diff options
Diffstat (limited to '')
-rw-r--r-- | dom/security/test/csp/mochitest.toml | 821 |
1 files changed, 821 insertions, 0 deletions
diff --git a/dom/security/test/csp/mochitest.toml b/dom/security/test/csp/mochitest.toml new file mode 100644 index 0000000000..8d8c6c31f5 --- /dev/null +++ b/dom/security/test/csp/mochitest.toml @@ -0,0 +1,821 @@ +[DEFAULT] +support-files = [ + "file_base_uri_server.sjs", + "file_blob_data_schemes.html", + "file_blob_uri_blocks_modals.html", + "file_blob_uri_blocks_modals.html^headers^", + "file_blob_top_nav_block_modals.html", + "file_blob_top_nav_block_modals.html^headers^", + "file_connect-src.html", + "file_connect-src-fetch.html", + "file_CSP.css", + "file_CSP.sjs", + "file_dummy_pixel.png", + "file_allow_https_schemes.html", + "file_bug663567.xsl", + "file_bug663567_allows.xml", + "file_bug663567_allows.xml^headers^", + "file_bug663567_blocks.xml", + "file_bug663567_blocks.xml^headers^", + "file_bug802872.html", + "file_bug802872.html^headers^", + "file_bug802872.js", + "file_bug802872.sjs", + "file_bug885433_allows.html", + "file_bug885433_allows.html^headers^", + "file_bug885433_blocks.html", + "file_bug885433_blocks.html^headers^", + "file_bug888172.html", + "file_bug888172.sjs", + "file_evalscript_main.js", + "file_evalscript_main_allowed.js", + "file_evalscript_main.html", + "file_evalscript_main.html^headers^", + "file_evalscript_main_allowed.html", + "file_evalscript_main_allowed.html^headers^", + "file_frameancestors_main.html", + "file_frameancestors_main.js", + "file_frameancestors.sjs", + "file_frameancestors_userpass.html", + "file_frameancestors_userpass_frame_a.html", + "file_frameancestors_userpass_frame_b.html", + "file_frameancestors_userpass_frame_c.html", + "file_frameancestors_userpass_frame_c.html^headers^", + "file_frameancestors_userpass_frame_d.html", + "file_frameancestors_userpass_frame_d.html^headers^", + "file_inlinescript.html", + "file_inlinestyle_main.html", + "file_inlinestyle_main.html^headers^", + "file_inlinestyle_main_allowed.html", + "file_inlinestyle_main_allowed.html^headers^", + "file_invalid_source_expression.html", + "file_main.html", + "file_main.html^headers^", + "file_main.js", + "file_web_manifest.html", + "file_web_manifest_remote.html", + "file_web_manifest_https.html", + "file_web_manifest.json", + "file_web_manifest.json^headers^", + "file_web_manifest_https.json", + "file_web_manifest_mixed_content.html", + "file_bug836922_npolicies.html", + "file_bug836922_npolicies.html^headers^", + "file_bug836922_npolicies_ro_violation.sjs", + "file_bug836922_npolicies_violation.sjs", + "file_bug886164.html", + "file_bug886164.html^headers^", + "file_bug886164_2.html", + "file_bug886164_2.html^headers^", + "file_bug886164_3.html", + "file_bug886164_3.html^headers^", + "file_bug886164_4.html", + "file_bug886164_4.html^headers^", + "file_bug886164_5.html", + "file_bug886164_5.html^headers^", + "file_bug886164_6.html", + "file_bug886164_6.html^headers^", + "file_redirects_main.html", + "file_redirects_page.sjs", + "file_redirects_resource.sjs", + "file_bug910139.sjs", + "file_bug910139.xml", + "file_bug910139.xsl", + "file_bug909029_star.html", + "file_bug909029_star.html^headers^", + "file_bug909029_none.html", + "file_bug909029_none.html^headers^", + "file_bug1229639.html", + "file_bug