_4_2.html.ini
@@ -1,5 +1,8 @@
 [script-src-1_4_2.html]
   prefs: [security.csp.enable_violation_events:true]
   [Unsafe eval ran in Function() constructor.]
     expected: FAIL
 
+  [Test that securitypolicyviolation event is fired]
+    expected: FAIL
+
--- a/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_discard_whitelist.html.ini
+++ b/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_discard_whitelist.html.ini
@@ -1,3 +1,5 @@
 [script-src-strict_dynamic_discard_whitelist.html]
   prefs: [security.csp.enable_violation_events:true]
+  [Whitelisted script without a correct nonce is not allowed with `strict-dynamic`.]
+    expected: FAIL
 
--- a/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_double_policy_different_nonce.html.ini
+++ b/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_double_policy_different_nonce.html.ini
@@ -1,3 +1,5 @@
 [script-src-strict_dynamic_double_policy_different_nonce.html]
   prefs: [security.csp.enable_violation_events:true]
+  [Unnonced script injected via `appendChild` is not allowed with `strict-dynamic` + a nonce-only double policy.]
+    expected: FAIL
 
--- a/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_double_policy_report_only.html.ini
+++ b/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_double_policy_report_only.html.ini
@@ -1,4 +1,5 @@
 [script-src-strict_dynamic_double_policy_report_only.html]
-  type: testharness
   prefs: [security.csp.enable_violation_events:true]
+  [Script injected via `appendChild` is allowed with `strict-dynamic` + Report-Only `script-src 'none'` policy.]
+    expected: FAIL
 
--- a/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_javascript_uri.html.ini
+++ b/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_javascript_uri.html.ini
@@ -1,3 +1,5 @@
 [script-src-strict_dynamic_javascript_uri.html]
   prefs: [security.csp.enable_violation_events:true]
+  [Script injected via `javascript:` URIs are not allowed with `strict-dynamic`.]
+    expected: FAIL
 
--- a/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_non_parser_inserted_incorrect_nonce.html.ini
+++ b/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_non_parser_inserted_incorrect_nonce.html.ini
@@ -1,3 +1,5 @@
 [script-src-strict_dynamic_non_parser_inserted_incorrect_nonce.html]
   prefs: [security.csp.enable_violation_events:true]
+  [All the expected CSP violation reports have been fired.]
+    expected: FAIL
 
--- a/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_parser_inserted.html.ini
+++ b/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_parser_inserted.html.ini
@@ -1,9 +1,33 @@
 [script-src-strict_dynamic_parser_inserted.html]
   expected: TIMEOUT
   prefs: [security.csp.enable_violation_events:true]
+  [Parser-inserted script via `document.write` without a correct nonce is not allowed with `strict-dynamic`.]
+    expected: FAIL
+
+  [Parser-inserted script via `document.writeln` without a correct nonce is not allowed with `strict-dynamic`.]
+    expected: FAIL
+
+  [Parser-inserted deferred script via `document.write` without a correct nonce is not allowed with `strict-dynamic`.]
+    expected: FAIL
+
+  [Parser-inserted deferred script via `document.writeln` without a correct nonce is not allowed with `strict-dynamic`.]
+    expected: FAIL
+
+  [Parser-inserted async script via `document.write` without a correct nonce is not allowed with `strict-dynamic`.]
+    expected: FAIL
+
+  [Parser-inserted async script via `document.writeln` without a correct nonce is not allowed with `strict-dynamic`.]
+    expected: FAIL
+
+  [Parser-inserted deferred async script via `document.write` without a correct nonce is not allowed with `strict-dynamic`.]
+    expected: FAIL
+
+  [Parser-inserted deferred async script via `document.writeln` without a correct nonce is not allowed with `strict-dynamic`.]
+    expected: FAIL
+
   [Script injected via `innerHTML` is not allowed with `strict-dynamic`.]
     expected: TIMEOUT
 
   [Script injected via `insertAdjacentHTML` is not allowed with `strict-dynamic`.]
     expected: TIMEOUT
 
--- a/testing/web-platform/meta/content-security-policy/script-src/scripthash-unicode-normalization.sub.html.ini
+++ b/testing/web-platform/meta/content-security-policy/script-src/scripthash-unicode-normalization.sub.html.ini
@@ -1,3 +1,5 @@
 [scripthash-unicode-normalization.sub.html]
   prefs: [security.csp.enable_violation_events:true]
+  [Should fire securitypolicyviolation]
+    expected: FAIL
 
