summaryrefslogtreecommitdiffstats
path: root/testing/web-platform/meta/content-security-policy
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 19:33:14 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 19:33:14 +0000
commit36d22d82aa202bb199967e9512281e9a53db42c9 (patch)
tree105e8c98ddea1c1e4784a60a5a6410fa416be2de /testing/web-platform/meta/content-security-policy
parentInitial commit. (diff)
downloadfirefox-esr-upstream.tar.xz
firefox-esr-upstream.zip
Adding upstream version 115.7.0esr.upstream/115.7.0esrupstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
-rw-r--r--testing/web-platform/meta/content-security-policy/base-uri/base-uri-allow-leading-zero-port.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/blob/self-doesnt-match-blob.sub.html.ini2
-rw-r--r--testing/web-platform/meta/content-security-policy/blob/star-doesnt-match-blob.sub.html.ini2
-rw-r--r--testing/web-platform/meta/content-security-policy/child-src/child-src-blocked.sub.html.ini4
-rw-r--r--testing/web-platform/meta/content-security-policy/child-src/child-src-conflicting-frame-src.sub.html.ini5
-rw-r--r--testing/web-platform/meta/content-security-policy/child-src/child-src-cross-origin-load.sub.html.ini6
-rw-r--r--testing/web-platform/meta/content-security-policy/child-src/child-src-redirect-blocked.sub.html.ini4
-rw-r--r--testing/web-platform/meta/content-security-policy/child-src/child-src-worker-allowed.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/child-src/child-src-worker-blocked.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/connect-src/__dir__.ini2
-rw-r--r--testing/web-platform/meta/content-security-policy/connect-src/connect-src-eventsource-blocked.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/connect-src/connect-src-eventsource-redirect-to-blocked.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/connect-src/connect-src-websocket-allowed.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/connect-src/connect-src-websocket-blocked.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/connect-src/connect-src-websocket-self.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/connect-src/connect-src-xmlhttprequest-allowed.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/connect-src/connect-src-xmlhttprequest-blocked.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/connect-src/connect-src-xmlhttprequest-redirect-to-blocked.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/connect-src/shared-worker-connect-src-allowed.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/connect-src/shared-worker-connect-src-blocked.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/connect-src/worker-connect-src-allowed.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/connect-src/worker-connect-src-blocked.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/connect-src/worker-from-guid.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/default-src/default-src-strict_dynamic_and_unsafe_inline.html.ini4
-rw-r--r--testing/web-platform/meta/content-security-policy/embedded-enforcement/__dir__.ini2
-rw-r--r--testing/web-platform/meta/content-security-policy/embedded-enforcement/allow_csp_from-header.html.ini16
-rw-r--r--testing/web-platform/meta/content-security-policy/embedded-enforcement/idlharness.window.js.ini7
-rw-r--r--testing/web-platform/meta/content-security-policy/embedded-enforcement/iframe-csp-attribute.html.ini13
-rw-r--r--testing/web-platform/meta/content-security-policy/embedded-enforcement/required-csp-header-cascade.html.ini28
-rw-r--r--testing/web-platform/meta/content-security-policy/embedded-enforcement/required_csp-header.html.ini67
-rw-r--r--testing/web-platform/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-general.html.ini6
-rw-r--r--testing/web-platform/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-hashes.html.ini18
-rw-r--r--testing/web-platform/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-host_sources-hosts.html.ini13
-rw-r--r--testing/web-platform/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-host_sources-paths.html.ini10
-rw-r--r--testing/web-platform/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-host_sources-ports.html.ini15
-rw-r--r--testing/web-platform/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-host_sources-protocols.html.ini13
-rw-r--r--testing/web-platform/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-none.html.ini26
-rw-r--r--testing/web-platform/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-self.html.ini7
-rw-r--r--testing/web-platform/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-strict_dynamic.html.ini4
-rw-r--r--testing/web-platform/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-unsafe_eval.html.ini15
-rw-r--r--testing/web-platform/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-unsafe_hashes.html.ini13
-rw-r--r--testing/web-platform/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-unsafe_inline.html.ini16
-rw-r--r--testing/web-platform/meta/content-security-policy/font-src/font-stylesheet-font-blocked.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/form-action/form-action-src-allowed.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/form-action/form-action-src-blocked.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/form-action/form-action-src-default-ignored.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/form-action/form-action-src-get-allowed.sub.html.ini6
-rw-r--r--testing/web-platform/meta/content-security-policy/form-action/form-action-src-get-blocked.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/form-action/form-action-src-javascript-blocked.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/form-action/form-action-src-javascript-prevented.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/form-action/form-action-src-redirect-allowed-target-blank.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/form-action/form-action-src-redirect-allowed-target-frame.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/form-action/form-action-src-redirect-blocked.sub.html.ini8
-rw-r--r--testing/web-platform/meta/content-security-policy/frame-ancestors/__dir__.ini1
-rw-r--r--testing/web-platform/meta/content-security-policy/frame-ancestors/frame-ancestors-from-serviceworker.https.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-cross-self-block.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-cross-star-allow.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-cross-url-allow.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-cross-url-block.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-same-none-block.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-same-self-block.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-same-star-allow.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-same-url-allow.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-same-url-block.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-sandboxed-cross-url-block.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/frame-ancestors/frame-ancestors-nested-same-in-cross-none-block.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/frame-ancestors/frame-ancestors-nested-same-in-cross-self-block.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/frame-ancestors/frame-ancestors-nested-same-in-cross-star-allow.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/frame-ancestors/frame-ancestors-nested-same-in-cross-url-allow.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/frame-ancestors/frame-ancestors-nested-same-in-cross-url-block.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/frame-ancestors/frame-ancestors-nested-same-in-same-none-block.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/frame-ancestors/frame-ancestors-nested-same-in-same-self-allow.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/frame-ancestors/frame-ancestors-nested-same-in-same-star-allow.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/frame-ancestors/frame-ancestors-nested-same-in-same-url-allow.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/frame-ancestors/frame-ancestors-nested-same-in-same-url-block.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/frame-ancestors/frame-ancestors-none-block.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/frame-ancestors/frame-ancestors-overrides-xfo.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/frame-ancestors/frame-ancestors-sandbox-same-origin-self.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/frame-ancestors/frame-ancestors-self-allow.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/frame-ancestors/frame-ancestors-self-block.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/frame-ancestors/frame-ancestors-star-allow-crossorigin.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/frame-ancestors/frame-ancestors-star-allow-sameorigin.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/frame-ancestors/frame-ancestors-url-allow.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/frame-ancestors/frame-ancestors-url-block.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/frame-ancestors/report-blocked-frame.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/frame-ancestors/report-only-frame.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/frame-src/frame-src-blocked.sub.html.ini4
-rw-r--r--testing/web-platform/meta/content-security-policy/frame-src/frame-src-cross-origin-load.sub.html.ini5
-rw-r--r--testing/web-platform/meta/content-security-policy/frame-src/frame-src-cross-origin-same-document-navigation.window.js.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/frame-src/frame-src-redirect.html.ini5
-rw-r--r--testing/web-platform/meta/content-security-policy/frame-src/frame-src-same-document.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/frame-src/frame-src-self-unique-origin.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-self/sharedworker-classic.http.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-self/sharedworker-classic.https.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-self/sharedworker-import-data.http.html.ini19
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-self/sharedworker-import-data.https.html.ini20
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-self/sharedworker-import.http.html.ini26
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-self/sharedworker-import.https.html.ini26
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-self/sharedworker-module.http.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-self/sharedworker-module.https.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-self/worker-classic.http.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-self/worker-classic.https.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-self/worker-import-data.http.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-self/worker-import-data.https.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-self/worker-import.http.html.ini26
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-self/worker-import.https.html.ini26
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-self/worker-module.http.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-self/worker-module.https.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-self/worklet-animation-import-data.https.html.ini20
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-self/worklet-animation.https.html.ini20
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-self/worklet-audio.https.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-self/worklet-layout-import-data.https.html.ini20
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-self/worklet-layout.https.html.ini20
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-self/worklet-paint-import-data.https.html.ini18
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-self/worklet-paint.https.html.ini20
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/script-tag.http.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/script-tag.https.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/sharedworker-classic.http.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/sharedworker-classic.https.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/sharedworker-import-data.http.html.ini20
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/sharedworker-import-data.https.html.ini20
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/sharedworker-import.http.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/sharedworker-import.https.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/sharedworker-module.http.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/sharedworker-module.https.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/worker-classic.http.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/worker-classic.https.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/worker-import-data.http.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/worker-import-data.https.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/worker-import.http.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/worker-import.https.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/worker-module.http.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/worker-module.https.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/worklet-animation-import-data.https.html.ini20
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/worklet-animation.https.html.ini20
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/worklet-audio.https.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/worklet-layout-import-data.https.html.ini20
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/worklet-layout.https.html.ini20
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/worklet-paint-import-data.https.html.ini20
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/worklet-paint.https.html.ini20
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-none/script-tag.http.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-none/script-tag.https.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-none/sharedworker-classic.http.html.ini8
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-none/sharedworker-classic.https.html.ini8
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-none/sharedworker-import-data.http.html.ini20
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-none/sharedworker-import-data.https.html.ini20
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-none/sharedworker-import.http.html.ini20
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-none/sharedworker-import.https.html.ini20
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-none/sharedworker-module.http.html.ini8
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-none/sharedworker-module.https.html.ini8
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-none/worker-classic.http.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-none/worker-classic.https.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-none/worker-import-data.http.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-none/worker-import.http.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-none/worker-import.https.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-none/worker-module.http.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-none/worker-module.https.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-none/worklet-animation-import-data.https.html.ini20
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-none/worklet-animation.https.html.ini20
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-none/worklet-audio.https.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-none/worklet-layout-import-data.https.html.ini19
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-none/worklet-layout.https.html.ini20
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-none/worklet-paint-import-data.https.html.ini20
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-none/worklet-paint.https.html.ini20
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-self/script-tag.http.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-self/script-tag.https.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-self/sharedworker-classic.http.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-self/sharedworker-classic.https.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-self/sharedworker-import-data.http.html.ini20
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-self/sharedworker-import-data.https.html.ini20
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-self/sharedworker-import.http.html.ini26
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-self/sharedworker-import.https.html.ini26
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-self/sharedworker-module.http.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-self/sharedworker-module.https.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-self/worker-classic.http.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-self/worker-classic.https.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-self/worker-import-data.http.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-self/worker-import-data.https.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-self/worker-import.http.html.ini26
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-self/worker-import.https.html.ini26
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-self/worker-module.http.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-self/worker-module.https.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-self/worklet-animation-import-data.https.html.ini20
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-self/worklet-animation.https.html.ini20
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-self/worklet-audio.https.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-self/worklet-layout-import-data.https.html.ini20
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-self/worklet-layout.https.html.ini19
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-self/worklet-paint-import-data.https.html.ini20
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-self/worklet-paint.https.html.ini20
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/script-tag.http.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/script-tag.https.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/sharedworker-classic.http.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/sharedworker-classic.https.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/sharedworker-import-data.http.html.ini20
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/sharedworker-import-data.https.html.ini20
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/sharedworker-import.http.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/sharedworker-import.https.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/sharedworker-module.http.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/sharedworker-module.https.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/worker-classic.http.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/worker-classic.https.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/worker-import-data.http.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/worker-import-data.https.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/worker-import.http.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/worker-import.https.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/worker-module.http.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/worker-module.https.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/worklet-animation-import-data.https.html.ini18
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/worklet-animation.https.html.ini20
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/worklet-audio.https.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/worklet-layout-import-data.https.html.ini20
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/worklet-layout.https.html.ini18
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/worklet-paint-import-data.https.html.ini20
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/worklet-paint.https.html.ini20
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-self/script-tag.http.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-self/sharedworker-classic.http.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-self/sharedworker-classic.https.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-self/sharedworker-import-data.http.html.ini20
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-self/sharedworker-import-data.https.html.ini20
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-self/sharedworker-import.http.html.ini26
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-self/sharedworker-import.https.html.ini26
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-self/sharedworker-module.http.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-self/sharedworker-module.https.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-self/worker-classic.http.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-self/worker-classic.https.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-self/worker-import-data.http.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-self/worker-import-data.https.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-self/worker-import.http.html.ini26
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-self/worker-import.https.html.ini26
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-self/worker-module.http.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-self/worker-module.https.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-self/worklet-animation-import-data.https.html.ini20
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-self/worklet-animation.https.html.ini20
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-self/worklet-audio.https.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-self/worklet-layout-import-data.https.html.ini20
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-self/worklet-layout.https.html.ini20
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-self/worklet-paint-import-data.https.html.ini20
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-self/worklet-paint.https.html.ini20
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-wildcard/script-tag.http.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-wildcard/script-tag.https.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-wildcard/sharedworker-classic.http.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-wildcard/sharedworker-classic.https.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-wildcard/sharedworker-import-data.http.html.ini20
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-wildcard/sharedworker-import-data.https.html.ini20
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-wildcard/sharedworker-import.http.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-wildcard/sharedworker-import.https.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-wildcard/sharedworker-module.http.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-wildcard/sharedworker-module.https.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-wildcard/worker-classic.http.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-wildcard/worker-classic.https.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-wildcard/worker-import-data.http.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-wildcard/worker-import-data.https.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-wildcard/worker-import.http.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-wildcard/worker-import.https.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-wildcard/worker-module.http.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-wildcard/worker-module.https.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-wildcard/worklet-animation-import-data.https.html.ini20
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-wildcard/worklet-animation.https.html.ini20
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-wildcard/worklet-audio.https.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-wildcard/worklet-layout-import-data.https.html.ini20
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-wildcard/worklet-layout.https.html.ini20
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-wildcard/worklet-paint-import-data.https.html.ini20
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-wildcard/worklet-paint.https.html.ini20
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-none/script-tag.http.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-none/script-tag.https.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-none/sharedworker-classic.http.html.ini8
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-none/sharedworker-classic.https.html.ini8
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-none/sharedworker-import-data.http.html.ini20
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-none/sharedworker-import-data.https.html.ini20
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-none/sharedworker-import.http.html.ini20
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-none/sharedworker-import.https.html.ini20
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-none/sharedworker-module.http.html.ini8
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-none/sharedworker-module.https.html.ini8
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-none/worker-classic.http.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-none/worker-classic.https.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-none/worker-import-data.http.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-none/worker-import-data.https.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-none/worker-import.http.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-none/worker-import.https.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-none/worker-module.http.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-none/worker-module.https.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-none/worklet-animation-import-data.https.html.ini20
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-none/worklet-animation.https.html.ini20
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-none/worklet-audio.https.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-none/worklet-layout-import-data.https.html.ini20
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-none/worklet-layout.https.html.ini20
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-none/worklet-paint-import-data.https.html.ini20
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-none/worklet-paint.https.html.ini20
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-self/script-tag.http.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-self/script-tag.https.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-self/sharedworker-classic.http.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-self/sharedworker-classic.https.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-self/sharedworker-import-data.http.html.ini20
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-self/sharedworker-import-data.https.html.ini20
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-self/sharedworker-import.http.html.ini26
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-self/sharedworker-import.https.html.ini26
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-self/sharedworker-module.http.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-self/sharedworker-module.https.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-self/worker-classic.http.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-self/worker-classic.https.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-self/worker-import-data.http.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-self/worker-import-data.https.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-self/worker-import.http.html.ini26
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-self/worker-import.https.html.ini26
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-self/worker-module.http.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-self/worker-module.https.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-self/worklet-animation-import-data.https.html.ini20
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-self/worklet-animation.https.html.ini20
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-self/worklet-audio.https.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-self/worklet-layout-import-data.https.html.ini20
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-self/worklet-layout.https.html.ini20
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-self/worklet-paint-import-data.https.html.ini20
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-self/worklet-paint.https.html.ini20
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-wildcard/script-tag.http.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-wildcard/script-tag.https.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-wildcard/sharedworker-classic.http.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-wildcard/sharedworker-classic.https.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-wildcard/sharedworker-import-data.http.html.ini20
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-wildcard/sharedworker-import-data.https.html.ini20
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-wildcard/sharedworker-import.http.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-wildcard/sharedworker-import.https.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-wildcard/sharedworker-module.http.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-wildcard/sharedworker-module.https.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-wildcard/worker-classic.http.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-wildcard/worker-classic.https.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-wildcard/worker-import-data.http.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-wildcard/worker-import-data.https.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-wildcard/worker-import.http.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-wildcard/worker-import.https.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-wildcard/worker-module.http.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-wildcard/worker-module.https.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-wildcard/worklet-animation-import-data.https.html.ini20
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-wildcard/worklet-animation.https.html.ini20
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-wildcard/worklet-audio.https.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-wildcard/worklet-layout-import-data.https.html.ini20
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-wildcard/worklet-layout.https.html.ini20
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-wildcard/worklet-paint-import-data.https.html.ini20
-rw-r--r--testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-wildcard/worklet-paint.https.html.ini20
-rw-r--r--testing/web-platform/meta/content-security-policy/generic/304-response-should-update-csp.sub.html.ini7
-rw-r--r--testing/web-platform/meta/content-security-policy/generic/eval-typecheck-callout-order.tentative.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/generic/filesystem-urls-do-not-match-self.sub.html.ini8
-rw-r--r--testing/web-platform/meta/content-security-policy/generic/filesystem-urls-match-filesystem.sub.html.ini4
-rw-r--r--testing/web-platform/meta/content-security-policy/generic/generic-0_1-script-src.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/generic/generic-0_10_1.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/generic/generic-0_2.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/generic/generic-0_2_2.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/generic/generic-0_2_3.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/generic/generic-0_8.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/generic/generic-0_8_1.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/generic/generic-0_9.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/generic/invalid-characters-in-policy.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/generic/no-default-src.sub.html.ini7
-rw-r--r--testing/web-platform/meta/content-security-policy/generic/policy-does-not-affect-child.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/generic/policy-inherited-correctly-by-plznavigate.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/img-src/icon-blocked.sub.html.ini7
-rw-r--r--testing/web-platform/meta/content-security-policy/img-src/img-src-4_1.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/img-src/img-src-host-partial-wildcard-allowed.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/img-src/img-src-port-wildcard-allowed.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/img-src/img-src-self-unique-origin.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/img-src/img-src-wildcard-allowed.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/img-src/report-blocked-data-uri.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/inheritance/blob-inherits-from-meta-http-equiv-with-invalid-characters.html.ini2
-rw-r--r--testing/web-platform/meta/content-security-policy/inheritance/blob-url-in-main-window-self-navigate-inherits.sub.html.ini5
-rw-r--r--testing/web-platform/meta/content-security-policy/inheritance/document-write-iframe.html.ini8
-rw-r--r--testing/web-platform/meta/content-security-policy/inheritance/frame-src-javascript-url.html.ini5
-rw-r--r--testing/web-platform/meta/content-security-policy/inheritance/history-iframe.sub.html.ini54
-rw-r--r--testing/web-platform/meta/content-security-policy/inheritance/history.sub.html.ini16
-rw-r--r--testing/web-platform/meta/content-security-policy/inheritance/iframe-all-local-schemes-inherit-self.sub.html.ini12
-rw-r--r--testing/web-platform/meta/content-security-policy/inheritance/iframe-all-local-schemes.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/inheritance/iframe-srcdoc-history-inheritance.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/inheritance/iframe-srcdoc-inheritance.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/inheritance/inheritance-from-initiator.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/inheritance/inherited-csp-list-modifications-are-local.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/inheritance/javascript-url-open-in-main-window.html.ini5
-rw-r--r--testing/web-platform/meta/content-security-policy/inheritance/javascript-url-srcdoc-cross-origin-iframe-inheritance.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/inheritance/location-reload.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/inheritance/sandboxed-data-scheme.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/inheritance/unsandboxed-blob-scheme.html.ini6
-rw-r--r--testing/web-platform/meta/content-security-policy/inheritance/unsandboxed-data-scheme.html.ini6
-rw-r--r--testing/web-platform/meta/content-security-policy/inheritance/window-open-local-after-network-scheme.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/inheritance/window.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/inside-worker/__dir__.ini1
-rw-r--r--testing/web-platform/meta/content-security-policy/inside-worker/dedicatedworker-script-src.html.ini17
-rw-r--r--testing/web-platform/meta/content-security-policy/inside-worker/serviceworker-connect-src.https.sub.html.ini4
-rw-r--r--testing/web-platform/meta/content-security-policy/inside-worker/serviceworker-report-only.https.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/inside-worker/sharedworker-connect-src.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/inside-worker/sharedworker-report-only.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/inside-worker/sharedworker-script-src.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/media-src/media-src-7_1.html.ini2
-rw-r--r--testing/web-platform/meta/content-security-policy/media-src/media-src-7_2.html.ini14
-rw-r--r--testing/web-platform/meta/content-security-policy/media-src/media-src-7_3.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/media-src/media-src-7_3_2.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/media-src/media-src-blocked.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/media-src/media-src-redir-bug.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/meta/sandbox-iframe.html.ini5
-rw-r--r--testing/web-platform/meta/content-security-policy/navigate-to/__dir__.ini4
-rw-r--r--testing/web-platform/meta/content-security-policy/navigate-to/child-navigates-parent-allowed.html.ini8
-rw-r--r--testing/web-platform/meta/content-security-policy/navigate-to/child-navigates-parent-blocked.sub.html.ini8
-rw-r--r--testing/web-platform/meta/content-security-policy/navigate-to/form-action/form-action-blocks-navigate-to-allows.sub.html.ini4
-rw-r--r--testing/web-platform/meta/content-security-policy/navigate-to/form-action/form-action-blocks-navigate-to-blocks.sub.html.ini5
-rw-r--r--testing/web-platform/meta/content-security-policy/navigate-to/form-blocked.sub.html.ini9
-rw-r--r--testing/web-platform/meta/content-security-policy/navigate-to/form-cross-origin-blocked.sub.html.ini5
-rw-r--r--testing/web-platform/meta/content-security-policy/navigate-to/form-redirected-blocked.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/navigate-to/href-location-allowed.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/navigate-to/href-location-blocked.sub.html.ini6
-rw-r--r--testing/web-platform/meta/content-security-policy/navigate-to/href-location-cross-origin-allowed.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/navigate-to/href-location-cross-origin-blocked.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/navigate-to/href-location-redirected-allowed.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/navigate-to/href-location-redirected-blocked.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/navigate-to/link-click-allowed.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/navigate-to/link-click-blocked.sub.html.ini11
-rw-r--r--testing/web-platform/meta/content-security-policy/navigate-to/link-click-cross-origin-allowed.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/navigate-to/link-click-cross-origin-blocked.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/navigate-to/link-click-redirected-allowed.html.ini5
-rw-r--r--testing/web-platform/meta/content-security-policy/navigate-to/link-click-redirected-blocked.sub.html.ini4
-rw-r--r--testing/web-platform/meta/content-security-policy/navigate-to/meta-refresh-allowed.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/navigate-to/meta-refresh-blocked.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/navigate-to/meta-refresh-cross-origin-allowed.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/navigate-to/meta-refresh-cross-origin-blocked.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/navigate-to/meta-refresh-redirected-allowed.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/navigate-to/meta-refresh-redirected-blocked.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/navigate-to/parent-navigates-child-allowed.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/navigate-to/parent-navigates-child-blocked.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/navigate-to/spv-only-sent-to-initiator.sub.html.ini17
-rw-r--r--testing/web-platform/meta/content-security-policy/navigate-to/unsafe-allow-redirects/allowed-end-of-chain-because-of-same-origin.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/navigate-to/unsafe-allow-redirects/blocked-end-of-chain.sub.html.ini6
-rw-r--r--testing/web-platform/meta/content-security-policy/navigation/to-javascript-parent-initiated-child-csp.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/navigation/to-javascript-parent-initiated-parent-csp-disallow.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/navigation/to-javascript-parent-initiated-parent-csp.html.ini6
-rw-r--r--testing/web-platform/meta/content-security-policy/navigation/to-javascript-url-frame-src.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/navigation/to-javascript-url-script-src.html.ini15
-rw-r--r--testing/web-platform/meta/content-security-policy/nonce-hiding/svgscript-nonces-hidden.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/object-src/object-src-no-url-blocked.html.ini5
-rw-r--r--testing/web-platform/meta/content-security-policy/object-src/object-src-url-allowed.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/object-src/object-src-url-blocked.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/object-src/object-src-url-embed-allowed.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/object-src/object-src-url-embed-blocked.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/object-src/object-src-url-redirect-allowed.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/object-src/object-src-url-redirect-blocked.sub.html.ini9
-rw-r--r--testing/web-platform/meta/content-security-policy/plugin-types/__dir__.ini1
-rw-r--r--testing/web-platform/meta/content-security-policy/prefetch-src/__dir__.ini1
-rw-r--r--testing/web-platform/meta/content-security-policy/reporting-api/__dir__.ini1
-rw-r--r--testing/web-platform/meta/content-security-policy/reporting-api/report-to-directive-allowed-in-meta.https.sub.html.ini8
-rw-r--r--testing/web-platform/meta/content-security-policy/reporting-api/reporting-api-report-only-sends-reports-on-violation.https.sub.html.ini5
-rw-r--r--testing/web-platform/meta/content-security-policy/reporting-api/reporting-api-report-to-only-sends-reports-to-first-endpoint.https.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/reporting-api/reporting-api-report-to-overrides-report-uri-1.https.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/reporting-api/reporting-api-report-to-overrides-report-uri-2.https.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/reporting-api/reporting-api-sends-reports-on-violation.https.sub.html.ini9
-rw-r--r--testing/web-platform/meta/content-security-policy/reporting-api/reporting-api-works-on-frame-ancestors.https.sub.html.ini5
-rw-r--r--testing/web-platform/meta/content-security-policy/reporting-api/reporting-api-works-on-frame-src.https.sub.html.ini5
-rw-r--r--testing/web-platform/meta/content-security-policy/reporting/multiple-report-policies.html.ini4
-rw-r--r--testing/web-platform/meta/content-security-policy/reporting/post-redirect-stacktrace.https.html.ini7
-rw-r--r--testing/web-platform/meta/content-security-policy/reporting/report-blocked-data-uri.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/reporting/report-blocked-uri.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/reporting/report-clips-sample.https.html.ini10
-rw-r--r--testing/web-platform/meta/content-security-policy/reporting/report-cross-origin-no-cookies.sub.html.ini13
-rw-r--r--testing/web-platform/meta/content-security-policy/reporting/report-frame-ancestors-with-x-frame-options.sub.html.ini6
-rw-r--r--testing/web-platform/meta/content-security-policy/reporting/report-frame-ancestors.sub.html.ini9
-rw-r--r--testing/web-platform/meta/content-security-policy/reporting/report-multiple-violations-02.html.ini9
-rw-r--r--testing/web-platform/meta/content-security-policy/reporting/report-only-in-meta.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/reporting/report-only-unsafe-eval.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/reporting/report-original-url-on-mixed-content-frame.https.sub.html.ini5
-rw-r--r--testing/web-platform/meta/content-security-policy/reporting/report-original-url.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/reporting/report-preload-and-consume.https.html.ini5
-rw-r--r--testing/web-platform/meta/content-security-policy/reporting/report-same-origin-with-cookies.html.ini5
-rw-r--r--testing/web-platform/meta/content-security-policy/reporting/report-strips-fragment.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/reporting/report-uri-effective-directive.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/reporting/report-uri-from-child-frame.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/reporting/report-uri-from-inline-javascript.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/reporting/report-uri-from-javascript.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/reporting/report-uri-multiple-reversed.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/reporting/report-uri-multiple.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/reporting/report-uri-scheme-relative.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/resource-hints/prefetch-allowed-by-any-directive.sub.html.ini10
-rw-r--r--testing/web-platform/meta/content-security-policy/resource-hints/prefetch-allowed-with-conflicting-permissive-policies.html.ini4
-rw-r--r--testing/web-platform/meta/content-security-policy/resource-hints/prefetch-blocked-by-default-multiple-policies.html.ini4
-rw-r--r--testing/web-platform/meta/content-security-policy/resource-hints/prefetch-blocked-by-default.html.ini4
-rw-r--r--testing/web-platform/meta/content-security-policy/resource-hints/prefetch-generate-directives.html.ini72
-rw-r--r--testing/web-platform/meta/content-security-policy/resource-hints/prefetch-ignores-prefetch-src.sub.html.ini4