1229639.html^headers^", + "file_bug1312272.html", + "file_bug1312272.js", + "file_bug1312272.html^headers^", + "file_bug1452037.html", + "file_bug1505412.sjs", + "file_bug1505412_reporter.sjs", + "file_bug1505412_frame.html", + "file_bug1505412_frame.html^headers^", + "file_policyuri_regression_from_multipolicy.html", + "file_policyuri_regression_from_multipolicy.html^headers^", + "file_policyuri_regression_from_multipolicy_policy", + "file_nonce_source.html", + "file_nonce_source.html^headers^", + "file_nonce_redirects.html", + "file_nonce_redirector.sjs", + "file_bug941404.html", + "file_bug941404_xhr.html", + "file_bug941404_xhr.html^headers^", + "file_frame_ancestors_ro.html", + "file_frame_ancestors_ro.html^headers^", + "file_hash_source.html", + "file_dual_header_testserver.sjs", + "file_hash_source.html^headers^", + "file_scheme_relative_sources.js", + "file_scheme_relative_sources.sjs", + "file_ignore_unsafe_inline.html", + "file_ignore_unsafe_inline_multiple_policies_server.sjs", + "file_self_none_as_hostname_confusion.html", + "file_self_none_as_hostname_confusion.html^headers^", + "file_empty_directive.html", + "file_empty_directive.html^headers^", + "file_path_matching.html", + "file_path_matching_incl_query.html", + "file_path_matching.js", + "file_path_matching_redirect.html", + "file_path_matching_redirect_server.sjs", + "file_testserver.sjs", + "file_report_uri_missing_in_report_only_header.html", + "file_report_uri_missing_in_report_only_header.html^headers^", + "file_report.html", + "file_report_chromescript.js", + "file_redirect_content.sjs", + "file_redirect_report.sjs", + "file_subframe_run_js_if_allowed.html", + "file_subframe_run_js_if_allowed.html^headers^", + "file_leading_wildcard.html", + "file_multi_policy_injection_bypass.html", + "file_multi_policy_injection_bypass.html^headers^", + "file_multi_policy_injection_bypass_2.html", + "file_multi_policy_injection_bypass_2.html^headers^", + "file_null_baseuri.html", + "file_form-action.html", + "referrerdirective.sjs", + "file_upgrade_insecure.html", + "file_upgrade_insecure_meta.html", + "file_upgrade_insecure_server.sjs", + "file_upgrade_insecure_wsh.py", + "file_upgrade_insecure_reporting.html", + "file_upgrade_insecure_reporting_server.sjs", + "file_upgrade_insecure_cors.html", + "file_upgrade_insecure_cors_server.sjs", + "file_upgrade_insecure_loopback.html", + "file_upgrade_insecure_loopback_form.html", + "file_upgrade_insecure_loopback_server.sjs", + "file_report_for_import.css", + "file_report_for_import.html", + "file_report_for_import_server.sjs", + "file_service_worker.html", + "file_service_worker.js", + "file_child-src_iframe.html", + "file_child-src_inner_frame.html", + "file_child-src_worker.html", + "file_child-src_worker_data.html", + "file_child-src_worker-redirect.html", + "file_child-src_worker.js", + "file_child-src_service_worker.html", + "file_child-src_service_worker.js", + "file_child-src_shared_worker.html", + "file_child-src_shared_worker_data.html", + "file_child-src_shared_worker-redirect.html", + "file_child-src_shared_worker.js", + "file_redirect_worker.sjs", + "file_meta_element.html", + "file_meta_header_dual.sjs", + "file_docwrite_meta.html", + "file_doccomment_meta.html", + "file_docwrite_meta.css", + "file_docwrite_meta.js", + "file_multipart_testserver.sjs", + "file_fontloader.sjs", + "file_fontloader.woff", + "file_block_all_mcb.sjs", + "file_block_all_mixed_content_frame_navigation1.html", + "file_block_all_mixed_content_frame_navigation2.html", + "file_form_action_server.sjs", + "!