--- a/testing/web-platform/meta/content-security-policy/script-src/scriptnonce-and-scripthash.sub.html.ini
+++ b/testing/web-platform/meta/content-security-policy/script-src/scriptnonce-and-scripthash.sub.html.ini
@@ -1,3 +1,5 @@
 [scriptnonce-and-scripthash.sub.html]
   prefs: [security.csp.enable_violation_events:true]
+  [Expecting alerts: ["PASS (1/3)","PASS (2/3)","PASS (3/3)"\]]
+    expected: FAIL
 
--- a/testing/web-platform/meta/content-security-policy/script-src/scriptnonce-ignore-unsafeinline.sub.html.ini
+++ b/testing/web-platform/meta/content-security-policy/script-src/scriptnonce-ignore-unsafeinline.sub.html.ini
@@ -1,3 +1,5 @@
 [scriptnonce-ignore-unsafeinline.sub.html]
   prefs: [security.csp.enable_violation_events:true]
+  [Expecting alerts: ["PASS (1/2)","PASS (2/2)", "violated-directive=script-src"\]]
+    expected: FAIL
 
--- a/testing/web-platform/meta/content-security-policy/securitypolicyviolation/securitypolicyviolation-block-image.sub.html.ini
+++ b/testing/web-platform/meta/content-security-policy/securitypolicyviolation/securitypolicyviolation-block-image.sub.html.ini
@@ -1,3 +1,5 @@
 [securitypolicyviolation-block-image.sub.html]
   prefs: [security.csp.enable_violation_events:true]
+  [Non-redirected same-origin URLs are not stripped.]
+    expected: FAIL
 
--- a/testing/web-platform/meta/content-security-policy/securitypolicyviolation/upgrade-insecure-requests-reporting.https.html.ini
+++ b/testing/web-platform/meta/content-security-policy/securitypolicyviolation/upgrade-insecure-requests-reporting.https.html.ini
@@ -1,4 +1,11 @@
 [upgrade-insecure-requests-reporting.https.html]
-  type: testharness
-  prefs: [security.csp.enable_violation_events:true]
+  expected: TIMEOUT
+  [Upgraded image is reported]
+    expected: TIMEOUT
 
+  [Upgraded iframe is reported]
+    expected: TIMEOUT
+
+  [Navigated iframe is upgraded and reported]
+    expected: TIMEOUT
+
--- a/testing/web-platform/meta/content-security-policy/style-src/injected-inline-style-blocked.sub.html.ini
+++ b/testing/web-platform/meta/content-security-policy/style-src/injected-inline-style-blocked.sub.html.ini
@@ -1,3 +1,4 @@
 [injected-inline-style-blocked.sub.html]
-  prefs: [security.csp.enable_violation_events:true]
+  [Expecting logs: ["violated-directive=style-src","PASS"\]]
+    expected: FAIL
 
--- a/testing/web-platform/meta/content-security-policy/style-src/inline-style-allowed-while-cloning-objects.sub.html.ini
+++ b/testing/web-platform/meta/content-security-policy/style-src/inline-style-allowed-while-cloning-objects.sub.html.ini
@@ -1,3 +1,5 @@
 [inline-style-allowed-while-cloning-objects.sub.html]
   prefs: [security.csp.enable_violation_events:true]
+  [Test that violation report event was fired]
+    expected: FAIL
 
--- a/testing/web-platform/meta/content-security-policy/style-src/inline-style-attribute-blocked.sub.html.ini
+++ b/testing/web-platform/meta/content-security-policy/style-src/inline-style-attribute-blocked.sub.html.ini
@@ -1,3 +1,4 @@
 [inline-style-attribute-blocked.sub.html]
-  prefs: [security.csp.enable_violation_events:true]
+  [Expecting logs: ["violated-directive=style-src","PASS"\]]
+    expected: FAIL
 
--- a/testing/web-platform/meta/content-security-policy/style-src/style-blocked.sub.html.ini
+++ b/testing/web-platform/meta/content-security-policy/style-src/style-blocked.sub.html.ini
@@ -1,3 +1,4 @@
 [style-blocked.sub.html]
-  prefs: [security.csp.enable_violation_events:true]
+  [Expecting logs: ["violated-directive=style-src","PASS"\]]
+    expected: FAIL
 
--- a/testing/web-platform/meta/content-security-policy/style-src/style-src-hash-blocked.html.ini
+++ b/testing/web-platform/meta/content-security-policy/style-src/style-src-hash-blocked.html.ini
@@ -1,3 +1,5 @@
 [style-src-hash-blocked.html]
   prefs: [security.csp.enable_violation_events:true]
+  [Should fire a securitypolicyviolation event]
+    expected: FAIL
 
