diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-19 01:47:29 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-19 01:47:29 +0000 |
| commit | 0ebf5bdf043a27fd3dfb7f92e0cb63d88954c44d (patch) | |
| tree | a31f07c9bcca9d56ce61e9a1ffd30ef350d513aa /testing/web-platform/mozilla/tests/content-security-policy | |
| parent | Initial commit. (diff) | |
| download | firefox-esr-0ebf5bdf043a27fd3dfb7f92e0cb63d88954c44d.tar.xz firefox-esr-0ebf5bdf043a27fd3dfb7f92e0cb63d88954c44d.zip | |
Adding upstream version 115.8.0esr.upstream/115.8.0esr
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'testing/web-platform/mozilla/tests/content-security-policy')
17 files changed, 1994 insertions, 0 deletions
diff --git a/testing/web-platform/mozilla/tests/content-security-policy/gen/top.http-rp/script-src-self/sharedworker-import.http.html b/testing/web-platform/mozilla/tests/content-security-policy/gen/top.http-rp/script-src-self/sharedworker-import.http.html new file mode 100644 index 0000000000..c420b940f8 --- /dev/null +++ b/testing/web-platform/mozilla/tests/content-security-policy/gen/top.http-rp/script-src-self/sharedworker-import.http.html @@ -0,0 +1,118 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec content-security-policy/` --> +<html> + <head> + <meta charset="utf-8"> + <meta name="timeout" content="long"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + [ + { + "expectation": "allowed", + "origin": "same-http", + "redirection": "keep-origin", + "source_context_list": [], + "source_scheme": "http", + "subresource": "sharedworker-import", + "subresource_policy_deliveries": [ + { + "deliveryType": "http-rp", + "key": "contentSecurityPolicy", + "value": 'script-src-self' + } + ], + "test_description": "Content Security Policy: Expects allowed for sharedworker-import to same-http origin and keep-origin redirection from http context." + }, + { + "expectation": "allowed", + "origin": "same-http", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "sharedworker-import", + "subresource_policy_deliveries": [ + { + "deliveryType": "http-rp", + "key": "contentSecurityPolicy", + "value": 'script-src-self' + } + ], + "test_description": "Content Security Policy: Expects allowed for sharedworker-import to same-http origin and no-redirect redirection from http context." + }, + { + "expectation": "blocked", + "origin": "cross-http", + "redirection": "keep-origin", + "source_context_list": [], + "source_scheme": "http", + "subresource": "sharedworker-import", + "subresource_policy_deliveries": [ + { + "deliveryType": "http-rp", + "key": "contentSecurityPolicy", + "value": 'script-src-self' + } + ], + "test_description": "Content Security Policy: Expects blocked for sharedworker-import to cross-http origin and keep-origin redirection from http context." + }, + { + "expectation": "blocked", + "origin": "cross-http", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "sharedworker-import", + "subresource_policy_deliveries": [ + { + "deliveryType": "http-rp", + "key": "contentSecurityPolicy", + "value": 'script-src-self' + } + ], + "test_description": "Content Security Policy: Expects blocked for sharedworker-import to cross-http origin and no-redirect redirection from http context." + }, + { + "expectation": "blocked", + "origin": "cross-http", + "redirection": "swap-origin", + "source_context_list": [], + "source_scheme": "http", + "subresource": "sharedworker-import", + "subresource_policy_deliveries": [ + { + "deliveryType": "http-rp", + "key": "contentSecurityPolicy", + "value": 'script-src-self' + } + ], + "test_description": "Content Security Policy: Expects blocked for sharedworker-import to cross-http origin and swap-origin redirection from http context." + }, + { + "expectation": "blocked", + "origin": "same-http", + "redirection": "swap-origin", + "source_context_list": [], + "source_scheme": "http", + "subresource": "sharedworker-import", + "subresource_policy_deliveries": [ + { + "deliveryType": "http-rp", + "key": "contentSecurityPolicy", + "value": 'script-src-self' + } + ], + "test_description": "Content Security Policy: Expects blocked for sharedworker-import to same-http origin and swap-origin redirection from http context." + } + ], + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/mozilla/tests/content-security-policy/gen/top.http-rp/script-src-self/sharedworker-import.https.html b/testing/web-platform/mozilla/tests/content-security-policy/gen/top.http-rp/script-src-self/sharedworker-import.https.html new file mode 100644 index 0000000000..a7bb3de773 --- /dev/null +++ b/testing/web-platform/mozilla/tests/content-security-policy/gen/top.http-rp/script-src-self/sharedworker-import.https.html @@ -0,0 +1,118 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec content-security-policy/` --> +<html> + <head> + <meta charset="utf-8"> + <meta name="timeout" content="long"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + [ + { + "expectation": "allowed", + "origin": "same-https", + "redirection": "keep-origin", + "source_context_list": [], + "source_scheme": "https", + "subresource": "sharedworker-import", + "subresource_policy_deliveries": [ + { + "deliveryType": "http-rp", + "key": "contentSecurityPolicy", + "value": 'script-src-self' + } + ], + "test_description": "Content Security Policy: Expects allowed for sharedworker-import to same-https origin and keep-origin redirection from https context." + }, + { + "expectation": "allowed", + "origin": "same-https", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "https", + "subresource": "sharedworker-import", + "subresource_policy_deliveries": [ + { + "deliveryType": "http-rp", + "key": "contentSecurityPolicy", + "value": 'script-src-self' + } + ], + "test_description": "Content Security Policy: Expects allowed for sharedworker-import to same-https origin and no-redirect redirection from https context." + }, + { + "expectation": "blocked", + "origin": "cross-https", + "redirection": "keep-origin", + "source_context_list": [], + "source_scheme": "https", + "subresource": "sharedworker-import", + "subresource_policy_deliveries": [ + { + "deliveryType": "http-rp", + "key": "contentSecurityPolicy", + "value": 'script-src-self' + } + ], + "test_description": "Content Security Policy: Expects blocked for sharedworker-import to cross-https origin and keep-origin redirection from https context." + }, + { + "expectation": "blocked", + "origin": "cross-https", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "https", + "subresource": "sharedworker-import", + "subresource_policy_deliveries": [ + { + "deliveryType": "http-rp", + "key": "contentSecurityPolicy", + "value": 'script-src-self' + } + ], + "test_description": "Content Security Policy: Expects blocked for sharedworker-import to cross-https origin and no-redirect redirection from https context." + }, + { + "expectation": "blocked", + "origin": "cross-https", + "redirection": "swap-origin", + "source_context_list": [], + "source_scheme": "https", + "subresource": "sharedworker-import", + "subresource_policy_deliveries": [ + { + "deliveryType": "http-rp", + "key": "contentSecurityPolicy", + "value": 'script-src-self' + } + ], + "test_description": "Content Security Policy: Expects blocked for sharedworker-import to cross-https origin and swap-origin redirection from https context." + }, + { + "expectation": "blocked", + "origin": "same-https", + "redirection": "swap-origin", + "source_context_list": [], + "source_scheme": "https", + "subresource": "sharedworker-import", + "subresource_policy_deliveries": [ + { + "deliveryType": "http-rp", + "key": "contentSecurityPolicy", + "value": 'script-src-self' + } + ], + "test_description": "Content Security Policy: Expects blocked for sharedworker-import to same-https origin and swap-origin redirection from https context." + } + ], + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/mozilla/tests/content-security-policy/gen/top.http-rp/script-src-self/worker-import.http.html b/testing/web-platform/mozilla/tests/content-security-policy/gen/top.http-rp/script-src-self/worker-import.http.html new file mode 100644 index 0000000000..482a41186d --- /dev/null +++ b/testing/web-platform/mozilla/tests/content-security-policy/gen/top.http-rp/script-src-self/worker-import.http.html @@ -0,0 +1,118 @@ +<!DOCTYPE html> +<!