/image/test/mochitest/blue.png", + "file_meta_whitespace_skipping.html", + "file_ping.html", + "test_iframe_sandbox_top_1.html^headers^", + "file_iframe_sandbox_document_write.html", + "file_sandbox_pass.js", + "file_sandbox_fail.js", + "file_sandbox_1.html", + "file_sandbox_2.html", + "file_sandbox_3.html", + "file_sandbox_4.html", + "file_sandbox_5.html", + "file_sandbox_6.html", + "file_sandbox_7.html", + "file_sandbox_8.html", + "file_sandbox_9.html", + "file_sandbox_10.html", + "file_sandbox_11.html", + "file_sandbox_12.html", + "file_sandbox_13.html", + "file_sendbeacon.html", + "file_upgrade_insecure_docwrite_iframe.sjs", + "file_data-uri_blocked.html", + "file_data-uri_blocked.html^headers^", + "file_strict_dynamic_js_url.html", + "file_strict_dynamic_script_events.html", + "file_strict_dynamic_script_events_marquee.html", + "file_strict_dynamic_script_inline.html", + "file_strict_dynamic_script_extern.html", + "file_strict_dynamic.js", + "file_strict_dynamic_parser_inserted_doc_write.html", + "file_strict_dynamic_parser_inserted_doc_write_correct_nonce.html", + "file_strict_dynamic_non_parser_inserted.html", + "file_strict_dynamic_non_parser_inserted_inline.html", + "file_strict_dynamic_unsafe_eval.html", + "file_strict_dynamic_default_src.html", + "file_strict_dynamic_default_src.js", + "file_upgrade_insecure_navigation.sjs", + "file_punycode_host_src.sjs", + "file_punycode_host_src.js", + "file_iframe_srcdoc.sjs", + "file_iframe_sandbox_srcdoc.html", + "file_iframe_sandbox_srcdoc.html^headers^", + "file_websocket_self.html", + "file_websocket_csp_upgrade.html", + "file_websocket_explicit.html", + "file_websocket_self_wsh.py", + "file_win_open_blocked.html", + "file_image_nonce.html", + "file_image_nonce.html^headers^", + "file_ignore_xfo.html", + "file_ignore_xfo.html^headers^", + "file_ro_ignore_xfo.html", + "file_ro_ignore_xfo.html^headers^", + "file_no_log_ignore_xfo.html", + "file_no_log_ignore_xfo.html^headers^", + "file_data_csp_inheritance.html", + "file_data_csp_merge.html", + "file_data_doc_ignore_meta_csp.html", + "file_report_font_cache-1.html", + "file_report_font_cache-2.html", + "file_report_font_cache-2.html^headers^", + "Ahem.ttf", + "file_independent_iframe_csp.html", + "file_upgrade_insecure_report_only.html", + "file_upgrade_insecure_report_only_server.sjs", +] +prefs = [ + "security.mixed_content.upgrade_display_content=false", + "javascript.options.experimental.shadow_realms=true", +] + +["test_301_redirect.html"] +skip-if = [ + "http3", + "http2", +] + +["test_302_redirect.html"] +skip-if = [ + "http3", + "http2", +] + +["test_303_redirect.html"] +skip-if = [ + "http3", + "http2", +] + +["test_307_redirect.html"] +skip-if = [ + "http3", + "http2", +] + +["test_CSP.html"] +skip-if = [ + "http3", + "http2", +] + +["test_allow_https_schemes.html"] + +["test_base-uri.html"] +skip-if = [ + "http3", + "http2", +] + +["test_blob_data_schemes.html"] + +["test_blob_uri_blocks_modals.html"] +skip-if = [ + "xorigin", + "os == 'linux'", + "asan", # alert should be blocked by CSP - got false, expected true + "tsan", # alert