-rw-r--r--testing/web-platform/meta/content-security-policy/sandbox/sandbox-empty-subframe.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/sandbox/sandbox-empty.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/sandbox/service-worker-sandbox.https.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/sandbox/shared-worker-sandbox.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/sandbox/window-reuse-sandboxed.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/sandbox/window-reuse-unsandboxed.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/script-src-attr-elem/__dir__.ini1
-rw-r--r--testing/web-platform/meta/content-security-policy/script-src/__dir__.ini1
-rw-r--r--testing/web-platform/meta/content-security-policy/script-src/hash-always-converted-to-utf-8/utf-8.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/script-src/javascript-window-open-blocked.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/script-src/nonce-enforce-blocked.html.ini5
-rw-r--r--testing/web-platform/meta/content-security-policy/script-src/script-src-1_1.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/script-src/script-src-1_10_1.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/script-src/script-src-1_2.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/script-src/script-src-1_2_1.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/script-src/script-src-1_3.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/script-src/script-src-1_4.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/script-src/script-src-1_4_1.html.ini5
-rw-r--r--testing/web-platform/meta/content-security-policy/script-src/script-src-1_4_2.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/script-src/script-src-multiple-policies-multiple-hashing-algorithms.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/script-src/script-src-multiple-policies-one-using-hashing-algorithms.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/script-src/script-src-overrides-default-src.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/script-src/script-src-report-only-policy-works-with-external-hash-policy.html.ini8
-rw-r--r--testing/web-platform/meta/content-security-policy/script-src/script-src-report-only-policy-works-with-hash-policy.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/script-src/script-src-sri_hash.sub.html.ini14
-rw-r--r--testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_and_unsafe_eval_eval.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_and_unsafe_eval_new_function.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_discard_source_expressions.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_double_policy_different_nonce.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_double_policy_honor_source_expressions.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_double_policy_report_only.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_eval.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_hashes.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_in_img-src.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_javascript_uri.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_meta_tag.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_new_function.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_non_parser_inserted.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_non_parser_inserted_incorrect_nonce.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_parser_inserted.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_parser_inserted_correct_nonce.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_worker-importScripts.https.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_worker.https.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/script-src/script-src-wildcards-disallowed.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/script-src/scripthash-allowed.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/script-src/scripthash-base64url-converts-to-base64.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/script-src/scripthash-basic-blocked-error-event.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/script-src/scripthash-basic-blocked.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/script-src/scripthash-case-insensitive.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/script-src/scripthash-changed-1.html.ini5
-rw-r--r--testing/web-platform/meta/content-security-policy/script-src/scripthash-changed-2.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/script-src/scripthash-default-src.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/script-src/scripthash-ignore-unsafeinline.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/script-src/scripthash-unicode-normalization.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/script-src/scriptnonce-allowed.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/script-src/scriptnonce-and-scripthash.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/script-src/scriptnonce-basic-blocked.sub.html.ini5
-rw-r--r--testing/web-platform/meta/content-security-policy/script-src/scriptnonce-changed-1.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/script-src/scriptnonce-changed-2.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/script-src/scriptnonce-ignore-unsafeinline.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/script-src/scriptnonce-redirect.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/script-src/scriptnonce-specified-source.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/script-src/srcdoc-doesnt-bypass-script-src.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/script-src/worker-data-set-timeout.sub.html.ini5
-rw-r--r--testing/web-platform/meta/content-security-policy/script-src/worker-eval-blocked.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/script-src/worker-function-function-blocked.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/script-src/worker-importscripts.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/script-src/worker-script-src.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/script-src/worker-set-timeout.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/securitypolicyviolation/__dir__.ini1
-rw-r--r--testing/web-platform/meta/content-security-policy/securitypolicyviolation/blockeduri-ws-wss-scheme.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/securitypolicyviolation/constructor-required-fields.html.ini19
-rw-r--r--testing/web-platform/meta/content-security-policy/securitypolicyviolation/idlharness.window.js.ini56
-rw-r--r--testing/web-platform/meta/content-security-policy/securitypolicyviolation/img-src-redirect.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/securitypolicyviolation/inside-dedicated-worker.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/securitypolicyviolation/inside-service-worker.https.html.ini4
-rw-r--r--testing/web-platform/meta/content-security-policy/securitypolicyviolation/inside-shared-worker.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/securitypolicyviolation/script-sample-no-opt-in.html.ini5
-rw-r--r--testing/web-platform/meta/content-security-policy/securitypolicyviolation/script-sample.html.ini5
-rw-r--r--testing/web-platform/meta/content-security-policy/securitypolicyviolation/securitypolicyviolation-block-cross-origin-image-from-script.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/securitypolicyviolation/securitypolicyviolation-block-image-from-script.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/securitypolicyviolation/source-file-blob-scheme.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/securitypolicyviolation/source-file-data-scheme.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/securitypolicyviolation/source-file.html.ini4
-rw-r--r--testing/web-platform/meta/content-security-policy/securitypolicyviolation/style-sample-no-opt-in.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/securitypolicyviolation/style-sample.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/securitypolicyviolation/targeting.html.ini11
-rw-r--r--testing/web-platform/meta/content-security-policy/securitypolicyviolation/upgrade-insecure-requests-reporting.https.html.ini7
-rw-r--r--testing/web-platform/meta/content-security-policy/style-src-attr-elem/style-src-elem-blocked-attr-allowed.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/style-src-attr-elem/style-src-elem-blocked-src-allowed.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/style-src/inline-style-allowed-while-cloning-objects.sub.html.ini6
-rw-r--r--testing/web-platform/meta/content-security-policy/style-src/inline-style-attribute-allowed.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/style-src/inline-style-attribute-blocked.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/style-src/inline-style-attribute-on-html.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/style-src/inline-style-blocked.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/style-src/style-blocked.html.ini5
-rw-r--r--testing/web-platform/meta/content-security-policy/style-src/style-src-error-event-fires.html.ini6
-rw-r--r--testing/web-platform/meta/content-security-policy/style-src/style-src-hash-allowed.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/style-src/style-src-hash-blocked.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/style-src/style-src-hash-case-insensitive.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/style-src/style-src-hash-default-src-allowed.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/style-src/style-src-imported-style-allowed.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/style-src/style-src-imported-style-blocked.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/style-src/style-src-injected-inline-style-allowed-with-content-hash.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/style-src/style-src-injected-inline-style-allowed.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/style-src/style-src-injected-inline-style-blocked.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/style-src/style-src-injected-stylesheet-allowed.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/style-src/style-src-injected-stylesheet-blocked.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/style-src/style-src-inline-style-allowed.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/style-src/style-src-inline-style-attribute-allowed.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/style-src/style-src-inline-style-attribute-blocked.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/style-src/style-src-inline-style-blocked.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/style-src/style-src-inline-style-nonce-allowed.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/style-src/style-src-inline-style-nonce-blocked-error-event.html.ini6
-rw-r--r--testing/web-platform/meta/content-security-policy/style-src/style-src-inline-style-nonce-blocked.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/style-src/style-src-multiple-policies-multiple-hashing-algorithms.html.ini7
-rw-r--r--testing/web-platform/meta/content-security-policy/style-src/style-src-none-blocked.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/style-src/style-src-star-allowed.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/style-src/style-src-stylesheet-nonce-allowed.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/style-src/style-src-stylesheet-nonce-blocked.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/style-src/stylehash-allowed.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/style-src/stylehash-basic-blocked.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/style-src/stylehash-default-src.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/style-src/stylenonce-allowed.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/style-src/stylenonce-blocked.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/svg/object-in-svg-foreignobject.sub.html.ini2
-rw-r--r--testing/web-platform/meta/content-security-policy/unsafe-eval/eval-blocked.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/unsafe-eval/eval-scripts-setInterval-allowed.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/unsafe-eval/eval-scripts-setTimeout-allowed.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/unsafe-eval/eval-scripts-setTimeout-blocked.sub.html.ini6
-rw-r--r--testing/web-platform/meta/content-security-policy/unsafe-eval/function-constructor-allowed.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/unsafe-eval/function-constructor-blocked.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/unsafe-hashes/__dir__.ini1
-rw-r--r--testing/web-platform/meta/content-security-policy/unsafe-hashes/javascript_src_allowed-href_blank.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/unsafe-hashes/javascript_src_allowed-window_location.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/unsafe-hashes/javascript_src_allowed-window_open.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/unsafe-hashes/javascript_src_denied_missing_unsafe_hashes-href_blank-script-src-attr.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/unsafe-hashes/javascript_src_denied_missing_unsafe_hashes-href_blank-script-src-elem.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/unsafe-hashes/javascript_src_denied_missing_unsafe_hashes-href_blank.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/unsafe-hashes/javascript_src_denied_missing_unsafe_hashes-window_location.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/unsafe-hashes/javascript_src_denied_missing_unsafe_hashes-window_open.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/unsafe-hashes/javascript_src_denied_wrong_hash-href.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/unsafe-hashes/javascript_src_denied_wrong_hash-href_blank-script-src-attr.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/unsafe-hashes/javascript_src_denied_wrong_hash-href_blank-script-src-elem.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/unsafe-hashes/javascript_src_denied_wrong_hash-href_blank.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/unsafe-hashes/javascript_src_denied_wrong_hash-window_location.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/unsafe-hashes/javascript_src_denied_wrong_hash-window_open.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/unsafe-hashes/script_event_handlers_allowed.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/unsafe-hashes/script_event_handlers_denied_missing_unsafe_hashes.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/unsafe-hashes/script_event_handlers_denied_wrong_hash.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/unsafe-hashes/style_attribute_allowed.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/unsafe-hashes/style_attribute_denied_missing_unsafe_hashes.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/unsafe-hashes/style_attribute_denied_wrong_hash.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/wasm-unsafe-eval/default-src-blocks-wasm.any.js.ini13
-rw-r--r--testing/web-platform/meta/content-security-policy/wasm-unsafe-eval/default-src-unsafe-eval-allows-wasm.any.js.ini15
-rw-r--r--testing/web-platform/meta/content-security-policy/wasm-unsafe-eval/default-src-wasm-unsafe-eval-allows-wasm.any.js.ini15
-rw-r--r--testing/web-platform/meta/content-security-policy/wasm-unsafe-eval/postMessage-wasm-module.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/wasm-unsafe-eval/script-src-blocks-wasm.any.js.ini15
-rw-r--r--testing/web-platform/meta/content-security-policy/wasm-unsafe-eval/script-src-spv-asynch.any.js.ini15
-rw-r--r--testing/web-platform/meta/content-security-policy/wasm-unsafe-eval/script-src-unsafe-eval-allows-wasm.any.js.ini15
-rw-r--r--testing/web-platform/meta/content-security-policy/wasm-unsafe-eval/script-src-wasm-unsafe-eval-allows-wasm.any.js.ini15
-rw-r--r--testing/web-platform/meta/content-security-policy/webrtc/webrtc-allowed-explicit.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/webrtc/webrtc-blocked-explicit.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/webrtc/webrtc-blocked-unknown.html.ini5
-rw-r--r--testing/web-platform/meta/content-security-policy/worker-src/__dir__.ini1
-rw-r--r--testing/web-platform/meta/content-security-policy/worker-src/dedicated-none.sub.html.ini7
-rw-r--r--testing/web-platform/meta/content-security-policy/worker-src/dedicated-self.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/worker-src/dedicated-worker-src-child-fallback-blocked.sub.html.ini5
-rw-r--r--testing/web-platform/meta/content-security-policy/worker-src/dedicated-worker-src-child-fallback.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/worker-src/dedicated-worker-src-default-fallback.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/worker-src/dedicated-worker-src-script-fallback.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/worker-src/dedicated-worker-src-self-fallback.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/worker-src/service-child.https.sub.html.ini6
-rw-r--r--testing/web-platform/meta/content-security-policy/worker-src/service-fallback.https.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/worker-src/service-list.https.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/worker-src/service-none.https.sub.html.ini5
-rw-r--r--testing/web-platform/meta/content-security-policy/worker-src/service-self.https.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/worker-src/service-worker-src-child-fallback-blocked.https.sub.html.ini5
-rw-r--r--testing/web-platform/meta/content-security-policy/worker-src/service-worker-src-child-fallback.https.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/worker-src/service-worker-src-default-fallback.https.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/worker-src/service-worker-src-script-fallback.https.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/worker-src/service-worker-src-self-fallback.https.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/worker-src/shared-child.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/worker-src/shared-fallback.sub.html.ini6
-rw-r--r--testing/web-platform/meta/content-security-policy/worker-src/shared-list.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/worker-src/shared-none.sub.html.ini8
-rw-r--r--testing/web-platform/meta/content-security-policy/worker-src/shared-self.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/worker-src/shared-worker-src-child-fallback-blocked.sub.html.ini5
-rw-r--r--testing/web-platform/meta/content-security-policy/worker-src/shared-worker-src-child-fallback.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/worker-src/shared-worker-src-default-fallback.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/worker-src/shared-worker-src-script-fallback.sub.html.ini3
-rw-r--r--testing/web-platform/meta/content-security-policy/worker-src/shared-worker-src-self-fallback.sub.html.ini3
671 files changed, 4660 insertions, 0 deletions
diff --git a/testing/web-platform/meta/content-security-policy/base-uri/base-uri-allow-leading-zero-port.sub.html.ini b/testing/web-platform/meta/content-security-policy/base-uri/base-uri-allow-leading-zero-port.sub.html.ini
new file mode 100644
index 0000000000..a568f6f173
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/base-uri/base-uri-allow-leading-zero-port.sub.html.ini
@@ -0,0 +1,3 @@
+[base-uri-allow-leading-zero-port.sub.html]
+ [Check that base URIs can be set if they do not violate the page's policy because leading 0s are stripped from the port.]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/blob/self-doesnt-match-blob.sub.html.ini b/testing/web-platform/meta/content-security-policy/blob/self-doesnt-match-blob.sub.html.ini
new file mode 100644
index 0000000000..8b8309445a
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/blob/self-doesnt-match-blob.sub.html.ini
@@ -0,0 +1,2 @@
+[self-doesnt-match-blob.sub.html]
+ disabled: https://bugzilla.mozilla.org/show_bug.cgi?id=1273241
diff --git a/testing/web-platform/meta/content-security-policy/blob/star-doesnt-match-blob.sub.html.ini b/testing/web-platform/meta/content-security-policy/blob/star-doesnt-match-blob.sub.html.ini
new file mode 100644
index 0000000000..920a278be8
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/blob/star-doesnt-match-blob.sub.html.ini
@@ -0,0 +1,2 @@
+[star-doesnt-match-blob.sub.html]
+ disabled: https://bugzilla.mozilla.org/show_bug.cgi?id=1273241
diff --git a/testing/web-platform/meta/content-security-policy/child-src/child-src-blocked.sub.html.ini b/testing/web-platform/meta/content-security-policy/child-src/child-src-blocked.sub.html.ini
new file mode 100644
index 0000000000..71e9b47a15
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/child-src/child-src-blocked.sub.html.ini
@@ -0,0 +1,4 @@
+[child-src-blocked.sub.html]
+ [Expecting logs: ["PASS IFrame #1 generated a load event.", "violated-directive=frame-src"\]]
+ expected: FAIL
+
diff --git a/testing/web-platform/meta/content-security-policy/child-src/child-src-conflicting-frame-src.sub.html.ini b/testing/web-platform/meta/content-security-policy/child-src/child-src-conflicting-frame-src.sub.html.ini
new file mode 100644
index 0000000000..d58fbf283e
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/child-src/child-src-conflicting-frame-src.sub.html.ini
@@ -0,0 +1,5 @@
+[child-src-conflicting-frame-src.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Expecting logs: ["PASS IFrame #1 generated a load event.", "violated-directive=frame-src"\]]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/child-src/child-src-cross-origin-load.sub.html.ini b/testing/web-platform/meta/content-security-policy/child-src/child-src-cross-origin-load.sub.html.ini
new file mode 100644
index 0000000000..efa7bad60d
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/child-src/child-src-cross-origin-load.sub.html.ini
@@ -0,0 +1,6 @@
+[child-src-cross-origin-load.sub.html]
+ expected:
+ if (os == "android") and fission: [TIMEOUT, ERROR]
+ ERROR
+ [Navigation in iframe not allowed by child-src]
+ expected: TIMEOUT
diff --git a/testing/web-platform/meta/content-security-policy/child-src/child-src-redirect-blocked.sub.html.ini b/testing/web-platform/meta/content-security-policy/child-src/child-src-redirect-blocked.sub.html.ini
new file mode 100644
index 0000000000..7d5eaadc5a
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/child-src/child-src-redirect-blocked.sub.html.ini
@@ -0,0 +1,4 @@
+[child-src-redirect-blocked.sub.html]
+ [Expecting logs: ["PASS IFrame #1 generated a load event.", "violated-directive=frame-src"\]]
+ expected: FAIL
+
diff --git a/testing/web-platform/meta/content-security-policy/child-src/child-src-worker-allowed.sub.html.ini b/testing/web-platform/meta/content-security-policy/child-src/child-src-worker-allowed.sub.html.ini
new file mode 100644
index 0000000000..611439ee07
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/child-src/child-src-worker-allowed.sub.html.ini
@@ -0,0 +1,3 @@
+[child-src-worker-allowed.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/child-src/child-src-worker-blocked.sub.html.ini b/testing/web-platform/meta/content-security-policy/child-src/child-src-worker-blocked.sub.html.ini
new file mode 100644
index 0000000000..12c81a1dae
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/child-src/child-src-worker-blocked.sub.html.ini
@@ -0,0 +1,3 @@
+[child-src-worker-blocked.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/connect-src/__dir__.ini b/testing/web-platform/meta/content-security-policy/connect-src/__dir__.ini
new file mode 100644
index 0000000000..b9f5886878
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/connect-src/__dir__.ini
@@ -0,0 +1,2 @@
+lsan-disabled: true
+leak-threshold: [default:51200]
diff --git a/testing/web-platform/meta/content-security-policy/connect-src/connect-src-eventsource-blocked.sub.html.ini b/testing/web-platform/meta/content-security-policy/connect-src/connect-src-eventsource-blocked.sub.html.ini
new file mode 100644
index 0000000000..ae1da6d1b6
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/connect-src/connect-src-eventsource-blocked.sub.html.ini
@@ -0,0 +1,3 @@
+[connect-src-eventsource-blocked.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/connect-src/connect-src-eventsource-redirect-to-blocked.sub.html.ini b/testing/web-platform/meta/content-security-policy/connect-src/connect-src-eventsource-redirect-to-blocked.sub.html.ini
new file mode 100644
index 0000000000..40388a1dd4
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/connect-src/connect-src-eventsource-redirect-to-blocked.sub.html.ini
@@ -0,0 +1,3 @@
+[connect-src-eventsource-redirect-to-blocked.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/connect-src/connect-src-websocket-allowed.sub.html.ini b/testing/web-platform/meta/content-security-policy/connect-src/connect-src-websocket-allowed.sub.html.ini
new file mode 100644
index 0000000000..4cab2d75f8
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/connect-src/connect-src-websocket-allowed.sub.html.ini
@@ -0,0 +1,3 @@
+[connect-src-websocket-allowed.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/connect-src/connect-src-websocket-blocked.sub.html.ini b/testing/web-platform/meta/content-security-policy/connect-src/connect-src-websocket-blocked.sub.html.ini
new file mode 100644
index 0000000000..eead57bc0f
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/connect-src/connect-src-websocket-blocked.sub.html.ini
@@ -0,0 +1,3 @@
+[connect-src-websocket-blocked.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/connect-src/connect-src-websocket-self.sub.html.ini b/testing/web-platform/meta/content-security-policy/connect-src/connect-src-websocket-self.sub.html.ini
new file mode 100644
index 0000000000..bbaf8693e0
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/connect-src/connect-src-websocket-self.sub.html.ini
@@ -0,0 +1,3 @@
+[connect-src-websocket-self.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/connect-src/connect-src-xmlhttprequest-allowed.sub.html.ini b/testing/web-platform/meta/content-security-policy/connect-src/connect-src-xmlhttprequest-allowed.sub.html.ini
new file mode 100644
index 0000000000..d1095be9d4
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/connect-src/connect-src-xmlhttprequest-allowed.sub.html.ini
@@ -0,0 +1,3 @@
+[connect-src-xmlhttprequest-allowed.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/connect-src/connect-src-xmlhttprequest-blocked.sub.html.ini b/testing/web-platform/meta/content-security-policy/connect-src/connect-src-xmlhttprequest-blocked.sub.html.ini
new file mode 100644
index 0000000000..b0b7fd7c58
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/connect-src/connect-src-xmlhttprequest-blocked.sub.html.ini
@@ -0,0 +1,3 @@
+[connect-src-xmlhttprequest-blocked.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/connect-src/connect-src-xmlhttprequest-redirect-to-blocked.sub.html.ini b/testing/web-platform/meta/content-security-policy/connect-src/connect-src-xmlhttprequest-redirect-to-blocked.sub.html.ini
new file mode 100644
index 0000000000..7054d78876
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/connect-src/connect-src-xmlhttprequest-redirect-to-blocked.sub.html.ini
@@ -0,0 +1,3 @@
+[connect-src-xmlhttprequest-redirect-to-blocked.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/connect-src/shared-worker-connect-src-allowed.sub.html.ini b/testing/web-platform/meta/content-security-policy/connect-src/shared-worker-connect-src-allowed.sub.html.ini
new file mode 100644
index 0000000000..6f8e5d6950
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/connect-src/shared-worker-connect-src-allowed.sub.html.ini
@@ -0,0 +1,3 @@
+[shared-worker-connect-src-allowed.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/connect-src/shared-worker-connect-src-blocked.sub.html.ini b/testing/web-platform/meta/content-security-policy/connect-src/shared-worker-connect-src-blocked.sub.html.ini
new file mode 100644
index 0000000000..b8494a7152
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/connect-src/shared-worker-connect-src-blocked.sub.html.ini
@@ -0,0 +1,3 @@
+[shared-worker-connect-src-blocked.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/connect-src/worker-connect-src-allowed.sub.html.ini b/testing/web-platform/meta/content-security-policy/connect-src/worker-connect-src-allowed.sub.html.ini
new file mode 100644
index 0000000000..d759338d77
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/connect-src/worker-connect-src-allowed.sub.html.ini
@@ -0,0 +1,3 @@
+[worker-connect-src-allowed.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/connect-src/worker-connect-src-blocked.sub.html.ini b/testing/web-platform/meta/content-security-policy/connect-src/worker-connect-src-blocked.sub.html.ini
new file mode 100644
index 0000000000..fbeb9cc10c
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/connect-src/worker-connect-src-blocked.sub.html.ini
@@ -0,0 +1,3 @@
+[worker-connect-src-blocked.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/connect-src/worker-from-guid.sub.html.ini b/testing/web-platform/meta/content-security-policy/connect-src/worker-from-guid.sub.html.ini
new file mode 100644
index 0000000000..a325a7fd3f
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/connect-src/worker-from-guid.sub.html.ini
@@ -0,0 +1,3 @@
+[worker-from-guid.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/default-src/default-src-strict_dynamic_and_unsafe_inline.html.ini b/testing/web-platform/meta/content-security-policy/default-src/default-src-strict_dynamic_and_unsafe_inline.html.ini
new file mode 100644
index 0000000000..ab59ccd9ec
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/default-src/default-src-strict_dynamic_and_unsafe_inline.html.ini
@@ -0,0 +1,4 @@
+[default-src-strict_dynamic_and_unsafe_inline.html]
+ expected: ERROR
+ [Should fire a security policy violation for the inline block]
+ expected: NOTRUN
diff --git a/testing/web-platform/meta/content-security-policy/embedded-enforcement/__dir__.ini b/testing/web-platform/meta/content-security-policy/embedded-enforcement/__dir__.ini
new file mode 100644
index 0000000000..7a5cbf999c
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/embedded-enforcement/__dir__.ini
@@ -0,0 +1,2 @@
+implementation-status: not-implementing
+bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1553130 \ No newline at end of file
diff --git a/testing/web-platform/meta/content-security-policy/embedded-enforcement/allow_csp_from-header.html.ini b/testing/web-platform/meta/content-security-policy/embedded-enforcement/allow_csp_from-header.html.ini
new file mode 100644
index 0000000000..21cab9e30f
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/embedded-enforcement/allow_csp_from-header.html.ini
@@ -0,0 +1,16 @@
+[allow_csp_from-header.html]
+ [Cross origin iframe with an empty Allow-CSP-From header gets blocked.]
+ expected: FAIL
+
+ [Cross origin iframe without Allow-CSP-From header gets blocked.]
+ expected: FAIL
+
+ [Iframe with improper Allow-CSP-From header gets blocked.]
+ expected: FAIL
+
+ [Star Allow-CSP-From header enforces EmbeddingCSP.]
+ expected: FAIL
+
+ [Allow-CSP-From header enforces EmbeddingCSP.]
+ expected: FAIL
+
diff --git a/testing/web-platform/meta/content-security-policy/embedded-enforcement/idlharness.window.js.ini b/testing/web-platform/meta/content-security-policy/embedded-enforcement/idlharness.window.js.ini
new file mode 100644
index 0000000000..f4848f7461
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/embedded-enforcement/idlharness.window.js.ini
@@ -0,0 +1,7 @@
+[idlharness.window.html]
+ [HTMLIFrameElement interface: attribute csp]
+ expected: FAIL
+
+ [HTMLIFrameElement interface: document.createElement("iframe") must inherit property "csp" with the proper type]
+ expected: FAIL
+
diff --git a/testing/web-platform/meta/content-security-policy/embedded-enforcement/iframe-csp-attribute.html.ini b/testing/web-platform/meta/content-security-policy/embedded-enforcement/iframe-csp-attribute.html.ini
new file mode 100644
index 0000000000..6977d4fe21
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/embedded-enforcement/iframe-csp-attribute.html.ini
@@ -0,0 +1,13 @@
+[iframe-csp-attribute.html]
+ [<iframe> has a 'csp' attibute which is an empty string if undefined.]
+ expected: FAIL
+
+ [<iframe>'s csp attribute is always a string.]
+ expected: FAIL
+
+ [<iframe>'s 'csp content attribute reflects the IDL attribute.]
+ expected: FAIL
+
+ [<iframe>'s IDL attribute reflects the DOM attribute.]
+ expected: FAIL
+
diff --git a/testing/web-platform/meta/content-security-policy/embedded-enforcement/required-csp-header-cascade.html.ini b/testing/web-platform/meta/content-security-policy/embedded-enforcement/required-csp-header-cascade.html.ini
new file mode 100644
index 0000000000..e13604688a
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/embedded-enforcement/required-csp-header-cascade.html.ini
@@ -0,0 +1,28 @@
+[required-csp-header-cascade.html]
+ [Test same origin: Test same policy for both iframes]
+ expected: FAIL
+
+ [Test same origin: Test more restrictive policy on second iframe]
+ expected: FAIL
+
+ [Test same origin: Test less restrictive policy on second iframe]
+ expected: FAIL
+
+ [Test same origin: Test no policy on second iframe]
+ expected: FAIL
+
+ [Test same origin: Test no policy on first iframe]
+ expected: FAIL
+
+ [Test same origin: Test invalid policy on first iframe (bad directive)]
+ expected: FAIL
+
+ [Test same origin: Test invalid policy on first iframe (report directive)]
+ expected: FAIL
+
+ [Test same origin: Test invalid policy on second iframe (bad directive)]
+ expected: FAIL
+
+ [Test same origin: Test invalid policy on second iframe (report directive)]
+ expected: FAIL
+
diff --git a/testing/web-platform/meta/content-security-policy/embedded-enforcement/required_csp-header.html.ini b/testing/web-platform/meta/content-security-policy/embedded-enforcement/required_csp-header.html.ini
new file mode 100644
index 0000000000..b15f274358
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/embedded-enforcement/required_csp-header.html.ini
@@ -0,0 +1,67 @@
+[required_csp-header.html]
+ [Test Required-CSP value on `csp` change: Sec-Required-CSP is not sent if `csp` attribute is not set on <iframe>.]
+ expected: FAIL
+
+ [Test same origin: Send Sec-Required-CSP when `csp` attribute of <iframe> is not empty.]
+ expected: FAIL
+
+ [Test same origin redirect: Send Sec-Required-CSP when `csp` attribute of <iframe> is not empty.]
+ expected: FAIL
+
+ [Test cross origin redirect: Send Sec-Required-CSP when `csp` attribute of <iframe> is not empty.]
+ expected: FAIL
+
+ [Test cross origin redirect of cross origin iframe: Send Sec-Required-CSP when `csp` attribute of <iframe> is not empty.]
+ expected: FAIL
+
+ [Test Required-CSP value on `csp` change: Send Sec-Required-CSP when `csp` attribute of <iframe> is not empty.]
+ expected: FAIL
+
+ [Test same origin: Send Sec-Required-CSP Header on change of `src` attribute on iframe.]
+ expected: FAIL
+
+ [Test same origin redirect: Send Sec-Required-CSP Header on change of `src` attribute on iframe.]
+ expected: FAIL
+
+ [Test cross origin redirect: Send Sec-Required-CSP Header on change of `src` attribute on iframe.]
+ expected: FAIL
+
+ [Test cross origin redirect of cross origin iframe: Send Sec-Required-CSP Header on change of `src` attribute on iframe.]
+ expected: FAIL
+
+ [Test Required-CSP value on `csp` change: Send Sec-Required-CSP Header on change of `src` attribute on iframe.]
+ expected: FAIL
+
+ [Test Required-CSP value on `csp` change: Wrong value of `csp` should not trigger sending Sec-Required-CSP Header - gibberish csp]
+ expected: FAIL
+
+ [Test Required-CSP value on `csp` change: Wrong value of `csp` should not trigger sending Sec-Required-CSP Header - unknown policy name]
+ expected: FAIL
+
+ [Test Required-CSP value on `csp` change: Wrong value of `csp` should not trigger sending Sec-Required-CSP Header - unknown policy name in multiple directives]
+ expected: FAIL
+
+ [Test Required-CSP value on `csp` change: Wrong value of `csp` should not trigger sending Sec-Required-CSP Header - misspeled 'none']
+ expected: FAIL
+
+ [Test Required-CSP value on `csp` change: Wrong value of `csp` should not trigger sending Sec-Required-CSP Header - query values in path]
+ expected: FAIL
+
+ [Test Required-CSP value on `csp` change: Wrong value of `csp` should not trigger sending Sec-Required-CSP Header - missing semicolon]
+ expected: FAIL
+
+ [Test Required-CSP value on `csp` change: Wrong value of `csp` should not trigger sending Sec-Required-CSP Header - comma separated]
+ expected: FAIL
+
+ [Test Required-CSP value on `csp` change: Wrong value of `csp` should not trigger sending Sec-Required-CSP Header - html encoded string]
+ expected: FAIL
+
+ [Test Required-CSP value on `csp` change: Wrong value of `csp` should not trigger sending Sec-Required-CSP Header - url encoded string]
+ expected: FAIL
+
+ [Test Required-CSP value on `csp` change: Wrong value of `csp` should not trigger sending Sec-Required-CSP Header - report-uri present]
+ expected: FAIL
+
+ [Test Required-CSP value on `csp` change: Wrong value of `csp` should not trigger sending Sec-Required-CSP Header - report-to present]
+ expected: FAIL
+
diff --git a/testing/web-platform/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-general.html.ini b/testing/web-platform/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-general.html.ini
new file mode 100644
index 0000000000..652e50be05
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-general.html.ini
@@ -0,0 +1,6 @@
+[subsumption_algorithm-general.html]
+ [Iframe with empty returned CSP should be blocked.]
+ expected: FAIL
+
+ [Iframe with a different CSP should be blocked.]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-hashes.html.ini b/testing/web-platform/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-hashes.html.ini
new file mode 100644
index 0000000000..52a0659941
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-hashes.html.ini
@@ -0,0 +1,18 @@
+[subsumption_algorithm-hashes.html]
+ [Returned should not include hashes not present in required csp.]
+ expected: FAIL
+
+ [Hashes do not have to be present in returned csp but must not allow all inline behavior.]
+ expected: FAIL
+
+ [Other expressions have to be subsumed.]
+ expected: FAIL
+
+ [Required csp must allow 'sha256-abc123'.]
+ expected: FAIL
+
+ [Effective policy is properly found where 'sha256-abc123' is not subsumed.]
+ expected: FAIL
+
+ ['sha256-abc123' is not subsumed by 'sha256-abc456'.]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-host_sources-hosts.html.ini b/testing/web-platform/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-host_sources-hosts.html.ini
new file mode 100644
index 0000000000..ab926be2b7
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-host_sources-hosts.html.ini
@@ -0,0 +1,13 @@
+[subsumption_algorithm-host_sources-hosts.html]
+ [Host must match.]
+ expected: FAIL
+
+ [Hosts without wildcards must match.]
+ expected: FAIL
+
+ [More specific subdomain should not match.]
+ expected: FAIL
+
+ [Specified host should not match a wildcard host.]
+ expected: FAIL
+
diff --git a/testing/web-platform/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-host_sources-paths.html.ini b/testing/web-platform/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-host_sources-paths.html.ini
new file mode 100644
index 0000000000..9cccb2793a
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-host_sources-paths.html.ini
@@ -0,0 +1,10 @@
+[subsumption_algorithm-host_sources-paths.html]
+ [Returned CSP must specify a path.]
+ expected: FAIL
+
+ [Empty path is not subsumed by specified paths.]
+ expected: FAIL
+
+ [That should not be true when required csp specifies a specific page.]
+ expected: FAIL
+
diff --git a/testing/web-platform/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-host_sources-ports.html.ini b/testing/web-platform/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-host_sources-ports.html.ini
new file mode 100644
index 0000000000..2e93544905
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-host_sources-ports.html.ini
@@ -0,0 +1,15 @@
+[subsumption_algorithm-host_sources-ports.html]
+ [Specified ports must match.]
+ expected:
+ if debug and (os == "linux"): ["FAIL", "PASS"]
+ FAIL
+
+ [Returned CSP should be subsumed if the port is specified but is not default for a more secure scheme.]
+ expected: FAIL
+
+ [Wildcard port should not be subsumed by a default port.]
+ expected: FAIL
+
+ [Wildcard port should not be subsumed by a spcified port.]
+ expected: FAIL
+
diff --git a/testing/web-platform/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-host_sources-protocols.html.ini b/testing/web-platform/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-host_sources-protocols.html.ini
new file mode 100644
index 0000000000..ec4dcc0177
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-host_sources-protocols.html.ini
@@ -0,0 +1,13 @@
+[subsumption_algorithm-host_sources-protocols.html]
+ [`https` is more restrictive than `http`.]
+ expected: FAIL
+
+ [`http:` does not subsume other protocols.]
+ expected: FAIL
+
+ [If scheme source is present in returned csp, it must be specified in required csp too.]
+ expected: FAIL
+
+ [All scheme sources must be subsumed.]
+ expected: FAIL
+
diff --git a/testing/web-platform/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-none.html.ini b/testing/web-platform/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-none.html.ini
new file mode 100644
index 0000000000..1a05c2d95b
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-none.html.ini
@@ -0,0 +1,26 @@
+[subsumption_algorithm-none.html]
+ [Required policy that allows `none` does not subsume empty list of policies.]
+ expected:
+ if (os == "linux") and debug: ["FAIL", "PASS"]
+ FAIL
+
+ [Required csp with effective `none` does not subsume a host source expression.]
+ expected:
+ if debug: ["FAIL", "PASS"]
+ FAIL
+
+ [Required csp with `none` does not subsume a host source expression.]
+ expected: FAIL
+
+ [Required csp with effective `none` does not subsume `none` of another directive.]
+ expected: FAIL
+
+ [Required csp with `none` does not subsume `none` of another directive.]
+ expected: FAIL
+
+ [Required csp with `none` does not subsume `none` of different directives.]
+ expected: FAIL
+
+ [Both required and returned csp are `none` for only one directive.]
+ expected: FAIL
+
diff --git a/testing/web-platform/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-self.html.ini b/testing/web-platform/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-self.html.ini
new file mode 100644
index 0000000000..1fce751c20
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-self.html.ini
@@ -0,0 +1,7 @@
+[subsumption_algorithm-self.html]
+ [Returned CSP must not allow 'self' if required CSP does not.]
+ expected: FAIL
+
+ [Returned 'self' should not be subsumed by a more secure version of origin's url.]
+ expected: FAIL
+
diff --git a/testing/web-platform/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-strict_dynamic.html.ini b/testing/web-platform/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-strict_dynamic.html.ini
new file mode 100644
index 0000000000..acf6b7f871
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-strict_dynamic.html.ini
@@ -0,0 +1,4 @@
+[subsumption_algorithm-strict_dynamic.html]
+ ['strict-dynamic' has to be allowed by required csp if it is present in returned csp.]
+ expected: FAIL
+
diff --git a/testing/web-platform/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-unsafe_eval.html.ini b/testing/web-platform/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-unsafe_eval.html.ini
new file mode 100644
index 0000000000..4332f29925
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-unsafe_eval.html.ini
@@ -0,0 +1,15 @@
+[subsumption_algorithm-unsafe_eval.html]
+ [No other keyword has the same effect as 'unsafe-eval'.]
+ expected: FAIL
+
+ [Other expressions have to be subsumed.]
+ expected:
+ if (os == "linux") and debug and not fission: ["FAIL", "PASS"]
+ FAIL
+
+ [Required csp must allow 'unsafe-eval'.]
+ expected: FAIL
+
+ [Effective policy is properly found where 'unsafe-eval' is not subsumed.]
+ expected: FAIL
+
diff --git a/testing/web-platform/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-unsafe_hashes.html.ini b/testing/web-platform/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-unsafe_hashes.html.ini
new file mode 100644
index 0000000000..11d72acb84
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-unsafe_hashes.html.ini
@@ -0,0 +1,13 @@
+[subsumption_algorithm-unsafe_hashes.html]
+ [No other keyword has the same effect as 'unsafe-hashes'.]
+ expected: FAIL
+
+ [Other expressions have to be subsumed.]
+ expected: FAIL
+
+ [Required csp must allow 'unsafe-hashes'.]
+ expected: FAIL
+
+ [Effective policy is properly found where 'unsafe-hashes' is not subsumed.]
+ expected: FAIL
+
diff --git a/testing/web-platform/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-unsafe_inline.html.ini b/testing/web-platform/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-unsafe_inline.html.ini
new file mode 100644
index 0000000000..e99202a430
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-unsafe_inline.html.ini
@@ -0,0 +1,16 @@
+[subsumption_algorithm-unsafe_inline.html]
+ [Required csp allows `strict-dynamic`, but retuned csp does.]
+ expected: FAIL
+
+ [Required csp does not allow `unsafe-inline`, but retuned csp does.]
+ expected: FAIL
+
+ [Effective returned csp allows 'unsafe-inline']
+ expected: FAIL
+
+ [Returned csp allows a nonce.]
+ expected: FAIL
+
+ [Returned csp allows a hash.]