-- this is edited. We need to update it so that it is correctly generated if this gets adopted --> +<html> + <head> + <meta charset="utf-8"> + <meta name="timeout" content="long"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + [ + { + "expectation": "allowed", + "origin": "same-http", + "redirection": "keep-origin", + "source_context_list": [], + "source_scheme": "http", + "subresource": "worker-import", + "subresource_policy_deliveries": [ + { + "deliveryType": "http-rp", + "key": "contentSecurityPolicy", + "value": 'script-src-self' + } + ], + "test_description": "Content Security Policy: Expects allowed for worker-import to same-http origin and keep-origin redirection from http context." + }, + { + "expectation": "allowed", + "origin": "same-http", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "worker-import", + "subresource_policy_deliveries": [ + { + "deliveryType": "http-rp", + "key": "contentSecurityPolicy", + "value": 'script-src-self' + } + ], + "test_description": "Content Security Policy: Expects allowed for worker-import to same-http origin and no-redirect redirection from http context." + }, + { + "expectation": "blocked", + "origin": "cross-http", + "redirection": "keep-origin", + "source_context_list": [], + "source_scheme": "http", + "subresource": "worker-import", + "subresource_policy_deliveries": [ + { + "deliveryType": "http-rp", + "key": "contentSecurityPolicy", + "value": 'script-src-self' + } + ], + "test_description": "Content Security Policy: Expects blocked for worker-import to cross-http origin and keep-origin redirection from http context." + }, + { + "expectation": "blocked", + "origin": "cross-http", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "worker-import", + "subresource_policy_deliveries": [ + { + "deliveryType": "http-rp", + "key": "contentSecurityPolicy", + "value": 'script-src-self' + } + ], + "test_description": "Content Security Policy: Expects blocked for worker-import to cross-http origin and no-redirect redirection from http context." + }, + { + "expectation": "blocked", + "origin": "cross-http", + "redirection": "swap-origin", + "source_context_list": [], + "source_scheme": "http", + "subresource": "worker-import", + "subresource_policy_deliveries": [ + { + "deliveryType": "http-rp", + "key": "contentSecurityPolicy", + "value": 'script-src-self' + } + ], + "test_description": "Content Security Policy: Expects blocked for worker-import to cross-http origin and swap-origin redirection from http context." + }, + { + "expectation": "blocked", + "origin": "same-http", + "redirection": "swap-origin", + "source_context_list": [], + "source_scheme": "http", + "subresource": "worker-import", + "subresource_policy_deliveries": [ + { + "deliveryType": "http-rp", + "key": "contentSecurityPolicy", + "value": 'script-src-self' + } + ], + "test_description": "Content Security Policy: Expects blocked for worker-import to same-http origin and swap-origin redirection from http context." + } + ], + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/mozilla/tests/content-security-policy/gen/top.http-rp/script-src-self/worker-import.https.html b/testing/web-platform/mozilla/tests/content-security-policy/gen/top.http-rp/script-src-self/worker-import.https.html new file mode 100644 index 0000000000..4d75fa1ccc --- /dev/null +++ b/testing/web-platform/mozilla/tests/content-security-policy/gen/top.http-rp/script-src-self/worker-import.https.html @@ -0,0 +1,118 @@ +<!DOCTYPE html> +<!-- this is edited. We need to update it so that it is correctly generated if this gets adopted --> +<html> + <head> + <meta charset="utf-8"> + <meta name="timeout" content="long"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + [ + { + "expectation": "allowed", + "origin": "same-https", + "redirection": "keep-origin", + "source_context_list": [], + "source_scheme": "https", + "subresource": "worker-import", + "subresource_policy_deliveries": [ + { + "deliveryType": "http-rp", + "key": "contentSecurityPolicy", + "value": 'script-src-self' + } + ], + "test_description": "Content Security Policy: Expects allowed for worker-import to same-https origin and keep-origin redirection from https context." + }, + { + "expectation": "allowed", + "origin": "same-https", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "https", + "subresource": "worker-import", + "subresource_policy_deliveries": [ + { + "deliveryType": "http-rp", + "key": "contentSecurityPolicy", + "value": 'script-src-self' + } + ], + "test_description": "Content Security Policy: Expects allowed for worker-import to same-https origin and no-redirect redirection from https context." + }, + { + "expectation": "blocked", + "origin": "cross-https", + "redirection": "keep-origin", + "source_context_list": [], + "source_scheme": "https", + "subresource": "worker-import", + "subresource_policy_deliveries": [ + { + "deliveryType": "http-rp", + "key": "contentSecurityPolicy", + "value": 'script-src-self' + } + ], + "test_description": "Content Security Policy: Expects blocked for worker-import to cross-https origin and keep-origin redirection from https context." + }, + { + "expectation": "blocked", + "origin": "cross-https", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "https", + "subresource": "worker-import", + "subresource_policy_deliveries": [ + { + "deliveryType": "http-rp", + "key": "contentSecurityPolicy", + "value": 'script-src-self' + } + ], + "test_description": "Content Security Policy: Expects blocked for worker-import to cross-https origin and no-redirect redirection from https context." + }, + { + "expectation": "blocked", + "origin": "cross-https", + "redirection": "swap-origin", + "source_context_list": [], + "source_scheme": "https", + "subresource": "worker-import", + "subresource_policy_deliveries": [ + { + "deliveryType": "http-rp", + "key": "contentSecurityPolicy", + "value": 'script-src-self' + } + ], + "test_description": "Content Security Policy: Expects blocked for worker-import to cross-https origin and swap-origin redirection from https context." + }, + { + "expectation": "blocked", + "origin": "same-https", + "redirection": "swap-origin", + "source_context_list": [], + "source_scheme": "https", + "subresource": "worker-import", + "subresource_policy_deliveries": [ + { + "deliveryType": "http-rp", + "key": "contentSecurityPolicy", + "value": 'script-src-self' + } + ], + "test_description": "Content Security Policy: Expects blocked for worker-import to same-https origin and swap-origin redirection from https context." + } + ], + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/mozilla/tests/content-security-policy/gen/top.http-rp/worker-src-self/sharedworker-import.http.html b/testing/web-platform/mozilla/tests/content-security-policy/gen/top.http-rp/worker-src-self/sharedworker-import.http.html new file mode 100644 index 0000000000..f06c11dd78 --- /dev/null +++ b/testing/web-platform/mozilla/tests/content-security-policy/gen/top.http-rp/worker-src-self/sharedworker-import.http.html @@ -0,0 +1,118 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec content-security-policy/` --> +<html> + <head> + <meta