should be blocked by CSP - got false, expected true + "http3", + "http2", +] + +["test_block_all_mixed_content.html"] +tags = "mcb" + +["test_block_all_mixed_content_frame_navigation.html"] +tags = "mcb" +skip-if = [ + "http3", + "http2", +] + +["test_blocked_uri_in_reports.html"] +skip-if = [ + "http3", + "http2", +] + +["test_blocked_uri_in_violation_event_after_redirects.html"] +support-files = [ + "file_blocked_uri_in_violation_event_after_redirects.html", + "file_blocked_uri_in_violation_event_after_redirects.sjs", +] +skip-if = [ + "http3", + "http2", +] + +["test_blocked_uri_redirect_frame_src.html"] +support-files = [ + "file_blocked_uri_redirect_frame_src.html", + "file_blocked_uri_redirect_frame_src.html^headers^", + "file_blocked_uri_redirect_frame_src_server.sjs", +] +skip-if = [ + "http3", + "http2", +] + +["test_bug663567.html"] +skip-if = ["fission && xorigin && debug && os == 'win'"] # Bug 1716406 - New fission platform triage + +["test_bug802872.html"] +skip-if = [ + "http3", + "http2", +] + +["test_bug836922_npolicies.html"] +skip-if = [ + "verify", + "http3", + "http2", +] + +["test_bug885433.html"] + +["test_bug886164.html"] + +["test_bug888172.html"] + +["test_bug909029.html"] + +["test_bug910139.html"] +skip-if = ["verify"] + +["test_bug941404.html"] + +["test_bug1229639.html"] +skip-if = [ + "http3", + "http2", +] + +["test_bug1242019.html"] +skip-if = [ + "http3", + "http2", +] + +["test_bug1312272.html"] + +["test_bug1452037.html"] + +["test_bug1505412.html"] +skip-if = ["!debug"] + +["test_bug1579094.html"] + +["test_bug1738418.html"] +support-files = [ + "file_bug1738418_parent.html", + "file_bug1738418_parent.html^headers^", + "file_bug1738418_child.html", +] + +["test_bug1764343.html"] +support-files = [ + "file_bug1764343.html", +] + +["test_bug1777572.html"] +support-files = ["file_bug1777572.html"] +skip-if = ["os == 'android'"] # This unusual window.close/open test times out on Android. + +["test_child-src_iframe.html"] +skip-if = [ + "http3", + "http2", +] + +["test_child-src_worker-redirect.html"] +skip-if = [ + "http3", + "http2", +] + +["test_child-src_worker.html"] +skip-if = [ + "http3", + "http2", +] + +["test_child-src_worker_data.html"] +skip-if = [ + "http3", + "http2", +] + +["test_connect-src.html"] + +["test_csp_frame_ancestors_about_blank.html"] +support-files = [ + "file_csp_frame_ancestors_about_blank.html", + "file_csp_frame_ancestors_about_blank.html^headers^", +] + +["test_csp_style_src_empty_hash.html"] + +["test_csp_worker_inheritance.html"] +support-files = [ + "worker.sjs", + "worker_helper.js", + "main_csp_worker.html", + "main_csp_worker.html^headers^", +] +skip-if = [ + "http3", + "http2", +] + +["test_data_csp_inheritance.html"] + +["test_data_csp_merge.html"] + +["test_data_doc_ignore_meta_csp.html"] + +["test_docwrite_meta.html"] + +["test_dual_header.html"] + +["test_empty_directive.html"] + +["test_evalscript.html"] + +["test_evalscript_allowed_by_strict_dynamic.html"] + +["test_evalscript_blocked_by_strict_dynamic.html"] + +["test_fontloader.html"] + +["test_form-action.html"] + +["test_form_action_blocks_url.html"] + +["test_frame_ancestors_ro.html"] +skip-if = [ + "http3", + "http2", +] + +["test_frame_src.html"] +support-files = [ + "file_frame_src_frame_governs.html", + "file_frame_src_child_governs.html", + "file_frame_src.js", + "file_frame_src_inner.html", +] +skip-if = [ + "http3", + "http2", +] + +["test_frameancestors.html"] +skip-if = [ + "xorigin", # JavaScript error: http://mochi.xorigin-test:8888/tests/SimpleTest/TestRunner.js, line 157: SecurityError: Permission denied to access property "wrappedJSObject" on cross-origin object + "http3", + "http2", +] + +["test_frameancestors_userpass.html"] +skip-if = [ + "http3", + "http2", +] + +["test_hash_source.html"] +skip-if = ["fission && xorigin && debug"] # Bug 1716406 - New fission platform triage + +["test_iframe_sandbox.html"] +skip-if = [ + "fission && xorigin && debug && (os == 'win' || os == 'linux')", # Bug 1716406 - New fission platform triage + "http3", + "http2", +] + +["test_iframe_sandbox_srcdoc.html"] +skip-if = ["fission && xorigin && debug && os == 'win'"] # Bug 1716406 - New fission platform triage + +["test_iframe_sandbox_top_1.html"] + +["test_iframe_srcdoc.html"] + +["test_ignore_unsafe_inline.html"] +skip-if = ["xorigin"] # JavaScript error: http://mochi.xorigin-test:8888/tests/SimpleTest/TestRunner.js, line 157: SecurityError: Permission denied to access property "wrappedJSObject" on cross-origin object, [Child 3789, Main Thread] WARNING: NS_ENSURE_TRUE(request) failed: file /builds/worker/checkouts/gecko/netwerk/base/nsLoadGroup.cpp, line 591 + +["test_ignore_xfo.html"] +skip-if = [ + "xorigin", # JavaScript error: http://mochi.xorigin-test:8888/tests/SimpleTest/TestRunner.js, line 157: SecurityError: Permission denied to access property "wrappedJSObject" on cross-origin object + "http3", + "http2", +] + +["test_image_document.html"] +support-files = [ + "file_image_document_pixel.png", + "file_image_document_pixel.png^headers^", +] + +["test_image_nonce.html"] + +["test_independent_iframe_csp.html"] + +["test_inlinescript.html"] + +["test_inlinestyle.html"] + +["test_invalid_source_expression.html"] + +["test_leading_wildcard.html"] +skip-if = [ + "http3", + "http2", +] + +["test_link_rel_preload.html"] +support-files = ["file_link_rel_preload.html"] + +["test_meta_csp_self.html"] + +["test_meta_element.html"] + +["test_meta_header_dual.html"] + +["test_meta_whitespace_skipping.html"] + +["test_multi_policy_injection_bypass.html"] + +["test_multipartchannel.html"] +skip-if = [ + "http3", + "http2", +] + +["test_nonce_redirects.html"] + +["test_nonce_snapshot.html"] +support-files = ["file_nonce_snapshot.sjs"] + +["test_nonce_source.html"] +skip-if = [ + "http3", + "http2", +] + +["test_null_baseuri.html"] +skip-if = [ + "http3", + "http2", +] + +["test_object_inherit.html"] +support-files = ["file_object_inherit.html"] + +["test_parent_location_js.html"] +support-files = [ + "file_parent_location_js.html", + "file_iframe_parent_location_js.html", +] + +["test_path_matching.html"] +skip-if = [ + "http3", + "http2", +] + +["test_path_matching_redirect.html"] +skip-if = [ + "http3", + "http2", +] + +["test_ping.html"] +skip-if = [ + "http3", + "http2", +] + +["test_policyuri_regression_from_multipolicy.html"] + +["test_punycode_host_src.html"] +skip-if = [ + "http3", + "http2", +] + +["test_redirects.html"] +skip-if = [ + "http3", + "http2", +] + +["test_report.html"] +fail-if = ["xorigin"] +skip-if = [ + "http3", + "http2", +] + +["test_report_font_cache.html"] +skip-if = [ + "http3", + "http2", +] + +["test_report_for_import.html"] +fail-if = ["xorigin"] +skip-if = [ + "http3", + "http2", +] + +["test_report_uri_missing_in_report_only_header.html"] + +["test_sandbox.html"] +skip-if = ["true"] # Bug 1657934 + +["test_sandbox_allow_scripts.html"] +support-files = [ + "file_sandbox_allow_scripts.html", + "file_sandbox_allow_scripts.html^headers^", +] + +["test_scheme_relative_sources.html"] +skip-if = [ + "http3", + "http2", +] + +["test_script_template.html"] +support-files = [ + "file_script_template.html", + "file_script_template.js", +] + +["test_security_policy_violation_event.html"] + +["test_self_none_as_hostname_confusion.html"] + +["test_sendbeacon.html"] + +["test_service_worker.html"] + +["test_strict_dynamic.html"] +skip-if = [ + "http3", + "http2", +] + +["test_strict_dynamic_default_src.html"] +skip-if = [ + "http3", + "http2", +] + +["test_strict_dynamic_parser_inserted.html"] +skip-if = [ + "http3", + "http2", +] + +["test_subframe_run_js_if_allowed.html"] + +["test_svg_inline_style.html"] +support-files = [ + "file_svg_inline_style_base.html", + "file_svg_inline_style_csp.html", + "file_svg_srcset_inline_style_base.html", + "file_svg_srcset_inline_style_csp.html", + "file_svg_inline_style_server.sjs", +] + +["test_uir_top_nav.html"] +support-files = [ + "file_uir_top_nav.html", + "file_uir_top_nav_dummy.html", +] +skip-if = [ + "http3", + "http2", +] + +["test_uir_windowwatcher.html"] +support-files = [ + "file_windowwatcher_frameA.html", + "file_windowwatcher_subframeB.html", + "file_windowwatcher_subframeC.html", + "file_windowwatcher_subframeD.html", + "file_windowwatcher_win_open.html", +] +skip-if = [ + "http3", + "http2", +] + +["test_upgrade_insecure.html"] +skip-if = [ + "os == 'linux' && bits == 64", # Bug 1620516 + "os == 'android'", # Bug 1777028 +] + +["test_upgrade_insecure_cors.html"] +skip-if = [ + "http3", + "http2", +] + +["test_upgrade_insecure_docwrite_iframe.html"] + +["test_upgrade_insecure_loopback.html"] + +["test_upgrade_insecure_navigation.html"] +skip-if = [ + "http3", + "http2", +] + +["test_upgrade_insecure_navigation_redirect.html"] +support-files = [ + "file_upgrade_insecure_navigation_redirect.sjs", + "file_upgrade_insecure_navigation_redirect_same_origin.html", + "file_upgrade_insecure_navigation_redirect_cross_origin.html", +] +skip-if = [ + "http3", + "http2", +] + +["test_upgrade_insecure_report_only.html"] +skip-if = [ + "http3", + "http2", +] + +["test_upgrade_insecure_reporting.html"] +skip-if = [ + "http3", + "http2", +] + +["test_websocket_localhost.html"] +skip-if = [ + "os == 'android'", # no websocket support Bug 982828 + "http3", + "http2", +] + +["test_websocket_self.html"] +skip-if = [ + "os == 'android'", # no websocket support Bug 982828 + "http3", + "http2", +] + +["test_win_open_blocked.html"] + +["test_worker_src.html"] +support-files = [ + "file_worker_src_worker_governs.html", + "file_worker_src_child_governs.html", + "file_worker_src_script_governs.html", + "file_worker_src.js", + "file_spawn_worker.js", + "file_spawn_shared_worker.js", + "file_spawn_service_worker.js", +] +skip-if = [ + "http3", + "http2", +] + +["test_xslt_inherits_csp.html"] +support-files = [ + "file_xslt_inherits_csp.xml", + "file_xslt_inherits_csp.xml^headers^", + "file_xslt_inherits_csp.xsl", +] |