+ expected: FAIL
+
diff --git a/testing/web-platform/meta/content-security-policy/font-src/font-stylesheet-font-blocked.sub.html.ini b/testing/web-platform/meta/content-security-policy/font-src/font-stylesheet-font-blocked.sub.html.ini
new file mode 100644
index 0000000000..c8fae468f6
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/font-src/font-stylesheet-font-blocked.sub.html.ini
@@ -0,0 +1,3 @@
+[font-stylesheet-font-blocked.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/form-action/form-action-src-allowed.sub.html.ini b/testing/web-platform/meta/content-security-policy/form-action/form-action-src-allowed.sub.html.ini
new file mode 100644
index 0000000000..d75bdfa90c
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/form-action/form-action-src-allowed.sub.html.ini
@@ -0,0 +1,3 @@
+[form-action-src-allowed.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/form-action/form-action-src-blocked.sub.html.ini b/testing/web-platform/meta/content-security-policy/form-action/form-action-src-blocked.sub.html.ini
new file mode 100644
index 0000000000..0710f2868d
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/form-action/form-action-src-blocked.sub.html.ini
@@ -0,0 +1,3 @@
+[form-action-src-blocked.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/form-action/form-action-src-default-ignored.sub.html.ini b/testing/web-platform/meta/content-security-policy/form-action/form-action-src-default-ignored.sub.html.ini
new file mode 100644
index 0000000000..d0fac2fec5
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/form-action/form-action-src-default-ignored.sub.html.ini
@@ -0,0 +1,3 @@
+[form-action-src-default-ignored.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/form-action/form-action-src-get-allowed.sub.html.ini b/testing/web-platform/meta/content-security-policy/form-action/form-action-src-get-allowed.sub.html.ini
new file mode 100644
index 0000000000..dbb7081deb
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/form-action/form-action-src-get-allowed.sub.html.ini
@@ -0,0 +1,6 @@
+[form-action-src-get-allowed.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Expecting logs: ["PASS","TEST COMPLETE"\]]
+ expected:
+ if (processor == "x86") and (os == "win") and not debug: [PASS, FAIL]
diff --git a/testing/web-platform/meta/content-security-policy/form-action/form-action-src-get-blocked.sub.html.ini b/testing/web-platform/meta/content-security-policy/form-action/form-action-src-get-blocked.sub.html.ini
new file mode 100644
index 0000000000..426773a1c7
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/form-action/form-action-src-get-blocked.sub.html.ini
@@ -0,0 +1,3 @@
+[form-action-src-get-blocked.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/form-action/form-action-src-javascript-blocked.sub.html.ini b/testing/web-platform/meta/content-security-policy/form-action/form-action-src-javascript-blocked.sub.html.ini
new file mode 100644
index 0000000000..4dafdfc4ea
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/form-action/form-action-src-javascript-blocked.sub.html.ini
@@ -0,0 +1,3 @@
+[form-action-src-javascript-blocked.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/form-action/form-action-src-javascript-prevented.html.ini b/testing/web-platform/meta/content-security-policy/form-action/form-action-src-javascript-prevented.html.ini
new file mode 100644
index 0000000000..2d2ecbc7eb
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/form-action/form-action-src-javascript-prevented.html.ini
@@ -0,0 +1,3 @@
+[form-action-src-javascript-prevented.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/form-action/form-action-src-redirect-allowed-target-blank.sub.html.ini b/testing/web-platform/meta/content-security-policy/form-action/form-action-src-redirect-allowed-target-blank.sub.html.ini
new file mode 100644
index 0000000000..64a665e349
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/form-action/form-action-src-redirect-allowed-target-blank.sub.html.ini
@@ -0,0 +1,3 @@
+[form-action-src-redirect-allowed-target-blank.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/form-action/form-action-src-redirect-allowed-target-frame.sub.html.ini b/testing/web-platform/meta/content-security-policy/form-action/form-action-src-redirect-allowed-target-frame.sub.html.ini
new file mode 100644
index 0000000000..add50a2daa
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/form-action/form-action-src-redirect-allowed-target-frame.sub.html.ini
@@ -0,0 +1,3 @@
+[form-action-src-redirect-allowed-target-frame.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/form-action/form-action-src-redirect-blocked.sub.html.ini b/testing/web-platform/meta/content-security-policy/form-action/form-action-src-redirect-blocked.sub.html.ini
new file mode 100644
index 0000000000..f1e807a383
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/form-action/form-action-src-redirect-blocked.sub.html.ini
@@ -0,0 +1,8 @@
+[form-action-src-redirect-blocked.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [form-action-src-redirect-blocked]
+ expected: FAIL
+
+ [Expecting logs: ["violated-directive=form-action","blocked-uri=http://web-platform.test:8000/common/redirect.py?location=http://www1.web-platform.test:8000/content-security-policy/support/postmessage-fail.html","TEST COMPLETE"\]]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/frame-ancestors/__dir__.ini b/testing/web-platform/meta/content-security-policy/frame-ancestors/__dir__.ini
new file mode 100644
index 0000000000..159aaa1486
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/frame-ancestors/__dir__.ini
@@ -0,0 +1 @@
+lsan-allowed: [Alloc, AllocateProtoAndIfaceCache, alloc::raw_vec::finish_grow, mozilla::detail::HashTable, mozilla::dom::Performance::CreateForMainThread, mozilla::dom::PerformanceMainThread::CreateNavigationTimingEntry, mozilla::dom::ProtoAndIfaceCache::PageTableCache::EntrySlotOrCreate, mozilla::intl::FluentBundle::Constructor, mozilla::intl::FluentResource::Constructor, mozilla::net::nsStandardURL::TemplatedMutator, nsDynamicAtom::Create, nsPresContext::NotifyContentfulPaint]
diff --git a/testing/web-platform/meta/content-security-policy/frame-ancestors/frame-ancestors-from-serviceworker.https.html.ini b/testing/web-platform/meta/content-security-policy/frame-ancestors/frame-ancestors-from-serviceworker.https.html.ini
new file mode 100644
index 0000000000..a6af794bc7
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/frame-ancestors/frame-ancestors-from-serviceworker.https.html.ini
@@ -0,0 +1,3 @@
+[frame-ancestors-from-serviceworker.https.html]
+ expected:
+ if (os == "linux") and not fission and not debug: [OK, CRASH]
diff --git a/testing/web-platform/meta/content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-cross-self-block.html.ini b/testing/web-platform/meta/content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-cross-self-block.html.ini
new file mode 100644
index 0000000000..64f447c259
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-cross-self-block.html.ini
@@ -0,0 +1,3 @@
+[frame-ancestors-nested-cross-in-cross-self-block.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-cross-star-allow.html.ini b/testing/web-platform/meta/content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-cross-star-allow.html.ini
new file mode 100644
index 0000000000..ed0c0e867b
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-cross-star-allow.html.ini
@@ -0,0 +1,3 @@
+[frame-ancestors-nested-cross-in-cross-star-allow.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-cross-url-allow.html.ini b/testing/web-platform/meta/content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-cross-url-allow.html.ini
new file mode 100644
index 0000000000..cc679d992b
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-cross-url-allow.html.ini
@@ -0,0 +1,3 @@
+[frame-ancestors-nested-cross-in-cross-url-allow.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-cross-url-block.html.ini b/testing/web-platform/meta/content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-cross-url-block.html.ini
new file mode 100644
index 0000000000..fc377bfa90
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-cross-url-block.html.ini
@@ -0,0 +1,3 @@
+[frame-ancestors-nested-cross-in-cross-url-block.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-same-none-block.html.ini b/testing/web-platform/meta/content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-same-none-block.html.ini
new file mode 100644
index 0000000000..1fe343123c
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-same-none-block.html.ini
@@ -0,0 +1,3 @@
+[frame-ancestors-nested-cross-in-same-none-block.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-same-self-block.html.ini b/testing/web-platform/meta/content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-same-self-block.html.ini
new file mode 100644
index 0000000000..2ee8fd61ff
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-same-self-block.html.ini
@@ -0,0 +1,3 @@
+[frame-ancestors-nested-cross-in-same-self-block.html]
+ expected:
+ if (os == "android") and fission: [TIMEOUT, OK]
diff --git a/testing/web-platform/meta/content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-same-star-allow.html.ini b/testing/web-platform/meta/content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-same-star-allow.html.ini
new file mode 100644
index 0000000000..8273e3e2ca
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-same-star-allow.html.ini
@@ -0,0 +1,3 @@
+[frame-ancestors-nested-cross-in-same-star-allow.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-same-url-allow.html.ini b/testing/web-platform/meta/content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-same-url-allow.html.ini
new file mode 100644
index 0000000000..67945112b3
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-same-url-allow.html.ini
@@ -0,0 +1,3 @@
+[frame-ancestors-nested-cross-in-same-url-allow.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-same-url-block.html.ini b/testing/web-platform/meta/content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-same-url-block.html.ini
new file mode 100644
index 0000000000..56c7fbf1ea
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-same-url-block.html.ini
@@ -0,0 +1,3 @@
+[frame-ancestors-nested-cross-in-same-url-block.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-sandboxed-cross-url-block.html.ini b/testing/web-platform/meta/content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-sandboxed-cross-url-block.html.ini
new file mode 100644
index 0000000000..12aae2c4a6
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/frame-ancestors/frame-ancestors-nested-cross-in-sandboxed-cross-url-block.html.ini
@@ -0,0 +1,3 @@
+[frame-ancestors-nested-cross-in-sandboxed-cross-url-block.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/frame-ancestors/frame-ancestors-nested-same-in-cross-none-block.html.ini b/testing/web-platform/meta/content-security-policy/frame-ancestors/frame-ancestors-nested-same-in-cross-none-block.html.ini
new file mode 100644
index 0000000000..a92184fe9d
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/frame-ancestors/frame-ancestors-nested-same-in-cross-none-block.html.ini
@@ -0,0 +1,3 @@
+[frame-ancestors-nested-same-in-cross-none-block.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/frame-ancestors/frame-ancestors-nested-same-in-cross-self-block.html.ini b/testing/web-platform/meta/content-security-policy/frame-ancestors/frame-ancestors-nested-same-in-cross-self-block.html.ini
new file mode 100644
index 0000000000..359c602abb
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/frame-ancestors/frame-ancestors-nested-same-in-cross-self-block.html.ini
@@ -0,0 +1,3 @@
+[frame-ancestors-nested-same-in-cross-self-block.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/frame-ancestors/frame-ancestors-nested-same-in-cross-star-allow.html.ini b/testing/web-platform/meta/content-security-policy/frame-ancestors/frame-ancestors-nested-same-in-cross-star-allow.html.ini
new file mode 100644
index 0000000000..eeab3ec0a2
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/frame-ancestors/frame-ancestors-nested-same-in-cross-star-allow.html.ini
@@ -0,0 +1,3 @@
+[frame-ancestors-nested-same-in-cross-star-allow.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/frame-ancestors/frame-ancestors-nested-same-in-cross-url-allow.html.ini b/testing/web-platform/meta/content-security-policy/frame-ancestors/frame-ancestors-nested-same-in-cross-url-allow.html.ini
new file mode 100644
index 0000000000..75373c48d2
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/frame-ancestors/frame-ancestors-nested-same-in-cross-url-allow.html.ini
@@ -0,0 +1,3 @@
+[frame-ancestors-nested-same-in-cross-url-allow.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/frame-ancestors/frame-ancestors-nested-same-in-cross-url-block.html.ini b/testing/web-platform/meta/content-security-policy/frame-ancestors/frame-ancestors-nested-same-in-cross-url-block.html.ini
new file mode 100644
index 0000000000..da70ada7ec
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/frame-ancestors/frame-ancestors-nested-same-in-cross-url-block.html.ini
@@ -0,0 +1,3 @@
+[frame-ancestors-nested-same-in-cross-url-block.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/frame-ancestors/frame-ancestors-nested-same-in-same-none-block.html.ini b/testing/web-platform/meta/content-security-policy/frame-ancestors/frame-ancestors-nested-same-in-same-none-block.html.ini
new file mode 100644
index 0000000000..b1df8137a9
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/frame-ancestors/frame-ancestors-nested-same-in-same-none-block.html.ini
@@ -0,0 +1,3 @@
+[frame-ancestors-nested-same-in-same-none-block.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/frame-ancestors/frame-ancestors-nested-same-in-same-self-allow.html.ini b/testing/web-platform/meta/content-security-policy/frame-ancestors/frame-ancestors-nested-same-in-same-self-allow.html.ini
new file mode 100644
index 0000000000..c7e92a71b0
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/frame-ancestors/frame-ancestors-nested-same-in-same-self-allow.html.ini
@@ -0,0 +1,3 @@
+[frame-ancestors-nested-same-in-same-self-allow.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/frame-ancestors/frame-ancestors-nested-same-in-same-star-allow.html.ini b/testing/web-platform/meta/content-security-policy/frame-ancestors/frame-ancestors-nested-same-in-same-star-allow.html.ini
new file mode 100644
index 0000000000..29e58279ba
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/frame-ancestors/frame-ancestors-nested-same-in-same-star-allow.html.ini
@@ -0,0 +1,3 @@
+[frame-ancestors-nested-same-in-same-star-allow.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/frame-ancestors/frame-ancestors-nested-same-in-same-url-allow.html.ini b/testing/web-platform/meta/content-security-policy/frame-ancestors/frame-ancestors-nested-same-in-same-url-allow.html.ini
new file mode 100644
index 0000000000..6756475bcc
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/frame-ancestors/frame-ancestors-nested-same-in-same-url-allow.html.ini
@@ -0,0 +1,3 @@
+[frame-ancestors-nested-same-in-same-url-allow.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/frame-ancestors/frame-ancestors-nested-same-in-same-url-block.html.ini b/testing/web-platform/meta/content-security-policy/frame-ancestors/frame-ancestors-nested-same-in-same-url-block.html.ini
new file mode 100644
index 0000000000..d6e59f9910
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/frame-ancestors/frame-ancestors-nested-same-in-same-url-block.html.ini
@@ -0,0 +1,3 @@
+[frame-ancestors-nested-same-in-same-url-block.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/frame-ancestors/frame-ancestors-none-block.html.ini b/testing/web-platform/meta/content-security-policy/frame-ancestors/frame-ancestors-none-block.html.ini
new file mode 100644
index 0000000000..ff312bd30a
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/frame-ancestors/frame-ancestors-none-block.html.ini
@@ -0,0 +1,3 @@
+[frame-ancestors-none-block.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/frame-ancestors/frame-ancestors-overrides-xfo.html.ini b/testing/web-platform/meta/content-security-policy/frame-ancestors/frame-ancestors-overrides-xfo.html.ini
new file mode 100644
index 0000000000..7b8702a7c0
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/frame-ancestors/frame-ancestors-overrides-xfo.html.ini
@@ -0,0 +1,3 @@
+[frame-ancestors-overrides-xfo.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/frame-ancestors/frame-ancestors-sandbox-same-origin-self.html.ini b/testing/web-platform/meta/content-security-policy/frame-ancestors/frame-ancestors-sandbox-same-origin-self.html.ini
new file mode 100644
index 0000000000..8dcc8524f6
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/frame-ancestors/frame-ancestors-sandbox-same-origin-self.html.ini
@@ -0,0 +1,3 @@
+[frame-ancestors-sandbox-same-origin-self.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/frame-ancestors/frame-ancestors-self-allow.html.ini b/testing/web-platform/meta/content-security-policy/frame-ancestors/frame-ancestors-self-allow.html.ini
new file mode 100644
index 0000000000..646768e3df
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/frame-ancestors/frame-ancestors-self-allow.html.ini
@@ -0,0 +1,3 @@
+[frame-ancestors-self-allow.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/frame-ancestors/frame-ancestors-self-block.html.ini b/testing/web-platform/meta/content-security-policy/frame-ancestors/frame-ancestors-self-block.html.ini
new file mode 100644
index 0000000000..2fb3e75b79
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/frame-ancestors/frame-ancestors-self-block.html.ini
@@ -0,0 +1,3 @@
+[frame-ancestors-self-block.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/frame-ancestors/frame-ancestors-star-allow-crossorigin.html.ini b/testing/web-platform/meta/content-security-policy/frame-ancestors/frame-ancestors-star-allow-crossorigin.html.ini
new file mode 100644
index 0000000000..28434e79fc
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/frame-ancestors/frame-ancestors-star-allow-crossorigin.html.ini
@@ -0,0 +1,3 @@
+[frame-ancestors-star-allow-crossorigin.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/frame-ancestors/frame-ancestors-star-allow-sameorigin.html.ini b/testing/web-platform/meta/content-security-policy/frame-ancestors/frame-ancestors-star-allow-sameorigin.html.ini
new file mode 100644
index 0000000000..779d099578
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/frame-ancestors/frame-ancestors-star-allow-sameorigin.html.ini
@@ -0,0 +1,3 @@
+[frame-ancestors-star-allow-sameorigin.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/frame-ancestors/frame-ancestors-url-allow.sub.html.ini b/testing/web-platform/meta/content-security-policy/frame-ancestors/frame-ancestors-url-allow.sub.html.ini
new file mode 100644
index 0000000000..72019d59b6
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/frame-ancestors/frame-ancestors-url-allow.sub.html.ini
@@ -0,0 +1,3 @@
+[frame-ancestors-url-allow.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/frame-ancestors/frame-ancestors-url-block.html.ini b/testing/web-platform/meta/content-security-policy/frame-ancestors/frame-ancestors-url-block.html.ini
new file mode 100644
index 0000000000..0a3d9b9e86
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/frame-ancestors/frame-ancestors-url-block.html.ini
@@ -0,0 +1,3 @@
+[frame-ancestors-url-block.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/frame-ancestors/report-blocked-frame.sub.html.ini b/testing/web-platform/meta/content-security-policy/frame-ancestors/report-blocked-frame.sub.html.ini
new file mode 100644
index 0000000000..8fe571e996
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/frame-ancestors/report-blocked-frame.sub.html.ini
@@ -0,0 +1,3 @@
+[report-blocked-frame.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/frame-ancestors/report-only-frame.sub.html.ini b/testing/web-platform/meta/content-security-policy/frame-ancestors/report-only-frame.sub.html.ini
new file mode 100644
index 0000000000..34fb1f91f2
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/frame-ancestors/report-only-frame.sub.html.ini
@@ -0,0 +1,3 @@
+[report-only-frame.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/frame-src/frame-src-blocked.sub.html.ini b/testing/web-platform/meta/content-security-policy/frame-src/frame-src-blocked.sub.html.ini
new file mode 100644
index 0000000000..0d7e215312
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/frame-src/frame-src-blocked.sub.html.ini
@@ -0,0 +1,4 @@
+[frame-src-blocked.sub.html]
+ [Expecting logs: ["PASS IFrame #1 generated a load event.","violated-directive=frame-src"\]]
+ expected: FAIL
+
diff --git a/testing/web-platform/meta/content-security-policy/frame-src/frame-src-cross-origin-load.sub.html.ini b/testing/web-platform/meta/content-security-policy/frame-src/frame-src-cross-origin-load.sub.html.ini
new file mode 100644
index 0000000000..c2f8e894e4
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/frame-src/frame-src-cross-origin-load.sub.html.ini
@@ -0,0 +1,5 @@
+[frame-src-cross-origin-load.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Expecting logs: ["PASS IFrame #1 generated a load event.","PASS IFrame #2 generated a load event.","PASS IFrame #3 generated a load event.","violated-directive=frame-src"\]]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/frame-src/frame-src-cross-origin-same-document-navigation.window.js.ini b/testing/web-platform/meta/content-security-policy/frame-src/frame-src-cross-origin-same-document-navigation.window.js.ini
new file mode 100644
index 0000000000..d7aa5a1299
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/frame-src/frame-src-cross-origin-same-document-navigation.window.js.ini
@@ -0,0 +1,3 @@
+[frame-src-cross-origin-same-document-navigation.window.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/frame-src/frame-src-redirect.html.ini b/testing/web-platform/meta/content-security-policy/frame-src/frame-src-redirect.html.ini
new file mode 100644
index 0000000000..afc5b552aa
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/frame-src/frame-src-redirect.html.ini
@@ -0,0 +1,5 @@
+[frame-src-redirect.html]
+ expected: TIMEOUT
+ [Redirected iframe src should evaluate both enforced and report-only policies on both original request and when following redirect]
+ expected: TIMEOUT
+
diff --git a/testing/web-platform/meta/content-security-policy/frame-src/frame-src-same-document.sub.html.ini b/testing/web-platform/meta/content-security-policy/frame-src/frame-src-same-document.sub.html.ini
new file mode 100644
index 0000000000..a290a87fc7
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/frame-src/frame-src-same-document.sub.html.ini
@@ -0,0 +1,3 @@
+[frame-src-same-document.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/frame-src/frame-src-self-unique-origin.html.ini b/testing/web-platform/meta/content-security-policy/frame-src/frame-src-self-unique-origin.html.ini
new file mode 100644
index 0000000000..cea7af731a
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/frame-src/frame-src-self-unique-origin.html.ini
@@ -0,0 +1,3 @@
+[frame-src-self-unique-origin.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-self/sharedworker-classic.http.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-self/sharedworker-classic.http.html.ini
new file mode 100644
index 0000000000..7544c2b5eb
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-self/sharedworker-classic.http.html.ini
@@ -0,0 +1,3 @@
+[sharedworker-classic.http.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-self/sharedworker-classic.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-self/sharedworker-classic.https.html.ini
new file mode 100644
index 0000000000..042f715b98
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-self/sharedworker-classic.https.html.ini
@@ -0,0 +1,3 @@
+[sharedworker-classic.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-self/sharedworker-import-data.http.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-self/sharedworker-import-data.http.html.ini
new file mode 100644
index 0000000000..e8740e0604
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-self/sharedworker-import-data.http.html.ini
@@ -0,0 +1,19 @@
+[sharedworker-import-data.http.html]
+ [Content Security Policy: Expects blocked for sharedworker-import-data to cross-http origin and keep-origin redirection from http context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import-data to cross-http origin and no-redirect redirection from http context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import-data to cross-http origin and swap-origin redirection from http context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import-data to same-http origin and keep-origin redirection from http context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import-data to same-http origin and no-redirect redirection from http context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import-data to same-http origin and swap-origin redirection from http context.: securitypolicyviolation]
+ expected: FAIL
+
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-self/sharedworker-import-data.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-self/sharedworker-import-data.https.html.ini
new file mode 100644
index 0000000000..b7a5ffbdb1
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-self/sharedworker-import-data.https.html.ini
@@ -0,0 +1,20 @@
+[sharedworker-import-data.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Content Security Policy: Expects blocked for sharedworker-import-data to cross-https origin and keep-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import-data to cross-https origin and no-redirect redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import-data to cross-https origin and swap-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import-data to same-https origin and keep-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import-data to same-https origin and no-redirect redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import-data to same-https origin and swap-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-self/sharedworker-import.http.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-self/sharedworker-import.http.html.ini
new file mode 100644
index 0000000000..9523c43ab8
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-self/sharedworker-import.http.html.ini
@@ -0,0 +1,26 @@
+[sharedworker-import.http.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Content Security Policy: Expects blocked for sharedworker-import to cross-http origin and keep-origin redirection from http context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import to cross-http origin and no-redirect redirection from http context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import to cross-http origin and swap-origin redirection from http context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import to same-http origin and swap-origin redirection from http context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import to cross-http origin and keep-origin redirection from http context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import to cross-http origin and no-redirect redirection from http context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import to cross-http origin and swap-origin redirection from http context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import to same-http origin and swap-origin redirection from http context.]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-self/sharedworker-import.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-self/sharedworker-import.https.html.ini
new file mode 100644
index 0000000000..33d5c36e4a
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-self/sharedworker-import.https.html.ini
@@ -0,0 +1,26 @@
+[sharedworker-import.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Content Security Policy: Expects blocked for sharedworker-import to cross-https origin and keep-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import to cross-https origin and no-redirect redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import to cross-https origin and swap-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import to same-https origin and swap-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import to cross-https origin and keep-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import to cross-https origin and no-redirect redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import to cross-https origin and swap-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import to same-https origin and swap-origin redirection from https context.]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-self/sharedworker-module.http.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-self/sharedworker-module.http.html.ini
new file mode 100644
index 0000000000..957fcb2ed8
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-self/sharedworker-module.http.html.ini
@@ -0,0 +1,3 @@
+[sharedworker-module.http.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-self/sharedworker-module.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-self/sharedworker-module.https.html.ini
new file mode 100644
index 0000000000..b0a64ca84f
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-self/sharedworker-module.https.html.ini
@@ -0,0 +1,3 @@
+[sharedworker-module.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-self/worker-classic.http.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-self/worker-classic.http.html.ini
new file mode 100644
index 0000000000..8c32533525
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-self/worker-classic.http.html.ini
@@ -0,0 +1,3 @@
+[worker-classic.http.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-self/worker-classic.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-self/worker-classic.https.html.ini
new file mode 100644
index 0000000000..b671c1a911
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-self/worker-classic.https.html.ini
@@ -0,0 +1,3 @@
+[worker-classic.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-self/worker-import-data.http.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-self/worker-import-data.http.html.ini
new file mode 100644
index 0000000000..2f289c0e9e
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-self/worker-import-data.http.html.ini
@@ -0,0 +1,3 @@
+[worker-import-data.http.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-self/worker-import-data.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-self/worker-import-data.https.html.ini
new file mode 100644
index 0000000000..0010e389b4
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-self/worker-import-data.https.html.ini
@@ -0,0 +1,3 @@
+[worker-import-data.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-self/worker-import.http.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-self/worker-import.http.html.ini
new file mode 100644
index 0000000000..ffb862a26c
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-self/worker-import.http.html.ini
@@ -0,0 +1,26 @@
+[worker-import.http.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Content Security Policy: Expects blocked for worker-import to cross-http origin and keep-origin redirection from http context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worker-import to cross-http origin and no-redirect redirection from http context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worker-import to cross-http origin and swap-origin redirection from http context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worker-import to same-http origin and swap-origin redirection from http context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worker-import to cross-http origin and keep-origin redirection from http context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worker-import to cross-http origin and no-redirect redirection from http context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worker-import to cross-http origin and swap-origin redirection from http context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worker-import to same-http origin and swap-origin redirection from http context.]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-self/worker-import.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-self/worker-import.https.html.ini
new file mode 100644
index 0000000000..e6e6e97222
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-self/worker-import.https.html.ini
@@ -0,0 +1,26 @@
+[worker-import.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Content Security Policy: Expects blocked for worker-import to cross-https origin and keep-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worker-import to cross-https origin and no-redirect redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worker-import to cross-https origin and swap-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worker-import to same-https origin and swap-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worker-import to cross-https origin and keep-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worker-import to cross-https origin and no-redirect redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worker-import to cross-https origin and swap-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worker-import to same-https origin and swap-origin redirection from https context.]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-self/worker-module.http.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-self/worker-module.http.html.ini
new file mode 100644
index 0000000000..0082540cbc
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-self/worker-module.http.html.ini
@@ -0,0 +1,3 @@
+[worker-module.http.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-self/worker-module.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-self/worker-module.https.html.ini
new file mode 100644
index 0000000000..ab06e1721a
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-self/worker-module.https.html.ini
@@ -0,0 +1,3 @@
+[worker-module.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-self/worklet-animation-import-data.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-self/worklet-animation-import-data.https.html.ini
new file mode 100644
index 0000000000..d7c9a34ca1
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-self/worklet-animation-import-data.https.html.ini
@@ -0,0 +1,20 @@
+[worklet-animation-import-data.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Content Security Policy: Expects blocked for worklet-animation-import-data to cross-https origin and keep-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worklet-animation-import-data to cross-https origin and no-redirect redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worklet-animation-import-data to cross-https origin and swap-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worklet-animation-import-data to same-https origin and keep-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worklet-animation-import-data to same-https origin and no-redirect redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worklet-animation-import-data to same-https origin and swap-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-self/worklet-animation.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-self/worklet-animation.https.html.ini
new file mode 100644
index 0000000000..53eb874479
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-self/worklet-animation.https.html.ini
@@ -0,0 +1,20 @@
+[worklet-animation.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Content Security Policy: Expects allowed for worklet-animation to same-https origin and keep-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-animation to same-https origin and no-redirect redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worklet-animation to cross-https origin and keep-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worklet-animation to cross-https origin and no-redirect redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worklet-animation to cross-https origin and swap-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worklet-animation to same-https origin and swap-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-self/worklet-audio.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-self/worklet-audio.https.html.ini
new file mode 100644
index 0000000000..be8ef13407
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-self/worklet-audio.https.html.ini
@@ -0,0 +1,3 @@
+[worklet-audio.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-self/worklet-layout-import-data.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-self/worklet-layout-import-data.https.html.ini
new file mode 100644
index 0000000000..434d379f91
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-self/worklet-layout-import-data.https.html.ini
@@ -0,0 +1,20 @@
+[worklet-layout-import-data.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Content Security Policy: Expects blocked for worklet-layout-import-data to cross-https origin and keep-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worklet-layout-import-data to cross-https origin and no-redirect redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worklet-layout-import-data to cross-https origin and swap-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worklet-layout-import-data to same-https origin and keep-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worklet-layout-import-data to same-https origin and no-redirect redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worklet-layout-import-data to same-https origin and swap-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-self/worklet-layout.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-self/worklet-layout.https.html.ini
new file mode 100644
index 0000000000..6c864861a7
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-self/worklet-layout.https.html.ini
@@ -0,0 +1,20 @@
+[worklet-layout.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Content Security Policy: Expects allowed for worklet-layout to same-https origin and keep-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-layout to same-https origin and no-redirect redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worklet-layout to cross-https origin and keep-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worklet-layout to cross-https origin and no-redirect redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worklet-layout to cross-https origin and swap-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worklet-layout to same-https origin and swap-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-self/worklet-paint-import-data.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-self/worklet-paint-import-data.https.html.ini
new file mode 100644
index 0000000000..d79d620f44
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-self/worklet-paint-import-data.https.html.ini
@@ -0,0 +1,18 @@
+[worklet-paint-import-data.https.html]
+ [Content Security Policy: Expects blocked for worklet-paint-import-data to cross-https origin and keep-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worklet-paint-import-data to cross-https origin and no-redirect redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worklet-paint-import-data to cross-https origin and swap-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worklet-paint-import-data to same-https origin and keep-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worklet-paint-import-data to same-https origin and no-redirect redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worklet-paint-import-data to same-https origin and swap-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-self/worklet-paint.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-self/worklet-paint.https.html.ini
new file mode 100644
index 0000000000..35a73a49e3
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-self/worklet-paint.https.html.ini
@@ -0,0 +1,20 @@
+[worklet-paint.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Content Security Policy: Expects allowed for worklet-paint to same-https origin and keep-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-paint to same-https origin and no-redirect redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worklet-paint to cross-https origin and keep-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worklet-paint to cross-https origin and no-redirect redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worklet-paint to cross-https origin and swap-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worklet-paint to same-https origin and swap-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/script-tag.http.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/script-tag.http.html.ini
new file mode 100644
index 0000000000..f7ef892bd1
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/script-tag.http.html.ini
@@ -0,0 +1,3 @@
+[script-tag.http.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/script-tag.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/script-tag.https.html.ini
new file mode 100644
index 0000000000..fb8d9dd0e1
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/script-tag.https.html.ini
@@ -0,0 +1,3 @@
+[script-tag.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/sharedworker-classic.http.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/sharedworker-classic.http.html.ini
new file mode 100644
index 0000000000..7544c2b5eb
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/sharedworker-classic.http.html.ini
@@ -0,0 +1,3 @@
+[sharedworker-classic.http.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/sharedworker-classic.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/sharedworker-classic.https.html.ini
new file mode 100644
index 0000000000..8b3ce6b1f8
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/sharedworker-classic.https.html.ini
@@ -0,0 +1,3 @@
+[sharedworker-classic.https.html]
+ expected:
+ if (os == "android") and fission: [TIMEOUT, OK]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/sharedworker-import-data.http.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/sharedworker-import-data.http.html.ini
new file mode 100644
index 0000000000..f4f8d8d9b2
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/sharedworker-import-data.http.html.ini
@@ -0,0 +1,20 @@
+[sharedworker-import-data.http.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Content Security Policy: Expects blocked for sharedworker-import-data to cross-http origin and keep-origin redirection from http context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import-data to cross-http origin and no-redirect redirection from http context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import-data to cross-http origin and swap-origin redirection from http context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import-data to same-http origin and keep-origin redirection from http context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import-data to same-http origin and no-redirect redirection from http context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import-data to same-http origin and swap-origin redirection from http context.: securitypolicyviolation]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/sharedworker-import-data.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/sharedworker-import-data.https.html.ini
new file mode 100644
index 0000000000..b7a5ffbdb1
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/sharedworker-import-data.https.html.ini
@@ -0,0 +1,20 @@
+[sharedworker-import-data.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Content Security Policy: Expects blocked for sharedworker-import-data to cross-https origin and keep-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import-data to cross-https origin and no-redirect redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import-data to cross-https origin and swap-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import-data to same-https origin and keep-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import-data to same-https origin and no-redirect redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import-data to same-https origin and swap-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/sharedworker-import.http.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/sharedworker-import.http.html.ini
new file mode 100644
index 0000000000..3fcdfed02a
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/sharedworker-import.http.html.ini
@@ -0,0 +1,3 @@
+[sharedworker-import.http.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/sharedworker-import.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/sharedworker-import.https.html.ini
new file mode 100644
index 0000000000..d237a8a97f
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/sharedworker-import.https.html.ini
@@ -0,0 +1,3 @@
+[sharedworker-import.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/sharedworker-module.http.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/sharedworker-module.http.html.ini
new file mode 100644
index 0000000000..957fcb2ed8
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/sharedworker-module.http.html.ini
@@ -0,0 +1,3 @@
+[sharedworker-module.http.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/sharedworker-module.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/sharedworker-module.https.html.ini
new file mode 100644
index 0000000000..b0a64ca84f
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/sharedworker-module.https.html.ini
@@ -0,0 +1,3 @@
+[sharedworker-module.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/worker-classic.http.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/worker-classic.http.html.ini
new file mode 100644
index 0000000000..8c32533525
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/worker-classic.http.html.ini
@@ -0,0 +1,3 @@
+[worker-classic.http.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/worker-classic.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/worker-classic.https.html.ini
new file mode 100644
index 0000000000..b671c1a911
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/worker-classic.https.html.ini
@@ -0,0 +1,3 @@
+[worker-classic.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/worker-import-data.http.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/worker-import-data.http.html.ini
new file mode 100644
index 0000000000..2f289c0e9e
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/worker-import-data.http.html.ini
@@ -0,0 +1,3 @@
+[worker-import-data.http.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/worker-import-data.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/worker-import-data.https.html.ini
new file mode 100644
index 0000000000..0010e389b4
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/worker-import-data.https.html.ini
@@ -0,0 +1,3 @@
+[worker-import-data.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/worker-import.http.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/worker-import.http.html.ini
new file mode 100644
index 0000000000..2e24fd4c16
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/worker-import.http.html.ini
@@ -0,0 +1,3 @@
+[worker-import.http.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/worker-import.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/worker-import.https.html.ini
new file mode 100644
index 0000000000..d3ebd9af27
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/worker-import.https.html.ini
@@ -0,0 +1,3 @@
+[worker-import.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/worker-module.http.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/worker-module.http.html.ini
new file mode 100644
index 0000000000..0082540cbc
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/worker-module.http.html.ini
@@ -0,0 +1,3 @@
+[worker-module.http.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/worker-module.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/worker-module.https.html.ini
new file mode 100644
index 0000000000..ab06e1721a
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/worker-module.https.html.ini
@@ -0,0 +1,3 @@
+[worker-module.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/worklet-animation-import-data.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/worklet-animation-import-data.https.html.ini
new file mode 100644
index 0000000000..d7c9a34ca1
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/worklet-animation-import-data.https.html.ini
@@ -0,0 +1,20 @@
+[worklet-animation-import-data.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Content Security Policy: Expects blocked for worklet-animation-import-data to cross-https origin and keep-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worklet-animation-import-data to cross-https origin and no-redirect redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worklet-animation-import-data to cross-https origin and swap-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worklet-animation-import-data to same-https origin and keep-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worklet-animation-import-data to same-https origin and no-redirect redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worklet-animation-import-data to same-https origin and swap-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/worklet-animation.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/worklet-animation.https.html.ini
new file mode 100644
index 0000000000..cf5a59e372
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/worklet-animation.https.html.ini
@@ -0,0 +1,20 @@
+[worklet-animation.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Content Security Policy: Expects allowed for worklet-animation to cross-https origin and keep-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-animation to cross-https origin and no-redirect redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-animation to cross-https origin and swap-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-animation to same-https origin and keep-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-animation to same-https origin and no-redirect redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-animation to same-https origin and swap-origin redirection from https context.]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/worklet-audio.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/worklet-audio.https.html.ini
new file mode 100644
index 0000000000..be8ef13407
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/worklet-audio.https.html.ini
@@ -0,0 +1,3 @@
+[worklet-audio.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/worklet-layout-import-data.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/worklet-layout-import-data.https.html.ini
new file mode 100644
index 0000000000..434d379f91
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/worklet-layout-import-data.https.html.ini
@@ -0,0 +1,20 @@
+[worklet-layout-import-data.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Content Security Policy: Expects blocked for worklet-layout-import-data to cross-https origin and keep-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worklet-layout-import-data to cross-https origin and no-redirect redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worklet-layout-import-data to cross-https origin and swap-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worklet-layout-import-data to same-https origin and keep-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worklet-layout-import-data to same-https origin and no-redirect redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worklet-layout-import-data to same-https origin and swap-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/worklet-layout.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/worklet-layout.https.html.ini
new file mode 100644
index 0000000000..bf0a01565b
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/worklet-layout.https.html.ini
@@ -0,0 +1,20 @@
+[worklet-layout.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Content Security Policy: Expects allowed for worklet-layout to cross-https origin and keep-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-layout to cross-https origin and no-redirect redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-layout to cross-https origin and swap-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-layout to same-https origin and keep-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-layout to same-https origin and no-redirect redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-layout to same-https origin and swap-origin redirection from https context.]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/worklet-paint-import-data.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/worklet-paint-import-data.https.html.ini
new file mode 100644
index 0000000000..002596bbda
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/worklet-paint-import-data.https.html.ini
@@ -0,0 +1,20 @@
+[worklet-paint-import-data.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Content Security Policy: Expects blocked for worklet-paint-import-data to cross-https origin and keep-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worklet-paint-import-data to cross-https origin and no-redirect redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worklet-paint-import-data to cross-https origin and swap-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worklet-paint-import-data to same-https origin and keep-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worklet-paint-import-data to same-https origin and no-redirect redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worklet-paint-import-data to same-https origin and swap-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/worklet-paint.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/worklet-paint.https.html.ini
new file mode 100644
index 0000000000..9e4aafce7b
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/script-src-wildcard/worklet-paint.https.html.ini
@@ -0,0 +1,20 @@
+[worklet-paint.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Content Security Policy: Expects allowed for worklet-paint to cross-https origin and keep-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-paint to cross-https origin and no-redirect redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-paint to cross-https origin and swap-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-paint to same-https origin and keep-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-paint to same-https origin and no-redirect redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-paint to same-https origin and swap-origin redirection from https context.]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-none/script-tag.http.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-none/script-tag.http.html.ini
new file mode 100644
index 0000000000..f7ef892bd1
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-none/script-tag.http.html.ini
@@ -0,0 +1,3 @@
+[script-tag.http.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-none/script-tag.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-none/script-tag.https.html.ini
new file mode 100644
index 0000000000..fb8d9dd0e1
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-none/script-tag.https.html.ini
@@ -0,0 +1,3 @@
+[script-tag.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-none/sharedworker-classic.http.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-none/sharedworker-classic.http.html.ini
new file mode 100644
index 0000000000..dcc741e4a5
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-none/sharedworker-classic.http.html.ini
@@ -0,0 +1,8 @@
+[sharedworker-classic.http.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Content Security Policy: Expects blocked for sharedworker-classic to same-http origin and keep-origin redirection from http context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-classic to same-http origin and no-redirect redirection from http context.: securitypolicyviolation]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-none/sharedworker-classic.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-none/sharedworker-classic.https.html.ini
new file mode 100644
index 0000000000..57626c51b7
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-none/sharedworker-classic.https.html.ini
@@ -0,0 +1,8 @@
+[sharedworker-classic.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Content Security Policy: Expects blocked for sharedworker-classic to same-https origin and keep-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-classic to same-https origin and no-redirect redirection from https context.: securitypolicyviolation]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-none/sharedworker-import-data.http.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-none/sharedworker-import-data.http.html.ini
new file mode 100644
index 0000000000..f4f8d8d9b2
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-none/sharedworker-import-data.http.html.ini
@@ -0,0 +1,20 @@
+[sharedworker-import-data.http.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Content Security Policy: Expects blocked for sharedworker-import-data to cross-http origin and keep-origin redirection from http context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import-data to cross-http origin and no-redirect redirection from http context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import-data to cross-http origin and swap-origin redirection from http context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import-data to same-http origin and keep-origin redirection from http context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import-data to same-http origin and no-redirect redirection from http context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import-data to same-http origin and swap-origin redirection from http context.: securitypolicyviolation]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-none/sharedworker-import-data.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-none/sharedworker-import-data.https.html.ini
new file mode 100644
index 0000000000..b7a5ffbdb1
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-none/sharedworker-import-data.https.html.ini
@@ -0,0 +1,20 @@
+[sharedworker-import-data.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Content Security Policy: Expects blocked for sharedworker-import-data to cross-https origin and keep-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import-data to cross-https origin and no-redirect redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import-data to cross-https origin and swap-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import-data to same-https origin and keep-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import-data to same-https origin and no-redirect redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import-data to same-https origin and swap-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-none/sharedworker-import.http.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-none/sharedworker-import.http.html.ini
new file mode 100644
index 0000000000..31d85745ec
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-none/sharedworker-import.http.html.ini
@@ -0,0 +1,20 @@
+[sharedworker-import.http.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Content Security Policy: Expects blocked for sharedworker-import to cross-http origin and keep-origin redirection from http context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import to cross-http origin and no-redirect redirection from http context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import to cross-http origin and swap-origin redirection from http context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import to same-http origin and keep-origin redirection from http context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import to same-http origin and no-redirect redirection from http context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import to same-http origin and swap-origin redirection from http context.: securitypolicyviolation]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-none/sharedworker-import.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-none/sharedworker-import.https.html.ini
new file mode 100644
index 0000000000..acca51f53d
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-none/sharedworker-import.https.html.ini
@@ -0,0 +1,20 @@
+[sharedworker-import.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Content Security Policy: Expects blocked for sharedworker-import to cross-https origin and keep-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import to cross-https origin and no-redirect redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import to cross-https origin and swap-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import to same-https origin and keep-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import to same-https origin and no-redirect redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import to same-https origin and swap-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-none/sharedworker-module.http.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-none/sharedworker-module.http.html.ini
new file mode 100644
index 0000000000..6df2cefc91
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-none/sharedworker-module.http.html.ini
@@ -0,0 +1,8 @@
+[sharedworker-module.http.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Content Security Policy: Expects blocked for sharedworker-module to same-http origin and keep-origin redirection from http context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-module to same-http origin and no-redirect redirection from http context.: securitypolicyviolation]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-none/sharedworker-module.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-none/sharedworker-module.https.html.ini
new file mode 100644
index 0000000000..21edb11f90
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-none/sharedworker-module.https.html.ini
@@ -0,0 +1,8 @@
+[sharedworker-module.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Content Security Policy: Expects blocked for sharedworker-module to same-https origin and keep-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-module to same-https origin and no-redirect redirection from https context.: securitypolicyviolation]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-none/worker-classic.http.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-none/worker-classic.http.html.ini
new file mode 100644
index 0000000000..8c32533525
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-none/worker-classic.http.html.ini
@@ -0,0 +1,3 @@
+[worker-classic.http.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-none/worker-classic.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-none/worker-classic.https.html.ini
new file mode 100644
index 0000000000..b671c1a911
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-none/worker-classic.https.html.ini
@@ -0,0 +1,3 @@
+[worker-classic.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-none/worker-import-data.http.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-none/worker-import-data.http.html.ini
new file mode 100644
index 0000000000..2f289c0e9e
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-none/worker-import-data.http.html.ini
@@ -0,0 +1,3 @@
+[worker-import-data.http.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-none/worker-import.http.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-none/worker-import.http.html.ini
new file mode 100644
index 0000000000..2e24fd4c16
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-none/worker-import.http.html.ini
@@ -0,0 +1,3 @@
+[worker-import.http.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-none/worker-import.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-none/worker-import.https.html.ini
new file mode 100644
index 0000000000..d3ebd9af27
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-none/worker-import.https.html.ini
@@ -0,0 +1,3 @@
+[worker-import.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-none/worker-module.http.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-none/worker-module.http.html.ini
new file mode 100644
index 0000000000..0082540cbc
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-none/worker-module.http.html.ini
@@ -0,0 +1,3 @@
+[worker-module.http.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-none/worker-module.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-none/worker-module.https.html.ini
new file mode 100644
index 0000000000..ab06e1721a
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-none/worker-module.https.html.ini
@@ -0,0 +1,3 @@
+[worker-module.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-none/worklet-animation-import-data.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-none/worklet-animation-import-data.https.html.ini
new file mode 100644
index 0000000000..caafc67d74
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-none/worklet-animation-import-data.https.html.ini
@@ -0,0 +1,20 @@
+[worklet-animation-import-data.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Content Security Policy: Expects allowed for worklet-animation-import-data to cross-https origin and keep-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-animation-import-data to cross-https origin and no-redirect redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-animation-import-data to cross-https origin and swap-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-animation-import-data to same-https origin and keep-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-animation-import-data to same-https origin and no-redirect redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-animation-import-data to same-https origin and swap-origin redirection from https context.]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-none/worklet-animation.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-none/worklet-animation.https.html.ini
new file mode 100644
index 0000000000..cf5a59e372
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-none/worklet-animation.https.html.ini
@@ -0,0 +1,20 @@
+[worklet-animation.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Content Security Policy: Expects allowed for worklet-animation to cross-https origin and keep-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-animation to cross-https origin and no-redirect redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-animation to cross-https origin and swap-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-animation to same-https origin and keep-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-animation to same-https origin and no-redirect redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-animation to same-https origin and swap-origin redirection from https context.]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-none/worklet-audio.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-none/worklet-audio.https.html.ini
new file mode 100644
index 0000000000..be8ef13407
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-none/worklet-audio.https.html.ini
@@ -0,0 +1,3 @@
+[worklet-audio.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-none/worklet-layout-import-data.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-none/worklet-layout-import-data.https.html.ini
new file mode 100644
index 0000000000..f9123aa5b4
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-none/worklet-layout-import-data.https.html.ini
@@ -0,0 +1,19 @@
+[worklet-layout-import-data.https.html]
+ [Content Security Policy: Expects allowed for worklet-layout-import-data to cross-https origin and keep-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-layout-import-data to cross-https origin and no-redirect redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-layout-import-data to cross-https origin and swap-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-layout-import-data to same-https origin and keep-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-layout-import-data to same-https origin and no-redirect redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-layout-import-data to same-https origin and swap-origin redirection from https context.]