charset="utf-8"> + <meta name="timeout" content="long"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + [ + { + "expectation": "allowed", + "origin": "same-http", + "redirection": "keep-origin", + "source_context_list": [], + "source_scheme": "http", + "subresource": "sharedworker-import", + "subresource_policy_deliveries": [ + { + "deliveryType": "http-rp", + "key": "contentSecurityPolicy", + "value": 'worker-src-self' + } + ], + "test_description": "Content Security Policy: Expects allowed for sharedworker-import to same-http origin and keep-origin redirection from http context." + }, + { + "expectation": "allowed", + "origin": "same-http", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "sharedworker-import", + "subresource_policy_deliveries": [ + { + "deliveryType": "http-rp", + "key": "contentSecurityPolicy", + "value": 'worker-src-self' + } + ], + "test_description": "Content Security Policy: Expects allowed for sharedworker-import to same-http origin and no-redirect redirection from http context." + }, + { + "expectation": "blocked", + "origin": "cross-http", + "redirection": "keep-origin", + "source_context_list": [], + "source_scheme": "http", + "subresource": "sharedworker-import", + "subresource_policy_deliveries": [ + { + "deliveryType": "http-rp", + "key": "contentSecurityPolicy", + "value": 'worker-src-self' + } + ], + "test_description": "Content Security Policy: Expects blocked for sharedworker-import to cross-http origin and keep-origin redirection from http context." + }, + { + "expectation": "blocked", + "origin": "cross-http", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "sharedworker-import", + "subresource_policy_deliveries": [ + { + "deliveryType": "http-rp", + "key": "contentSecurityPolicy", + "value": 'worker-src-self' + } + ], + "test_description": "Content Security Policy: Expects blocked for sharedworker-import to cross-http origin and no-redirect redirection from http context." + }, + { + "expectation": "blocked", + "origin": "cross-http", + "redirection": "swap-origin", + "source_context_list": [], + "source_scheme": "http", + "subresource": "sharedworker-import", + "subresource_policy_deliveries": [ + { + "deliveryType": "http-rp", + "key": "contentSecurityPolicy", + "value": 'worker-src-self' + } + ], + "test_description": "Content Security Policy: Expects blocked for sharedworker-import to cross-http origin and swap-origin redirection from http context." + }, + { + "expectation": "blocked", + "origin": "same-http", + "redirection": "swap-origin", + "source_context_list": [], + "source_scheme": "http", + "subresource": "sharedworker-import", + "subresource_policy_deliveries": [ + { + "deliveryType": "http-rp", + "key": "contentSecurityPolicy", + "value": 'worker-src-self' + } + ], + "test_description": "Content Security Policy: Expects blocked for sharedworker-import to same-http origin and swap-origin redirection from http context." + } + ], + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/mozilla/tests/content-security-policy/gen/top.http-rp/worker-src-self/sharedworker-import.https.html b/testing/web-platform/mozilla/tests/content-security-policy/gen/top.http-rp/worker-src-self/sharedworker-import.https.html new file mode 100644 index 0000000000..1c9483fc05 --- /dev/null +++ b/testing/web-platform/mozilla/tests/content-security-policy/gen/top.http-rp/worker-src-self/sharedworker-import.https.html @@ -0,0 +1,118 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec content-security-policy/` --> +<html> + <head> + <meta charset="utf-8"> + <meta name="timeout" content="long"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + [ + { + "expectation": "allowed", + "origin": "same-https", + "redirection": "keep-origin", + "source_context_list": [], + "source_scheme": "https", + "subresource": "sharedworker-import", + "subresource_policy_deliveries": [ + { + "deliveryType": "http-rp", + "key": "contentSecurityPolicy", + "value": 'worker-src-self' + } + ], + "test_description": "Content Security Policy: Expects allowed for sharedworker-import to same-https origin and keep-origin redirection from https context." + }, + { + "expectation": "allowed", + "origin": "same-https", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "https", + "subresource": "sharedworker-import", + "subresource_policy_deliveries": [ + { + "deliveryType": "http-rp", + "key": "contentSecurityPolicy", + "value": 'worker-src-self' + } + ], + "test_description": "Content Security Policy: Expects allowed for sharedworker-import to same-https origin and no-redirect redirection from https context." + }, + { + "expectation": "blocked", + "origin": "cross-https", + "redirection": "keep-origin", + "source_context_list": [], + "source_scheme": "https", + "subresource": "sharedworker-import", + "subresource_policy_deliveries": [ + { + "deliveryType": "http-rp", + "key": "contentSecurityPolicy", + "value": 'worker-src-self' + } + ], + "test_description": "Content Security Policy: Expects blocked for sharedworker-import to cross-https origin and keep-origin redirection from https context." + }, + { + "expectation": "blocked", + "origin": "cross-https", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "https", + "subresource": "sharedworker-import", + "subresource_policy_deliveries": [ + { + "deliveryType": "http-rp", + "key": "contentSecurityPolicy", + "value": 'worker-src-self' + } + ], + "test_description": "Content Security Policy: Expects blocked for sharedworker-import to cross-https origin and no-redirect redirection from https context." + }, + { + "expectation": "blocked", + "origin": "cross-https", + "redirection": "swap-origin", + "source_context_list": [], + "source_scheme": "https", + "subresource": "sharedworker-import", + "subresource_policy_deliveries": [ + { + "deliveryType": "http-rp", + "key": "contentSecurityPolicy", + "value": 'worker-src-self' + } + ], + "test_description": "Content Security Policy: Expects blocked for sharedworker-import to cross-https origin and swap-origin redirection from https context." + }, + { + "expectation": "blocked", + "origin": "same-https", + "redirection": "swap-origin", + "source_context_list": [], + "source_scheme": "https", + "subresource": "sharedworker-import", + "subresource_policy_deliveries": [ + { + "deliveryType": "http-rp", + "key": "contentSecurityPolicy", + "value": 'worker-src-self' + } + ], + "test_description": "Content Security Policy: Expects blocked for sharedworker-import to same-https origin and swap-origin redirection from https context." + } + ], + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/mozilla/tests/content-security-policy/gen/top.http-rp/worker-src-self/worker-import.http.html b/testing/web-platform/mozilla/tests/content-security-policy/gen/top.http-rp/worker-src-self/worker-import.http.html new file mode 100644 index 0000000000..f8a9e51557 --- /dev/null +++ b/testing/web-platform/mozilla/tests/content-security-policy/gen/top.http-rp/worker-src-self/worker-import.http.html @@ -0,0 +1,118 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec content-security-policy/` --> +<html> + <head> + <meta charset="utf-8"> + <meta name="timeout" content="long"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + [ + { + "expectation": "allowed", + "origin": "same-http", + "redirection": "keep-origin", + "source_context_list": [], + "source_scheme": "http", + "subresource": "worker-import", + "subresource_policy_deliveries": [ + { + "deliveryType": "http-rp", + "key": "contentSecurityPolicy", + "value": 'worker-src-self' + } + ], + "test_description": "Content Security Policy: Expects allowed for worker-import to same-http origin and keep-origin redirection from http