--- a/testing/web-platform/meta/content-security-policy/style-src/style-src-imported-style-blocked.html.ini
+++ b/testing/web-platform/meta/content-security-policy/style-src/style-src-imported-style-blocked.html.ini
@@ -1,4 +1,5 @@
 [style-src-imported-style-blocked.html]
-  type: testharness
   prefs: [security.csp.enable_violation_events:true]
+  [Should fire a securitypolicyviolation event]
+    expected: FAIL
 
--- a/testing/web-platform/meta/content-security-policy/style-src/style-src-injected-inline-style-blocked.html.ini
+++ b/testing/web-platform/meta/content-security-policy/style-src/style-src-injected-inline-style-blocked.html.ini
@@ -1,3 +1,5 @@
 [style-src-injected-inline-style-blocked.html]
   prefs: [security.csp.enable_violation_events:true]
+  [Should fire a securitypolicyviolation event]
+    expected: FAIL
 
--- a/testing/web-platform/meta/content-security-policy/style-src/style-src-injected-stylesheet-blocked.sub.html.ini
+++ b/testing/web-platform/meta/content-security-policy/style-src/style-src-injected-stylesheet-blocked.sub.html.ini
@@ -1,3 +1,5 @@
 [style-src-injected-stylesheet-blocked.sub.html]
   prefs: [security.csp.enable_violation_events:true]
+  [Should fire a securitypolicyviolation event]
+    expected: FAIL
 
--- a/testing/web-platform/meta/content-security-policy/style-src/style-src-inline-style-attribute-blocked.html.ini
+++ b/testing/web-platform/meta/content-security-policy/style-src/style-src-inline-style-attribute-blocked.html.ini
@@ -1,3 +1,5 @@
 [style-src-inline-style-attribute-blocked.html]
   prefs: [security.csp.enable_violation_events:true]
+  [Should fire a securitypolicyviolation event]
+    expected: FAIL
 
--- a/testing/web-platform/meta/content-security-policy/style-src/style-src-inline-style-blocked.html.ini
+++ b/testing/web-platform/meta/content-security-policy/style-src/style-src-inline-style-blocked.html.ini
@@ -1,3 +1,5 @@
 [style-src-inline-style-blocked.html]
   prefs: [security.csp.enable_violation_events:true]
+  [Should fire a securitypolicyviolation event]
+    expected: FAIL
 
--- a/testing/web-platform/meta/content-security-policy/style-src/style-src-inline-style-nonce-blocked-error-event.html.ini
+++ b/testing/web-platform/meta/content-security-policy/style-src/style-src-inline-style-nonce-blocked-error-event.html.ini
@@ -1,6 +1,9 @@
 [style-src-inline-style-nonce-blocked-error-event.html]
   expected: TIMEOUT
   prefs: [security.csp.enable_violation_events:true]
+  [Should fire a securitypolicyviolation event]
+    expected: FAIL
+
   [Test that paragraph remains unmodified and error events received.]
     expected: NOTRUN
 
--- a/testing/web-platform/meta/content-security-policy/style-src/style-src-inline-style-nonce-blocked.html.ini
+++ b/testing/web-platform/meta/content-security-policy/style-src/style-src-inline-style-nonce-blocked.html.ini
@@ -1,3 +1,5 @@
 [style-src-inline-style-nonce-blocked.html]
   prefs: [security.csp.enable_violation_events:true]
+  [Should fire a securitypolicyviolation event]
+    expected: FAIL
 
--- a/testing/web-platform/meta/content-security-policy/style-src/style-src-none-blocked.html.ini
+++ b/testing/web-platform/meta/content-security-policy/style-src/style-src-none-blocked.html.ini
@@ -1,3 +1,5 @@
 [style-src-none-blocked.html]
   prefs: [security.csp.enable_violation_events:true]
+  [Should fire a securitypolicyviolation event]
+    expected: FAIL
 
--- a/testing/web-platform/meta/content-security-policy/style-src/style-src-stylesheet-nonce-blocked.html.ini
+++ b/testing/web-platform/meta/content-security-policy/style-src/style-src-stylesheet-nonce-blocked.html.ini
@@ -1,3 +1,5 @@
 [style-src-stylesheet-nonce-blocked.html]
   prefs: [security.csp.enable_violation_events:true]
+  [Should fire a securitypolicyviolation event]
+    expected: FAIL
 
--- a/testing/web-platform/meta/content-security-policy/style-src/stylehash-basic-blocked.sub.html.ini
+++ b/testing/web-platform/meta/content-security-policy/style-src/stylehash-basic-blocked.sub.html.ini
@@ -1,3 +1,5 @@
 [stylehash-basic-blocked.sub.html]
   prefs: [security.csp.enable_violation_events:true]
+  [Expecting alerts: ["PASS: The 'p' element's text is green, which means the style was correctly applied.", "violated-directive=style-src"\]]
+    expected: FAIL
 