+ expected: FAIL
+
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-none/worklet-layout.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-none/worklet-layout.https.html.ini
new file mode 100644
index 0000000000..bf0a01565b
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-none/worklet-layout.https.html.ini
@@ -0,0 +1,20 @@
+[worklet-layout.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Content Security Policy: Expects allowed for worklet-layout to cross-https origin and keep-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-layout to cross-https origin and no-redirect redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-layout to cross-https origin and swap-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-layout to same-https origin and keep-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-layout to same-https origin and no-redirect redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-layout to same-https origin and swap-origin redirection from https context.]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-none/worklet-paint-import-data.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-none/worklet-paint-import-data.https.html.ini
new file mode 100644
index 0000000000..66b22a10d1
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-none/worklet-paint-import-data.https.html.ini
@@ -0,0 +1,20 @@
+[worklet-paint-import-data.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Content Security Policy: Expects allowed for worklet-paint-import-data to cross-https origin and keep-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-paint-import-data to cross-https origin and no-redirect redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-paint-import-data to cross-https origin and swap-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-paint-import-data to same-https origin and keep-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-paint-import-data to same-https origin and no-redirect redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-paint-import-data to same-https origin and swap-origin redirection from https context.]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-none/worklet-paint.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-none/worklet-paint.https.html.ini
new file mode 100644
index 0000000000..9e4aafce7b
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-none/worklet-paint.https.html.ini
@@ -0,0 +1,20 @@
+[worklet-paint.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Content Security Policy: Expects allowed for worklet-paint to cross-https origin and keep-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-paint to cross-https origin and no-redirect redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-paint to cross-https origin and swap-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-paint to same-https origin and keep-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-paint to same-https origin and no-redirect redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-paint to same-https origin and swap-origin redirection from https context.]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-self/script-tag.http.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-self/script-tag.http.html.ini
new file mode 100644
index 0000000000..f7ef892bd1
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-self/script-tag.http.html.ini
@@ -0,0 +1,3 @@
+[script-tag.http.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-self/script-tag.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-self/script-tag.https.html.ini
new file mode 100644
index 0000000000..fb8d9dd0e1
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-self/script-tag.https.html.ini
@@ -0,0 +1,3 @@
+[script-tag.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-self/sharedworker-classic.http.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-self/sharedworker-classic.http.html.ini
new file mode 100644
index 0000000000..7544c2b5eb
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-self/sharedworker-classic.http.html.ini
@@ -0,0 +1,3 @@
+[sharedworker-classic.http.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-self/sharedworker-classic.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-self/sharedworker-classic.https.html.ini
new file mode 100644
index 0000000000..042f715b98
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-self/sharedworker-classic.https.html.ini
@@ -0,0 +1,3 @@
+[sharedworker-classic.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-self/sharedworker-import-data.http.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-self/sharedworker-import-data.http.html.ini
new file mode 100644
index 0000000000..f4f8d8d9b2
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-self/sharedworker-import-data.http.html.ini
@@ -0,0 +1,20 @@
+[sharedworker-import-data.http.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Content Security Policy: Expects blocked for sharedworker-import-data to cross-http origin and keep-origin redirection from http context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import-data to cross-http origin and no-redirect redirection from http context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import-data to cross-http origin and swap-origin redirection from http context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import-data to same-http origin and keep-origin redirection from http context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import-data to same-http origin and no-redirect redirection from http context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import-data to same-http origin and swap-origin redirection from http context.: securitypolicyviolation]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-self/sharedworker-import-data.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-self/sharedworker-import-data.https.html.ini
new file mode 100644
index 0000000000..b7a5ffbdb1
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-self/sharedworker-import-data.https.html.ini
@@ -0,0 +1,20 @@
+[sharedworker-import-data.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Content Security Policy: Expects blocked for sharedworker-import-data to cross-https origin and keep-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import-data to cross-https origin and no-redirect redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import-data to cross-https origin and swap-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import-data to same-https origin and keep-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import-data to same-https origin and no-redirect redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import-data to same-https origin and swap-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-self/sharedworker-import.http.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-self/sharedworker-import.http.html.ini
new file mode 100644
index 0000000000..9523c43ab8
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-self/sharedworker-import.http.html.ini
@@ -0,0 +1,26 @@
+[sharedworker-import.http.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Content Security Policy: Expects blocked for sharedworker-import to cross-http origin and keep-origin redirection from http context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import to cross-http origin and no-redirect redirection from http context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import to cross-http origin and swap-origin redirection from http context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import to same-http origin and swap-origin redirection from http context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import to cross-http origin and keep-origin redirection from http context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import to cross-http origin and no-redirect redirection from http context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import to cross-http origin and swap-origin redirection from http context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import to same-http origin and swap-origin redirection from http context.]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-self/sharedworker-import.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-self/sharedworker-import.https.html.ini
new file mode 100644
index 0000000000..33d5c36e4a
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-self/sharedworker-import.https.html.ini
@@ -0,0 +1,26 @@
+[sharedworker-import.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Content Security Policy: Expects blocked for sharedworker-import to cross-https origin and keep-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import to cross-https origin and no-redirect redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import to cross-https origin and swap-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import to same-https origin and swap-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import to cross-https origin and keep-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import to cross-https origin and no-redirect redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import to cross-https origin and swap-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import to same-https origin and swap-origin redirection from https context.]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-self/sharedworker-module.http.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-self/sharedworker-module.http.html.ini
new file mode 100644
index 0000000000..957fcb2ed8
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-self/sharedworker-module.http.html.ini
@@ -0,0 +1,3 @@
+[sharedworker-module.http.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-self/sharedworker-module.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-self/sharedworker-module.https.html.ini
new file mode 100644
index 0000000000..b0a64ca84f
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-self/sharedworker-module.https.html.ini
@@ -0,0 +1,3 @@
+[sharedworker-module.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-self/worker-classic.http.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-self/worker-classic.http.html.ini
new file mode 100644
index 0000000000..8c32533525
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-self/worker-classic.http.html.ini
@@ -0,0 +1,3 @@
+[worker-classic.http.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-self/worker-classic.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-self/worker-classic.https.html.ini
new file mode 100644
index 0000000000..b671c1a911
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-self/worker-classic.https.html.ini
@@ -0,0 +1,3 @@
+[worker-classic.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-self/worker-import-data.http.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-self/worker-import-data.http.html.ini
new file mode 100644
index 0000000000..2f289c0e9e
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-self/worker-import-data.http.html.ini
@@ -0,0 +1,3 @@
+[worker-import-data.http.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-self/worker-import-data.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-self/worker-import-data.https.html.ini
new file mode 100644
index 0000000000..0010e389b4
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-self/worker-import-data.https.html.ini
@@ -0,0 +1,3 @@
+[worker-import-data.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-self/worker-import.http.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-self/worker-import.http.html.ini
new file mode 100644
index 0000000000..ffb862a26c
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-self/worker-import.http.html.ini
@@ -0,0 +1,26 @@
+[worker-import.http.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Content Security Policy: Expects blocked for worker-import to cross-http origin and keep-origin redirection from http context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worker-import to cross-http origin and no-redirect redirection from http context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worker-import to cross-http origin and swap-origin redirection from http context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worker-import to same-http origin and swap-origin redirection from http context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worker-import to cross-http origin and keep-origin redirection from http context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worker-import to cross-http origin and no-redirect redirection from http context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worker-import to cross-http origin and swap-origin redirection from http context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worker-import to same-http origin and swap-origin redirection from http context.]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-self/worker-import.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-self/worker-import.https.html.ini
new file mode 100644
index 0000000000..e6e6e97222
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-self/worker-import.https.html.ini
@@ -0,0 +1,26 @@
+[worker-import.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Content Security Policy: Expects blocked for worker-import to cross-https origin and keep-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worker-import to cross-https origin and no-redirect redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worker-import to cross-https origin and swap-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worker-import to same-https origin and swap-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worker-import to cross-https origin and keep-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worker-import to cross-https origin and no-redirect redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worker-import to cross-https origin and swap-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worker-import to same-https origin and swap-origin redirection from https context.]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-self/worker-module.http.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-self/worker-module.http.html.ini
new file mode 100644
index 0000000000..0082540cbc
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-self/worker-module.http.html.ini
@@ -0,0 +1,3 @@
+[worker-module.http.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-self/worker-module.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-self/worker-module.https.html.ini
new file mode 100644
index 0000000000..ab06e1721a
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-self/worker-module.https.html.ini
@@ -0,0 +1,3 @@
+[worker-module.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-self/worklet-animation-import-data.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-self/worklet-animation-import-data.https.html.ini
new file mode 100644
index 0000000000..caafc67d74
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-self/worklet-animation-import-data.https.html.ini
@@ -0,0 +1,20 @@
+[worklet-animation-import-data.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Content Security Policy: Expects allowed for worklet-animation-import-data to cross-https origin and keep-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-animation-import-data to cross-https origin and no-redirect redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-animation-import-data to cross-https origin and swap-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-animation-import-data to same-https origin and keep-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-animation-import-data to same-https origin and no-redirect redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-animation-import-data to same-https origin and swap-origin redirection from https context.]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-self/worklet-animation.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-self/worklet-animation.https.html.ini
new file mode 100644
index 0000000000..cf5a59e372
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-self/worklet-animation.https.html.ini
@@ -0,0 +1,20 @@
+[worklet-animation.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Content Security Policy: Expects allowed for worklet-animation to cross-https origin and keep-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-animation to cross-https origin and no-redirect redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-animation to cross-https origin and swap-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-animation to same-https origin and keep-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-animation to same-https origin and no-redirect redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-animation to same-https origin and swap-origin redirection from https context.]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-self/worklet-audio.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-self/worklet-audio.https.html.ini
new file mode 100644
index 0000000000..be8ef13407
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-self/worklet-audio.https.html.ini
@@ -0,0 +1,3 @@
+[worklet-audio.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-self/worklet-layout-import-data.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-self/worklet-layout-import-data.https.html.ini
new file mode 100644
index 0000000000..9d425c9fd4
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-self/worklet-layout-import-data.https.html.ini
@@ -0,0 +1,20 @@
+[worklet-layout-import-data.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Content Security Policy: Expects allowed for worklet-layout-import-data to cross-https origin and keep-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-layout-import-data to cross-https origin and no-redirect redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-layout-import-data to cross-https origin and swap-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-layout-import-data to same-https origin and keep-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-layout-import-data to same-https origin and no-redirect redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-layout-import-data to same-https origin and swap-origin redirection from https context.]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-self/worklet-layout.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-self/worklet-layout.https.html.ini
new file mode 100644
index 0000000000..abfd5ffc84
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-self/worklet-layout.https.html.ini
@@ -0,0 +1,19 @@
+[worklet-layout.https.html]
+ [Content Security Policy: Expects allowed for worklet-layout to cross-https origin and keep-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-layout to cross-https origin and no-redirect redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-layout to cross-https origin and swap-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-layout to same-https origin and keep-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-layout to same-https origin and no-redirect redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-layout to same-https origin and swap-origin redirection from https context.]
+ expected: FAIL
+
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-self/worklet-paint-import-data.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-self/worklet-paint-import-data.https.html.ini
new file mode 100644
index 0000000000..66b22a10d1
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-self/worklet-paint-import-data.https.html.ini
@@ -0,0 +1,20 @@
+[worklet-paint-import-data.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Content Security Policy: Expects allowed for worklet-paint-import-data to cross-https origin and keep-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-paint-import-data to cross-https origin and no-redirect redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-paint-import-data to cross-https origin and swap-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-paint-import-data to same-https origin and keep-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-paint-import-data to same-https origin and no-redirect redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-paint-import-data to same-https origin and swap-origin redirection from https context.]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-self/worklet-paint.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-self/worklet-paint.https.html.ini
new file mode 100644
index 0000000000..9e4aafce7b
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-self/worklet-paint.https.html.ini
@@ -0,0 +1,20 @@
+[worklet-paint.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Content Security Policy: Expects allowed for worklet-paint to cross-https origin and keep-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-paint to cross-https origin and no-redirect redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-paint to cross-https origin and swap-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-paint to same-https origin and keep-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-paint to same-https origin and no-redirect redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-paint to same-https origin and swap-origin redirection from https context.]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/script-tag.http.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/script-tag.http.html.ini
new file mode 100644
index 0000000000..f7ef892bd1
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/script-tag.http.html.ini
@@ -0,0 +1,3 @@
+[script-tag.http.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/script-tag.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/script-tag.https.html.ini
new file mode 100644
index 0000000000..fb8d9dd0e1
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/script-tag.https.html.ini
@@ -0,0 +1,3 @@
+[script-tag.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/sharedworker-classic.http.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/sharedworker-classic.http.html.ini
new file mode 100644
index 0000000000..7544c2b5eb
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/sharedworker-classic.http.html.ini
@@ -0,0 +1,3 @@
+[sharedworker-classic.http.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/sharedworker-classic.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/sharedworker-classic.https.html.ini
new file mode 100644
index 0000000000..042f715b98
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/sharedworker-classic.https.html.ini
@@ -0,0 +1,3 @@
+[sharedworker-classic.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/sharedworker-import-data.http.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/sharedworker-import-data.http.html.ini
new file mode 100644
index 0000000000..f4f8d8d9b2
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/sharedworker-import-data.http.html.ini
@@ -0,0 +1,20 @@
+[sharedworker-import-data.http.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Content Security Policy: Expects blocked for sharedworker-import-data to cross-http origin and keep-origin redirection from http context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import-data to cross-http origin and no-redirect redirection from http context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import-data to cross-http origin and swap-origin redirection from http context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import-data to same-http origin and keep-origin redirection from http context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import-data to same-http origin and no-redirect redirection from http context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import-data to same-http origin and swap-origin redirection from http context.: securitypolicyviolation]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/sharedworker-import-data.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/sharedworker-import-data.https.html.ini
new file mode 100644
index 0000000000..b7a5ffbdb1
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/sharedworker-import-data.https.html.ini
@@ -0,0 +1,20 @@
+[sharedworker-import-data.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Content Security Policy: Expects blocked for sharedworker-import-data to cross-https origin and keep-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import-data to cross-https origin and no-redirect redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import-data to cross-https origin and swap-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import-data to same-https origin and keep-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import-data to same-https origin and no-redirect redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import-data to same-https origin and swap-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/sharedworker-import.http.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/sharedworker-import.http.html.ini
new file mode 100644
index 0000000000..3fcdfed02a
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/sharedworker-import.http.html.ini
@@ -0,0 +1,3 @@
+[sharedworker-import.http.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/sharedworker-import.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/sharedworker-import.https.html.ini
new file mode 100644
index 0000000000..d237a8a97f
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/sharedworker-import.https.html.ini
@@ -0,0 +1,3 @@
+[sharedworker-import.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/sharedworker-module.http.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/sharedworker-module.http.html.ini
new file mode 100644
index 0000000000..957fcb2ed8
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/sharedworker-module.http.html.ini
@@ -0,0 +1,3 @@
+[sharedworker-module.http.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/sharedworker-module.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/sharedworker-module.https.html.ini
new file mode 100644
index 0000000000..b0a64ca84f
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/sharedworker-module.https.html.ini
@@ -0,0 +1,3 @@
+[sharedworker-module.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/worker-classic.http.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/worker-classic.http.html.ini
new file mode 100644
index 0000000000..8c32533525
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/worker-classic.http.html.ini
@@ -0,0 +1,3 @@
+[worker-classic.http.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/worker-classic.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/worker-classic.https.html.ini
new file mode 100644
index 0000000000..c8a8e2252a
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/worker-classic.https.html.ini
@@ -0,0 +1,3 @@
+[worker-classic.https.html]
+ expected:
+ if (os == "android") and fission: [TIMEOUT, OK]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/worker-import-data.http.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/worker-import-data.http.html.ini
new file mode 100644
index 0000000000..2f289c0e9e
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/worker-import-data.http.html.ini
@@ -0,0 +1,3 @@
+[worker-import-data.http.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/worker-import-data.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/worker-import-data.https.html.ini
new file mode 100644
index 0000000000..0010e389b4
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/worker-import-data.https.html.ini
@@ -0,0 +1,3 @@
+[worker-import-data.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/worker-import.http.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/worker-import.http.html.ini
new file mode 100644
index 0000000000..2e24fd4c16
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/worker-import.http.html.ini
@@ -0,0 +1,3 @@
+[worker-import.http.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/worker-import.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/worker-import.https.html.ini
new file mode 100644
index 0000000000..d3ebd9af27
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/worker-import.https.html.ini
@@ -0,0 +1,3 @@
+[worker-import.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/worker-module.http.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/worker-module.http.html.ini
new file mode 100644
index 0000000000..0082540cbc
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/worker-module.http.html.ini
@@ -0,0 +1,3 @@
+[worker-module.http.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/worker-module.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/worker-module.https.html.ini
new file mode 100644
index 0000000000..ab06e1721a
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/worker-module.https.html.ini
@@ -0,0 +1,3 @@
+[worker-module.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/worklet-animation-import-data.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/worklet-animation-import-data.https.html.ini
new file mode 100644
index 0000000000..d07fb3b5f3
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/worklet-animation-import-data.https.html.ini
@@ -0,0 +1,18 @@
+[worklet-animation-import-data.https.html]
+ [Content Security Policy: Expects allowed for worklet-animation-import-data to cross-https origin and keep-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-animation-import-data to cross-https origin and no-redirect redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-animation-import-data to cross-https origin and swap-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-animation-import-data to same-https origin and keep-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-animation-import-data to same-https origin and no-redirect redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-animation-import-data to same-https origin and swap-origin redirection from https context.]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/worklet-animation.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/worklet-animation.https.html.ini
new file mode 100644
index 0000000000..cf5a59e372
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/worklet-animation.https.html.ini
@@ -0,0 +1,20 @@
+[worklet-animation.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Content Security Policy: Expects allowed for worklet-animation to cross-https origin and keep-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-animation to cross-https origin and no-redirect redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-animation to cross-https origin and swap-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-animation to same-https origin and keep-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-animation to same-https origin and no-redirect redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-animation to same-https origin and swap-origin redirection from https context.]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/worklet-audio.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/worklet-audio.https.html.ini
new file mode 100644
index 0000000000..be8ef13407
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/worklet-audio.https.html.ini
@@ -0,0 +1,3 @@
+[worklet-audio.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/worklet-layout-import-data.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/worklet-layout-import-data.https.html.ini
new file mode 100644
index 0000000000..9d425c9fd4
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/worklet-layout-import-data.https.html.ini
@@ -0,0 +1,20 @@
+[worklet-layout-import-data.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Content Security Policy: Expects allowed for worklet-layout-import-data to cross-https origin and keep-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-layout-import-data to cross-https origin and no-redirect redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-layout-import-data to cross-https origin and swap-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-layout-import-data to same-https origin and keep-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-layout-import-data to same-https origin and no-redirect redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-layout-import-data to same-https origin and swap-origin redirection from https context.]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/worklet-layout.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/worklet-layout.https.html.ini
new file mode 100644
index 0000000000..1faa14a592
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/worklet-layout.https.html.ini
@@ -0,0 +1,18 @@
+[worklet-layout.https.html]
+ [Content Security Policy: Expects allowed for worklet-layout to cross-https origin and keep-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-layout to cross-https origin and no-redirect redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-layout to cross-https origin and swap-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-layout to same-https origin and keep-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-layout to same-https origin and no-redirect redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-layout to same-https origin and swap-origin redirection from https context.]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/worklet-paint-import-data.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/worklet-paint-import-data.https.html.ini
new file mode 100644
index 0000000000..66b22a10d1
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/worklet-paint-import-data.https.html.ini
@@ -0,0 +1,20 @@
+[worklet-paint-import-data.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Content Security Policy: Expects allowed for worklet-paint-import-data to cross-https origin and keep-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-paint-import-data to cross-https origin and no-redirect redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-paint-import-data to cross-https origin and swap-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-paint-import-data to same-https origin and keep-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-paint-import-data to same-https origin and no-redirect redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-paint-import-data to same-https origin and swap-origin redirection from https context.]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/worklet-paint.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/worklet-paint.https.html.ini
new file mode 100644
index 0000000000..9e4aafce7b
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.http-rp/worker-src-wildcard/worklet-paint.https.html.ini
@@ -0,0 +1,20 @@
+[worklet-paint.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Content Security Policy: Expects allowed for worklet-paint to cross-https origin and keep-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-paint to cross-https origin and no-redirect redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-paint to cross-https origin and swap-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-paint to same-https origin and keep-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-paint to same-https origin and no-redirect redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-paint to same-https origin and swap-origin redirection from https context.]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-self/script-tag.http.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-self/script-tag.http.html.ini
new file mode 100644
index 0000000000..f7ef892bd1
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-self/script-tag.http.html.ini
@@ -0,0 +1,3 @@
+[script-tag.http.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-self/sharedworker-classic.http.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-self/sharedworker-classic.http.html.ini
new file mode 100644
index 0000000000..7544c2b5eb
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-self/sharedworker-classic.http.html.ini
@@ -0,0 +1,3 @@
+[sharedworker-classic.http.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-self/sharedworker-classic.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-self/sharedworker-classic.https.html.ini
new file mode 100644
index 0000000000..042f715b98
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-self/sharedworker-classic.https.html.ini
@@ -0,0 +1,3 @@
+[sharedworker-classic.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-self/sharedworker-import-data.http.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-self/sharedworker-import-data.http.html.ini
new file mode 100644
index 0000000000..f4f8d8d9b2
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-self/sharedworker-import-data.http.html.ini
@@ -0,0 +1,20 @@
+[sharedworker-import-data.http.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Content Security Policy: Expects blocked for sharedworker-import-data to cross-http origin and keep-origin redirection from http context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import-data to cross-http origin and no-redirect redirection from http context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import-data to cross-http origin and swap-origin redirection from http context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import-data to same-http origin and keep-origin redirection from http context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import-data to same-http origin and no-redirect redirection from http context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import-data to same-http origin and swap-origin redirection from http context.: securitypolicyviolation]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-self/sharedworker-import-data.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-self/sharedworker-import-data.https.html.ini
new file mode 100644
index 0000000000..b7a5ffbdb1
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-self/sharedworker-import-data.https.html.ini
@@ -0,0 +1,20 @@
+[sharedworker-import-data.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Content Security Policy: Expects blocked for sharedworker-import-data to cross-https origin and keep-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import-data to cross-https origin and no-redirect redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import-data to cross-https origin and swap-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import-data to same-https origin and keep-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import-data to same-https origin and no-redirect redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import-data to same-https origin and swap-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-self/sharedworker-import.http.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-self/sharedworker-import.http.html.ini
new file mode 100644
index 0000000000..9523c43ab8
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-self/sharedworker-import.http.html.ini
@@ -0,0 +1,26 @@
+[sharedworker-import.http.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Content Security Policy: Expects blocked for sharedworker-import to cross-http origin and keep-origin redirection from http context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import to cross-http origin and no-redirect redirection from http context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import to cross-http origin and swap-origin redirection from http context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import to same-http origin and swap-origin redirection from http context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import to cross-http origin and keep-origin redirection from http context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import to cross-http origin and no-redirect redirection from http context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import to cross-http origin and swap-origin redirection from http context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import to same-http origin and swap-origin redirection from http context.]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-self/sharedworker-import.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-self/sharedworker-import.https.html.ini
new file mode 100644
index 0000000000..33d5c36e4a
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-self/sharedworker-import.https.html.ini
@@ -0,0 +1,26 @@
+[sharedworker-import.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Content Security Policy: Expects blocked for sharedworker-import to cross-https origin and keep-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import to cross-https origin and no-redirect redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import to cross-https origin and swap-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import to same-https origin and swap-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import to cross-https origin and keep-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import to cross-https origin and no-redirect redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import to cross-https origin and swap-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import to same-https origin and swap-origin redirection from https context.]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-self/sharedworker-module.http.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-self/sharedworker-module.http.html.ini
new file mode 100644
index 0000000000..957fcb2ed8
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-self/sharedworker-module.http.html.ini
@@ -0,0 +1,3 @@
+[sharedworker-module.http.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-self/sharedworker-module.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-self/sharedworker-module.https.html.ini
new file mode 100644
index 0000000000..b0a64ca84f
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-self/sharedworker-module.https.html.ini
@@ -0,0 +1,3 @@
+[sharedworker-module.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-self/worker-classic.http.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-self/worker-classic.http.html.ini
new file mode 100644
index 0000000000..8c32533525
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-self/worker-classic.http.html.ini
@@ -0,0 +1,3 @@
+[worker-classic.http.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-self/worker-classic.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-self/worker-classic.https.html.ini
new file mode 100644
index 0000000000..b671c1a911
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-self/worker-classic.https.html.ini
@@ -0,0 +1,3 @@
+[worker-classic.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-self/worker-import-data.http.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-self/worker-import-data.http.html.ini
new file mode 100644
index 0000000000..2f289c0e9e
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-self/worker-import-data.http.html.ini
@@ -0,0 +1,3 @@
+[worker-import-data.http.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-self/worker-import-data.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-self/worker-import-data.https.html.ini
new file mode 100644
index 0000000000..0010e389b4
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-self/worker-import-data.https.html.ini
@@ -0,0 +1,3 @@
+[worker-import-data.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-self/worker-import.http.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-self/worker-import.http.html.ini
new file mode 100644
index 0000000000..ffb862a26c
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-self/worker-import.http.html.ini
@@ -0,0 +1,26 @@
+[worker-import.http.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Content Security Policy: Expects blocked for worker-import to cross-http origin and keep-origin redirection from http context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worker-import to cross-http origin and no-redirect redirection from http context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worker-import to cross-http origin and swap-origin redirection from http context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worker-import to same-http origin and swap-origin redirection from http context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worker-import to cross-http origin and keep-origin redirection from http context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worker-import to cross-http origin and no-redirect redirection from http context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worker-import to cross-http origin and swap-origin redirection from http context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worker-import to same-http origin and swap-origin redirection from http context.]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-self/worker-import.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-self/worker-import.https.html.ini
new file mode 100644
index 0000000000..e6e6e97222
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-self/worker-import.https.html.ini
@@ -0,0 +1,26 @@
+[worker-import.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Content Security Policy: Expects blocked for worker-import to cross-https origin and keep-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worker-import to cross-https origin and no-redirect redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worker-import to cross-https origin and swap-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worker-import to same-https origin and swap-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worker-import to cross-https origin and keep-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worker-import to cross-https origin and no-redirect redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worker-import to cross-https origin and swap-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worker-import to same-https origin and swap-origin redirection from https context.]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-self/worker-module.http.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-self/worker-module.http.html.ini
new file mode 100644
index 0000000000..0082540cbc
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-self/worker-module.http.html.ini
@@ -0,0 +1,3 @@
+[worker-module.http.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-self/worker-module.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-self/worker-module.https.html.ini
new file mode 100644
index 0000000000..ab06e1721a
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-self/worker-module.https.html.ini
@@ -0,0 +1,3 @@
+[worker-module.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-self/worklet-animation-import-data.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-self/worklet-animation-import-data.https.html.ini
new file mode 100644
index 0000000000..d7c9a34ca1
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-self/worklet-animation-import-data.https.html.ini
@@ -0,0 +1,20 @@
+[worklet-animation-import-data.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Content Security Policy: Expects blocked for worklet-animation-import-data to cross-https origin and keep-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worklet-animation-import-data to cross-https origin and no-redirect redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worklet-animation-import-data to cross-https origin and swap-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worklet-animation-import-data to same-https origin and keep-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worklet-animation-import-data to same-https origin and no-redirect redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worklet-animation-import-data to same-https origin and swap-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-self/worklet-animation.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-self/worklet-animation.https.html.ini
new file mode 100644
index 0000000000..53eb874479
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-self/worklet-animation.https.html.ini
@@ -0,0 +1,20 @@
+[worklet-animation.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Content Security Policy: Expects allowed for worklet-animation to same-https origin and keep-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-animation to same-https origin and no-redirect redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worklet-animation to cross-https origin and keep-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worklet-animation to cross-https origin and no-redirect redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worklet-animation to cross-https origin and swap-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worklet-animation to same-https origin and swap-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-self/worklet-audio.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-self/worklet-audio.https.html.ini
new file mode 100644
index 0000000000..be8ef13407
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-self/worklet-audio.https.html.ini
@@ -0,0 +1,3 @@
+[worklet-audio.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-self/worklet-layout-import-data.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-self/worklet-layout-import-data.https.html.ini
new file mode 100644
index 0000000000..434d379f91
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-self/worklet-layout-import-data.https.html.ini
@@ -0,0 +1,20 @@
+[worklet-layout-import-data.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Content Security Policy: Expects blocked for worklet-layout-import-data to cross-https origin and keep-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worklet-layout-import-data to cross-https origin and no-redirect redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worklet-layout-import-data to cross-https origin and swap-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worklet-layout-import-data to same-https origin and keep-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worklet-layout-import-data to same-https origin and no-redirect redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worklet-layout-import-data to same-https origin and swap-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-self/worklet-layout.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-self/worklet-layout.https.html.ini
new file mode 100644
index 0000000000..6c864861a7
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-self/worklet-layout.https.html.ini
@@ -0,0 +1,20 @@
+[worklet-layout.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Content Security Policy: Expects allowed for worklet-layout to same-https origin and keep-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-layout to same-https origin and no-redirect redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worklet-layout to cross-https origin and keep-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worklet-layout to cross-https origin and no-redirect redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worklet-layout to cross-https origin and swap-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worklet-layout to same-https origin and swap-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-self/worklet-paint-import-data.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-self/worklet-paint-import-data.https.html.ini
new file mode 100644
index 0000000000..002596bbda
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-self/worklet-paint-import-data.https.html.ini
@@ -0,0 +1,20 @@
+[worklet-paint-import-data.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Content Security Policy: Expects blocked for worklet-paint-import-data to cross-https origin and keep-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worklet-paint-import-data to cross-https origin and no-redirect redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worklet-paint-import-data to cross-https origin and swap-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worklet-paint-import-data to same-https origin and keep-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worklet-paint-import-data to same-https origin and no-redirect redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worklet-paint-import-data to same-https origin and swap-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-self/worklet-paint.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-self/worklet-paint.https.html.ini
new file mode 100644
index 0000000000..35a73a49e3
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-self/worklet-paint.https.html.ini
@@ -0,0 +1,20 @@
+[worklet-paint.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Content Security Policy: Expects allowed for worklet-paint to same-https origin and keep-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-paint to same-https origin and no-redirect redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worklet-paint to cross-https origin and keep-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worklet-paint to cross-https origin and no-redirect redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worklet-paint to cross-https origin and swap-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worklet-paint to same-https origin and swap-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-wildcard/script-tag.http.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-wildcard/script-tag.http.html.ini
new file mode 100644
index 0000000000..f7ef892bd1
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-wildcard/script-tag.http.html.ini
@@ -0,0 +1,3 @@
+[script-tag.http.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-wildcard/script-tag.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-wildcard/script-tag.https.html.ini
new file mode 100644
index 0000000000..fb8d9dd0e1
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-wildcard/script-tag.https.html.ini
@@ -0,0 +1,3 @@
+[script-tag.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-wildcard/sharedworker-classic.http.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-wildcard/sharedworker-classic.http.html.ini
new file mode 100644
index 0000000000..7544c2b5eb
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-wildcard/sharedworker-classic.http.html.ini
@@ -0,0 +1,3 @@
+[sharedworker-classic.http.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-wildcard/sharedworker-classic.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-wildcard/sharedworker-classic.https.html.ini
new file mode 100644
index 0000000000..042f715b98
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-wildcard/sharedworker-classic.https.html.ini
@@ -0,0 +1,3 @@
+[sharedworker-classic.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-wildcard/sharedworker-import-data.http.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-wildcard/sharedworker-import-data.http.html.ini
new file mode 100644
index 0000000000..f4f8d8d9b2
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-wildcard/sharedworker-import-data.http.html.ini
@@ -0,0 +1,20 @@
+[sharedworker-import-data.http.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Content Security Policy: Expects blocked for sharedworker-import-data to cross-http origin and keep-origin redirection from http context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import-data to cross-http origin and no-redirect redirection from http context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import-data to cross-http origin and swap-origin redirection from http context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import-data to same-http origin and keep-origin redirection from http context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import-data to same-http origin and no-redirect redirection from http context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import-data to same-http origin and swap-origin redirection from http context.: securitypolicyviolation]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-wildcard/sharedworker-import-data.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-wildcard/sharedworker-import-data.https.html.ini
new file mode 100644
index 0000000000..b7a5ffbdb1
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-wildcard/sharedworker-import-data.https.html.ini
@@ -0,0 +1,20 @@
+[sharedworker-import-data.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Content Security Policy: Expects blocked for sharedworker-import-data to cross-https origin and keep-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import-data to cross-https origin and no-redirect redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import-data to cross-https origin and swap-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import-data to same-https origin and keep-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import-data to same-https origin and no-redirect redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import-data to same-https origin and swap-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-wildcard/sharedworker-import.http.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-wildcard/sharedworker-import.http.html.ini
new file mode 100644
index 0000000000..3fcdfed02a
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-wildcard/sharedworker-import.http.html.ini
@@ -0,0 +1,3 @@
+[sharedworker-import.http.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-wildcard/sharedworker-import.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-wildcard/sharedworker-import.https.html.ini
new file mode 100644
index 0000000000..d237a8a97f
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-wildcard/sharedworker-import.https.html.ini
@@ -0,0 +1,3 @@
+[sharedworker-import.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-wildcard/sharedworker-module.http.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-wildcard/sharedworker-module.http.html.ini
new file mode 100644
index 0000000000..957fcb2ed8
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-wildcard/sharedworker-module.http.html.ini
@@ -0,0 +1,3 @@
+[sharedworker-module.http.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-wildcard/sharedworker-module.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-wildcard/sharedworker-module.https.html.ini
new file mode 100644
index 0000000000..b0a64ca84f
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-wildcard/sharedworker-module.https.html.ini
@@ -0,0 +1,3 @@
+[sharedworker-module.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-wildcard/worker-classic.http.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-wildcard/worker-classic.http.html.ini
new file mode 100644
index 0000000000..8c32533525
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-wildcard/worker-classic.http.html.ini
@@ -0,0 +1,3 @@
+[worker-classic.http.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-wildcard/worker-classic.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-wildcard/worker-classic.https.html.ini
new file mode 100644
index 0000000000..b671c1a911
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-wildcard/worker-classic.https.html.ini
@@ -0,0 +1,3 @@
+[worker-classic.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-wildcard/worker-import-data.http.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-wildcard/worker-import-data.http.html.ini
new file mode 100644
index 0000000000..2f289c0e9e
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-wildcard/worker-import-data.http.html.ini
@@ -0,0 +1,3 @@
+[worker-import-data.http.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-wildcard/worker-import-data.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-wildcard/worker-import-data.https.html.ini
new file mode 100644
index 0000000000..0010e389b4
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-wildcard/worker-import-data.https.html.ini
@@ -0,0 +1,3 @@
+[worker-import-data.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-wildcard/worker-import.http.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-wildcard/worker-import.http.html.ini
new file mode 100644
index 0000000000..2e24fd4c16
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-wildcard/worker-import.http.html.ini
@@ -0,0 +1,3 @@
+[worker-import.http.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-wildcard/worker-import.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-wildcard/worker-import.https.html.ini
new file mode 100644
index 0000000000..d3ebd9af27
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-wildcard/worker-import.https.html.ini
@@ -0,0 +1,3 @@
+[worker-import.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-wildcard/worker-module.http.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-wildcard/worker-module.http.html.ini
new file mode 100644
index 0000000000..0082540cbc
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-wildcard/worker-module.http.html.ini
@@ -0,0 +1,3 @@
+[worker-module.http.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-wildcard/worker-module.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-wildcard/worker-module.https.html.ini
new file mode 100644
index 0000000000..ab06e1721a
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-wildcard/worker-module.https.html.ini
@@ -0,0 +1,3 @@
+[worker-module.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-wildcard/worklet-animation-import-data.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-wildcard/worklet-animation-import-data.https.html.ini
new file mode 100644
index 0000000000..d7c9a34ca1
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-wildcard/worklet-animation-import-data.https.html.ini
@@ -0,0 +1,20 @@