context." + }, + { + "expectation": "allowed", + "origin": "same-http", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "worker-import", + "subresource_policy_deliveries": [ + { + "deliveryType": "http-rp", + "key": "contentSecurityPolicy", + "value": 'worker-src-self' + } + ], + "test_description": "Content Security Policy: Expects allowed for worker-import to same-http origin and no-redirect redirection from http context." + }, + { + "expectation": "blocked", + "origin": "cross-http", + "redirection": "keep-origin", + "source_context_list": [], + "source_scheme": "http", + "subresource": "worker-import", + "subresource_policy_deliveries": [ + { + "deliveryType": "http-rp", + "key": "contentSecurityPolicy", + "value": 'worker-src-self' + } + ], + "test_description": "Content Security Policy: Expects blocked for worker-import to cross-http origin and keep-origin redirection from http context." + }, + { + "expectation": "blocked", + "origin": "cross-http", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "worker-import", + "subresource_policy_deliveries": [ + { + "deliveryType": "http-rp", + "key": "contentSecurityPolicy", + "value": 'worker-src-self' + } + ], + "test_description": "Content Security Policy: Expects blocked for worker-import to cross-http origin and no-redirect redirection from http context." + }, + { + "expectation": "blocked", + "origin": "cross-http", + "redirection": "swap-origin", + "source_context_list": [], + "source_scheme": "http", + "subresource": "worker-import", + "subresource_policy_deliveries": [ + { + "deliveryType": "http-rp", + "key": "contentSecurityPolicy", + "value": 'worker-src-self' + } + ], + "test_description": "Content Security Policy: Expects blocked for worker-import to cross-http origin and swap-origin redirection from http context." + }, + { + "expectation": "blocked", + "origin": "same-http", + "redirection": "swap-origin", + "source_context_list": [], + "source_scheme": "http", + "subresource": "worker-import", + "subresource_policy_deliveries": [ + { + "deliveryType": "http-rp", + "key": "contentSecurityPolicy", + "value": 'worker-src-self' + } + ], + "test_description": "Content Security Policy: Expects blocked for worker-import to same-http origin and swap-origin redirection from http context." + } + ], + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/mozilla/tests/content-security-policy/gen/top.http-rp/worker-src-self/worker-import.https.html b/testing/web-platform/mozilla/tests/content-security-policy/gen/top.http-rp/worker-src-self/worker-import.https.html new file mode 100644 index 0000000000..7d6a82d8fc --- /dev/null +++ b/testing/web-platform/mozilla/tests/content-security-policy/gen/top.http-rp/worker-src-self/worker-import.https.html @@ -0,0 +1,118 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec content-security-policy/` --> +<html> + <head> + <meta charset="utf-8"> + <meta name="timeout" content="long"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + [ + { + "expectation": "allowed", + "origin": "same-https", + "redirection": "keep-origin", + "source_context_list": [], + "source_scheme": "https", + "subresource": "worker-import", + "subresource_policy_deliveries": [ + { + "deliveryType": "http-rp", + "key": "contentSecurityPolicy", + "value": 'worker-src-self' + } + ], + "test_description": "Content Security Policy: Expects allowed for worker-import to same-https origin and keep-origin redirection from https context." + }, + { + "expectation": "allowed", + "origin": "same-https", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "https", + "subresource": "worker-import", + "subresource_policy_deliveries": [ + { + "deliveryType": "http-rp", + "key": "contentSecurityPolicy", + "value": 'worker-src-self' + } + ], + "test_description": "Content Security Policy: Expects allowed for worker-import to same-https origin and no-redirect redirection from https context." + }, + { + "expectation": "blocked", + "origin": "cross-https", + "redirection": "keep-origin", + "source_context_list": [], + "source_scheme": "https", + "subresource": "worker-import", + "subresource_policy_deliveries": [ + { + "deliveryType": "http-rp", + "key": "contentSecurityPolicy", + "value": 'worker-src-self' + } + ], + "test_description": "Content Security Policy: Expects blocked for worker-import to cross-https origin and keep-origin redirection from https context." + }, + { + "expectation": "blocked", + "origin": "cross-https", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "https", + "subresource": "worker-import", + "subresource_policy_deliveries": [ + { + "deliveryType": "http-rp", + "key": "contentSecurityPolicy", + "value": 'worker-src-self' + } + ], + "test_description": "Content Security Policy: Expects blocked for worker-import to cross-https origin and no-redirect redirection from https context." + }, + { + "expectation": "blocked", + "origin": "cross-https", + "redirection": "swap-origin", + "source_context_list": [], + "source_scheme": "https", + "subresource": "worker-import", + "subresource_policy_deliveries": [ + { + "deliveryType": "http-rp", + "key": "contentSecurityPolicy", + "value": 'worker-src-self' + } + ], + "test_description": "Content Security Policy: Expects blocked for worker-import to cross-https origin and swap-origin redirection from https context." + }, + { + "expectation": "blocked", + "origin": "same-https", + "redirection": "swap-origin", + "source_context_list": [], + "source_scheme": "https", + "subresource": "worker-import", + "subresource_policy_deliveries": [ + { + "deliveryType": "http-rp", + "key": "contentSecurityPolicy", + "value": 'worker-src-self' + } + ], + "test_description": "Content Security Policy: Expects blocked for worker-import to same-https origin and swap-origin redirection from https context." + } + ], + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/mozilla/tests/content-security-policy/gen/top.meta/script-src-self/sharedworker-import.http.html b/testing/web-platform/mozilla/tests/content-security-policy/gen/top.meta/script-src-self/sharedworker-import.http.html new file mode 100644 index 0000000000..f66bc9ed7c --- /dev/null +++ b/testing/web-platform/mozilla/tests/content-security-policy/gen/top.meta/script-src-self/sharedworker-import.http.html @@ -0,0 +1,119 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec content-security-policy/` --> +<html> + <head> + <meta charset="utf-8"> + <meta name="timeout" content="long"> + <meta http-equiv="Content-Security-Policy" content="script-src 'self' 'unsafe-inline'"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + [ + { + "expectation": "allowed", + "origin": "same-http", + "redirection": "keep-origin", + "source_context_list": [], + "source_scheme": "http", + "subresource": "sharedworker-import", + "subresource_policy_deliveries": [ + { + "deliveryType": "meta", + "key": "contentSecurityPolicy", + "value": 'script-src-self' + } + ], + "test_description": "Content Security Policy: Expects allowed for sharedworker-import to same-http origin and keep-origin redirection from http context." + }, + { + "expectation": "allowed", + "origin": "same-http", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "sharedworker-import", + "subresource_policy_deliveries": [ + { + "deliveryType": "meta", + "key": "contentSecurityPolicy", + "value": 'script-src-self' + } + ], + "test_description": "Content Security Policy: Expects allowed for sharedworker-import to same-http origin and no-redirect redirection from http context." + }, + { + "expectation": "blocked", + "origin": "cross-http", + "redirection": "keep-origin", + "source_context_list": [], + "source_scheme": "http", + "subresource": "sharedworker-import", + "subresource_policy_deliveries": [ + { + "deliveryType": "meta", + "key": "contentSecurityPolicy", + "value": 'script-src-self' + } + ], + "test_description": "Content Security Policy: Expects blocked for sharedworker-import to cross-http origin and keep-origin redirection from http context." + }, + { + "expectation": "blocked", + "origin": "cross-http", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "sharedworker-import", + "subresource_policy_deliveries": [ + { + "deliveryType": "meta", + "key": "contentSecurityPolicy", + "value": 'script-src-self' + } + ], + "test_description": "Content Security Policy: Expects blocked for sharedworker-import to cross-http origin and no-redirect redirection from http context." + }, + { + "expectation": "blocked", + "origin": "cross-http", + "redirection": "swap-origin", + "source_context_list": [], + "source_scheme": "http", + "subresource": "sharedworker-import", + "subresource_policy_deliveries": [ + { + "deliveryType": "meta", + "key": "contentSecurityPolicy", + "value": 'script-src-self' + } + ], + "test_description": "Content Security Policy: Expects blocked for sharedworker-import to cross-http origin and swap-origin redirection from http context." + }, + { + "expectation": "blocked", + "origin": "same-http", + "redirection": "swap-origin", + "source_context_list": [], + "source_scheme": "http", + "subresource": "sharedworker-import", + "subresource_policy_deliveries": [ + { + "deliveryType": "meta", + "key": "contentSecurityPolicy", + "value": 'script-src-self' + } + ], + "test_description": "Content Security Policy: Expects blocked for sharedworker-import to same-http origin and swap-origin redirection from http context." + } + ], + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/mozilla/tests/content-security-policy/gen/top.meta/script-src-self/sharedworker-import.https.html b/testing/web-platform/mozilla/tests/content-security-policy/gen/top.meta/script-src-self/sharedworker-import.https.html new file mode 100644 index 0000000000..bcd1f0f2ef --- /dev/null +++ b/testing/web-platform/mozilla/tests/content-security-policy/gen/top.meta/script-src-self/sharedworker-import.https.html @@ -0,0 +1,119 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec content-security-policy/` --> +<html> + <head> + <meta charset="utf-8"> + <meta name="timeout" content="long"> + <meta http-equiv="Content-Security-Policy" content="script-src 'self' 'unsafe-inline'"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + [ + { + "expectation": "allowed", + "origin": "same-https", + "redirection": "keep-origin", + "source_context_list": [], + "source_scheme": "https", + "subresource": "sharedworker-import", + "subresource_policy_deliveries": [ + { + "deliveryType": "meta", + "key": "contentSecurityPolicy", + "value": 'script-src-self' + } + ], + "test_description": "Content Security Policy: Expects allowed for sharedworker-import to same-https origin and keep-origin redirection from https context." + }, + { + "expectation": "allowed", + "origin": "same-https", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "https", + "subresource": "sharedworker-import", + "subresource_policy_deliveries": [ + { + "deliveryType": "meta", + "key": "contentSecurityPolicy", + "value": 'script-src-self' + } + ], + "test_description": "Content Security Policy: Expects allowed for sharedworker-import to same-https origin and no-redirect redirection from https context." + }, + { + "expectation": "blocked", + "origin": "cross-https", + "redirection": "keep-origin", + "source_context_list": [], + "source_scheme": "https", + "subresource": "sharedworker-import", + "subresource_policy_deliveries": [ + { + "deliveryType": "meta", + "key": "contentSecurityPolicy", + "value": 'script-src-self' + } + ], + "test_description": "Content Security Policy: Expects blocked for sharedworker-import to cross-https origin and keep-origin redirection from https context." + }, + { + "expectation": "blocked", + "origin": "cross-https", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "https", + "subresource": "sharedworker-import", + "subresource_policy_deliveries": [ + { + "deliveryType": "meta", + "key": "contentSecurityPolicy", + "value": 'script-src-self' + } + ], + "test_description": "Content Security Policy: Expects blocked for sharedworker-import to cross-https origin and no-redirect redirection from https context." + }, + { + "expectation": "blocked", + "origin": "cross-https", + "redirection": "swap-origin", + "source_context_list": [], + "source_scheme": "https", + "subresource": "sharedworker-import", + "subresource_policy_deliveries": [ + { + "deliveryType": "meta", + "key": "contentSecurityPolicy", + "value": 'script-src-self' + } + ], + "test_description": "Content Security Policy: Expects blocked for sharedworker-import to cross-https origin and swap-origin redirection from https context." + }, + { + "expectation": "blocked", + "origin": "same-https", + "redirection": "swap-origin", + "source_context_list": [], + "source_scheme": "https", + "subresource": "sharedworker-import", + "subresource_policy_deliveries": [ + { + "deliveryType": "meta", + "key": "contentSecurityPolicy", + "value": 'script-src-self' + } + ], + "test_description": "Content Security Policy: Expects blocked for sharedworker-import to same-https origin and swap-origin redirection from https context." + } + ], + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/mozilla/tests/content-security-policy/gen/top.meta/script-src-self/worker-import.http.html b/testing/web-platform/mozilla/tests/content-security-policy/gen/top.meta/script-src-self/worker-import.http.html new file mode 100644 index 0000000000..68a610d994 --- /dev/null +++ b/testing/web-platform/mozilla/tests/content-security-policy/gen/top.meta/script-src-self/worker-import.http.html @@ -0,0 +1,119 @@ +<!DOCTYPE html> +<!-- this is edited. We need to update it so that it is correctly generated if this gets adopted --> +<html> + <head> + <meta charset="utf-8"> + <meta name="timeout" content="long"> + <meta http-equiv="Content-Security-Policy" content="script-src 'self' 'unsafe-inline'"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + [ + { + "expectation": "allowed", + "origin": "same-http", + "redirection": "keep-origin", + "source_context_list": [], + "source_scheme": "http", + "subresource": "worker-import", + "subresource_policy_deliveries": [ + { + "deliveryType": "meta", + "key": "contentSecurityPolicy", + "value": 'script-src-self' + } + ], + "test_description": "Content Security Policy: Expects allowed for worker-import to same-http origin and keep-origin redirection from http context." + }, + { + "expectation": "allowed", + "origin": "same-http", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "worker-import", + "subresource_policy_deliveries": [ + { + "deliveryType": "meta", + "key": "contentSecurityPolicy", + "value": 'script-src-self' + } + ], + "test_description": "Content Security Policy: Expects allowed for worker-import to same-http origin and no-redirect redirection from http context." + }, + { + "expectation": "blocked", + "origin": "cross-http", + "redirection": "keep-origin", + "source_context_list": [], + "source_scheme": "http", + "subresource": "worker-import", + "subresource_policy_deliveries": [ + { + "deliveryType": "meta", + "key": "contentSecurityPolicy", + "value": 'script-src-self' + } + ], + "test_description": "Content Security Policy: Expects blocked for worker-import to cross-http origin and keep-origin redirection from http context." + }, + { + "expectation": "blocked", + "origin": "cross-http", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "worker-import", + "subresource_policy_deliveries": [ + { + "deliveryType": "meta", + "key": "contentSecurityPolicy", + "value": 'script-src-self' + } + ], + "test_description": "Content Security Policy: Expects blocked for worker-import to cross-http origin and no-redirect redirection from http context." + }, + { + "expectation": "blocked", + "origin": "cross-http", + "redirection": "swap-origin", + "source_context_list": [], + "source_scheme": "http", + "subresource": "worker-import", + "subresource_policy_deliveries": [ + { + "deliveryType": "meta", + "key": "contentSecurityPolicy", + "value": 'script-src-self' + } + ], + "test_description": "Content Security Policy: Expects blocked for worker-import to cross-http origin and swap-origin redirection from http context." + }, + { + "expectation": "blocked", + "origin": "same-http", + "redirection": "swap-origin", + "source_context_list": [], + "source_scheme": "http", + "subresource": "worker-import", + "subresource_policy_deliveries": [ + { + "deliveryType": "meta", + "key": "contentSecurityPolicy", + "value": 'script-src-self' + } + ], + "test_description": "Content Security Policy: Expects blocked for worker-import to same-http origin and swap-origin redirection from http context." + } + ], + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/mozilla/tests/content-security-policy/gen/top.meta/script-src-self/worker-import.https.html b/testing/web-platform/mozilla/tests/content-security-policy/gen/top.meta/script-src-self/worker-import.https.html new file mode 100644 index 0000000000..829e6e2b90 --- /dev/null +++ b/testing/web-platform/mozilla/tests/content-security-policy/gen/top.meta/script-src-self/worker-import.https.html @@ -0,0 +1,119 @@ +<!DOCTYPE html> +<!-- this is edited. We need to update it so that it is correctly generated if this gets adopted --> +<html> + <head> + <meta charset="utf-8"> + <meta name="timeout" content="long"> + <meta http-equiv="Content-Security-Policy" content="script-src 'self' 'unsafe-inline'"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + [ + { + "expectation": "allowed", + "origin": "same-https", + "redirection": "keep-origin", + "source_context_list": [], + "source_scheme": "https", + "subresource": "worker-import", + "subresource_policy_deliveries": [ + { + "deliveryType": "meta", + "key": "contentSecurityPolicy", + "value": 'script-src-self' + } + ], + "test_description": "Content Security Policy: Expects allowed for worker-import to same-https origin and keep-origin redirection from https context." + }, + { + "expectation": "allowed", + "origin": "same-https", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "https", + "subresource": "worker-import", + "subresource_policy_deliveries": [ + { + "deliveryType": "meta", + "key": "contentSecurityPolicy", + "value": 'script-src-self' + } + ], + "test_description": "Content Security Policy: Expects allowed for worker-import to same-https origin and no-redirect redirection from https context." + }, + { + "expectation": "blocked", + "origin": "cross-https", + "redirection": "keep-origin", + "source_context_list": [], + "source_scheme": "https", + "subresource": "worker-import", + "subresource_policy_deliveries": [ + { + "deliveryType": "meta", + "key": "contentSecurityPolicy", + "value": 'script-src-self' + } + ], + "test_description": "Content Security Policy: Expects blocked for worker-import to cross-https origin and keep-origin redirection from https context." + }, + { + "expectation": "blocked", + "origin": "cross-https", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "https", + "subresource": "worker-import", + "subresource_policy_deliveries": [ + { + "deliveryType": "meta", + "key": "contentSecurityPolicy", + "value": 'script-src-self' + } + ], + "test_description": "Content Security Policy: Expects blocked for worker-import to cross-https origin and no-redirect redirection from https context." + }, + { + "expectation": "blocked", + "origin": "cross-https", + "redirection": "swap-origin", + "source_context_list": [], + "source_scheme": "https", + "subresource": "worker-import", + "subresource_policy_deliveries": [ + { + "deliveryType": "meta", + "key": "contentSecurityPolicy", + "value": 'script-src-self' + } + ], + "test_description": "Content Security Policy: Expects blocked for worker-import to cross-https origin and swap-origin redirection from https context." + }, + { + "expectation": "blocked", + "origin": "same-https", + "redirection": "swap-origin", + "source_context_list": [], + "source_scheme": "https", + "subresource": "worker-import", + "subresource_policy_deliveries": [ + { + "deliveryType": "meta", + "key": "contentSecurityPolicy", + "value": 'script-src-self' + } + ], + "test_description": "Content Security Policy: Expects blocked for worker-import to same-https origin and swap-origin redirection from https context." + } + ], + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/mozilla/tests/content-security-policy/gen/top.meta/worker-src-self/sharedworker-import.http.html b/testing/web-platform/mozilla/tests/content-security-policy/gen/top.meta/worker-src-self/sharedworker-import.http.html new file mode 100644 index 0000000000..4c6757c65f --- /dev/null +++ b/testing/web-platform/mozilla/tests/content-security-policy/gen/top.meta/worker-src-self/sharedworker-import.http.html @@ -0,0 +1,119 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec content-security-policy/` --> +<html> + <head> + <meta charset="utf-8"> + <meta name="timeout" content="long"> + <meta http-equiv="Content-Security-Policy" content="worker-src 'self'"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + [ + { + "expectation": "allowed", + "origin": "same-http", + "redirection": "keep-origin", + "source_context_list": [], + "source_scheme": "http", + "subresource": "sharedworker-import", + "subresource_policy_deliveries": [ + { + "deliveryType": "meta", + "key": "contentSecurityPolicy", + "value": 'worker-src-self' + } + ], + "test_description": "Content Security Policy: Expects allowed for sharedworker-import to same-http origin and keep-origin redirection from http context." + }, + { + "expectation": "allowed", + "origin": "same-http", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "sharedworker-import", + "subresource_policy_deliveries": [ + { + "deliveryType": "meta", + "key": "contentSecurityPolicy", + "value": 'worker-src-self' + } + ], + "test_description": "Content Security Policy: Expects allowed for sharedworker-import to same-http origin and no-redirect redirection from http context." + }, + { + "expectation": "blocked", + "origin": "cross-http", + "redirection": "keep-origin", + "source_context_list": [], + "source_scheme": "http", + "subresource": "sharedworker-import", + "subresource_policy_deliveries": [ + { + "deliveryType": "meta", + "key": "contentSecurityPolicy", + "value": 'worker-src-self' + } + ], + "test_description": "Content Security Policy: Expects blocked for sharedworker-import to cross-http origin and keep-origin redirection from http context." + }, + { + "expectation": "blocked", + "origin": "cross-http", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "sharedworker-import", + "subresource_policy_deliveries": [ + { + "deliveryType": "meta", + "key": "contentSecurityPolicy", + "value": 'worker-src-self' + } + ], + "test_description": "Content Security Policy: Expects blocked for sharedworker-import to cross-http origin and no-redirect redirection from http context." + }, + { + "expectation": "blocked", + "origin": "cross-http", + "redirection": "swap-origin", + "source_context_list": [], + "source_scheme": "http", + "subresource": "sharedworker-import", + "subresource_policy_deliveries": [ + { + "deliveryType": "meta", + "key": "contentSecurityPolicy", + "value": 