--- a/testing/web-platform/meta/content-security-policy/style-src/stylenonce-allowed.sub.html.ini
+++ b/testing/web-platform/meta/content-security-policy/style-src/stylenonce-allowed.sub.html.ini
@@ -1,4 +1,5 @@
 [stylenonce-allowed.sub.html]
-  type: testharness
   prefs: [security.csp.enable_violation_events:true]
+  [Should fire securitypolicyviolation]
+    expected: FAIL
 
--- a/testing/web-platform/meta/content-security-policy/style-src/stylenonce-blocked.sub.html.ini
+++ b/testing/web-platform/meta/content-security-policy/style-src/stylenonce-blocked.sub.html.ini
@@ -1,4 +1,5 @@
 [stylenonce-blocked.sub.html]
-  type: testharness
   prefs: [security.csp.enable_violation_events:true]
+  [Should fire securitypolicyviolation]
+    expected: FAIL
 
--- a/testing/web-platform/meta/content-security-policy/svg/object-in-svg-foreignobject.sub.html.ini
+++ b/testing/web-platform/meta/content-security-policy/svg/object-in-svg-foreignobject.sub.html.ini
@@ -1,3 +1,5 @@
 [object-in-svg-foreignobject.sub.html]
   prefs: [security.csp.enable_violation_events:true]
+  [Should throw a securitypolicyviolation]
+    expected: FAIL
 
--- a/testing/web-platform/meta/content-security-policy/svg/svg-inline.sub.html.ini
+++ b/testing/web-platform/meta/content-security-policy/svg/svg-inline.sub.html.ini
@@ -1,3 +1,5 @@
 [svg-inline.sub.html]
   prefs: [security.csp.enable_violation_events:true]
+  [Should fire violation event]
+    expected: FAIL
 
--- a/testing/web-platform/meta/content-security-policy/unsafe-eval/eval-blocked-and-sends-report.sub.html.ini
+++ b/testing/web-platform/meta/content-security-policy/unsafe-eval/eval-blocked-and-sends-report.sub.html.ini
@@ -1,3 +1,4 @@
 [eval-blocked-and-sends-report.sub.html]
-  prefs: [security.csp.enable_violation_events:true]
+  [Expecting logs: ["PASS: eval() blocked.","violated-directive=script-src"\]]
+    expected: FAIL
 
--- a/testing/web-platform/meta/content-security-policy/unsafe-eval/eval-blocked.sub.html.ini
+++ b/testing/web-platform/meta/content-security-policy/unsafe-eval/eval-blocked.sub.html.ini
@@ -1,3 +1,4 @@
 [eval-blocked.sub.html]
-  prefs: [security.csp.enable_violation_events:true]
+  [Expecting logs: ["PASS EvalError","PASS EvalError", "violated-directive=script-src"\]]
+    expected: FAIL
 
--- a/testing/web-platform/meta/content-security-policy/unsafe-eval/eval-scripts-setInterval-blocked.sub.html.ini
+++ b/testing/web-platform/meta/content-security-policy/unsafe-eval/eval-scripts-setInterval-blocked.sub.html.ini
@@ -1,3 +1,4 @@
 [eval-scripts-setInterval-blocked.sub.html]
-  prefs: [security.csp.enable_violation_events:true]
+  [Expecting logs: ["PASS","violated-directive=script-src"\]]
+    expected: FAIL
 
--- a/testing/web-platform/meta/content-security-policy/unsafe-eval/eval-scripts-setTimeout-blocked.sub.html.ini
+++ b/testing/web-platform/meta/content-security-policy/unsafe-eval/eval-scripts-setTimeout-blocked.sub.html.ini
@@ -1,3 +1,4 @@
 [eval-scripts-setTimeout-blocked.sub.html]
-  prefs: [security.csp.enable_violation_events:true]
+  [Expecting logs: ["PASS","violated-directive=script-src"\]]
+    expected: FAIL
 
--- a/testing/web-platform/meta/content-security-policy/unsafe-eval/function-constructor-blocked.sub.html.ini
+++ b/testing/web-platform/meta/content-security-policy/unsafe-eval/function-constructor-blocked.sub.html.ini
@@ -1,3 +1,4 @@
 [function-constructor-blocked.sub.html]
-  prefs: [security.csp.enable_violation_events:true]
+  [Expecting logs: ["PASS EvalError","violated-directive=script-src"\]]
+    expected: FAIL