+[worklet-animation-import-data.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Content Security Policy: Expects blocked for worklet-animation-import-data to cross-https origin and keep-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worklet-animation-import-data to cross-https origin and no-redirect redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worklet-animation-import-data to cross-https origin and swap-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worklet-animation-import-data to same-https origin and keep-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worklet-animation-import-data to same-https origin and no-redirect redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worklet-animation-import-data to same-https origin and swap-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-wildcard/worklet-animation.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-wildcard/worklet-animation.https.html.ini
new file mode 100644
index 0000000000..cf5a59e372
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-wildcard/worklet-animation.https.html.ini
@@ -0,0 +1,20 @@
+[worklet-animation.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Content Security Policy: Expects allowed for worklet-animation to cross-https origin and keep-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-animation to cross-https origin and no-redirect redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-animation to cross-https origin and swap-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-animation to same-https origin and keep-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-animation to same-https origin and no-redirect redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-animation to same-https origin and swap-origin redirection from https context.]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-wildcard/worklet-audio.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-wildcard/worklet-audio.https.html.ini
new file mode 100644
index 0000000000..be8ef13407
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-wildcard/worklet-audio.https.html.ini
@@ -0,0 +1,3 @@
+[worklet-audio.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-wildcard/worklet-layout-import-data.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-wildcard/worklet-layout-import-data.https.html.ini
new file mode 100644
index 0000000000..434d379f91
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-wildcard/worklet-layout-import-data.https.html.ini
@@ -0,0 +1,20 @@
+[worklet-layout-import-data.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Content Security Policy: Expects blocked for worklet-layout-import-data to cross-https origin and keep-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worklet-layout-import-data to cross-https origin and no-redirect redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worklet-layout-import-data to cross-https origin and swap-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worklet-layout-import-data to same-https origin and keep-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worklet-layout-import-data to same-https origin and no-redirect redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worklet-layout-import-data to same-https origin and swap-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-wildcard/worklet-layout.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-wildcard/worklet-layout.https.html.ini
new file mode 100644
index 0000000000..bf0a01565b
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-wildcard/worklet-layout.https.html.ini
@@ -0,0 +1,20 @@
+[worklet-layout.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Content Security Policy: Expects allowed for worklet-layout to cross-https origin and keep-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-layout to cross-https origin and no-redirect redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-layout to cross-https origin and swap-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-layout to same-https origin and keep-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-layout to same-https origin and no-redirect redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-layout to same-https origin and swap-origin redirection from https context.]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-wildcard/worklet-paint-import-data.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-wildcard/worklet-paint-import-data.https.html.ini
new file mode 100644
index 0000000000..002596bbda
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-wildcard/worklet-paint-import-data.https.html.ini
@@ -0,0 +1,20 @@
+[worklet-paint-import-data.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Content Security Policy: Expects blocked for worklet-paint-import-data to cross-https origin and keep-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worklet-paint-import-data to cross-https origin and no-redirect redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worklet-paint-import-data to cross-https origin and swap-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worklet-paint-import-data to same-https origin and keep-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worklet-paint-import-data to same-https origin and no-redirect redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worklet-paint-import-data to same-https origin and swap-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-wildcard/worklet-paint.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-wildcard/worklet-paint.https.html.ini
new file mode 100644
index 0000000000..9e4aafce7b
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.meta/script-src-wildcard/worklet-paint.https.html.ini
@@ -0,0 +1,20 @@
+[worklet-paint.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Content Security Policy: Expects allowed for worklet-paint to cross-https origin and keep-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-paint to cross-https origin and no-redirect redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-paint to cross-https origin and swap-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-paint to same-https origin and keep-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-paint to same-https origin and no-redirect redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-paint to same-https origin and swap-origin redirection from https context.]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-none/script-tag.http.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-none/script-tag.http.html.ini
new file mode 100644
index 0000000000..f7ef892bd1
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-none/script-tag.http.html.ini
@@ -0,0 +1,3 @@
+[script-tag.http.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-none/script-tag.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-none/script-tag.https.html.ini
new file mode 100644
index 0000000000..fb8d9dd0e1
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-none/script-tag.https.html.ini
@@ -0,0 +1,3 @@
+[script-tag.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-none/sharedworker-classic.http.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-none/sharedworker-classic.http.html.ini
new file mode 100644
index 0000000000..dcc741e4a5
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-none/sharedworker-classic.http.html.ini
@@ -0,0 +1,8 @@
+[sharedworker-classic.http.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Content Security Policy: Expects blocked for sharedworker-classic to same-http origin and keep-origin redirection from http context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-classic to same-http origin and no-redirect redirection from http context.: securitypolicyviolation]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-none/sharedworker-classic.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-none/sharedworker-classic.https.html.ini
new file mode 100644
index 0000000000..57626c51b7
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-none/sharedworker-classic.https.html.ini
@@ -0,0 +1,8 @@
+[sharedworker-classic.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Content Security Policy: Expects blocked for sharedworker-classic to same-https origin and keep-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-classic to same-https origin and no-redirect redirection from https context.: securitypolicyviolation]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-none/sharedworker-import-data.http.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-none/sharedworker-import-data.http.html.ini
new file mode 100644
index 0000000000..f4f8d8d9b2
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-none/sharedworker-import-data.http.html.ini
@@ -0,0 +1,20 @@
+[sharedworker-import-data.http.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Content Security Policy: Expects blocked for sharedworker-import-data to cross-http origin and keep-origin redirection from http context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import-data to cross-http origin and no-redirect redirection from http context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import-data to cross-http origin and swap-origin redirection from http context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import-data to same-http origin and keep-origin redirection from http context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import-data to same-http origin and no-redirect redirection from http context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import-data to same-http origin and swap-origin redirection from http context.: securitypolicyviolation]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-none/sharedworker-import-data.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-none/sharedworker-import-data.https.html.ini
new file mode 100644
index 0000000000..b7a5ffbdb1
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-none/sharedworker-import-data.https.html.ini
@@ -0,0 +1,20 @@
+[sharedworker-import-data.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Content Security Policy: Expects blocked for sharedworker-import-data to cross-https origin and keep-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import-data to cross-https origin and no-redirect redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import-data to cross-https origin and swap-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import-data to same-https origin and keep-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import-data to same-https origin and no-redirect redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import-data to same-https origin and swap-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-none/sharedworker-import.http.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-none/sharedworker-import.http.html.ini
new file mode 100644
index 0000000000..31d85745ec
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-none/sharedworker-import.http.html.ini
@@ -0,0 +1,20 @@
+[sharedworker-import.http.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Content Security Policy: Expects blocked for sharedworker-import to cross-http origin and keep-origin redirection from http context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import to cross-http origin and no-redirect redirection from http context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import to cross-http origin and swap-origin redirection from http context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import to same-http origin and keep-origin redirection from http context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import to same-http origin and no-redirect redirection from http context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import to same-http origin and swap-origin redirection from http context.: securitypolicyviolation]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-none/sharedworker-import.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-none/sharedworker-import.https.html.ini
new file mode 100644
index 0000000000..acca51f53d
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-none/sharedworker-import.https.html.ini
@@ -0,0 +1,20 @@
+[sharedworker-import.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Content Security Policy: Expects blocked for sharedworker-import to cross-https origin and keep-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import to cross-https origin and no-redirect redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import to cross-https origin and swap-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import to same-https origin and keep-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import to same-https origin and no-redirect redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import to same-https origin and swap-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-none/sharedworker-module.http.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-none/sharedworker-module.http.html.ini
new file mode 100644
index 0000000000..6df2cefc91
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-none/sharedworker-module.http.html.ini
@@ -0,0 +1,8 @@
+[sharedworker-module.http.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Content Security Policy: Expects blocked for sharedworker-module to same-http origin and keep-origin redirection from http context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-module to same-http origin and no-redirect redirection from http context.: securitypolicyviolation]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-none/sharedworker-module.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-none/sharedworker-module.https.html.ini
new file mode 100644
index 0000000000..21edb11f90
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-none/sharedworker-module.https.html.ini
@@ -0,0 +1,8 @@
+[sharedworker-module.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Content Security Policy: Expects blocked for sharedworker-module to same-https origin and keep-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-module to same-https origin and no-redirect redirection from https context.: securitypolicyviolation]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-none/worker-classic.http.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-none/worker-classic.http.html.ini
new file mode 100644
index 0000000000..8c32533525
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-none/worker-classic.http.html.ini
@@ -0,0 +1,3 @@
+[worker-classic.http.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-none/worker-classic.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-none/worker-classic.https.html.ini
new file mode 100644
index 0000000000..b671c1a911
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-none/worker-classic.https.html.ini
@@ -0,0 +1,3 @@
+[worker-classic.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-none/worker-import-data.http.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-none/worker-import-data.http.html.ini
new file mode 100644
index 0000000000..2f289c0e9e
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-none/worker-import-data.http.html.ini
@@ -0,0 +1,3 @@
+[worker-import-data.http.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-none/worker-import-data.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-none/worker-import-data.https.html.ini
new file mode 100644
index 0000000000..0010e389b4
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-none/worker-import-data.https.html.ini
@@ -0,0 +1,3 @@
+[worker-import-data.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-none/worker-import.http.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-none/worker-import.http.html.ini
new file mode 100644
index 0000000000..2e24fd4c16
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-none/worker-import.http.html.ini
@@ -0,0 +1,3 @@
+[worker-import.http.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-none/worker-import.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-none/worker-import.https.html.ini
new file mode 100644
index 0000000000..d3ebd9af27
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-none/worker-import.https.html.ini
@@ -0,0 +1,3 @@
+[worker-import.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-none/worker-module.http.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-none/worker-module.http.html.ini
new file mode 100644
index 0000000000..0082540cbc
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-none/worker-module.http.html.ini
@@ -0,0 +1,3 @@
+[worker-module.http.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-none/worker-module.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-none/worker-module.https.html.ini
new file mode 100644
index 0000000000..ab06e1721a
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-none/worker-module.https.html.ini
@@ -0,0 +1,3 @@
+[worker-module.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-none/worklet-animation-import-data.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-none/worklet-animation-import-data.https.html.ini
new file mode 100644
index 0000000000..caafc67d74
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-none/worklet-animation-import-data.https.html.ini
@@ -0,0 +1,20 @@
+[worklet-animation-import-data.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Content Security Policy: Expects allowed for worklet-animation-import-data to cross-https origin and keep-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-animation-import-data to cross-https origin and no-redirect redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-animation-import-data to cross-https origin and swap-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-animation-import-data to same-https origin and keep-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-animation-import-data to same-https origin and no-redirect redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-animation-import-data to same-https origin and swap-origin redirection from https context.]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-none/worklet-animation.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-none/worklet-animation.https.html.ini
new file mode 100644
index 0000000000..cf5a59e372
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-none/worklet-animation.https.html.ini
@@ -0,0 +1,20 @@
+[worklet-animation.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Content Security Policy: Expects allowed for worklet-animation to cross-https origin and keep-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-animation to cross-https origin and no-redirect redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-animation to cross-https origin and swap-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-animation to same-https origin and keep-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-animation to same-https origin and no-redirect redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-animation to same-https origin and swap-origin redirection from https context.]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-none/worklet-audio.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-none/worklet-audio.https.html.ini
new file mode 100644
index 0000000000..be8ef13407
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-none/worklet-audio.https.html.ini
@@ -0,0 +1,3 @@
+[worklet-audio.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-none/worklet-layout-import-data.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-none/worklet-layout-import-data.https.html.ini
new file mode 100644
index 0000000000..9d425c9fd4
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-none/worklet-layout-import-data.https.html.ini
@@ -0,0 +1,20 @@
+[worklet-layout-import-data.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Content Security Policy: Expects allowed for worklet-layout-import-data to cross-https origin and keep-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-layout-import-data to cross-https origin and no-redirect redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-layout-import-data to cross-https origin and swap-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-layout-import-data to same-https origin and keep-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-layout-import-data to same-https origin and no-redirect redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-layout-import-data to same-https origin and swap-origin redirection from https context.]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-none/worklet-layout.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-none/worklet-layout.https.html.ini
new file mode 100644
index 0000000000..bf0a01565b
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-none/worklet-layout.https.html.ini
@@ -0,0 +1,20 @@
+[worklet-layout.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Content Security Policy: Expects allowed for worklet-layout to cross-https origin and keep-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-layout to cross-https origin and no-redirect redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-layout to cross-https origin and swap-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-layout to same-https origin and keep-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-layout to same-https origin and no-redirect redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-layout to same-https origin and swap-origin redirection from https context.]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-none/worklet-paint-import-data.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-none/worklet-paint-import-data.https.html.ini
new file mode 100644
index 0000000000..66b22a10d1
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-none/worklet-paint-import-data.https.html.ini
@@ -0,0 +1,20 @@
+[worklet-paint-import-data.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Content Security Policy: Expects allowed for worklet-paint-import-data to cross-https origin and keep-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-paint-import-data to cross-https origin and no-redirect redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-paint-import-data to cross-https origin and swap-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-paint-import-data to same-https origin and keep-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-paint-import-data to same-https origin and no-redirect redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-paint-import-data to same-https origin and swap-origin redirection from https context.]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-none/worklet-paint.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-none/worklet-paint.https.html.ini
new file mode 100644
index 0000000000..9e4aafce7b
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-none/worklet-paint.https.html.ini
@@ -0,0 +1,20 @@
+[worklet-paint.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Content Security Policy: Expects allowed for worklet-paint to cross-https origin and keep-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-paint to cross-https origin and no-redirect redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-paint to cross-https origin and swap-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-paint to same-https origin and keep-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-paint to same-https origin and no-redirect redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-paint to same-https origin and swap-origin redirection from https context.]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-self/script-tag.http.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-self/script-tag.http.html.ini
new file mode 100644
index 0000000000..f7ef892bd1
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-self/script-tag.http.html.ini
@@ -0,0 +1,3 @@
+[script-tag.http.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-self/script-tag.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-self/script-tag.https.html.ini
new file mode 100644
index 0000000000..fb8d9dd0e1
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-self/script-tag.https.html.ini
@@ -0,0 +1,3 @@
+[script-tag.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-self/sharedworker-classic.http.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-self/sharedworker-classic.http.html.ini
new file mode 100644
index 0000000000..7544c2b5eb
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-self/sharedworker-classic.http.html.ini
@@ -0,0 +1,3 @@
+[sharedworker-classic.http.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-self/sharedworker-classic.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-self/sharedworker-classic.https.html.ini
new file mode 100644
index 0000000000..042f715b98
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-self/sharedworker-classic.https.html.ini
@@ -0,0 +1,3 @@
+[sharedworker-classic.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-self/sharedworker-import-data.http.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-self/sharedworker-import-data.http.html.ini
new file mode 100644
index 0000000000..f4f8d8d9b2
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-self/sharedworker-import-data.http.html.ini
@@ -0,0 +1,20 @@
+[sharedworker-import-data.http.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Content Security Policy: Expects blocked for sharedworker-import-data to cross-http origin and keep-origin redirection from http context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import-data to cross-http origin and no-redirect redirection from http context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import-data to cross-http origin and swap-origin redirection from http context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import-data to same-http origin and keep-origin redirection from http context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import-data to same-http origin and no-redirect redirection from http context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import-data to same-http origin and swap-origin redirection from http context.: securitypolicyviolation]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-self/sharedworker-import-data.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-self/sharedworker-import-data.https.html.ini
new file mode 100644
index 0000000000..b7a5ffbdb1
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-self/sharedworker-import-data.https.html.ini
@@ -0,0 +1,20 @@
+[sharedworker-import-data.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Content Security Policy: Expects blocked for sharedworker-import-data to cross-https origin and keep-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import-data to cross-https origin and no-redirect redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import-data to cross-https origin and swap-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import-data to same-https origin and keep-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import-data to same-https origin and no-redirect redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import-data to same-https origin and swap-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-self/sharedworker-import.http.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-self/sharedworker-import.http.html.ini
new file mode 100644
index 0000000000..9523c43ab8
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-self/sharedworker-import.http.html.ini
@@ -0,0 +1,26 @@
+[sharedworker-import.http.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Content Security Policy: Expects blocked for sharedworker-import to cross-http origin and keep-origin redirection from http context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import to cross-http origin and no-redirect redirection from http context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import to cross-http origin and swap-origin redirection from http context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import to same-http origin and swap-origin redirection from http context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import to cross-http origin and keep-origin redirection from http context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import to cross-http origin and no-redirect redirection from http context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import to cross-http origin and swap-origin redirection from http context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import to same-http origin and swap-origin redirection from http context.]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-self/sharedworker-import.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-self/sharedworker-import.https.html.ini
new file mode 100644
index 0000000000..33d5c36e4a
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-self/sharedworker-import.https.html.ini
@@ -0,0 +1,26 @@
+[sharedworker-import.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Content Security Policy: Expects blocked for sharedworker-import to cross-https origin and keep-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import to cross-https origin and no-redirect redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import to cross-https origin and swap-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import to same-https origin and swap-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import to cross-https origin and keep-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import to cross-https origin and no-redirect redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import to cross-https origin and swap-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import to same-https origin and swap-origin redirection from https context.]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-self/sharedworker-module.http.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-self/sharedworker-module.http.html.ini
new file mode 100644
index 0000000000..957fcb2ed8
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-self/sharedworker-module.http.html.ini
@@ -0,0 +1,3 @@
+[sharedworker-module.http.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-self/sharedworker-module.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-self/sharedworker-module.https.html.ini
new file mode 100644
index 0000000000..b0a64ca84f
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-self/sharedworker-module.https.html.ini
@@ -0,0 +1,3 @@
+[sharedworker-module.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-self/worker-classic.http.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-self/worker-classic.http.html.ini
new file mode 100644
index 0000000000..8c32533525
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-self/worker-classic.http.html.ini
@@ -0,0 +1,3 @@
+[worker-classic.http.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-self/worker-classic.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-self/worker-classic.https.html.ini
new file mode 100644
index 0000000000..b671c1a911
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-self/worker-classic.https.html.ini
@@ -0,0 +1,3 @@
+[worker-classic.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-self/worker-import-data.http.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-self/worker-import-data.http.html.ini
new file mode 100644
index 0000000000..2f289c0e9e
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-self/worker-import-data.http.html.ini
@@ -0,0 +1,3 @@
+[worker-import-data.http.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-self/worker-import-data.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-self/worker-import-data.https.html.ini
new file mode 100644
index 0000000000..0010e389b4
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-self/worker-import-data.https.html.ini
@@ -0,0 +1,3 @@
+[worker-import-data.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-self/worker-import.http.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-self/worker-import.http.html.ini
new file mode 100644
index 0000000000..ffb862a26c
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-self/worker-import.http.html.ini
@@ -0,0 +1,26 @@
+[worker-import.http.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Content Security Policy: Expects blocked for worker-import to cross-http origin and keep-origin redirection from http context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worker-import to cross-http origin and no-redirect redirection from http context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worker-import to cross-http origin and swap-origin redirection from http context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worker-import to same-http origin and swap-origin redirection from http context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worker-import to cross-http origin and keep-origin redirection from http context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worker-import to cross-http origin and no-redirect redirection from http context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worker-import to cross-http origin and swap-origin redirection from http context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worker-import to same-http origin and swap-origin redirection from http context.]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-self/worker-import.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-self/worker-import.https.html.ini
new file mode 100644
index 0000000000..e6e6e97222
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-self/worker-import.https.html.ini
@@ -0,0 +1,26 @@
+[worker-import.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Content Security Policy: Expects blocked for worker-import to cross-https origin and keep-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worker-import to cross-https origin and no-redirect redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worker-import to cross-https origin and swap-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worker-import to same-https origin and swap-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worker-import to cross-https origin and keep-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worker-import to cross-https origin and no-redirect redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worker-import to cross-https origin and swap-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for worker-import to same-https origin and swap-origin redirection from https context.]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-self/worker-module.http.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-self/worker-module.http.html.ini
new file mode 100644
index 0000000000..0082540cbc
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-self/worker-module.http.html.ini
@@ -0,0 +1,3 @@
+[worker-module.http.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-self/worker-module.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-self/worker-module.https.html.ini
new file mode 100644
index 0000000000..ab06e1721a
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-self/worker-module.https.html.ini
@@ -0,0 +1,3 @@
+[worker-module.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-self/worklet-animation-import-data.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-self/worklet-animation-import-data.https.html.ini
new file mode 100644
index 0000000000..caafc67d74
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-self/worklet-animation-import-data.https.html.ini
@@ -0,0 +1,20 @@
+[worklet-animation-import-data.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Content Security Policy: Expects allowed for worklet-animation-import-data to cross-https origin and keep-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-animation-import-data to cross-https origin and no-redirect redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-animation-import-data to cross-https origin and swap-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-animation-import-data to same-https origin and keep-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-animation-import-data to same-https origin and no-redirect redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-animation-import-data to same-https origin and swap-origin redirection from https context.]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-self/worklet-animation.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-self/worklet-animation.https.html.ini
new file mode 100644
index 0000000000..cf5a59e372
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-self/worklet-animation.https.html.ini
@@ -0,0 +1,20 @@
+[worklet-animation.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Content Security Policy: Expects allowed for worklet-animation to cross-https origin and keep-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-animation to cross-https origin and no-redirect redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-animation to cross-https origin and swap-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-animation to same-https origin and keep-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-animation to same-https origin and no-redirect redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-animation to same-https origin and swap-origin redirection from https context.]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-self/worklet-audio.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-self/worklet-audio.https.html.ini
new file mode 100644
index 0000000000..be8ef13407
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-self/worklet-audio.https.html.ini
@@ -0,0 +1,3 @@
+[worklet-audio.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-self/worklet-layout-import-data.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-self/worklet-layout-import-data.https.html.ini
new file mode 100644
index 0000000000..9d425c9fd4
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-self/worklet-layout-import-data.https.html.ini
@@ -0,0 +1,20 @@
+[worklet-layout-import-data.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Content Security Policy: Expects allowed for worklet-layout-import-data to cross-https origin and keep-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-layout-import-data to cross-https origin and no-redirect redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-layout-import-data to cross-https origin and swap-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-layout-import-data to same-https origin and keep-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-layout-import-data to same-https origin and no-redirect redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-layout-import-data to same-https origin and swap-origin redirection from https context.]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-self/worklet-layout.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-self/worklet-layout.https.html.ini
new file mode 100644
index 0000000000..bf0a01565b
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-self/worklet-layout.https.html.ini
@@ -0,0 +1,20 @@
+[worklet-layout.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Content Security Policy: Expects allowed for worklet-layout to cross-https origin and keep-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-layout to cross-https origin and no-redirect redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-layout to cross-https origin and swap-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-layout to same-https origin and keep-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-layout to same-https origin and no-redirect redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-layout to same-https origin and swap-origin redirection from https context.]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-self/worklet-paint-import-data.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-self/worklet-paint-import-data.https.html.ini
new file mode 100644
index 0000000000..66b22a10d1
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-self/worklet-paint-import-data.https.html.ini
@@ -0,0 +1,20 @@
+[worklet-paint-import-data.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Content Security Policy: Expects allowed for worklet-paint-import-data to cross-https origin and keep-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-paint-import-data to cross-https origin and no-redirect redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-paint-import-data to cross-https origin and swap-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-paint-import-data to same-https origin and keep-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-paint-import-data to same-https origin and no-redirect redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-paint-import-data to same-https origin and swap-origin redirection from https context.]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-self/worklet-paint.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-self/worklet-paint.https.html.ini
new file mode 100644
index 0000000000..9e4aafce7b
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-self/worklet-paint.https.html.ini
@@ -0,0 +1,20 @@
+[worklet-paint.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Content Security Policy: Expects allowed for worklet-paint to cross-https origin and keep-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-paint to cross-https origin and no-redirect redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-paint to cross-https origin and swap-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-paint to same-https origin and keep-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-paint to same-https origin and no-redirect redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-paint to same-https origin and swap-origin redirection from https context.]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-wildcard/script-tag.http.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-wildcard/script-tag.http.html.ini
new file mode 100644
index 0000000000..f7ef892bd1
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-wildcard/script-tag.http.html.ini
@@ -0,0 +1,3 @@
+[script-tag.http.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-wildcard/script-tag.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-wildcard/script-tag.https.html.ini
new file mode 100644
index 0000000000..fb8d9dd0e1
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-wildcard/script-tag.https.html.ini
@@ -0,0 +1,3 @@
+[script-tag.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-wildcard/sharedworker-classic.http.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-wildcard/sharedworker-classic.http.html.ini
new file mode 100644
index 0000000000..7544c2b5eb
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-wildcard/sharedworker-classic.http.html.ini
@@ -0,0 +1,3 @@
+[sharedworker-classic.http.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-wildcard/sharedworker-classic.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-wildcard/sharedworker-classic.https.html.ini
new file mode 100644
index 0000000000..042f715b98
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-wildcard/sharedworker-classic.https.html.ini
@@ -0,0 +1,3 @@
+[sharedworker-classic.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-wildcard/sharedworker-import-data.http.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-wildcard/sharedworker-import-data.http.html.ini
new file mode 100644
index 0000000000..f4f8d8d9b2
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-wildcard/sharedworker-import-data.http.html.ini
@@ -0,0 +1,20 @@
+[sharedworker-import-data.http.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Content Security Policy: Expects blocked for sharedworker-import-data to cross-http origin and keep-origin redirection from http context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import-data to cross-http origin and no-redirect redirection from http context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import-data to cross-http origin and swap-origin redirection from http context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import-data to same-http origin and keep-origin redirection from http context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import-data to same-http origin and no-redirect redirection from http context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import-data to same-http origin and swap-origin redirection from http context.: securitypolicyviolation]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-wildcard/sharedworker-import-data.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-wildcard/sharedworker-import-data.https.html.ini
new file mode 100644
index 0000000000..b7a5ffbdb1
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-wildcard/sharedworker-import-data.https.html.ini
@@ -0,0 +1,20 @@
+[sharedworker-import-data.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Content Security Policy: Expects blocked for sharedworker-import-data to cross-https origin and keep-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import-data to cross-https origin and no-redirect redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import-data to cross-https origin and swap-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import-data to same-https origin and keep-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import-data to same-https origin and no-redirect redirection from https context.: securitypolicyviolation]
+ expected: FAIL
+
+ [Content Security Policy: Expects blocked for sharedworker-import-data to same-https origin and swap-origin redirection from https context.: securitypolicyviolation]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-wildcard/sharedworker-import.http.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-wildcard/sharedworker-import.http.html.ini
new file mode 100644
index 0000000000..3fcdfed02a
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-wildcard/sharedworker-import.http.html.ini
@@ -0,0 +1,3 @@
+[sharedworker-import.http.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-wildcard/sharedworker-import.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-wildcard/sharedworker-import.https.html.ini
new file mode 100644
index 0000000000..d237a8a97f
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-wildcard/sharedworker-import.https.html.ini
@@ -0,0 +1,3 @@
+[sharedworker-import.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-wildcard/sharedworker-module.http.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-wildcard/sharedworker-module.http.html.ini
new file mode 100644
index 0000000000..957fcb2ed8
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-wildcard/sharedworker-module.http.html.ini
@@ -0,0 +1,3 @@
+[sharedworker-module.http.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-wildcard/sharedworker-module.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-wildcard/sharedworker-module.https.html.ini
new file mode 100644
index 0000000000..b0a64ca84f
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-wildcard/sharedworker-module.https.html.ini
@@ -0,0 +1,3 @@
+[sharedworker-module.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-wildcard/worker-classic.http.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-wildcard/worker-classic.http.html.ini
new file mode 100644
index 0000000000..8c32533525
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-wildcard/worker-classic.http.html.ini
@@ -0,0 +1,3 @@
+[worker-classic.http.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-wildcard/worker-classic.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-wildcard/worker-classic.https.html.ini
new file mode 100644
index 0000000000..b671c1a911
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-wildcard/worker-classic.https.html.ini
@@ -0,0 +1,3 @@
+[worker-classic.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-wildcard/worker-import-data.http.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-wildcard/worker-import-data.http.html.ini
new file mode 100644
index 0000000000..2f289c0e9e
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-wildcard/worker-import-data.http.html.ini
@@ -0,0 +1,3 @@
+[worker-import-data.http.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-wildcard/worker-import-data.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-wildcard/worker-import-data.https.html.ini
new file mode 100644
index 0000000000..0010e389b4
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-wildcard/worker-import-data.https.html.ini
@@ -0,0 +1,3 @@
+[worker-import-data.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-wildcard/worker-import.http.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-wildcard/worker-import.http.html.ini
new file mode 100644
index 0000000000..2e24fd4c16
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-wildcard/worker-import.http.html.ini
@@ -0,0 +1,3 @@
+[worker-import.http.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-wildcard/worker-import.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-wildcard/worker-import.https.html.ini
new file mode 100644
index 0000000000..d3ebd9af27
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-wildcard/worker-import.https.html.ini
@@ -0,0 +1,3 @@
+[worker-import.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-wildcard/worker-module.http.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-wildcard/worker-module.http.html.ini
new file mode 100644
index 0000000000..0082540cbc
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-wildcard/worker-module.http.html.ini
@@ -0,0 +1,3 @@
+[worker-module.http.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-wildcard/worker-module.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-wildcard/worker-module.https.html.ini
new file mode 100644
index 0000000000..ab06e1721a
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-wildcard/worker-module.https.html.ini
@@ -0,0 +1,3 @@
+[worker-module.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-wildcard/worklet-animation-import-data.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-wildcard/worklet-animation-import-data.https.html.ini
new file mode 100644
index 0000000000..caafc67d74
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-wildcard/worklet-animation-import-data.https.html.ini
@@ -0,0 +1,20 @@
+[worklet-animation-import-data.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Content Security Policy: Expects allowed for worklet-animation-import-data to cross-https origin and keep-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-animation-import-data to cross-https origin and no-redirect redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-animation-import-data to cross-https origin and swap-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-animation-import-data to same-https origin and keep-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-animation-import-data to same-https origin and no-redirect redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-animation-import-data to same-https origin and swap-origin redirection from https context.]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-wildcard/worklet-animation.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-wildcard/worklet-animation.https.html.ini
new file mode 100644
index 0000000000..cf5a59e372
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-wildcard/worklet-animation.https.html.ini
@@ -0,0 +1,20 @@
+[worklet-animation.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Content Security Policy: Expects allowed for worklet-animation to cross-https origin and keep-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-animation to cross-https origin and no-redirect redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-animation to cross-https origin and swap-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-animation to same-https origin and keep-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-animation to same-https origin and no-redirect redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-animation to same-https origin and swap-origin redirection from https context.]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-wildcard/worklet-audio.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-wildcard/worklet-audio.https.html.ini
new file mode 100644
index 0000000000..be8ef13407
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-wildcard/worklet-audio.https.html.ini
@@ -0,0 +1,3 @@
+[worklet-audio.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-wildcard/worklet-layout-import-data.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-wildcard/worklet-layout-import-data.https.html.ini
new file mode 100644
index 0000000000..9d425c9fd4
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-wildcard/worklet-layout-import-data.https.html.ini
@@ -0,0 +1,20 @@
+[worklet-layout-import-data.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Content Security Policy: Expects allowed for worklet-layout-import-data to cross-https origin and keep-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-layout-import-data to cross-https origin and no-redirect redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-layout-import-data to cross-https origin and swap-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-layout-import-data to same-https origin and keep-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-layout-import-data to same-https origin and no-redirect redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-layout-import-data to same-https origin and swap-origin redirection from https context.]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-wildcard/worklet-layout.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-wildcard/worklet-layout.https.html.ini
new file mode 100644
index 0000000000..bf0a01565b
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-wildcard/worklet-layout.https.html.ini
@@ -0,0 +1,20 @@
+[worklet-layout.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Content Security Policy: Expects allowed for worklet-layout to cross-https origin and keep-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-layout to cross-https origin and no-redirect redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-layout to cross-https origin and swap-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-layout to same-https origin and keep-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-layout to same-https origin and no-redirect redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-layout to same-https origin and swap-origin redirection from https context.]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-wildcard/worklet-paint-import-data.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-wildcard/worklet-paint-import-data.https.html.ini
new file mode 100644
index 0000000000..66b22a10d1
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-wildcard/worklet-paint-import-data.https.html.ini
@@ -0,0 +1,20 @@
+[worklet-paint-import-data.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Content Security Policy: Expects allowed for worklet-paint-import-data to cross-https origin and keep-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-paint-import-data to cross-https origin and no-redirect redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-paint-import-data to cross-https origin and swap-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-paint-import-data to same-https origin and keep-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-paint-import-data to same-https origin and no-redirect redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-paint-import-data to same-https origin and swap-origin redirection from https context.]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-wildcard/worklet-paint.https.html.ini b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-wildcard/worklet-paint.https.html.ini
new file mode 100644
index 0000000000..9e4aafce7b
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/gen/top.meta/worker-src-wildcard/worklet-paint.https.html.ini
@@ -0,0 +1,20 @@
+[worklet-paint.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Content Security Policy: Expects allowed for worklet-paint to cross-https origin and keep-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-paint to cross-https origin and no-redirect redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-paint to cross-https origin and swap-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-paint to same-https origin and keep-origin redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-paint to same-https origin and no-redirect redirection from https context.]
+ expected: FAIL
+
+ [Content Security Policy: Expects allowed for worklet-paint to same-https origin and swap-origin redirection from https context.]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/generic/304-response-should-update-csp.sub.html.ini b/testing/web-platform/meta/content-security-policy/generic/304-response-should-update-csp.sub.html.ini
new file mode 100644
index 0000000000..3770453d06
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/generic/304-response-should-update-csp.sub.html.ini
@@ -0,0 +1,7 @@
+[304-response-should-update-csp.sub.html]
+ [Test that the first frame does not use nonce def]
+ expected: FAIL
+
+ [Test that the second frame does not use nonce abc]
+ expected: FAIL
+
diff --git a/testing/web-platform/meta/content-security-policy/generic/eval-typecheck-callout-order.tentative.html.ini b/testing/web-platform/meta/content-security-policy/generic/eval-typecheck-callout-order.tentative.html.ini
new file mode 100644
index 0000000000..4dd707f03c
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/generic/eval-typecheck-callout-order.tentative.html.ini
@@ -0,0 +1,3 @@
+[eval-typecheck-callout-order.tentative.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/generic/filesystem-urls-do-not-match-self.sub.html.ini b/testing/web-platform/meta/content-security-policy/generic/filesystem-urls-do-not-match-self.sub.html.ini
new file mode 100644
index 0000000000..af67eca9f9
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/generic/filesystem-urls-do-not-match-self.sub.html.ini
@@ -0,0 +1,8 @@
+[filesystem-urls-do-not-match-self.sub.html]
+ expected: TIMEOUT
+ [filesystem-urls-do-not-match-self]
+ expected: NOTRUN
+
+ [Expecting logs: ["violated-directive=script-src-elem"\]]
+ expected: NOTRUN
+
diff --git a/testing/web-platform/meta/content-security-policy/generic/filesystem-urls-match-filesystem.sub.html.ini b/testing/web-platform/meta/content-security-policy/generic/filesystem-urls-match-filesystem.sub.html.ini
new file mode 100644
index 0000000000..8046609a6f
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/generic/filesystem-urls-match-filesystem.sub.html.ini
@@ -0,0 +1,4 @@
+[filesystem-urls-match-filesystem.sub.html]
+ [Expecting logs: ["PASS (1/1)"\]]
+ expected: NOTRUN
+
diff --git a/testing/web-platform/meta/content-security-policy/generic/generic-0_1-script-src.html.ini b/testing/web-platform/meta/content-security-policy/generic/generic-0_1-script-src.html.ini
new file mode 100644
index 0000000000..82aac26be6
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/generic/generic-0_1-script-src.html.ini
@@ -0,0 +1,3 @@
+[generic-0_1-script-src.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/generic/generic-0_10_1.sub.html.ini b/testing/web-platform/meta/content-security-policy/generic/generic-0_10_1.sub.html.ini
new file mode 100644
index 0000000000..262edeee8d
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/generic/generic-0_10_1.sub.html.ini
@@ -0,0 +1,3 @@
+[generic-0_10_1.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/generic/generic-0_2.html.ini b/testing/web-platform/meta/content-security-policy/generic/generic-0_2.html.ini
new file mode 100644
index 0000000000..f734af0392
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/generic/generic-0_2.html.ini
@@ -0,0 +1,3 @@
+[generic-0_2.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/generic/generic-0_2_2.sub.html.ini b/testing/web-platform/meta/content-security-policy/generic/generic-0_2_2.sub.html.ini
new file mode 100644
index 0000000000..6bcf1075f2
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/generic/generic-0_2_2.sub.html.ini
@@ -0,0 +1,3 @@
+[generic-0_2_2.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/generic/generic-0_2_3.html.ini b/testing/web-platform/meta/content-security-policy/generic/generic-0_2_3.html.ini
new file mode 100644
index 0000000000..2fabdba4aa
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/generic/generic-0_2_3.html.ini
@@ -0,0 +1,3 @@
+[generic-0_2_3.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/generic/generic-0_8.sub.html.ini b/testing/web-platform/meta/content-security-policy/generic/generic-0_8.sub.html.ini
new file mode 100644
index 0000000000..eddb62178d
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/generic/generic-0_8.sub.html.ini
@@ -0,0 +1,3 @@
+[generic-0_8.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/generic/generic-0_8_1.sub.html.ini b/testing/web-platform/meta/content-security-policy/generic/generic-0_8_1.sub.html.ini
new file mode 100644
index 0000000000..147f39dabe
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/generic/generic-0_8_1.sub.html.ini
@@ -0,0 +1,3 @@
+[generic-0_8_1.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/generic/generic-0_9.sub.html.ini b/testing/web-platform/meta/content-security-policy/generic/generic-0_9.sub.html.ini
new file mode 100644
index 0000000000..6a0441ec24
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/generic/generic-0_9.sub.html.ini
@@ -0,0 +1,3 @@
+[generic-0_9.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/generic/invalid-characters-in-policy.html.ini b/testing/web-platform/meta/content-security-policy/generic/invalid-characters-in-policy.html.ini
new file mode 100644
index 0000000000..ec61b8a39f
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/generic/invalid-characters-in-policy.html.ini
@@ -0,0 +1,3 @@
+[invalid-characters-in-policy.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/generic/no-default-src.sub.html.ini b/testing/web-platform/meta/content-security-policy/generic/no-default-src.sub.html.ini
new file mode 100644
index 0000000000..a964f16583
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/generic/no-default-src.sub.html.ini
@@ -0,0 +1,7 @@
+[no-default-src.sub.html]
+ expected:
+ if (os == "android") and not swgl and not fission: [OK, TIMEOUT]
+ if (os == "android") and not swgl and fission: [OK, TIMEOUT]
+ [Violation report status OK.]