'worker-src-self' + } + ], + "test_description": "Content Security Policy: Expects blocked for sharedworker-import to cross-http origin and swap-origin redirection from http context." + }, + { + "expectation": "blocked", + "origin": "same-http", + "redirection": "swap-origin", + "source_context_list": [], + "source_scheme": "http", + "subresource": "sharedworker-import", + "subresource_policy_deliveries": [ + { + "deliveryType": "meta", + "key": "contentSecurityPolicy", + "value": 'worker-src-self' + } + ], + "test_description": "Content Security Policy: Expects blocked for sharedworker-import to same-http origin and swap-origin redirection from http context." + } + ], + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/mozilla/tests/content-security-policy/gen/top.meta/worker-src-self/sharedworker-import.https.html b/testing/web-platform/mozilla/tests/content-security-policy/gen/top.meta/worker-src-self/sharedworker-import.https.html new file mode 100644 index 0000000000..2655a33036 --- /dev/null +++ b/testing/web-platform/mozilla/tests/content-security-policy/gen/top.meta/worker-src-self/sharedworker-import.https.html @@ -0,0 +1,119 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec content-security-policy/` --> +<html> + <head> + <meta charset="utf-8"> + <meta name="timeout" content="long"> + <meta http-equiv="Content-Security-Policy" content="worker-src 'self'"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + [ + { + "expectation": "allowed", + "origin": "same-https", + "redirection": "keep-origin", + "source_context_list": [], + "source_scheme": "https", + "subresource": "sharedworker-import", + "subresource_policy_deliveries": [ + { + "deliveryType": "meta", + "key": "contentSecurityPolicy", + "value": 'worker-src-self' + } + ], + "test_description": "Content Security Policy: Expects allowed for sharedworker-import to same-https origin and keep-origin redirection from https context." + }, + { + "expectation": "allowed", + "origin": "same-https", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "https", + "subresource": "sharedworker-import", + "subresource_policy_deliveries": [ + { + "deliveryType": "meta", + "key": "contentSecurityPolicy", + "value": 'worker-src-self' + } + ], + "test_description": "Content Security Policy: Expects allowed for sharedworker-import to same-https origin and no-redirect redirection from https context." + }, + { + "expectation": "blocked", + "origin": "cross-https", + "redirection": "keep-origin", + "source_context_list": [], + "source_scheme": "https", + "subresource": "sharedworker-import", + "subresource_policy_deliveries": [ + { + "deliveryType": "meta", + "key": "contentSecurityPolicy", + "value": 'worker-src-self' + } + ], + "test_description": "Content Security Policy: Expects blocked for sharedworker-import to cross-https origin and keep-origin redirection from https context." + }, + { + "expectation": "blocked", + "origin": "cross-https", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "https", + "subresource": "sharedworker-import", + "subresource_policy_deliveries": [ + { + "deliveryType": "meta", + "key": "contentSecurityPolicy", + "value": 'worker-src-self' + } + ], + "test_description": "Content Security Policy: Expects blocked for sharedworker-import to cross-https origin and no-redirect redirection from https context." + }, + { + "expectation": "blocked", + "origin": "cross-https", + "redirection": "swap-origin", + "source_context_list": [], + "source_scheme": "https", + "subresource": "sharedworker-import", + "subresource_policy_deliveries": [ + { + "deliveryType": "meta", + "key": "contentSecurityPolicy", + "value": 'worker-src-self' + } + ], + "test_description": "Content Security Policy: Expects blocked for sharedworker-import to cross-https origin and swap-origin redirection from https context." + }, + { + "expectation": "blocked", + "origin": "same-https", + "redirection": "swap-origin", + "source_context_list": [], + "source_scheme": "https", + "subresource": "sharedworker-import", + "subresource_policy_deliveries": [ + { + "deliveryType": "meta", + "key": "contentSecurityPolicy", + "value": 'worker-src-self' + } + ], + "test_description": "Content Security Policy: Expects blocked for sharedworker-import to same-https origin and swap-origin redirection from https context." + } + ], + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/mozilla/tests/content-security-policy/gen/top.meta/worker-src-self/worker-import.http.html b/testing/web-platform/mozilla/tests/content-security-policy/gen/top.meta/worker-src-self/worker-import.http.html new file mode 100644 index 0000000000..281987acfe --- /dev/null +++ b/testing/web-platform/mozilla/tests/content-security-policy/gen/top.meta/worker-src-self/worker-import.http.html @@ -0,0 +1,119 @@ +<!DOCTYPE html> +<!-- this is edited. We need to update it so that it is correctly generated if this gets adopted --> +<html> + <head> + <meta charset="utf-8"> + <meta name="timeout" content="long"> + <meta http-equiv="Content-Security-Policy" content="worker-src 'self'"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + [ + { + "expectation": "allowed", + "origin": "same-http", + "redirection": "keep-origin", + "source_context_list": [], + "source_scheme": "http", + "subresource": "worker-import", + "subresource_policy_deliveries": [ + { + "deliveryType": "meta", + "key": "contentSecurityPolicy", + "value": 'worker-src-self' + } + ], + "test_description": "Content Security Policy: Expects allowed for worker-import to same-http origin and keep-origin redirection from http context." + }, + { + "expectation": "allowed", + "origin": "same-http", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "worker-import", + "subresource_policy_deliveries": [ + { + "deliveryType": "meta", + "key": "contentSecurityPolicy", + "value": 'worker-src-self' + } + ], + "test_description": "Content Security Policy: Expects allowed for worker-import to same-http origin and no-redirect redirection from http context." + }, + { + "expectation": "blocked", + "origin": "cross-http", + "redirection": "keep-origin", + "source_context_list": [], + "source_scheme": "http", + "subresource": "worker-import", + "subresource_policy_deliveries": [ + { + "deliveryType": "meta", + "key": "contentSecurityPolicy", + "value": 'worker-src-self' + } + ], + "test_description": "Content Security Policy: Expects blocked for worker-import to cross-http origin and keep-origin redirection from http context." + }, + { + "expectation": "blocked", + "origin": "cross-http", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "http", + "subresource": "worker-import", + "subresource_policy_deliveries": [ + { + "deliveryType": "meta", + "key": "contentSecurityPolicy", + "value": 'worker-src-self' + } + ], + "test_description": "Content Security Policy: Expects blocked for worker-import to cross-http origin and no-redirect redirection from http context." + }, + { + "expectation": "blocked", + "origin": "cross-http", + "redirection": "swap-origin", + "source_context_list": [], + "source_scheme": "http", + "subresource": "worker-import", + "subresource_policy_deliveries": [ + { + "deliveryType": "meta", + "key": "contentSecurityPolicy", + "value": 'worker-src-self' + } + ], + "test_description": "Content Security Policy: Expects blocked for worker-import to cross-http origin and swap-origin redirection from http context." + }, + { + "expectation": "blocked", + "origin": "same-http", + "redirection": "swap-origin", + "source_context_list": [], + "source_scheme": "http", + "subresource": "worker-import", + "subresource_policy_deliveries": [ + { + "deliveryType": "meta", + "key": "contentSecurityPolicy", + "value": 'worker-src-self' + } + ], + "test_description": "Content Security Policy: Expects blocked for worker-import to same-http origin and swap-origin redirection from http context." + } + ], + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/mozilla/tests/content-security-policy/gen/top.meta/worker-src-self/worker-import.https.html b/testing/web-platform/mozilla/tests/content-security-policy/gen/top.meta/worker-src-self/worker-import.https.html new file mode 100644 index 0000000000..4654856ada --- /dev/null +++ b/testing/web-platform/mozilla/tests/content-security-policy/gen/top.meta/worker-src-self/worker-import.https.html @@ -0,0 +1,119 @@ +<!DOCTYPE html> +<!