+ expected:
+ if (os == "android") and not swgl: [PASS, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/generic/policy-does-not-affect-child.sub.html.ini b/testing/web-platform/meta/content-security-policy/generic/policy-does-not-affect-child.sub.html.ini
new file mode 100644
index 0000000000..8c888e4058
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/generic/policy-does-not-affect-child.sub.html.ini
@@ -0,0 +1,3 @@
+[policy-does-not-affect-child.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/generic/policy-inherited-correctly-by-plznavigate.html.ini b/testing/web-platform/meta/content-security-policy/generic/policy-inherited-correctly-by-plznavigate.html.ini
new file mode 100644
index 0000000000..8d5765c174
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/generic/policy-inherited-correctly-by-plznavigate.html.ini
@@ -0,0 +1,3 @@
+[policy-inherited-correctly-by-plznavigate.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/img-src/icon-blocked.sub.html.ini b/testing/web-platform/meta/content-security-policy/img-src/icon-blocked.sub.html.ini
new file mode 100644
index 0000000000..9b85cb8a7e
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/img-src/icon-blocked.sub.html.ini
@@ -0,0 +1,7 @@
+[icon-blocked.sub.html]
+ expected:
+ if (os == "android"): TIMEOUT
+ [Test that spv event is fired]
+ expected:
+ if (os == "android"): NOTRUN
+
diff --git a/testing/web-platform/meta/content-security-policy/img-src/img-src-4_1.sub.html.ini b/testing/web-platform/meta/content-security-policy/img-src/img-src-4_1.sub.html.ini
new file mode 100644
index 0000000000..87a04f1fd8
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/img-src/img-src-4_1.sub.html.ini
@@ -0,0 +1,3 @@
+[img-src-4_1.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/img-src/img-src-host-partial-wildcard-allowed.sub.html.ini b/testing/web-platform/meta/content-security-policy/img-src/img-src-host-partial-wildcard-allowed.sub.html.ini
new file mode 100644
index 0000000000..bcc22fcfef
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/img-src/img-src-host-partial-wildcard-allowed.sub.html.ini
@@ -0,0 +1,3 @@
+[img-src-host-partial-wildcard-allowed.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/img-src/img-src-port-wildcard-allowed.sub.html.ini b/testing/web-platform/meta/content-security-policy/img-src/img-src-port-wildcard-allowed.sub.html.ini
new file mode 100644
index 0000000000..71d547c491
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/img-src/img-src-port-wildcard-allowed.sub.html.ini
@@ -0,0 +1,3 @@
+[img-src-port-wildcard-allowed.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/img-src/img-src-self-unique-origin.html.ini b/testing/web-platform/meta/content-security-policy/img-src/img-src-self-unique-origin.html.ini
new file mode 100644
index 0000000000..f0c7605176
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/img-src/img-src-self-unique-origin.html.ini
@@ -0,0 +1,3 @@
+[img-src-self-unique-origin.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/img-src/img-src-wildcard-allowed.html.ini b/testing/web-platform/meta/content-security-policy/img-src/img-src-wildcard-allowed.html.ini
new file mode 100644
index 0000000000..0bbc6d5e12
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/img-src/img-src-wildcard-allowed.html.ini
@@ -0,0 +1,3 @@
+[img-src-wildcard-allowed.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/img-src/report-blocked-data-uri.sub.html.ini b/testing/web-platform/meta/content-security-policy/img-src/report-blocked-data-uri.sub.html.ini
new file mode 100644
index 0000000000..0cf3612ee0
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/img-src/report-blocked-data-uri.sub.html.ini
@@ -0,0 +1,3 @@
+[report-blocked-data-uri.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/inheritance/blob-inherits-from-meta-http-equiv-with-invalid-characters.html.ini b/testing/web-platform/meta/content-security-policy/inheritance/blob-inherits-from-meta-http-equiv-with-invalid-characters.html.ini
new file mode 100644
index 0000000000..3613c43b02
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/inheritance/blob-inherits-from-meta-http-equiv-with-invalid-characters.html.ini
@@ -0,0 +1,2 @@
+[blob-inherits-from-meta-http-equiv-with-invalid-characters.html]
+ expected: ERROR
diff --git a/testing/web-platform/meta/content-security-policy/inheritance/blob-url-in-main-window-self-navigate-inherits.sub.html.ini b/testing/web-platform/meta/content-security-policy/inheritance/blob-url-in-main-window-self-navigate-inherits.sub.html.ini
new file mode 100644
index 0000000000..396fde0bdf
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/inheritance/blob-url-in-main-window-self-navigate-inherits.sub.html.ini
@@ -0,0 +1,5 @@
+[blob-url-in-main-window-self-navigate-inherits.sub.html]
+ [Violation report status OK.]
+ expected:
+ if (os == "linux") and debug and not fission: ["PASS", "FAIL"]
+
diff --git a/testing/web-platform/meta/content-security-policy/inheritance/document-write-iframe.html.ini b/testing/web-platform/meta/content-security-policy/inheritance/document-write-iframe.html.ini
new file mode 100644
index 0000000000..6dc3fa7d5f
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/inheritance/document-write-iframe.html.ini
@@ -0,0 +1,8 @@
+[document-write-iframe.html]
+ expected: TIMEOUT
+ [document.open() keeps inherited CSPs on empty iframe.]
+ expected: TIMEOUT
+
+ [document.open() does not change delivered CSPs.]
+ expected: NOTRUN
+
diff --git a/testing/web-platform/meta/content-security-policy/inheritance/frame-src-javascript-url.html.ini b/testing/web-platform/meta/content-security-policy/inheritance/frame-src-javascript-url.html.ini
new file mode 100644
index 0000000000..04d6287085
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/inheritance/frame-src-javascript-url.html.ini
@@ -0,0 +1,5 @@
+[frame-src-javascript-url.html]
+ expected: TIMEOUT
+ [<iframe src='javascript:...'>'s inherits policy (dynamically inserted <iframe> is blocked)]
+ expected: TIMEOUT
+
diff --git a/testing/web-platform/meta/content-security-policy/inheritance/history-iframe.sub.html.ini b/testing/web-platform/meta/content-security-policy/inheritance/history-iframe.sub.html.ini
new file mode 100644
index 0000000000..deafa1ca19
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/inheritance/history-iframe.sub.html.ini
@@ -0,0 +1,54 @@
+[history-iframe.sub.html]
+ expected:
+ if os == "android": OK
+ if os == "win": OK
+ [OK, TIMEOUT]
+ [History navigation in iframe: "about:blank" document is navigated back from history same-origin.]
+ expected:
+ if (os == "win") and (processor == "x86"): [PASS, FAIL]
+ if (os == "win") and (processor == "x86_64"): PASS
+ if os == "mac": [PASS, TIMEOUT]
+ if os == "android": PASS
+ [PASS, FAIL, TIMEOUT]
+
+ [History navigation in iframe: "about:blank" document is navigated back from history cross-origin.]
+ expected:
+ if (os == "linux") and fission: [PASS, FAIL, TIMEOUT, NOTRUN]
+ if (os == "linux") and not fission: [PASS, TIMEOUT, NOTRUN]
+ if os == "mac": [PASS, TIMEOUT, NOTRUN]
+
+ [History navigation in iframe: blob URL document is navigated back from history same-origin.]
+ expected:
+ if os == "android": PASS
+ if os == "win": PASS
+ [PASS, NOTRUN]
+
+ [History navigation in iframe: blob URL document is navigated back from history cross-origin.]
+ expected:
+ if os == "win": PASS
+ if os == "android": PASS
+ [PASS, NOTRUN]
+
+ [History navigation in iframe: data URL document is navigated back from history same-origin.]
+ expected:
+ if os == "android": PASS
+ if os == "win": PASS
+ [PASS, NOTRUN]
+
+ [History navigation in iframe: data URL document is navigated back from history cross-origin.]
+ expected:
+ if os == "win": PASS
+ if os == "android": PASS
+ [PASS, NOTRUN]
+
+ [History navigation in iframe: srcdoc iframe is navigated back from history same-origin.]
+ expected:
+ if os == "android": PASS
+ if os == "win": PASS
+ [PASS, NOTRUN]
+
+ [History navigation in iframe: srcdoc iframe is navigated back from history cross-origin.]
+ expected:
+ if os == "win": PASS
+ if os == "android": PASS
+ [PASS, NOTRUN]
diff --git a/testing/web-platform/meta/content-security-policy/inheritance/history.sub.html.ini b/testing/web-platform/meta/content-security-policy/inheritance/history.sub.html.ini
new file mode 100644
index 0000000000..2c2c3e8028
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/inheritance/history.sub.html.ini
@@ -0,0 +1,16 @@
+[history.sub.html]
+ expected:
+ if (os == "mac") and debug: [OK, TIMEOUT]
+ if (os == "mac") and not debug: [OK, TIMEOUT]
+ [History navigation: "about:blank" document is navigated back from history same-origin.]
+ expected:
+ if (os == "android") and not debug: [FAIL, TIMEOUT]
+ if (os == "mac") and not debug: [FAIL, TIMEOUT]
+ if (os == "mac") and debug: [FAIL, TIMEOUT]
+ FAIL
+
+ [History navigation: "about:blank" document is navigated back from history cross-origin.]
+ expected:
+ if (os == "mac") and not debug: [FAIL, TIMEOUT]
+ if (os == "mac") and debug: [FAIL, TIMEOUT]
+ FAIL
diff --git a/testing/web-platform/meta/content-security-policy/inheritance/iframe-all-local-schemes-inherit-self.sub.html.ini b/testing/web-platform/meta/content-security-policy/inheritance/iframe-all-local-schemes-inherit-self.sub.html.ini
new file mode 100644
index 0000000000..407414902b
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/inheritance/iframe-all-local-schemes-inherit-self.sub.html.ini
@@ -0,0 +1,12 @@
+[iframe-all-local-schemes-inherit-self.sub.html]
+ expected:
+ if (os == "win") and not debug and (processor == "x86_64"): [TIMEOUT, OK]
+ if (os == "win") and not debug and (processor == "x86"): [TIMEOUT, OK]
+ if os == "android": [TIMEOUT, OK]
+ [OK, TIMEOUT]
+ [<iframe>'s about:blank inherits policy.]
+ expected:
+ if (os == "win") and not debug and (processor == "x86"): [TIMEOUT, PASS]
+ if (os == "win") and not debug and (processor == "x86_64"): [TIMEOUT, PASS]
+ if os == "android": [TIMEOUT, PASS]
+ [PASS, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/inheritance/iframe-all-local-schemes.sub.html.ini b/testing/web-platform/meta/content-security-policy/inheritance/iframe-all-local-schemes.sub.html.ini
new file mode 100644
index 0000000000..59cd453268
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/inheritance/iframe-all-local-schemes.sub.html.ini
@@ -0,0 +1,3 @@
+[iframe-all-local-schemes.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/inheritance/iframe-srcdoc-history-inheritance.html.ini b/testing/web-platform/meta/content-security-policy/inheritance/iframe-srcdoc-history-inheritance.html.ini
new file mode 100644
index 0000000000..6d3afa1017
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/inheritance/iframe-srcdoc-history-inheritance.html.ini
@@ -0,0 +1,3 @@
+[iframe-srcdoc-history-inheritance.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/inheritance/iframe-srcdoc-inheritance.html.ini b/testing/web-platform/meta/content-security-policy/inheritance/iframe-srcdoc-inheritance.html.ini
new file mode 100644
index 0000000000..85ba262dfb
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/inheritance/iframe-srcdoc-inheritance.html.ini
@@ -0,0 +1,3 @@
+[iframe-srcdoc-inheritance.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/inheritance/inheritance-from-initiator.sub.html.ini b/testing/web-platform/meta/content-security-policy/inheritance/inheritance-from-initiator.sub.html.ini
new file mode 100644
index 0000000000..8539210cae
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/inheritance/inheritance-from-initiator.sub.html.ini
@@ -0,0 +1,3 @@
+[inheritance-from-initiator.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/inheritance/inherited-csp-list-modifications-are-local.html.ini b/testing/web-platform/meta/content-security-policy/inheritance/inherited-csp-list-modifications-are-local.html.ini
new file mode 100644
index 0000000000..7a2d2f5f79
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/inheritance/inherited-csp-list-modifications-are-local.html.ini
@@ -0,0 +1,3 @@
+[inherited-csp-list-modifications-are-local.html]
+ expected:
+ if (os == "android") and fission: [TIMEOUT, OK]
diff --git a/testing/web-platform/meta/content-security-policy/inheritance/javascript-url-open-in-main-window.html.ini b/testing/web-platform/meta/content-security-policy/inheritance/javascript-url-open-in-main-window.html.ini
new file mode 100644
index 0000000000..7706d419c2
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/inheritance/javascript-url-open-in-main-window.html.ini
@@ -0,0 +1,5 @@
+[javascript-url-open-in-main-window.html]
+ expected: TIMEOUT
+ [Executing Javascript URL keeps enforcing previous CSPs of the document.]
+ expected: TIMEOUT
+
diff --git a/testing/web-platform/meta/content-security-policy/inheritance/javascript-url-srcdoc-cross-origin-iframe-inheritance.html.ini b/testing/web-platform/meta/content-security-policy/inheritance/javascript-url-srcdoc-cross-origin-iframe-inheritance.html.ini
new file mode 100644
index 0000000000..ec54ef6abb
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/inheritance/javascript-url-srcdoc-cross-origin-iframe-inheritance.html.ini
@@ -0,0 +1,3 @@
+[javascript-url-srcdoc-cross-origin-iframe-inheritance.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/inheritance/location-reload.html.ini b/testing/web-platform/meta/content-security-policy/inheritance/location-reload.html.ini
new file mode 100644
index 0000000000..6ab124bed1
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/inheritance/location-reload.html.ini
@@ -0,0 +1,3 @@
+[location-reload.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/inheritance/sandboxed-data-scheme.html.ini b/testing/web-platform/meta/content-security-policy/inheritance/sandboxed-data-scheme.html.ini
new file mode 100644
index 0000000000..514f15d364
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/inheritance/sandboxed-data-scheme.html.ini
@@ -0,0 +1,3 @@
+[sandboxed-data-scheme.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/inheritance/unsandboxed-blob-scheme.html.ini b/testing/web-platform/meta/content-security-policy/inheritance/unsandboxed-blob-scheme.html.ini
new file mode 100644
index 0000000000..bb8a4353b6
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/inheritance/unsandboxed-blob-scheme.html.ini
@@ -0,0 +1,6 @@
+[unsandboxed-blob-scheme.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Violation report status OK.]
+ expected:
+ if (processor == "x86") and debug: [PASS, FAIL]
diff --git a/testing/web-platform/meta/content-security-policy/inheritance/unsandboxed-data-scheme.html.ini b/testing/web-platform/meta/content-security-policy/inheritance/unsandboxed-data-scheme.html.ini
new file mode 100644
index 0000000000..3981a2e150
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/inheritance/unsandboxed-data-scheme.html.ini
@@ -0,0 +1,6 @@
+[unsandboxed-data-scheme.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Violation report status OK.]
+ expected:
+ if (os == "linux") and debug and fission and not swgl: [PASS, FAIL]
diff --git a/testing/web-platform/meta/content-security-policy/inheritance/window-open-local-after-network-scheme.sub.html.ini b/testing/web-platform/meta/content-security-policy/inheritance/window-open-local-after-network-scheme.sub.html.ini
new file mode 100644
index 0000000000..35b71e3bae
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/inheritance/window-open-local-after-network-scheme.sub.html.ini
@@ -0,0 +1,3 @@
+[window-open-local-after-network-scheme.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/inheritance/window.html.ini b/testing/web-platform/meta/content-security-policy/inheritance/window.html.ini
new file mode 100644
index 0000000000..a51d787ed9
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/inheritance/window.html.ini
@@ -0,0 +1,3 @@
+[window.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/inside-worker/__dir__.ini b/testing/web-platform/meta/content-security-policy/inside-worker/__dir__.ini
new file mode 100644
index 0000000000..4652b4d3fe
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/inside-worker/__dir__.ini
@@ -0,0 +1 @@
+lsan-allowed: [NS_NewRunnableFunction, detail::ProxyRelease, mozilla::SupportsThreadSafeWeakPtr, mozilla::ipc::BackgroundChildImpl::AllocPRemoteWorkerChild]
diff --git a/testing/web-platform/meta/content-security-policy/inside-worker/dedicatedworker-script-src.html.ini b/testing/web-platform/meta/content-security-policy/inside-worker/dedicatedworker-script-src.html.ini
new file mode 100644
index 0000000000..02ff2b150e
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/inside-worker/dedicatedworker-script-src.html.ini
@@ -0,0 +1,17 @@
+[dedicatedworker-script-src.html]
+ expected: TIMEOUT
+ [dedicatedworker-script-src]
+ expected: TIMEOUT
+
+ [Cross-origin `importScripts()` blocked in blob: with script-src 'self']
+ expected: TIMEOUT
+
+ [`eval()` blocked in blob: with script-src 'self']
+ expected: NOTRUN
+
+ [`setTimeout([string\])` blocked in blob: with script-src 'self']
+ expected: NOTRUN
+
+ [Reports are sent for blob: with script-src 'self']
+ expected: NOTRUN
+
diff --git a/testing/web-platform/meta/content-security-policy/inside-worker/serviceworker-connect-src.https.sub.html.ini b/testing/web-platform/meta/content-security-policy/inside-worker/serviceworker-connect-src.https.sub.html.ini
new file mode 100644
index 0000000000..45d1539fbc
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/inside-worker/serviceworker-connect-src.https.sub.html.ini
@@ -0,0 +1,4 @@
+[serviceworker-connect-src.https.sub.html]
+ [Reports match in https: with connect-src 'self']
+ expected:
+ if swgl and (os == "linux") and fission: [PASS, FAIL]
diff --git a/testing/web-platform/meta/content-security-policy/inside-worker/serviceworker-report-only.https.sub.html.ini b/testing/web-platform/meta/content-security-policy/inside-worker/serviceworker-report-only.https.sub.html.ini
new file mode 100644
index 0000000000..00eea6e476
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/inside-worker/serviceworker-report-only.https.sub.html.ini
@@ -0,0 +1,3 @@
+[serviceworker-report-only.https.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/inside-worker/sharedworker-connect-src.sub.html.ini b/testing/web-platform/meta/content-security-policy/inside-worker/sharedworker-connect-src.sub.html.ini
new file mode 100644
index 0000000000..03d4fdfc90
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/inside-worker/sharedworker-connect-src.sub.html.ini
@@ -0,0 +1,3 @@
+[sharedworker-connect-src.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/inside-worker/sharedworker-report-only.sub.html.ini b/testing/web-platform/meta/content-security-policy/inside-worker/sharedworker-report-only.sub.html.ini
new file mode 100644
index 0000000000..99d889fc17
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/inside-worker/sharedworker-report-only.sub.html.ini
@@ -0,0 +1,3 @@
+[sharedworker-report-only.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/inside-worker/sharedworker-script-src.sub.html.ini b/testing/web-platform/meta/content-security-policy/inside-worker/sharedworker-script-src.sub.html.ini
new file mode 100644
index 0000000000..0ad2e3eba5
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/inside-worker/sharedworker-script-src.sub.html.ini
@@ -0,0 +1,3 @@
+[sharedworker-script-src.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/media-src/media-src-7_1.html.ini b/testing/web-platform/meta/content-security-policy/media-src/media-src-7_1.html.ini
new file mode 100644
index 0000000000..14084aadeb
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/media-src/media-src-7_1.html.ini
@@ -0,0 +1,2 @@
+[media-src-7_1.html]
+ disabled: https://bugzilla.mozilla.org/show_bug.cgi?id=1124091
diff --git a/testing/web-platform/meta/content-security-policy/media-src/media-src-7_2.html.ini b/testing/web-platform/meta/content-security-policy/media-src/media-src-7_2.html.ini
new file mode 100644
index 0000000000..cd144a3baf
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/media-src/media-src-7_2.html.ini
@@ -0,0 +1,14 @@
+[media-src-7_2.html]
+ expected:
+ if (os == "mac") and not debug: [OK, TIMEOUT]
+ [In-policy audio src]
+ expected:
+ if (os == "mac") and not debug: [PASS, NOTRUN]
+
+ [In-policy audio source element]
+ expected:
+ if (os == "mac") and not debug: [PASS, NOTRUN]
+
+ [Should not fire policy violation events]
+ expected:
+ if (os == "mac") and not debug: [PASS, NOTRUN]
diff --git a/testing/web-platform/meta/content-security-policy/media-src/media-src-7_3.sub.html.ini b/testing/web-platform/meta/content-security-policy/media-src/media-src-7_3.sub.html.ini
new file mode 100644
index 0000000000..224ffd5420
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/media-src/media-src-7_3.sub.html.ini
@@ -0,0 +1,3 @@
+[media-src-7_3.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/media-src/media-src-7_3_2.sub.html.ini b/testing/web-platform/meta/content-security-policy/media-src/media-src-7_3_2.sub.html.ini
new file mode 100644
index 0000000000..f89615ab50
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/media-src/media-src-7_3_2.sub.html.ini
@@ -0,0 +1,3 @@
+[media-src-7_3_2.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/media-src/media-src-blocked.sub.html.ini b/testing/web-platform/meta/content-security-policy/media-src/media-src-blocked.sub.html.ini
new file mode 100644
index 0000000000..1294746caf
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/media-src/media-src-blocked.sub.html.ini
@@ -0,0 +1,3 @@
+[media-src-blocked.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/media-src/media-src-redir-bug.sub.html.ini b/testing/web-platform/meta/content-security-policy/media-src/media-src-redir-bug.sub.html.ini
new file mode 100644
index 0000000000..b0f310359b
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/media-src/media-src-redir-bug.sub.html.ini
@@ -0,0 +1,3 @@
+[media-src-redir-bug.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/meta/sandbox-iframe.html.ini b/testing/web-platform/meta/content-security-policy/meta/sandbox-iframe.html.ini
new file mode 100644
index 0000000000..edc336e61b
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/meta/sandbox-iframe.html.ini
@@ -0,0 +1,5 @@
+[sandbox-iframe.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [img-src 'self' works when specified in a meta tag.]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/navigate-to/__dir__.ini b/testing/web-platform/meta/content-security-policy/navigate-to/__dir__.ini
new file mode 100644
index 0000000000..a2f3352956
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/navigate-to/__dir__.ini
@@ -0,0 +1,4 @@
+prefs: [security.csp.enableNavigateTo:true]
+disabled:
+ if os == "win": https://bugzilla.mozilla.org/show_bug.cgi?id=1450635
+lsan-allowed: [Alloc, AllocateProtoAndIfaceCache, CallFromStack, CallJSNative, CallResolveOp, DelazifyCanonicalScriptedFunction, EnterJit, InternalCall, JS::Call, JSFunction::delazifyLazilyInterpretedFunction, MakeLinearStringForAtomization, ProtoAndIfaceCache, addDataProperty, alloc::raw_vec::finish_grow, applyImpl, js::RunScript, js::frontend::CompilationStencil::instantiateStencilsAfterPreparation, js_new, js_pod_arena_malloc, maybeCreateCacheForLookup, mozilla::EventDispatcher::Dispatch, mozilla::EventListenerManager::HandleEventInternal, mozilla::TaskController::DoExecuteNextTaskOnlyMainThreadInternal, mozilla::detail::HashTable, mozilla::detail::RunnableFunction, mozilla::dom::PContentChild::OnMessageReceived, mozilla::dom::Performance::CreateForMainThread, mozilla::dom::PerformanceMainThread::CreateNavigationTimingEntry, mozilla::dom::ProtoAndIfaceCache::PageTableCache::EntrySlotOrCreate, mozilla::dom::ScriptLoader::CreateLoadRequest, mozilla::dom::ScriptLoader::EvaluateScript, mozilla::intl::FluentBundle::Constructor, mozilla::intl::FluentResource::Constructor, mozilla::ipc::MessageChannel::RunMessage, mozilla::net::nsStandardURL::TemplatedMutator, nsDocumentOpenInfo::TryContentListener, nsDynamicAtom::Create, nsPresContext::NotifyContentfulPaint, nsThread::ProcessNextEvent, operator, search, unknown stack]
diff --git a/testing/web-platform/meta/content-security-policy/navigate-to/child-navigates-parent-allowed.html.ini b/testing/web-platform/meta/content-security-policy/navigate-to/child-navigates-parent-allowed.html.ini
new file mode 100644
index 0000000000..d78f9d922d
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/navigate-to/child-navigates-parent-allowed.html.ini
@@ -0,0 +1,8 @@
+[child-navigates-parent-allowed.html]
+ disabled:
+ if os == "linux": https://bugzilla.mozilla.org/show_bug.cgi?id=1450660
+
+ expected: TIMEOUT
+
+ [Test that the child can navigate the parent because the relevant policy belongs to the navigation initiator (in this case the child, which has the policy `navigate-to 'self'`)]
+ expected: NOTRUN
diff --git a/testing/web-platform/meta/content-security-policy/navigate-to/child-navigates-parent-blocked.sub.html.ini b/testing/web-platform/meta/content-security-policy/navigate-to/child-navigates-parent-blocked.sub.html.ini
new file mode 100644
index 0000000000..1c5507d9a7
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/navigate-to/child-navigates-parent-blocked.sub.html.ini
@@ -0,0 +1,8 @@
+[child-navigates-parent-blocked.sub.html]
+ expected: TIMEOUT
+ [Violation report status OK.]
+ expected: FAIL
+
+ [Test that the child can't navigate the parent because the relevant policy belongs to the navigation initiator (in this case the child which has the policy `navigate-to 'none'`)]
+ expected: NOTRUN
+
diff --git a/testing/web-platform/meta/content-security-policy/navigate-to/form-action/form-action-blocks-navigate-to-allows.sub.html.ini b/testing/web-platform/meta/content-security-policy/navigate-to/form-action/form-action-blocks-navigate-to-allows.sub.html.ini
new file mode 100644
index 0000000000..9e2a1d94a3
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/navigate-to/form-action/form-action-blocks-navigate-to-allows.sub.html.ini
@@ -0,0 +1,4 @@
+[form-action-blocks-navigate-to-allows.sub.html]
+ [Test that form-action overrides navigate-to when present.]
+ expected: FAIL
+
diff --git a/testing/web-platform/meta/content-security-policy/navigate-to/form-action/form-action-blocks-navigate-to-blocks.sub.html.ini b/testing/web-platform/meta/content-security-policy/navigate-to/form-action/form-action-blocks-navigate-to-blocks.sub.html.ini
new file mode 100644
index 0000000000..60129ed9d5
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/navigate-to/form-action/form-action-blocks-navigate-to-blocks.sub.html.ini
@@ -0,0 +1,5 @@
+[form-action-blocks-navigate-to-blocks.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Test that form-action overrides navigate-to when present.]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/navigate-to/form-blocked.sub.html.ini b/testing/web-platform/meta/content-security-policy/navigate-to/form-blocked.sub.html.ini
new file mode 100644
index 0000000000..2f1bbca0b8
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/navigate-to/form-blocked.sub.html.ini
@@ -0,0 +1,9 @@
+[form-blocked.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Test that the child iframe navigation is not allowed]
+ expected: FAIL
+
+ [Violation report status OK.]
+ expected:
+ if (os == "android") and not debug: [PASS, FAIL]
diff --git a/testing/web-platform/meta/content-security-policy/navigate-to/form-cross-origin-blocked.sub.html.ini b/testing/web-platform/meta/content-security-policy/navigate-to/form-cross-origin-blocked.sub.html.ini
new file mode 100644
index 0000000000..31c50b2880
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/navigate-to/form-cross-origin-blocked.sub.html.ini
@@ -0,0 +1,5 @@
+[form-cross-origin-blocked.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Test that the child iframe navigation is not allowed]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/navigate-to/form-redirected-blocked.sub.html.ini b/testing/web-platform/meta/content-security-policy/navigate-to/form-redirected-blocked.sub.html.ini
new file mode 100644
index 0000000000..e13832a880
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/navigate-to/form-redirected-blocked.sub.html.ini
@@ -0,0 +1,3 @@
+[form-redirected-blocked.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/navigate-to/href-location-allowed.html.ini b/testing/web-platform/meta/content-security-policy/navigate-to/href-location-allowed.html.ini
new file mode 100644
index 0000000000..0416d153e3
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/navigate-to/href-location-allowed.html.ini
@@ -0,0 +1,3 @@
+[href-location-allowed.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/navigate-to/href-location-blocked.sub.html.ini b/testing/web-platform/meta/content-security-policy/navigate-to/href-location-blocked.sub.html.ini
new file mode 100644
index 0000000000..a5b8511658
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/navigate-to/href-location-blocked.sub.html.ini
@@ -0,0 +1,6 @@
+[href-location-blocked.sub.html]
+ [Violation report status OK.]
+ expected:
+ if (os == "android") and debug and swgl: [PASS, FAIL]
+ if (os == "android") and debug and not swgl: [FAIL, PASS]
+ if (os == "android") and not debug: [PASS, FAIL]
diff --git a/testing/web-platform/meta/content-security-policy/navigate-to/href-location-cross-origin-allowed.sub.html.ini b/testing/web-platform/meta/content-security-policy/navigate-to/href-location-cross-origin-allowed.sub.html.ini
new file mode 100644
index 0000000000..8958f54dde
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/navigate-to/href-location-cross-origin-allowed.sub.html.ini
@@ -0,0 +1,3 @@
+[href-location-cross-origin-allowed.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/navigate-to/href-location-cross-origin-blocked.sub.html.ini b/testing/web-platform/meta/content-security-policy/navigate-to/href-location-cross-origin-blocked.sub.html.ini
new file mode 100644
index 0000000000..809f776856
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/navigate-to/href-location-cross-origin-blocked.sub.html.ini
@@ -0,0 +1,3 @@
+[href-location-cross-origin-blocked.sub.html]
+ disabled:
+ if os == "android": Passes on debug but fails on optimized
diff --git a/testing/web-platform/meta/content-security-policy/navigate-to/href-location-redirected-allowed.html.ini b/testing/web-platform/meta/content-security-policy/navigate-to/href-location-redirected-allowed.html.ini
new file mode 100644
index 0000000000..56897589aa
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/navigate-to/href-location-redirected-allowed.html.ini
@@ -0,0 +1,3 @@
+[href-location-redirected-allowed.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/navigate-to/href-location-redirected-blocked.sub.html.ini b/testing/web-platform/meta/content-security-policy/navigate-to/href-location-redirected-blocked.sub.html.ini
new file mode 100644
index 0000000000..e65075322e
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/navigate-to/href-location-redirected-blocked.sub.html.ini
@@ -0,0 +1,3 @@
+[href-location-redirected-blocked.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/navigate-to/link-click-allowed.html.ini b/testing/web-platform/meta/content-security-policy/navigate-to/link-click-allowed.html.ini
new file mode 100644
index 0000000000..31bdc49265
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/navigate-to/link-click-allowed.html.ini
@@ -0,0 +1,3 @@
+[link-click-allowed.html]
+ expected:
+ if (os == "android") and fission: [TIMEOUT, OK]
diff --git a/testing/web-platform/meta/content-security-policy/navigate-to/link-click-blocked.sub.html.ini b/testing/web-platform/meta/content-security-policy/navigate-to/link-click-blocked.sub.html.ini
new file mode 100644
index 0000000000..69decb5e51
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/navigate-to/link-click-blocked.sub.html.ini
@@ -0,0 +1,11 @@
+[link-click-blocked.sub.html]
+ expected:
+ if fission and (os == "linux") and not debug: [OK, TIMEOUT]
+ if fission and (os == "android"): [OK, TIMEOUT]
+ [Test that the child iframe navigation is not allowed]
+ expected:
+ if (os == "linux") and not debug and fission: [PASS, NOTRUN]
+
+ [Violation report status OK.]
+ expected:
+ if (os == "linux") and not debug and fission: [PASS, FAIL]
diff --git a/testing/web-platform/meta/content-security-policy/navigate-to/link-click-cross-origin-allowed.sub.html.ini b/testing/web-platform/meta/content-security-policy/navigate-to/link-click-cross-origin-allowed.sub.html.ini
new file mode 100644
index 0000000000..13f2647975
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/navigate-to/link-click-cross-origin-allowed.sub.html.ini
@@ -0,0 +1,3 @@
+[link-click-cross-origin-allowed.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/navigate-to/link-click-cross-origin-blocked.sub.html.ini b/testing/web-platform/meta/content-security-policy/navigate-to/link-click-cross-origin-blocked.sub.html.ini
new file mode 100644
index 0000000000..ce667bffc4
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/navigate-to/link-click-cross-origin-blocked.sub.html.ini
@@ -0,0 +1,3 @@
+[link-click-cross-origin-blocked.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/navigate-to/link-click-redirected-allowed.html.ini b/testing/web-platform/meta/content-security-policy/navigate-to/link-click-redirected-allowed.html.ini
new file mode 100644
index 0000000000..3d09bedd57
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/navigate-to/link-click-redirected-allowed.html.ini
@@ -0,0 +1,5 @@
+[link-click-redirected-allowed.html]
+ disabled:
+ if os == "win": Bug 1440584
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/navigate-to/link-click-redirected-blocked.sub.html.ini b/testing/web-platform/meta/content-security-policy/navigate-to/link-click-redirected-blocked.sub.html.ini
new file mode 100644
index 0000000000..dead79e0d0
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/navigate-to/link-click-redirected-blocked.sub.html.ini
@@ -0,0 +1,4 @@
+[link-click-redirected-blocked.sub.html]
+ [Violation report status OK.]
+ expected:
+ if debug and (os == "linux") and not fission and not swgl: [PASS, FAIL]
diff --git a/testing/web-platform/meta/content-security-policy/navigate-to/meta-refresh-allowed.html.ini b/testing/web-platform/meta/content-security-policy/navigate-to/meta-refresh-allowed.html.ini
new file mode 100644
index 0000000000..6398d9b5f8
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/navigate-to/meta-refresh-allowed.html.ini
@@ -0,0 +1,3 @@
+[meta-refresh-allowed.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/navigate-to/meta-refresh-blocked.sub.html.ini b/testing/web-platform/meta/content-security-policy/navigate-to/meta-refresh-blocked.sub.html.ini
new file mode 100644
index 0000000000..d54aa48aaf
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/navigate-to/meta-refresh-blocked.sub.html.ini
@@ -0,0 +1,3 @@
+[meta-refresh-blocked.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/navigate-to/meta-refresh-cross-origin-allowed.sub.html.ini b/testing/web-platform/meta/content-security-policy/navigate-to/meta-refresh-cross-origin-allowed.sub.html.ini
new file mode 100644
index 0000000000..6c67fc19ce
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/navigate-to/meta-refresh-cross-origin-allowed.sub.html.ini
@@ -0,0 +1,3 @@
+[meta-refresh-cross-origin-allowed.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/navigate-to/meta-refresh-cross-origin-blocked.sub.html.ini b/testing/web-platform/meta/content-security-policy/navigate-to/meta-refresh-cross-origin-blocked.sub.html.ini
new file mode 100644
index 0000000000..07ff849d4d
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/navigate-to/meta-refresh-cross-origin-blocked.sub.html.ini
@@ -0,0 +1,3 @@
+[meta-refresh-cross-origin-blocked.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/navigate-to/meta-refresh-redirected-allowed.html.ini b/testing/web-platform/meta/content-security-policy/navigate-to/meta-refresh-redirected-allowed.html.ini
new file mode 100644
index 0000000000..5beb83a1c4
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/navigate-to/meta-refresh-redirected-allowed.html.ini
@@ -0,0 +1,3 @@
+[meta-refresh-redirected-allowed.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/navigate-to/meta-refresh-redirected-blocked.sub.html.ini b/testing/web-platform/meta/content-security-policy/navigate-to/meta-refresh-redirected-blocked.sub.html.ini
new file mode 100644
index 0000000000..35264132b1
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/navigate-to/meta-refresh-redirected-blocked.sub.html.ini
@@ -0,0 +1,3 @@
+[meta-refresh-redirected-blocked.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/navigate-to/parent-navigates-child-allowed.html.ini b/testing/web-platform/meta/content-security-policy/navigate-to/parent-navigates-child-allowed.html.ini
new file mode 100644
index 0000000000..b169d939dc
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/navigate-to/parent-navigates-child-allowed.html.ini
@@ -0,0 +1,3 @@
+[parent-navigates-child-allowed.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/navigate-to/parent-navigates-child-blocked.html.ini b/testing/web-platform/meta/content-security-policy/navigate-to/parent-navigates-child-blocked.html.ini
new file mode 100644
index 0000000000..d4c0fa1e3c
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/navigate-to/parent-navigates-child-blocked.html.ini
@@ -0,0 +1,3 @@
+[parent-navigates-child-blocked.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/navigate-to/spv-only-sent-to-initiator.sub.html.ini b/testing/web-platform/meta/content-security-policy/navigate-to/spv-only-sent-to-initiator.sub.html.ini
new file mode 100644
index 0000000000..d7d5d787aa
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/navigate-to/spv-only-sent-to-initiator.sub.html.ini
@@ -0,0 +1,17 @@
+[spv-only-sent-to-initiator.sub.html]
+ expected:
+ if fission and (os == "linux") and debug and not swgl: [TIMEOUT, OK]
+ if fission and (os == "linux") and debug and swgl: [TIMEOUT, OK]
+ if fission and (os == "linux") and not debug and (processor == "x86_64"): [TIMEOUT, OK]
+ if fission and (os == "mac") and debug: [TIMEOUT, OK]
+ [OK, TIMEOUT]
+ [Test that no spv event is raised]
+ expected:
+ if fission and (os == "linux") and not debug and (processor == "x86_64"): [NOTRUN, FAIL]
+ if fission and (os == "linux") and debug and not swgl: [NOTRUN, FAIL]
+ if fission and (os == "linux") and debug and swgl: [NOTRUN, FAIL]
+ if fission and (os == "mac") and debug: [NOTRUN, FAIL]
+ [FAIL, NOTRUN]
+
+ [Violation report status OK.]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/navigate-to/unsafe-allow-redirects/allowed-end-of-chain-because-of-same-origin.sub.html.ini b/testing/web-platform/meta/content-security-policy/navigate-to/unsafe-allow-redirects/allowed-end-of-chain-because-of-same-origin.sub.html.ini
new file mode 100644
index 0000000000..50b6964711
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/navigate-to/unsafe-allow-redirects/allowed-end-of-chain-because-of-same-origin.sub.html.ini
@@ -0,0 +1,3 @@
+[allowed-end-of-chain-because-of-same-origin.sub.html]
+ disabled:
+ if (os == "android"): https://bugzilla.mozilla.org/show_bug.cgi?id=1511193
diff --git a/testing/web-platform/meta/content-security-policy/navigate-to/unsafe-allow-redirects/blocked-end-of-chain.sub.html.ini b/testing/web-platform/meta/content-security-policy/navigate-to/unsafe-allow-redirects/blocked-end-of-chain.sub.html.ini
new file mode 100644
index 0000000000..d912e96f1d
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/navigate-to/unsafe-allow-redirects/blocked-end-of-chain.sub.html.ini
@@ -0,0 +1,6 @@
+[blocked-end-of-chain.sub.html]
+ expected: TIMEOUT
+
+ [Test that the child iframe navigation is blocked]
+ expected: NOTRUN
+
diff --git a/testing/web-platform/meta/content-security-policy/navigation/to-javascript-parent-initiated-child-csp.html.ini b/testing/web-platform/meta/content-security-policy/navigation/to-javascript-parent-initiated-child-csp.html.ini
new file mode 100644
index 0000000000..285e3b0426
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/navigation/to-javascript-parent-initiated-child-csp.html.ini
@@ -0,0 +1,3 @@
+[to-javascript-parent-initiated-child-csp.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/navigation/to-javascript-parent-initiated-parent-csp-disallow.html.ini b/testing/web-platform/meta/content-security-policy/navigation/to-javascript-parent-initiated-parent-csp-disallow.html.ini
new file mode 100644
index 0000000000..d0d8d37a73
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/navigation/to-javascript-parent-initiated-parent-csp-disallow.html.ini
@@ -0,0 +1,3 @@
+[to-javascript-parent-initiated-parent-csp-disallow.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/navigation/to-javascript-parent-initiated-parent-csp.html.ini b/testing/web-platform/meta/content-security-policy/navigation/to-javascript-parent-initiated-parent-csp.html.ini
new file mode 100644
index 0000000000..d2e55d364f
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/navigation/to-javascript-parent-initiated-parent-csp.html.ini
@@ -0,0 +1,6 @@
+implementation-status: backlog
+[to-javascript-parent-initiated-parent-csp.html]
+ expected: TIMEOUT
+ [Should not have executed the javascript url]
+ expected: NOTRUN
+
diff --git a/testing/web-platform/meta/content-security-policy/navigation/to-javascript-url-frame-src.html.ini b/testing/web-platform/meta/content-security-policy/navigation/to-javascript-url-frame-src.html.ini
new file mode 100644
index 0000000000..954366431b
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/navigation/to-javascript-url-frame-src.html.ini
@@ -0,0 +1,3 @@
+[to-javascript-url-frame-src.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/navigation/to-javascript-url-script-src.html.ini b/testing/web-platform/meta/content-security-policy/navigation/to-javascript-url-script-src.html.ini
new file mode 100644
index 0000000000..64cb52918b
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/navigation/to-javascript-url-script-src.html.ini
@@ -0,0 +1,15 @@
+implementation-status: backlog
+[to-javascript-url-script-src.html]
+ expected: TIMEOUT
+ [<iframe src='javascript:'> blocked without 'unsafe-inline'.]
+ expected: TIMEOUT
+
+ [<iframe> navigated to 'javascript:' blocked without 'unsafe-inline'.]
+ expected: TIMEOUT
+
+ [<iframe src='...'> with 'unsafe-inline' navigated to 'javascript:' blocked in this document]
+ expected: TIMEOUT
+
+ [<iframe src='...'> without 'unsafe-inline' navigated to 'javascript:' blocked in this document.]
+ expected: TIMEOUT
+
diff --git a/testing/web-platform/meta/content-security-policy/nonce-hiding/svgscript-nonces-hidden.html.ini b/testing/web-platform/meta/content-security-policy/nonce-hiding/svgscript-nonces-hidden.html.ini
new file mode 100644
index 0000000000..3507381619
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/nonce-hiding/svgscript-nonces-hidden.html.ini
@@ -0,0 +1,3 @@
+[svgscript-nonces-hidden.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/object-src/object-src-no-url-blocked.html.ini b/testing/web-platform/meta/content-security-policy/object-src/object-src-no-url-blocked.html.ini
new file mode 100644
index 0000000000..240833d6a3
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/object-src/object-src-no-url-blocked.html.ini
@@ -0,0 +1,5 @@
+[object-src-no-url-blocked.html]
+ expected: TIMEOUT
+ [Should block the object and fire a spv]
+ expected: NOTRUN
+
diff --git a/testing/web-platform/meta/content-security-policy/object-src/object-src-url-allowed.html.ini b/testing/web-platform/meta/content-security-policy/object-src/object-src-url-allowed.html.ini
new file mode 100644
index 0000000000..8a5a255794
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/object-src/object-src-url-allowed.html.ini
@@ -0,0 +1,3 @@
+[object-src-url-allowed.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/object-src/object-src-url-blocked.html.ini b/testing/web-platform/meta/content-security-policy/object-src/object-src-url-blocked.html.ini
new file mode 100644
index 0000000000..78fc5d5747
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/object-src/object-src-url-blocked.html.ini
@@ -0,0 +1,3 @@
+[object-src-url-blocked.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/object-src/object-src-url-embed-allowed.html.ini b/testing/web-platform/meta/content-security-policy/object-src/object-src-url-embed-allowed.html.ini
new file mode 100644
index 0000000000..4227296cea
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/object-src/object-src-url-embed-allowed.html.ini
@@ -0,0 +1,3 @@
+[object-src-url-embed-allowed.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/object-src/object-src-url-embed-blocked.html.ini b/testing/web-platform/meta/content-security-policy/object-src/object-src-url-embed-blocked.html.ini
new file mode 100644
index 0000000000..aab46e8c26
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/object-src/object-src-url-embed-blocked.html.ini
@@ -0,0 +1,3 @@
+[object-src-url-embed-blocked.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/object-src/object-src-url-redirect-allowed.html.ini b/testing/web-platform/meta/content-security-policy/object-src/object-src-url-redirect-allowed.html.ini
new file mode 100644
index 0000000000..5bd2d5e09d
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/object-src/object-src-url-redirect-allowed.html.ini
@@ -0,0 +1,3 @@
+[object-src-url-redirect-allowed.html]
+ expected:
+ if (os == "android") and fission: [TIMEOUT, OK]
diff --git a/testing/web-platform/meta/content-security-policy/object-src/object-src-url-redirect-blocked.sub.html.ini b/testing/web-platform/meta/content-security-policy/object-src/object-src-url-redirect-blocked.sub.html.ini
new file mode 100644
index 0000000000..35c3ed2f88
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/object-src/object-src-url-redirect-blocked.sub.html.ini
@@ -0,0 +1,9 @@
+[object-src-url-redirect-blocked.sub.html]
+ disabled:
+ if (os == "android"): bug 1553440
+ expected:
+ if (os == "android"): TIMEOUT
+ [Should block the object and fire a spv]
+ expected:
+ if (os == "android"): NOTRUN
+
diff --git a/testing/web-platform/meta/content-security-policy/plugin-types/__dir__.ini b/testing/web-platform/meta/content-security-policy/plugin-types/__dir__.ini
new file mode 100644
index 0000000000..79ef6f271a
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/plugin-types/__dir__.ini
@@ -0,0 +1 @@
+implementation-status: not-implementing \ No newline at end of file
diff --git a/testing/web-platform/meta/content-security-policy/prefetch-src/__dir__.ini b/testing/web-platform/meta/content-security-policy/prefetch-src/__dir__.ini
new file mode 100644
index 0000000000..2ef043b928
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/prefetch-src/__dir__.ini
@@ -0,0 +1 @@
+implementation-status: backlog
diff --git a/testing/web-platform/meta/content-security-policy/reporting-api/__dir__.ini b/testing/web-platform/meta/content-security-policy/reporting-api/__dir__.ini
new file mode 100644
index 0000000000..b67beb8e51
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/reporting-api/__dir__.ini
@@ -0,0 +1 @@
+prefs: [dom.reporting.enabled:true, dom.reporting.featurePolicy.enabled:true]
diff --git a/testing/web-platform/meta/content-security-policy/reporting-api/report-to-directive-allowed-in-meta.https.sub.html.ini b/testing/web-platform/meta/content-security-policy/reporting-api/report-to-directive-allowed-in-meta.https.sub.html.ini
new file mode 100644
index 0000000000..bfde45cbe7
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/reporting-api/report-to-directive-allowed-in-meta.https.sub.html.ini
@@ -0,0 +1,8 @@
+[report-to-directive-allowed-in-meta.https.sub.html]
+ expected: TIMEOUT
+ [Report is observable to ReportingObserver]
+ expected: TIMEOUT
+
+ [Violation report status OK.]
+ expected: FAIL
+
diff --git a/testing/web-platform/meta/content-security-policy/reporting-api/reporting-api-report-only-sends-reports-on-violation.https.sub.html.ini b/testing/web-platform/meta/content-security-policy/reporting-api/reporting-api-report-only-sends-reports-on-violation.https.sub.html.ini
new file mode 100644
index 0000000000..be6fd18762
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/reporting-api/reporting-api-report-only-sends-reports-on-violation.https.sub.html.ini
@@ -0,0 +1,5 @@
+[reporting-api-report-only-sends-reports-on-violation.https.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Violation report status OK.]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/reporting-api/reporting-api-report-to-only-sends-reports-to-first-endpoint.https.sub.html.ini b/testing/web-platform/meta/content-security-policy/reporting-api/reporting-api-report-to-only-sends-reports-to-first-endpoint.https.sub.html.ini
new file mode 100644
index 0000000000..39bc351b02
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/reporting-api/reporting-api-report-to-only-sends-reports-to-first-endpoint.https.sub.html.ini
@@ -0,0 +1,3 @@
+[reporting-api-report-to-only-sends-reports-to-first-endpoint.https.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/reporting-api/reporting-api-report-to-overrides-report-uri-1.https.sub.html.ini b/testing/web-platform/meta/content-security-policy/reporting-api/reporting-api-report-to-overrides-report-uri-1.https.sub.html.ini
new file mode 100644
index 0000000000..eab757aac0
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/reporting-api/reporting-api-report-to-overrides-report-uri-1.https.sub.html.ini
@@ -0,0 +1,3 @@
+[reporting-api-report-to-overrides-report-uri-1.https.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/reporting-api/reporting-api-report-to-overrides-report-uri-2.https.sub.html.ini b/testing/web-platform/meta/content-security-policy/reporting-api/reporting-api-report-to-overrides-report-uri-2.https.sub.html.ini
new file mode 100644
index 0000000000..93f3f7db25
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/reporting-api/reporting-api-report-to-overrides-report-uri-2.https.sub.html.ini
@@ -0,0 +1,3 @@
+[reporting-api-report-to-overrides-report-uri-2.https.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/reporting-api/reporting-api-sends-reports-on-violation.https.sub.html.ini b/testing/web-platform/meta/content-security-policy/reporting-api/reporting-api-sends-reports-on-violation.https.sub.html.ini
new file mode 100644
index 0000000000..7da058a08b
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/reporting-api/reporting-api-sends-reports-on-violation.https.sub.html.ini
@@ -0,0 +1,9 @@
+implementation-status: backlog
+[reporting-api-sends-reports-on-violation.https.sub.html]
+ expected: TIMEOUT
+ [Violation report status OK.]
+ expected: [TIMEOUT, FAIL]
+
+ [Report is observable to ReportingObserver]
+ expected: TIMEOUT
+
diff --git a/testing/web-platform/meta/content-security-policy/reporting-api/reporting-api-works-on-frame-ancestors.https.sub.html.ini b/testing/web-platform/meta/content-security-policy/reporting-api/reporting-api-works-on-frame-ancestors.https.sub.html.ini
new file mode 100644
index 0000000000..f64578e746
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/reporting-api/reporting-api-works-on-frame-ancestors.https.sub.html.ini
@@ -0,0 +1,5 @@
+[reporting-api-works-on-frame-ancestors.https.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Violation report status OK.]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/reporting-api/reporting-api-works-on-frame-src.https.sub.html.ini b/testing/web-platform/meta/content-security-policy/reporting-api/reporting-api-works-on-frame-src.https.sub.html.ini
new file mode 100644
index 0000000000..104a72cb89
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/reporting-api/reporting-api-works-on-frame-src.https.sub.html.ini
@@ -0,0 +1,5 @@
+[reporting-api-works-on-frame-src.https.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Violation report status OK.]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/reporting/multiple-report-policies.html.ini b/testing/web-platform/meta/content-security-policy/reporting/multiple-report-policies.html.ini
new file mode 100644
index 0000000000..e3aec0df93
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/reporting/multiple-report-policies.html.ini
@@ -0,0 +1,4 @@
+[multiple-report-policies.html]
+ disabled:
+ if os == "linux": https://bugzilla.mozilla.org/show_bug.cgi?id=1435526
+ if debug and (os == "win"): https://bugzilla.mozilla.org/show_bug.cgi?id=1435526
diff --git a/testing/web-platform/meta/content-security-policy/reporting/post-redirect-stacktrace.https.html.ini b/testing/web-platform/meta/content-security-policy/reporting/post-redirect-stacktrace.https.html.ini
new file mode 100644
index 0000000000..4cf257d5d7
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/reporting/post-redirect-stacktrace.https.html.ini
@@ -0,0 +1,7 @@
+[post-redirect-stacktrace.https.html]
+ expected: TIMEOUT
+ [CSP report do not leak cross-site post-redirect URL]
+ expected: NOTRUN
+
+ [CSP report do not leak cross-origin post-redirect URL]
+ expected: NOTRUN
diff --git a/testing/web-platform/meta/content-security-policy/reporting/report-blocked-data-uri.html.ini b/testing/web-platform/meta/content-security-policy/reporting/report-blocked-data-uri.html.ini
new file mode 100644
index 0000000000..07e551dba9
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/reporting/report-blocked-data-uri.html.ini
@@ -0,0 +1,3 @@
+[report-blocked-data-uri.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/reporting/report-blocked-uri.html.ini b/testing/web-platform/meta/content-security-policy/reporting/report-blocked-uri.html.ini
new file mode 100644
index 0000000000..5a59acf267
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/reporting/report-blocked-uri.html.ini
@@ -0,0 +1,3 @@
+[report-blocked-uri.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/reporting/report-clips-sample.https.html.ini b/testing/web-platform/meta/content-security-policy/reporting/report-clips-sample.https.html.ini
new file mode 100644
index 0000000000..264a407a3a
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/reporting/report-clips-sample.https.html.ini
@@ -0,0 +1,10 @@
+[report-clips-sample.https.html]
+ [Unsafe eval violation sample is clipped to 40 characters.]
+ expected: FAIL
+
+ [Trusted Types violation sample is clipped to 40 characters excluded the sink name.]
+ expected: FAIL
+
+ [Function constructor - the other kind of eval - is clipped.]
+ expected: FAIL
+
diff --git a/testing/web-platform/meta/content-security-policy/reporting/report-cross-origin-no-cookies.sub.html.ini b/testing/web-platform/meta/content-security-policy/reporting/report-cross-origin-no-cookies.sub.html.ini
new file mode 100644
index 0000000000..5019539641
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/reporting/report-cross-origin-no-cookies.sub.html.ini
@@ -0,0 +1,13 @@
+[report-cross-origin-no-cookies.sub.html]
+ expected:
+ if (os == "mac") and not debug: [OK, TIMEOUT]
+ if (os == "android") and not fission: [OK, TIMEOUT]
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Violation report status OK.]
+ expected:
+ if (os == "win") and not debug and (processor == "x86"): [PASS, FAIL]
+ if (os == "mac") and not debug: [PASS, TIMEOUT]
+
+ [Test report cookies.]
+ expected:
+ if os == "android": [PASS, NOTRUN]
diff --git a/testing/web-platform/meta/content-security-policy/reporting/report-frame-ancestors-with-x-frame-options.sub.html.ini b/testing/web-platform/meta/content-security-policy/reporting/report-frame-ancestors-with-x-frame-options.sub.html.ini
new file mode 100644
index 0000000000..2c9a8233b0
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/reporting/report-frame-ancestors-with-x-frame-options.sub.html.ini
@@ -0,0 +1,6 @@
+[report-frame-ancestors-with-x-frame-options.sub.html]
+ [Violation report status OK.]
+ expected:
+ if os == "mac": FAIL
+ if os == "linux": FAIL
+ if win10_2004: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/reporting/report-frame-ancestors.sub.html.ini b/testing/web-platform/meta/content-security-policy/reporting/report-frame-ancestors.sub.html.ini
new file mode 100644
index 0000000000..0115571816
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/reporting/report-frame-ancestors.sub.html.ini
@@ -0,0 +1,9 @@
+[report-frame-ancestors.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Violation report status OK.]
+ expected:
+ if win11_2009: PASS
+ if (os == "android") and not debug: [PASS, FAIL]
+ if (os == "android") and debug: PASS
+ FAIL
diff --git a/testing/web-platform/meta/content-security-policy/reporting/report-multiple-violations-02.html.ini b/testing/web-platform/meta/content-security-policy/reporting/report-multiple-violations-02.html.ini
new file mode 100644
index 0000000000..34b32e593a
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/reporting/report-multiple-violations-02.html.ini
@@ -0,0 +1,9 @@
+[report-multiple-violations-02.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Test number of sent reports.]
+ expected: FAIL
+
+ [Violation report status OK.]
+ expected:
+ if (os == "android") and not debug: [PASS, FAIL]
diff --git a/testing/web-platform/meta/content-security-policy/reporting/report-only-in-meta.sub.html.ini b/testing/web-platform/meta/content-security-policy/reporting/report-only-in-meta.sub.html.ini
new file mode 100644
index 0000000000..75a342ce5d
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/reporting/report-only-in-meta.sub.html.ini
@@ -0,0 +1,3 @@
+[report-only-in-meta.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/reporting/report-only-unsafe-eval.html.ini b/testing/web-platform/meta/content-security-policy/reporting/report-only-unsafe-eval.html.ini
new file mode 100644
index 0000000000..5ac01f4413
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/reporting/report-only-unsafe-eval.html.ini
@@ -0,0 +1,3 @@
+[report-only-unsafe-eval.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/reporting/report-original-url-on-mixed-content-frame.https.sub.html.ini b/testing/web-platform/meta/content-security-policy/reporting/report-original-url-on-mixed-content-frame.https.sub.html.ini
new file mode 100644
index 0000000000..f49b518e32
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/reporting/report-original-url-on-mixed-content-frame.https.sub.html.ini
@@ -0,0 +1,5 @@
+[report-original-url-on-mixed-content-frame.https.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Violation report status OK.]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/reporting/report-original-url.sub.html.ini b/testing/web-platform/meta/content-security-policy/reporting/report-original-url.sub.html.ini
new file mode 100644
index 0000000000..f63f7b63d1
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/reporting/report-original-url.sub.html.ini
@@ -0,0 +1,3 @@
+[report-original-url.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/reporting/report-preload-and-consume.https.html.ini b/testing/web-platform/meta/content-security-policy/reporting/report-preload-and-consume.https.html.ini
new file mode 100644
index 0000000000..e1b3223c0c
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/reporting/report-preload-and-consume.https.html.ini
@@ -0,0 +1,5 @@
+[report-preload-and-consume.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Reporting endpoints received credentials.]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/reporting/report-same-origin-with-cookies.html.ini b/testing/web-platform/meta/content-security-policy/reporting/report-same-origin-with-cookies.html.ini
new file mode 100644
index 0000000000..680f06e5b3
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/reporting/report-same-origin-with-cookies.html.ini
@@ -0,0 +1,5 @@
+[report-same-origin-with-cookies.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Test report cookies.]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/reporting/report-strips-fragment.html.ini b/testing/web-platform/meta/content-security-policy/reporting/report-strips-fragment.html.ini
new file mode 100644
index 0000000000..18c1308254
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/reporting/report-strips-fragment.html.ini
@@ -0,0 +1,3 @@
+[report-strips-fragment.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/reporting/report-uri-effective-directive.html.ini b/testing/web-platform/meta/content-security-policy/reporting/report-uri-effective-directive.html.ini
new file mode 100644
index 0000000000..bbe20fc013
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/reporting/report-uri-effective-directive.html.ini
@@ -0,0 +1,3 @@
+[report-uri-effective-directive.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/reporting/report-uri-from-child-frame.html.ini b/testing/web-platform/meta/content-security-policy/reporting/report-uri-from-child-frame.html.ini
new file mode 100644
index 0000000000..82baf62d91
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/reporting/report-uri-from-child-frame.html.ini
@@ -0,0 +1,3 @@
+[report-uri-from-child-frame.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/reporting/report-uri-from-inline-javascript.html.ini b/testing/web-platform/meta/content-security-policy/reporting/report-uri-from-inline-javascript.html.ini
new file mode 100644
index 0000000000..2226ba9fa9
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/reporting/report-uri-from-inline-javascript.html.ini
@@ -0,0 +1,3 @@
+[report-uri-from-inline-javascript.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/reporting/report-uri-from-javascript.html.ini b/testing/web-platform/meta/content-security-policy/reporting/report-uri-from-javascript.html.ini
new file mode 100644
index 0000000000..78d5a2c22c
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/reporting/report-uri-from-javascript.html.ini
@@ -0,0 +1,3 @@
+[report-uri-from-javascript.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/reporting/report-uri-multiple-reversed.html.ini b/testing/web-platform/meta/content-security-policy/reporting/report-uri-multiple-reversed.html.ini
new file mode 100644
index 0000000000..9896aa2f0c
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/reporting/report-uri-multiple-reversed.html.ini
@@ -0,0 +1,3 @@
+[report-uri-multiple-reversed.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/reporting/report-uri-multiple.html.ini b/testing/web-platform/meta/content-security-policy/reporting/report-uri-multiple.html.ini
new file mode 100644
index 0000000000..657031de50
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/reporting/report-uri-multiple.html.ini
@@ -0,0 +1,3 @@
+[report-uri-multiple.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/reporting/report-uri-scheme-relative.html.ini b/testing/web-platform/meta/content-security-policy/reporting/report-uri-scheme-relative.html.ini
new file mode 100644
index 0000000000..d89287873c
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/reporting/report-uri-scheme-relative.html.ini
@@ -0,0 +1,3 @@
+[report-uri-scheme-relative.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/resource-hints/prefetch-allowed-by-any-directive.sub.html.ini b/testing/web-platform/meta/content-security-policy/resource-hints/prefetch-allowed-by-any-directive.sub.html.ini
new file mode 100644
index 0000000000..816cd785fe
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/resource-hints/prefetch-allowed-by-any-directive.sub.html.ini
@@ -0,0 +1,10 @@
+[prefetch-allowed-by-any-directive.sub.html]
+ expected: TIMEOUT
+ [Prefetch should succeed when restricted by default-src but allowed by other directive]
+ expected: TIMEOUT
+
+ [Prefetch should fail when restricted by default-src and different origin allowed by other directive]
+ expected: NOTRUN
+
+ [Prefetch should succeed when restricted by default-src but origin allowed by other directive]
+ expected: NOTRUN
diff --git a/testing/web-platform/meta/content-security-policy/resource-hints/prefetch-allowed-with-conflicting-permissive-policies.html.ini b/testing/web-platform/meta/content-security-policy/resource-hints/prefetch-allowed-with-conflicting-permissive-policies.html.ini
new file mode 100644
index 0000000000..0919ef94aa
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/resource-hints/prefetch-allowed-with-conflicting-permissive-policies.html.ini
@@ -0,0 +1,4 @@
+[prefetch-allowed-with-conflicting-permissive-policies.html]
+ expected: TIMEOUT
+ [Prefetch should succeed when a directive in a policy is permissive, even if a subsequent policy overrides that.]
+ expected: TIMEOUT
diff --git a/testing/web-platform/meta/content-security-policy/resource-hints/prefetch-blocked-by-default-multiple-policies.html.ini b/testing/web-platform/meta/content-security-policy/resource-hints/prefetch-blocked-by-default-multiple-policies.html.ini
new file mode 100644
index 0000000000..f795f8c5d4
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/resource-hints/prefetch-blocked-by-default-multiple-policies.html.ini
@@ -0,0 +1,4 @@
+[prefetch-blocked-by-default-multiple-policies.html]
+ expected: TIMEOUT
+ [Prefetch should fail when restricted by default-src]
+ expected: TIMEOUT
diff --git a/testing/web-platform/meta/content-security-policy/resource-hints/prefetch-blocked-by-default.html.ini b/testing/web-platform/meta/content-security-policy/resource-hints/prefetch-blocked-by-default.html.ini
new file mode 100644
index 0000000000..3ee2b910a5
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/resource-hints/prefetch-blocked-by-default.html.ini
@@ -0,0 +1,4 @@
+[prefetch-blocked-by-default.html]
+ expected: TIMEOUT
+ [Prefetch should fail when restricted by default-src]
+ expected: TIMEOUT
diff --git a/testing/web-platform/meta/content-security-policy/resource-hints/prefetch-generate-directives.html.ini b/testing/web-platform/meta/content-security-policy/resource-hints/prefetch-generate-directives.html.ini
new file mode 100644
index 0000000000..38162f1d82
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/resource-hints/prefetch-generate-directives.html.ini
@@ -0,0 +1,72 @@
+[prefetch-generate-directives.html]
+ [Test that script-src enabled with everything else disabled allows prefetching]
+ expected: FAIL
+
+ [Test that script-src enabled with default-src disabled allows prefetching]
+ expected: FAIL
+
+ [Test that img-src enabled with everything else disabled allows prefetching]
+ expected: FAIL
+
+ [Test that img-src enabled with default-src disabled allows prefetching]
+ expected: FAIL
+
+ [Test that connect-src enabled with everything else disabled allows prefetching]
+ expected: FAIL
+
+ [Test that connect-src enabled with default-src disabled allows prefetching]
+ expected: FAIL
+
+ [Test that object-src enabled with everything else disabled allows prefetching]
+ expected: FAIL
+
+ [Test that object-src enabled with default-src disabled allows prefetching]
+ expected: FAIL
+
+ [Test that font-src enabled with everything else disabled allows prefetching]
+ expected: FAIL
+
+ [Test that font-src enabled with default-src disabled allows prefetching]
+ expected: FAIL
+
+ [Test that manifest-src enabled with everything else disabled allows prefetching]
+ expected: FAIL
+
+ [Test that manifest-src enabled with default-src disabled allows prefetching]
+ expected: FAIL
+
+ [Test that media-src enabled with everything else disabled allows prefetching]
+ expected: FAIL
+
+ [Test that media-src enabled with default-src disabled allows prefetching]
+ expected: FAIL
+
+ [Test that style-src enabled with everything else disabled allows prefetching]
+ expected: FAIL
+
+ [Test that style-src enabled with default-src disabled allows prefetching]
+ expected: FAIL
+
+ [Test that child-src enabled with everything else disabled allows prefetching]
+ expected: FAIL
+
+ [Test that child-src enabled with default-src disabled allows prefetching]
+ expected: FAIL
+
+ [Test that frame-src enabled with everything else disabled allows prefetching]
+ expected: FAIL
+
+ [Test that frame-src enabled with default-src disabled allows prefetching]
+ expected: FAIL
+
+ [Test that worker-src enabled with everything else disabled allows prefetching]
+ expected: FAIL
+
+ [Test that worker-src enabled with default-src disabled allows prefetching]
+ expected: FAIL
+
+ [Test that permissive script-src-elem supersedes script-src]
+ expected: FAIL
+
+ [Test that permissive script-src supersedes script-src-elem]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/resource-hints/prefetch-ignores-prefetch-src.sub.html.ini b/testing/web-platform/meta/content-security-policy/resource-hints/prefetch-ignores-prefetch-src.sub.html.ini
new file mode 100644
index 0000000000..30e8ff98e7
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/resource-hints/prefetch-ignores-prefetch-src.sub.html.ini
@@ -0,0 +1,4 @@
+[prefetch-ignores-prefetch-src.sub.html]
+ expected: TIMEOUT
+ [Prefetch should fail when restricted by default-src and allowed by unsupported prefetch-src directive (prefetch-src should be ignored)]
+ expected: TIMEOUT
diff --git a/testing/web-platform/meta/content-security-policy/sandbox/sandbox-empty-subframe.sub.html.ini b/testing/web-platform/meta/content-security-policy/sandbox/sandbox-empty-subframe.sub.html.ini
new file mode 100644
index 0000000000..f7b98c0dd4
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/sandbox/sandbox-empty-subframe.sub.html.ini
@@ -0,0 +1,3 @@
+[sandbox-empty-subframe.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/sandbox/sandbox-empty.sub.html.ini b/testing/web-platform/meta/content-security-policy/sandbox/sandbox-empty.sub.html.ini
new file mode 100644
index 0000000000..c6ef6e9be3
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/sandbox/sandbox-empty.sub.html.ini
@@ -0,0 +1,3 @@
+[sandbox-empty.sub.html]
+ expected:
+ if (os == "android") and fission: [TIMEOUT, OK]
diff --git a/testing/web-platform/meta/content-security-policy/sandbox/service-worker-sandbox.https.html.ini b/testing/web-platform/meta/content-security-policy/sandbox/service-worker-sandbox.https.html.ini
new file mode 100644
index 0000000000..cfc750f262
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/sandbox/service-worker-sandbox.https.html.ini
@@ -0,0 +1,3 @@
+[service-worker-sandbox.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/sandbox/shared-worker-sandbox.html.ini b/testing/web-platform/meta/content-security-policy/sandbox/shared-worker-sandbox.html.ini
new file mode 100644
index 0000000000..42c96bc8f2
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/sandbox/shared-worker-sandbox.html.ini
@@ -0,0 +1,3 @@
+[shared-worker-sandbox.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/sandbox/window-reuse-sandboxed.html.ini b/testing/web-platform/meta/content-security-policy/sandbox/window-reuse-sandboxed.html.ini
new file mode 100644
index 0000000000..b74fc0b887
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/sandbox/window-reuse-sandboxed.html.ini
@@ -0,0 +1,3 @@
+[window-reuse-sandboxed.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/sandbox/window-reuse-unsandboxed.html.ini b/testing/web-platform/meta/content-security-policy/sandbox/window-reuse-unsandboxed.html.ini
new file mode 100644
index 0000000000..f4bbe0845d
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/sandbox/window-reuse-unsandboxed.html.ini
@@ -0,0 +1,3 @@
+[window-reuse-unsandboxed.html]
+ expected:
+ if (os == "android") and fission: [TIMEOUT, OK]
diff --git a/testing/web-platform/meta/content-security-policy/script-src-attr-elem/__dir__.ini b/testing/web-platform/meta/content-security-policy/script-src-attr-elem/__dir__.ini
new file mode 100644
index 0000000000..3bf8188c76
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/script-src-attr-elem/__dir__.ini
@@ -0,0 +1 @@
+implementation-status: backlog
diff --git a/testing/web-platform/meta/content-security-policy/script-src/__dir__.ini b/testing/web-platform/meta/content-security-policy/script-src/__dir__.ini
new file mode 100644
index 0000000000..0229377837
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/script-src/__dir__.ini
@@ -0,0 +1 @@
+lsan-allowed: [already_AddRefed, detail::ProxyRelease, mozilla::SupportsThreadSafeWeakPtr, mozilla::ipc::BackgroundChildImpl::AllocPRemoteWorkerChild]
diff --git a/testing/web-platform/meta/content-security-policy/script-src/hash-always-converted-to-utf-8/utf-8.html.ini b/testing/web-platform/meta/content-security-policy/script-src/hash-always-converted-to-utf-8/utf-8.html.ini
new file mode 100644
index 0000000000..2133a6aad9
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/script-src/hash-always-converted-to-utf-8/utf-8.html.ini
@@ -0,0 +1,3 @@
+[utf-8.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/script-src/javascript-window-open-blocked.html.ini b/testing/web-platform/meta/content-security-policy/script-src/javascript-window-open-blocked.html.ini
new file mode 100644
index 0000000000..482c520355
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/script-src/javascript-window-open-blocked.html.ini
@@ -0,0 +1,3 @@
+[javascript-window-open-blocked.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/script-src/nonce-enforce-blocked.html.ini b/testing/web-platform/meta/content-security-policy/script-src/nonce-enforce-blocked.html.ini
new file mode 100644
index 0000000000..210a0da496
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/script-src/nonce-enforce-blocked.html.ini
@@ -0,0 +1,5 @@
+[nonce-enforce-blocked.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Unnonced scripts generate reports.]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/script-src/script-src-1_1.html.ini b/testing/web-platform/meta/content-security-policy/script-src/script-src-1_1.html.ini
new file mode 100644
index 0000000000..5b8cc4e727
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/script-src/script-src-1_1.html.ini
@@ -0,0 +1,3 @@
+[script-src-1_1.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/script-src/script-src-1_10_1.html.ini b/testing/web-platform/meta/content-security-policy/script-src/script-src-1_10_1.html.ini
new file mode 100644
index 0000000000..4daea0ea59
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/script-src/script-src-1_10_1.html.ini
@@ -0,0 +1,3 @@
+[script-src-1_10_1.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/script-src/script-src-1_2.html.ini b/testing/web-platform/meta/content-security-policy/script-src/script-src-1_2.html.ini
new file mode 100644
index 0000000000..8f763fe393
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/script-src/script-src-1_2.html.ini
@@ -0,0 +1,3 @@
+[script-src-1_2.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/script-src/script-src-1_2_1.html.ini b/testing/web-platform/meta/content-security-policy/script-src/script-src-1_2_1.html.ini
new file mode 100644
index 0000000000..05feccd4cb
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/script-src/script-src-1_2_1.html.ini
@@ -0,0 +1,3 @@
+[script-src-1_2_1.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/script-src/script-src-1_3.html.ini b/testing/web-platform/meta/content-security-policy/script-src/script-src-1_3.html.ini
new file mode 100644
index 0000000000..ba7823939d
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/script-src/script-src-1_3.html.ini
@@ -0,0 +1,3 @@
+[script-src-1_3.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/script-src/script-src-1_4.html.ini b/testing/web-platform/meta/content-security-policy/script-src/script-src-1_4.html.ini
new file mode 100644
index 0000000000..41378c133d
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/script-src/script-src-1_4.html.ini
@@ -0,0 +1,3 @@
+[script-src-1_4.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/script-src/script-src-1_4_1.html.ini b/testing/web-platform/meta/content-security-policy/script-src/script-src-1_4_1.html.ini
new file mode 100644
index 0000000000..ed5e9f73fc
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/script-src/script-src-1_4_1.html.ini
@@ -0,0 +1,5 @@
+[script-src-1_4_1.html]
+ disabled:
+ if os == "win": bug 1094323
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/script-src/script-src-1_4_2.html.ini b/testing/web-platform/meta/content-security-policy/script-src/script-src-1_4_2.html.ini
new file mode 100644
index 0000000000..7f30f25258
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/script-src/script-src-1_4_2.html.ini
@@ -0,0 +1,3 @@
+[script-src-1_4_2.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/script-src/script-src-multiple-policies-multiple-hashing-algorithms.html.ini b/testing/web-platform/meta/content-security-policy/script-src/script-src-multiple-policies-multiple-hashing-algorithms.html.ini
new file mode 100644
index 0000000000..4168827bd0
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/script-src/script-src-multiple-policies-multiple-hashing-algorithms.html.ini
@@ -0,0 +1,3 @@
+[script-src-multiple-policies-multiple-hashing-algorithms.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/script-src/script-src-multiple-policies-one-using-hashing-algorithms.html.ini b/testing/web-platform/meta/content-security-policy/script-src/script-src-multiple-policies-one-using-hashing-algorithms.html.ini
new file mode 100644
index 0000000000..54c8cd47d2
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/script-src/script-src-multiple-policies-one-using-hashing-algorithms.html.ini
@@ -0,0 +1,3 @@
+[script-src-multiple-policies-one-using-hashing-algorithms.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/script-src/script-src-overrides-default-src.sub.html.ini b/testing/web-platform/meta/content-security-policy/script-src/script-src-overrides-default-src.sub.html.ini
new file mode 100644
index 0000000000..62b545fa4f
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/script-src/script-src-overrides-default-src.sub.html.ini
@@ -0,0 +1,3 @@
+[script-src-overrides-default-src.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/script-src/script-src-report-only-policy-works-with-external-hash-policy.html.ini b/testing/web-platform/meta/content-security-policy/script-src/script-src-report-only-policy-works-with-external-hash-policy.html.ini
new file mode 100644
index 0000000000..833dfeeddb
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/script-src/script-src-report-only-policy-works-with-external-hash-policy.html.ini
@@ -0,0 +1,8 @@
+implementation-status: backlog
+[script-src-report-only-policy-works-with-external-hash-policy.html]
+ [External script in a script tag with matching SRI hash should run.]