-- this is edited. We need to update it so that it is correctly generated if this gets adopted --> +<html> + <head> + <meta charset="utf-8"> + <meta name="timeout" content="long"> + <meta http-equiv="Content-Security-Policy" content="worker-src 'self'"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/common/security-features/resources/common.sub.js"></script> + <script src="../../../generic/test-case.sub.js"></script> + </head> + <body> + <script> + TestCase( + [ + { + "expectation": "allowed", + "origin": "same-https", + "redirection": "keep-origin", + "source_context_list": [], + "source_scheme": "https", + "subresource": "worker-import", + "subresource_policy_deliveries": [ + { + "deliveryType": "meta", + "key": "contentSecurityPolicy", + "value": 'worker-src-self' + } + ], + "test_description": "Content Security Policy: Expects allowed for worker-import to same-https origin and keep-origin redirection from https context." + }, + { + "expectation": "allowed", + "origin": "same-https", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "https", + "subresource": "worker-import", + "subresource_policy_deliveries": [ + { + "deliveryType": "meta", + "key": "contentSecurityPolicy", + "value": 'worker-src-self' + } + ], + "test_description": "Content Security Policy: Expects allowed for worker-import to same-https origin and no-redirect redirection from https context." + }, + { + "expectation": "blocked", + "origin": "cross-https", + "redirection": "keep-origin", + "source_context_list": [], + "source_scheme": "https", + "subresource": "worker-import", + "subresource_policy_deliveries": [ + { + "deliveryType": "meta", + "key": "contentSecurityPolicy", + "value": 'worker-src-self' + } + ], + "test_description": "Content Security Policy: Expects blocked for worker-import to cross-https origin and keep-origin redirection from https context." + }, + { + "expectation": "blocked", + "origin": "cross-https", + "redirection": "no-redirect", + "source_context_list": [], + "source_scheme": "https", + "subresource": "worker-import", + "subresource_policy_deliveries": [ + { + "deliveryType": "meta", + "key": "contentSecurityPolicy", + "value": 'worker-src-self' + } + ], + "test_description": "Content Security Policy: Expects blocked for worker-import to cross-https origin and no-redirect redirection from https context." + }, + { + "expectation": "blocked", + "origin": "cross-https", + "redirection": "swap-origin", + "source_context_list": [], + "source_scheme": "https", + "subresource": "worker-import", + "subresource_policy_deliveries": [ + { + "deliveryType": "meta", + "key": "contentSecurityPolicy", + "value": 'worker-src-self' + } + ], + "test_description": "Content Security Policy: Expects blocked for worker-import to cross-https origin and swap-origin redirection from https context." + }, + { + "expectation": "blocked", + "origin": "same-https", + "redirection": "swap-origin", + "source_context_list": [], + "source_scheme": "https", + "subresource": "worker-import", + "subresource_policy_deliveries": [ + { + "deliveryType": "meta", + "key": "contentSecurityPolicy", + "value": 'worker-src-self' + } + ], + "test_description": "Content Security Policy: Expects blocked for worker-import to same-https origin and swap-origin redirection from https context." + } + ], + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/mozilla/tests/content-security-policy/generic/test-case.sub.js b/testing/web-platform/mozilla/tests/content-security-policy/generic/test-case.sub.js new file mode 100644 index 0000000000..d9a6494dd3 --- /dev/null +++ b/testing/web-platform/mozilla/tests/content-security-policy/generic/test-case.sub.js @@ -0,0 +1,98 @@ +function TestCase(scenarios, sanityChecker) { + function runTest(scenario) { + sanityChecker.checkScenario(scenario, subresourceMap); + + const urls = getRequestURLs(scenario.subresource, + scenario.origin, + scenario.redirection); + + /** @type {Subresource} */ + const subresource = { + subresourceType: scenario.subresource, + url: urls.testUrl, + policyDeliveries: scenario.subresource_policy_deliveries, + }; + + let violationEventResolve; + // Resolved with an array of securitypolicyviolation events. + const violationEventPromise = new Promise(resolve => { + violationEventResolve = resolve; + }); + + promise_test(async t => { + await xhrRequest(urls.announceUrl); + + // Currently only requests from top-level Documents are tested + // (specified by `spec.src.json`) and thus securitypolicyviolation + // events are assumed to be fired on the top-level Document here. + // When adding non-top-level Document tests, securitypolicyviolation + // events should be caught in appropriate contexts. + const violationEvents = []; + const listener = e => { violationEvents.push(e); }; + document.addEventListener('securitypolicyviolation', listener); + + try { + // Send out the real resource request. + // This should tear down the key if it's not blocked. + const mainPromise = invokeRequest(subresource, scenario.source_context_list); + if (scenario.expectation === 'allowed') { + await mainPromise; + } else { + await mainPromise + .then(t.unreached_func('main promise resolved unexpectedly')) + .catch(_ => {}); + } + } finally { + // Always perform post-processing/clean up for + // 'securitypolicyviolation' events and resolve + // `violationEventPromise`, to prevent timeout of the + // promise_test() below. + + // securitypolicyviolation events are fired in a queued task in + // https://w3c.github.io/webappsec-csp/#report-violation + // so wait for queued tasks to run using setTimeout(). + let timeout = 0; + if (scenario.subresource.startsWith('worklet-') && + navigator.userAgent.includes("Firefox/")) { + // https://bugzilla.mozilla.org/show_bug.cgi?id=1808911 + // In Firefox sometimes violations from Worklets are delayed. + timeout = 10; + } + await new Promise(resolve => setTimeout(resolve, timeout)); + + // Pass violation events to `violationEventPromise` (which will be tested + // in the subsequent promise_test()) and clean up the listener. + violationEventResolve(violationEvents); + document.removeEventListener('securitypolicyviolation', listener); + } + + // Send request to check if the key has been torn down. + const assertResult = await xhrRequest(urls.assertUrl); + + // Now check if the value has been torn down. If it's still there, + // we have blocked the request by content security policy. + assert_equals(assertResult.status, scenario.expectation, + "The resource request should be '" + scenario.expectation + "'."); + + }, scenario.test_description); + + promise_test(async _ => { + const violationEvents = await violationEventPromise; + if (scenario.expectation === 'allowed') { + assert_array_equals(violationEvents, [], + 'no violation events should be fired'); + } else { + assert_equals(violationEvents.length, 1, + 'One violation event should be fired'); + } + }, scenario.test_description + ": securitypolicyviolation"); + } // runTest + + function runTests() { + for (const scenario of scenarios) { + runTest(scenario); + } + } + + return {start: runTests}; +} |