+ expected: FAIL
+
+ [Should fire securitypolicyviolation event]
+ expected: FAIL
+
diff --git a/testing/web-platform/meta/content-security-policy/script-src/script-src-report-only-policy-works-with-hash-policy.html.ini b/testing/web-platform/meta/content-security-policy/script-src/script-src-report-only-policy-works-with-hash-policy.html.ini
new file mode 100644
index 0000000000..57dc32dbd4
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/script-src/script-src-report-only-policy-works-with-hash-policy.html.ini
@@ -0,0 +1,3 @@
+[script-src-report-only-policy-works-with-hash-policy.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/script-src/script-src-sri_hash.sub.html.ini b/testing/web-platform/meta/content-security-policy/script-src/script-src-sri_hash.sub.html.ini
new file mode 100644
index 0000000000..46422119ad
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/script-src/script-src-sri_hash.sub.html.ini
@@ -0,0 +1,14 @@
+[script-src-sri_hash.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [matching integrity]
+ expected: FAIL
+
+ [multiple matching integrity]
+ expected: FAIL
+
+ [matching plus unsupported integrity]
+ expected: FAIL
+
+ [External script in a script tag with matching SRI hash should run.]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_and_unsafe_eval_eval.html.ini b/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_and_unsafe_eval_eval.html.ini
new file mode 100644
index 0000000000..00d5f8380c
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_and_unsafe_eval_eval.html.ini
@@ -0,0 +1,3 @@
+[script-src-strict_dynamic_and_unsafe_eval_eval.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_and_unsafe_eval_new_function.html.ini b/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_and_unsafe_eval_new_function.html.ini
new file mode 100644
index 0000000000..44cfa087ed
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_and_unsafe_eval_new_function.html.ini
@@ -0,0 +1,3 @@
+[script-src-strict_dynamic_and_unsafe_eval_new_function.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_discard_source_expressions.html.ini b/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_discard_source_expressions.html.ini
new file mode 100644
index 0000000000..44b238ebd8
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_discard_source_expressions.html.ini
@@ -0,0 +1,3 @@
+[script-src-strict_dynamic_discard_source_expressions.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_double_policy_different_nonce.html.ini b/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_double_policy_different_nonce.html.ini
new file mode 100644
index 0000000000..3fc83ed8f3
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_double_policy_different_nonce.html.ini
@@ -0,0 +1,3 @@
+[script-src-strict_dynamic_double_policy_different_nonce.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_double_policy_honor_source_expressions.sub.html.ini b/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_double_policy_honor_source_expressions.sub.html.ini
new file mode 100644
index 0000000000..04be905d00
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_double_policy_honor_source_expressions.sub.html.ini
@@ -0,0 +1,3 @@
+[script-src-strict_dynamic_double_policy_honor_source_expressions.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_double_policy_report_only.html.ini b/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_double_policy_report_only.html.ini
new file mode 100644
index 0000000000..6c20025f61
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_double_policy_report_only.html.ini
@@ -0,0 +1,3 @@
+[script-src-strict_dynamic_double_policy_report_only.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_eval.html.ini b/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_eval.html.ini
new file mode 100644
index 0000000000..dbda70d090
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_eval.html.ini
@@ -0,0 +1,3 @@
+[script-src-strict_dynamic_eval.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_hashes.html.ini b/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_hashes.html.ini
new file mode 100644
index 0000000000..4aae75b70f
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_hashes.html.ini
@@ -0,0 +1,3 @@
+[script-src-strict_dynamic_hashes.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_in_img-src.html.ini b/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_in_img-src.html.ini
new file mode 100644
index 0000000000..bb81bcb0ce
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_in_img-src.html.ini
@@ -0,0 +1,3 @@
+[script-src-strict_dynamic_in_img-src.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_javascript_uri.html.ini b/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_javascript_uri.html.ini
new file mode 100644
index 0000000000..7ac86a1d3b
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_javascript_uri.html.ini
@@ -0,0 +1,3 @@
+[script-src-strict_dynamic_javascript_uri.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_meta_tag.html.ini b/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_meta_tag.html.ini
new file mode 100644
index 0000000000..4c4cbfb285
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_meta_tag.html.ini
@@ -0,0 +1,3 @@
+[script-src-strict_dynamic_meta_tag.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_new_function.html.ini b/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_new_function.html.ini
new file mode 100644
index 0000000000..2d78e15593
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_new_function.html.ini
@@ -0,0 +1,3 @@
+[script-src-strict_dynamic_new_function.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_non_parser_inserted.html.ini b/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_non_parser_inserted.html.ini
new file mode 100644
index 0000000000..5661eae6fe
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_non_parser_inserted.html.ini
@@ -0,0 +1,3 @@
+[script-src-strict_dynamic_non_parser_inserted.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_non_parser_inserted_incorrect_nonce.html.ini b/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_non_parser_inserted_incorrect_nonce.html.ini
new file mode 100644
index 0000000000..b616b72cc7
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_non_parser_inserted_incorrect_nonce.html.ini
@@ -0,0 +1,3 @@
+[script-src-strict_dynamic_non_parser_inserted_incorrect_nonce.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_parser_inserted.html.ini b/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_parser_inserted.html.ini
new file mode 100644
index 0000000000..51a88a5f85
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_parser_inserted.html.ini
@@ -0,0 +1,3 @@
+[script-src-strict_dynamic_parser_inserted.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_parser_inserted_correct_nonce.html.ini b/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_parser_inserted_correct_nonce.html.ini
new file mode 100644
index 0000000000..5141ac2679
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_parser_inserted_correct_nonce.html.ini
@@ -0,0 +1,3 @@
+[script-src-strict_dynamic_parser_inserted_correct_nonce.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_worker-importScripts.https.html.ini b/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_worker-importScripts.https.html.ini
new file mode 100644
index 0000000000..a901cfbcaa
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_worker-importScripts.https.html.ini
@@ -0,0 +1,3 @@
+[script-src-strict_dynamic_worker-importScripts.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_worker.https.html.ini b/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_worker.https.html.ini
new file mode 100644
index 0000000000..b984104f8e
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_worker.https.html.ini
@@ -0,0 +1,3 @@
+[script-src-strict_dynamic_worker.https.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/script-src/script-src-wildcards-disallowed.html.ini b/testing/web-platform/meta/content-security-policy/script-src/script-src-wildcards-disallowed.html.ini
new file mode 100644
index 0000000000..84b9ab96b1
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/script-src/script-src-wildcards-disallowed.html.ini
@@ -0,0 +1,3 @@
+[script-src-wildcards-disallowed.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/script-src/scripthash-allowed.sub.html.ini b/testing/web-platform/meta/content-security-policy/script-src/scripthash-allowed.sub.html.ini
new file mode 100644
index 0000000000..fbb73475f6
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/script-src/scripthash-allowed.sub.html.ini
@@ -0,0 +1,3 @@
+[scripthash-allowed.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/script-src/scripthash-base64url-converts-to-base64.sub.html.ini b/testing/web-platform/meta/content-security-policy/script-src/scripthash-base64url-converts-to-base64.sub.html.ini
new file mode 100644
index 0000000000..5b82b78986
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/script-src/scripthash-base64url-converts-to-base64.sub.html.ini
@@ -0,0 +1,3 @@
+[scripthash-base64url-converts-to-base64.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/script-src/scripthash-basic-blocked-error-event.html.ini b/testing/web-platform/meta/content-security-policy/script-src/scripthash-basic-blocked-error-event.html.ini
new file mode 100644
index 0000000000..07be83bb33
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/script-src/scripthash-basic-blocked-error-event.html.ini
@@ -0,0 +1,3 @@
+[scripthash-basic-blocked-error-event.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/script-src/scripthash-basic-blocked.sub.html.ini b/testing/web-platform/meta/content-security-policy/script-src/scripthash-basic-blocked.sub.html.ini
new file mode 100644
index 0000000000..c328026f27
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/script-src/scripthash-basic-blocked.sub.html.ini
@@ -0,0 +1,3 @@
+[scripthash-basic-blocked.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/script-src/scripthash-case-insensitive.sub.html.ini b/testing/web-platform/meta/content-security-policy/script-src/scripthash-case-insensitive.sub.html.ini
new file mode 100644
index 0000000000..f62b8e7a50
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/script-src/scripthash-case-insensitive.sub.html.ini
@@ -0,0 +1,3 @@
+[scripthash-case-insensitive.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/script-src/scripthash-changed-1.html.ini b/testing/web-platform/meta/content-security-policy/script-src/scripthash-changed-1.html.ini
new file mode 100644
index 0000000000..237ba4c6b3
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/script-src/scripthash-changed-1.html.ini
@@ -0,0 +1,5 @@
+[scripthash-changed-1.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [scr1.innerText before modification should not be blocked]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/script-src/scripthash-changed-2.html.ini b/testing/web-platform/meta/content-security-policy/script-src/scripthash-changed-2.html.ini
new file mode 100644
index 0000000000..15983b4d85
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/script-src/scripthash-changed-2.html.ini
@@ -0,0 +1,3 @@
+[scripthash-changed-2.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/script-src/scripthash-default-src.sub.html.ini b/testing/web-platform/meta/content-security-policy/script-src/scripthash-default-src.sub.html.ini
new file mode 100644
index 0000000000..be29f728c3
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/script-src/scripthash-default-src.sub.html.ini
@@ -0,0 +1,3 @@
+[scripthash-default-src.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/script-src/scripthash-ignore-unsafeinline.sub.html.ini b/testing/web-platform/meta/content-security-policy/script-src/scripthash-ignore-unsafeinline.sub.html.ini
new file mode 100644
index 0000000000..85cd13bfa8
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/script-src/scripthash-ignore-unsafeinline.sub.html.ini
@@ -0,0 +1,3 @@
+[scripthash-ignore-unsafeinline.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/script-src/scripthash-unicode-normalization.sub.html.ini b/testing/web-platform/meta/content-security-policy/script-src/scripthash-unicode-normalization.sub.html.ini
new file mode 100644
index 0000000000..3518d486ea
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/script-src/scripthash-unicode-normalization.sub.html.ini
@@ -0,0 +1,3 @@
+[scripthash-unicode-normalization.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/script-src/scriptnonce-allowed.sub.html.ini b/testing/web-platform/meta/content-security-policy/script-src/scriptnonce-allowed.sub.html.ini
new file mode 100644
index 0000000000..44409f9725
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/script-src/scriptnonce-allowed.sub.html.ini
@@ -0,0 +1,3 @@
+[scriptnonce-allowed.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/script-src/scriptnonce-and-scripthash.sub.html.ini b/testing/web-platform/meta/content-security-policy/script-src/scriptnonce-and-scripthash.sub.html.ini
new file mode 100644
index 0000000000..e29d244a78
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/script-src/scriptnonce-and-scripthash.sub.html.ini
@@ -0,0 +1,3 @@
+[scriptnonce-and-scripthash.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/script-src/scriptnonce-basic-blocked.sub.html.ini b/testing/web-platform/meta/content-security-policy/script-src/scriptnonce-basic-blocked.sub.html.ini
new file mode 100644
index 0000000000..05981b3d28
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/script-src/scriptnonce-basic-blocked.sub.html.ini
@@ -0,0 +1,5 @@
+implementation-status: backlog
+[scriptnonce-basic-blocked.sub.html]
+ [Expecting alerts: ["PASS (closely-quoted nonce)","PASS (nonce w/whitespace)", "violated-directive=script-src-elem", "violated-directive=script-src-elem", "violated-directive=script-src-elem"\]]
+ expected: FAIL
+
diff --git a/testing/web-platform/meta/content-security-policy/script-src/scriptnonce-changed-1.html.ini b/testing/web-platform/meta/content-security-policy/script-src/scriptnonce-changed-1.html.ini
new file mode 100644
index 0000000000..a796e9f5e6
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/script-src/scriptnonce-changed-1.html.ini
@@ -0,0 +1,3 @@
+[scriptnonce-changed-1.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/script-src/scriptnonce-changed-2.html.ini b/testing/web-platform/meta/content-security-policy/script-src/scriptnonce-changed-2.html.ini
new file mode 100644
index 0000000000..234f0bba60
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/script-src/scriptnonce-changed-2.html.ini
@@ -0,0 +1,3 @@
+[scriptnonce-changed-2.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/script-src/scriptnonce-ignore-unsafeinline.sub.html.ini b/testing/web-platform/meta/content-security-policy/script-src/scriptnonce-ignore-unsafeinline.sub.html.ini
new file mode 100644
index 0000000000..2fb5be837d
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/script-src/scriptnonce-ignore-unsafeinline.sub.html.ini
@@ -0,0 +1,3 @@
+[scriptnonce-ignore-unsafeinline.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/script-src/scriptnonce-redirect.sub.html.ini b/testing/web-platform/meta/content-security-policy/script-src/scriptnonce-redirect.sub.html.ini
new file mode 100644
index 0000000000..9a0e497219
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/script-src/scriptnonce-redirect.sub.html.ini
@@ -0,0 +1,3 @@
+[scriptnonce-redirect.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/script-src/scriptnonce-specified-source.sub.html.ini b/testing/web-platform/meta/content-security-policy/script-src/scriptnonce-specified-source.sub.html.ini
new file mode 100644
index 0000000000..5a86e9f66f
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/script-src/scriptnonce-specified-source.sub.html.ini
@@ -0,0 +1,3 @@
+[scriptnonce-specified-source.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/script-src/srcdoc-doesnt-bypass-script-src.sub.html.ini b/testing/web-platform/meta/content-security-policy/script-src/srcdoc-doesnt-bypass-script-src.sub.html.ini
new file mode 100644
index 0000000000..9e439ed117
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/script-src/srcdoc-doesnt-bypass-script-src.sub.html.ini
@@ -0,0 +1,3 @@
+[srcdoc-doesnt-bypass-script-src.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/script-src/worker-data-set-timeout.sub.html.ini b/testing/web-platform/meta/content-security-policy/script-src/worker-data-set-timeout.sub.html.ini
new file mode 100644
index 0000000000..58af8ea968
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/script-src/worker-data-set-timeout.sub.html.ini
@@ -0,0 +1,5 @@
+[worker-data-set-timeout.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Shared worker with data: url inherits CSP]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/script-src/worker-eval-blocked.sub.html.ini b/testing/web-platform/meta/content-security-policy/script-src/worker-eval-blocked.sub.html.ini
new file mode 100644
index 0000000000..599b06347b
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/script-src/worker-eval-blocked.sub.html.ini
@@ -0,0 +1,3 @@
+[worker-eval-blocked.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/script-src/worker-function-function-blocked.sub.html.ini b/testing/web-platform/meta/content-security-policy/script-src/worker-function-function-blocked.sub.html.ini
new file mode 100644
index 0000000000..685ca59ba2
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/script-src/worker-function-function-blocked.sub.html.ini
@@ -0,0 +1,3 @@
+[worker-function-function-blocked.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/script-src/worker-importscripts.sub.html.ini b/testing/web-platform/meta/content-security-policy/script-src/worker-importscripts.sub.html.ini
new file mode 100644
index 0000000000..0fa80a1f11
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/script-src/worker-importscripts.sub.html.ini
@@ -0,0 +1,3 @@
+[worker-importscripts.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/script-src/worker-script-src.sub.html.ini b/testing/web-platform/meta/content-security-policy/script-src/worker-script-src.sub.html.ini
new file mode 100644
index 0000000000..0e29cd0aec
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/script-src/worker-script-src.sub.html.ini
@@ -0,0 +1,3 @@
+[worker-script-src.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/script-src/worker-set-timeout.sub.html.ini b/testing/web-platform/meta/content-security-policy/script-src/worker-set-timeout.sub.html.ini
new file mode 100644
index 0000000000..1e9f9e34f7
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/script-src/worker-set-timeout.sub.html.ini
@@ -0,0 +1,3 @@
+[worker-set-timeout.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/securitypolicyviolation/__dir__.ini b/testing/web-platform/meta/content-security-policy/securitypolicyviolation/__dir__.ini
new file mode 100644
index 0000000000..af3fba20e4
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/securitypolicyviolation/__dir__.ini
@@ -0,0 +1 @@
+lsan-allowed: [Alloc, Create, Malloc, Then, mozilla::BasePrincipal::CreateContentPrincipal, mozilla::dom::DocGroup::Create, mozilla::dom::ServiceWorkerJobQueue::RunJob, mozilla::dom::ServiceWorkerManager::Unregister, mozilla::dom::ServiceWorkerRegistrationMainThread::Unregister, mozilla::dom::UnregisterCallback::UnregisterCallback, mozilla::net::nsStandardURL::TemplatedMutator, operator]
diff --git a/testing/web-platform/meta/content-security-policy/securitypolicyviolation/blockeduri-ws-wss-scheme.html.ini b/testing/web-platform/meta/content-security-policy/securitypolicyviolation/blockeduri-ws-wss-scheme.html.ini
new file mode 100644
index 0000000000..14fa5353a9
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/securitypolicyviolation/blockeduri-ws-wss-scheme.html.ini
@@ -0,0 +1,3 @@
+[blockeduri-ws-wss-scheme.html]
+ [redirect]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/securitypolicyviolation/constructor-required-fields.html.ini b/testing/web-platform/meta/content-security-policy/securitypolicyviolation/constructor-required-fields.html.ini
new file mode 100644
index 0000000000..2f9acb5fd2
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/securitypolicyviolation/constructor-required-fields.html.ini
@@ -0,0 +1,19 @@
+[constructor-required-fields.html]
+ [SecurityPolicyViolationEvent constructor requires statusCode]
+ expected: FAIL
+
+ [SecurityPolicyViolationEvent constructor requires effectiveDirective]
+ expected: FAIL
+
+ [SecurityPolicyViolationEvent constructor requires originalPolicy]
+ expected: FAIL
+
+ [SecurityPolicyViolationEvent constructor requires violatedDirective]
+ expected: FAIL
+
+ [SecurityPolicyViolationEvent constructor requires disposition]
+ expected: FAIL
+
+ [SecurityPolicyViolationEvent constructor requires documentURI]
+ expected: FAIL
+
diff --git a/testing/web-platform/meta/content-security-policy/securitypolicyviolation/idlharness.window.js.ini b/testing/web-platform/meta/content-security-policy/securitypolicyviolation/idlharness.window.js.ini
new file mode 100644
index 0000000000..e5dab8bd61
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/securitypolicyviolation/idlharness.window.js.ini
@@ -0,0 +1,56 @@
+[idlharness.window.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [CSPViolationReportBody interface: existence and properties of interface prototype object's @@unscopables property]
+ expected: FAIL
+
+ [CSPViolationReportBody interface: attribute sample]
+ expected: FAIL
+
+ [CSPViolationReportBody interface: attribute effectiveDirective]
+ expected: FAIL
+
+ [CSPViolationReportBody interface: attribute disposition]
+ expected: FAIL
+
+ [CSPViolationReportBody interface: attribute lineNumber]
+ expected: FAIL
+
+ [CSPViolationReportBody interface: existence and properties of interface object]
+ expected: FAIL
+
+ [CSPViolationReportBody interface object length]
+ expected: FAIL
+
+ [CSPViolationReportBody interface: attribute blockedURL]
+ expected: FAIL
+
+ [CSPViolationReportBody interface: attribute sourceFile]
+ expected: FAIL
+
+ [CSPViolationReportBody interface: attribute documentURL]
+ expected: FAIL
+
+ [CSPViolationReportBody interface: attribute referrer]
+ expected: FAIL
+
+ [CSPViolationReportBody interface: existence and properties of interface prototype object]
+ expected: FAIL
+
+ [CSPViolationReportBody interface: attribute statusCode]
+ expected: FAIL
+
+ [CSPViolationReportBody interface: attribute originalPolicy]
+ expected: FAIL
+
+ [CSPViolationReportBody interface object name]
+ expected: FAIL
+
+ [CSPViolationReportBody interface: attribute columnNumber]
+ expected: FAIL
+
+ [CSPViolationReportBody interface: existence and properties of interface prototype object's "constructor" property]
+ expected: FAIL
+
+ [CSPViolationReportBody interface: operation toJSON()]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/securitypolicyviolation/img-src-redirect.sub.html.ini b/testing/web-platform/meta/content-security-policy/securitypolicyviolation/img-src-redirect.sub.html.ini
new file mode 100644
index 0000000000..dc27a13569
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/securitypolicyviolation/img-src-redirect.sub.html.ini
@@ -0,0 +1,3 @@
+[img-src-redirect.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/securitypolicyviolation/inside-dedicated-worker.html.ini b/testing/web-platform/meta/content-security-policy/securitypolicyviolation/inside-dedicated-worker.html.ini
new file mode 100644
index 0000000000..5f397384fe
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/securitypolicyviolation/inside-dedicated-worker.html.ini
@@ -0,0 +1,3 @@
+[inside-dedicated-worker.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/securitypolicyviolation/inside-service-worker.https.html.ini b/testing/web-platform/meta/content-security-policy/securitypolicyviolation/inside-service-worker.https.html.ini
new file mode 100644
index 0000000000..21fb1c9313
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/securitypolicyviolation/inside-service-worker.https.html.ini
@@ -0,0 +1,4 @@
+[inside-service-worker.https.html]
+ expected:
+ if (os == "win") and not debug: [OK, TIMEOUT]
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/securitypolicyviolation/inside-shared-worker.html.ini b/testing/web-platform/meta/content-security-policy/securitypolicyviolation/inside-shared-worker.html.ini
new file mode 100644
index 0000000000..773d30d71a
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/securitypolicyviolation/inside-shared-worker.html.ini
@@ -0,0 +1,3 @@
+[inside-shared-worker.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/securitypolicyviolation/script-sample-no-opt-in.html.ini b/testing/web-platform/meta/content-security-policy/securitypolicyviolation/script-sample-no-opt-in.html.ini
new file mode 100644
index 0000000000..cc26361eb3
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/securitypolicyviolation/script-sample-no-opt-in.html.ini
@@ -0,0 +1,5 @@
+[script-sample-no-opt-in.html]
+ expected: TIMEOUT
+ [JavaScript URLs in iframes should not have a sample.]
+ expected: TIMEOUT
+
diff --git a/testing/web-platform/meta/content-security-policy/securitypolicyviolation/script-sample.html.ini b/testing/web-platform/meta/content-security-policy/securitypolicyviolation/script-sample.html.ini
new file mode 100644
index 0000000000..d5b1514fde
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/securitypolicyviolation/script-sample.html.ini
@@ -0,0 +1,5 @@
+[script-sample.html]
+ expected: TIMEOUT
+ [JavaScript URLs in iframes should have a sample.]
+ expected: TIMEOUT
+
diff --git a/testing/web-platform/meta/content-security-policy/securitypolicyviolation/securitypolicyviolation-block-cross-origin-image-from-script.sub.html.ini b/testing/web-platform/meta/content-security-policy/securitypolicyviolation/securitypolicyviolation-block-cross-origin-image-from-script.sub.html.ini
new file mode 100644
index 0000000000..53511670ce
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/securitypolicyviolation/securitypolicyviolation-block-cross-origin-image-from-script.sub.html.ini
@@ -0,0 +1,3 @@
+[securitypolicyviolation-block-cross-origin-image-from-script.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/securitypolicyviolation/securitypolicyviolation-block-image-from-script.sub.html.ini b/testing/web-platform/meta/content-security-policy/securitypolicyviolation/securitypolicyviolation-block-image-from-script.sub.html.ini
new file mode 100644
index 0000000000..1383fa7806
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/securitypolicyviolation/securitypolicyviolation-block-image-from-script.sub.html.ini
@@ -0,0 +1,3 @@
+[securitypolicyviolation-block-image-from-script.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/securitypolicyviolation/source-file-blob-scheme.html.ini b/testing/web-platform/meta/content-security-policy/securitypolicyviolation/source-file-blob-scheme.html.ini
new file mode 100644
index 0000000000..5317fa0e5b
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/securitypolicyviolation/source-file-blob-scheme.html.ini
@@ -0,0 +1,3 @@
+[source-file-blob-scheme.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/securitypolicyviolation/source-file-data-scheme.html.ini b/testing/web-platform/meta/content-security-policy/securitypolicyviolation/source-file-data-scheme.html.ini
new file mode 100644
index 0000000000..0dee05a8e3
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/securitypolicyviolation/source-file-data-scheme.html.ini
@@ -0,0 +1,3 @@
+[source-file-data-scheme.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/securitypolicyviolation/source-file.html.ini b/testing/web-platform/meta/content-security-policy/securitypolicyviolation/source-file.html.ini
new file mode 100644
index 0000000000..068106a874
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/securitypolicyviolation/source-file.html.ini
@@ -0,0 +1,4 @@
+[source-file.html]
+ expected:
+ if (os == "android") and fission: [ERROR, TIMEOUT]
+ ERROR
diff --git a/testing/web-platform/meta/content-security-policy/securitypolicyviolation/style-sample-no-opt-in.html.ini b/testing/web-platform/meta/content-security-policy/securitypolicyviolation/style-sample-no-opt-in.html.ini
new file mode 100644
index 0000000000..75211d6d26
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/securitypolicyviolation/style-sample-no-opt-in.html.ini
@@ -0,0 +1,3 @@
+[style-sample-no-opt-in.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/securitypolicyviolation/style-sample.html.ini b/testing/web-platform/meta/content-security-policy/securitypolicyviolation/style-sample.html.ini
new file mode 100644
index 0000000000..af5a618ebd
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/securitypolicyviolation/style-sample.html.ini
@@ -0,0 +1,3 @@
+[style-sample.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/securitypolicyviolation/targeting.html.ini b/testing/web-platform/meta/content-security-policy/securitypolicyviolation/targeting.html.ini
new file mode 100644
index 0000000000..e679e99070
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/securitypolicyviolation/targeting.html.ini
@@ -0,0 +1,11 @@
+[targeting.html]
+ expected: TIMEOUT
+ [Correct targeting inside shadow tree (inline handler).]
+ disabled: https://bugzilla.mozilla.org/show_bug.cgi?id=1404842
+
+ [Correct targeting inside shadow tree (style).]
+ disabled: https://bugzilla.mozilla.org/show_bug.cgi?id=1404842
+
+ [Elements created in this document, but pushed into a same-origin frame trigger on that frame's document, not on this frame's document.]
+ expected: TIMEOUT
+
diff --git a/testing/web-platform/meta/content-security-policy/securitypolicyviolation/upgrade-insecure-requests-reporting.https.html.ini b/testing/web-platform/meta/content-security-policy/securitypolicyviolation/upgrade-insecure-requests-reporting.https.html.ini
new file mode 100644
index 0000000000..0e0ea06b9b
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/securitypolicyviolation/upgrade-insecure-requests-reporting.https.html.ini
@@ -0,0 +1,7 @@
+[upgrade-insecure-requests-reporting.https.html]
+ expected:
+ if (processor == "x86") and (os == "win") and not debug: ["OK", "TIMEOUT"]
+ [Navigated iframe is upgraded and reported]
+ expected:
+ if (processor == "x86") and (os == "win") and not debug: ["PASS", "TIMEOUT"]
+
diff --git a/testing/web-platform/meta/content-security-policy/style-src-attr-elem/style-src-elem-blocked-attr-allowed.html.ini b/testing/web-platform/meta/content-security-policy/style-src-attr-elem/style-src-elem-blocked-attr-allowed.html.ini
new file mode 100644
index 0000000000..b1c1ee8870
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/style-src-attr-elem/style-src-elem-blocked-attr-allowed.html.ini
@@ -0,0 +1,3 @@
+[style-src-elem-blocked-attr-allowed.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/style-src-attr-elem/style-src-elem-blocked-src-allowed.html.ini b/testing/web-platform/meta/content-security-policy/style-src-attr-elem/style-src-elem-blocked-src-allowed.html.ini
new file mode 100644
index 0000000000..125becbfdd
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/style-src-attr-elem/style-src-elem-blocked-src-allowed.html.ini
@@ -0,0 +1,3 @@
+[style-src-elem-blocked-src-allowed.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/style-src/inline-style-allowed-while-cloning-objects.sub.html.ini b/testing/web-platform/meta/content-security-policy/style-src/inline-style-allowed-while-cloning-objects.sub.html.ini
new file mode 100644
index 0000000000..0824bc7379
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/style-src/inline-style-allowed-while-cloning-objects.sub.html.ini
@@ -0,0 +1,6 @@
+[inline-style-allowed-while-cloning-objects.sub.html]
+ [inline-style-allowed-while-cloning-objects 18]
+ expected: FAIL
+
+ [inline-style-allowed-while-cloning-objects 19]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/style-src/inline-style-attribute-allowed.sub.html.ini b/testing/web-platform/meta/content-security-policy/style-src/inline-style-attribute-allowed.sub.html.ini
new file mode 100644
index 0000000000..15929dbf4f
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/style-src/inline-style-attribute-allowed.sub.html.ini
@@ -0,0 +1,3 @@
+[inline-style-attribute-allowed.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/style-src/inline-style-attribute-blocked.sub.html.ini b/testing/web-platform/meta/content-security-policy/style-src/inline-style-attribute-blocked.sub.html.ini
new file mode 100644
index 0000000000..63481ca2fc
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/style-src/inline-style-attribute-blocked.sub.html.ini
@@ -0,0 +1,3 @@
+[inline-style-attribute-blocked.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/style-src/inline-style-attribute-on-html.sub.html.ini b/testing/web-platform/meta/content-security-policy/style-src/inline-style-attribute-on-html.sub.html.ini
new file mode 100644
index 0000000000..cc050e74a7
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/style-src/inline-style-attribute-on-html.sub.html.ini
@@ -0,0 +1,3 @@
+[inline-style-attribute-on-html.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/style-src/inline-style-blocked.sub.html.ini b/testing/web-platform/meta/content-security-policy/style-src/inline-style-blocked.sub.html.ini
new file mode 100644
index 0000000000..7f2255146e
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/style-src/inline-style-blocked.sub.html.ini
@@ -0,0 +1,3 @@
+[inline-style-blocked.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/style-src/style-blocked.html.ini b/testing/web-platform/meta/content-security-policy/style-src/style-blocked.html.ini
new file mode 100644
index 0000000000..abf466fc80
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/style-src/style-blocked.html.ini
@@ -0,0 +1,5 @@
+[style-blocked.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [document.styleSheets should contain an item for the blocked CSS.]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/style-src/style-src-error-event-fires.html.ini b/testing/web-platform/meta/content-security-policy/style-src/style-src-error-event-fires.html.ini
new file mode 100644
index 0000000000..a1d6e4f375
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/style-src/style-src-error-event-fires.html.ini
@@ -0,0 +1,6 @@
+implementation-status: backlog
+[style-src-error-event-fires.html]
+ expected: TIMEOUT
+ [Test error event fires on inline style]
+ expected: NOTRUN
+
diff --git a/testing/web-platform/meta/content-security-policy/style-src/style-src-hash-allowed.html.ini b/testing/web-platform/meta/content-security-policy/style-src/style-src-hash-allowed.html.ini
new file mode 100644
index 0000000000..3fea53fb34
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/style-src/style-src-hash-allowed.html.ini
@@ -0,0 +1,3 @@
+[style-src-hash-allowed.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/style-src/style-src-hash-blocked.html.ini b/testing/web-platform/meta/content-security-policy/style-src/style-src-hash-blocked.html.ini
new file mode 100644
index 0000000000..80c144532a
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/style-src/style-src-hash-blocked.html.ini
@@ -0,0 +1,3 @@
+[style-src-hash-blocked.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/style-src/style-src-hash-case-insensitive.html.ini b/testing/web-platform/meta/content-security-policy/style-src/style-src-hash-case-insensitive.html.ini
new file mode 100644
index 0000000000..792b018c78
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/style-src/style-src-hash-case-insensitive.html.ini
@@ -0,0 +1,3 @@
+[style-src-hash-case-insensitive.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/style-src/style-src-hash-default-src-allowed.html.ini b/testing/web-platform/meta/content-security-policy/style-src/style-src-hash-default-src-allowed.html.ini
new file mode 100644
index 0000000000..4900f1dbae
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/style-src/style-src-hash-default-src-allowed.html.ini
@@ -0,0 +1,3 @@
+[style-src-hash-default-src-allowed.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/style-src/style-src-imported-style-allowed.sub.html.ini b/testing/web-platform/meta/content-security-policy/style-src/style-src-imported-style-allowed.sub.html.ini
new file mode 100644
index 0000000000..f6e28319ca
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/style-src/style-src-imported-style-allowed.sub.html.ini
@@ -0,0 +1,3 @@
+[style-src-imported-style-allowed.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/style-src/style-src-imported-style-blocked.html.ini b/testing/web-platform/meta/content-security-policy/style-src/style-src-imported-style-blocked.html.ini
new file mode 100644
index 0000000000..6ad9068006
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/style-src/style-src-imported-style-blocked.html.ini
@@ -0,0 +1,3 @@
+[style-src-imported-style-blocked.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/style-src/style-src-injected-inline-style-allowed-with-content-hash.html.ini b/testing/web-platform/meta/content-security-policy/style-src/style-src-injected-inline-style-allowed-with-content-hash.html.ini
new file mode 100644
index 0000000000..80f7907aa7
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/style-src/style-src-injected-inline-style-allowed-with-content-hash.html.ini
@@ -0,0 +1,3 @@
+[style-src-injected-inline-style-allowed-with-content-hash.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/style-src/style-src-injected-inline-style-allowed.html.ini b/testing/web-platform/meta/content-security-policy/style-src/style-src-injected-inline-style-allowed.html.ini
new file mode 100644
index 0000000000..d7eafdf11f
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/style-src/style-src-injected-inline-style-allowed.html.ini
@@ -0,0 +1,3 @@
+[style-src-injected-inline-style-allowed.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/style-src/style-src-injected-inline-style-blocked.html.ini b/testing/web-platform/meta/content-security-policy/style-src/style-src-injected-inline-style-blocked.html.ini
new file mode 100644
index 0000000000..3e3a714f67
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/style-src/style-src-injected-inline-style-blocked.html.ini
@@ -0,0 +1,3 @@
+[style-src-injected-inline-style-blocked.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/style-src/style-src-injected-stylesheet-allowed.sub.html.ini b/testing/web-platform/meta/content-security-policy/style-src/style-src-injected-stylesheet-allowed.sub.html.ini
new file mode 100644
index 0000000000..ad7b695cad
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/style-src/style-src-injected-stylesheet-allowed.sub.html.ini
@@ -0,0 +1,3 @@
+[style-src-injected-stylesheet-allowed.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/style-src/style-src-injected-stylesheet-blocked.sub.html.ini b/testing/web-platform/meta/content-security-policy/style-src/style-src-injected-stylesheet-blocked.sub.html.ini
new file mode 100644
index 0000000000..c307455b0b
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/style-src/style-src-injected-stylesheet-blocked.sub.html.ini
@@ -0,0 +1,3 @@
+[style-src-injected-stylesheet-blocked.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/style-src/style-src-inline-style-allowed.html.ini b/testing/web-platform/meta/content-security-policy/style-src/style-src-inline-style-allowed.html.ini
new file mode 100644
index 0000000000..07f2acbb55
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/style-src/style-src-inline-style-allowed.html.ini
@@ -0,0 +1,3 @@
+[style-src-inline-style-allowed.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/style-src/style-src-inline-style-attribute-allowed.html.ini b/testing/web-platform/meta/content-security-policy/style-src/style-src-inline-style-attribute-allowed.html.ini
new file mode 100644
index 0000000000..63e0421062
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/style-src/style-src-inline-style-attribute-allowed.html.ini
@@ -0,0 +1,3 @@
+[style-src-inline-style-attribute-allowed.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/style-src/style-src-inline-style-attribute-blocked.html.ini b/testing/web-platform/meta/content-security-policy/style-src/style-src-inline-style-attribute-blocked.html.ini
new file mode 100644
index 0000000000..c482ee7f95
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/style-src/style-src-inline-style-attribute-blocked.html.ini
@@ -0,0 +1,3 @@
+[style-src-inline-style-attribute-blocked.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/style-src/style-src-inline-style-blocked.html.ini b/testing/web-platform/meta/content-security-policy/style-src/style-src-inline-style-blocked.html.ini
new file mode 100644
index 0000000000..8e289c21f1
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/style-src/style-src-inline-style-blocked.html.ini
@@ -0,0 +1,3 @@
+[style-src-inline-style-blocked.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/style-src/style-src-inline-style-nonce-allowed.html.ini b/testing/web-platform/meta/content-security-policy/style-src/style-src-inline-style-nonce-allowed.html.ini
new file mode 100644
index 0000000000..ada8b7d8ba
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/style-src/style-src-inline-style-nonce-allowed.html.ini
@@ -0,0 +1,3 @@
+[style-src-inline-style-nonce-allowed.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/style-src/style-src-inline-style-nonce-blocked-error-event.html.ini b/testing/web-platform/meta/content-security-policy/style-src/style-src-inline-style-nonce-blocked-error-event.html.ini
new file mode 100644
index 0000000000..ff07448d9e
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/style-src/style-src-inline-style-nonce-blocked-error-event.html.ini
@@ -0,0 +1,6 @@
+implementation-status: backlog
+[style-src-inline-style-nonce-blocked-error-event.html]
+ expected: TIMEOUT
+ [Test that paragraph remains unmodified and error events received.]
+ expected: NOTRUN
+
diff --git a/testing/web-platform/meta/content-security-policy/style-src/style-src-inline-style-nonce-blocked.html.ini b/testing/web-platform/meta/content-security-policy/style-src/style-src-inline-style-nonce-blocked.html.ini
new file mode 100644
index 0000000000..3b5d9aed11
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/style-src/style-src-inline-style-nonce-blocked.html.ini
@@ -0,0 +1,3 @@
+[style-src-inline-style-nonce-blocked.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/style-src/style-src-multiple-policies-multiple-hashing-algorithms.html.ini b/testing/web-platform/meta/content-security-policy/style-src/style-src-multiple-policies-multiple-hashing-algorithms.html.ini
new file mode 100644
index 0000000000..0165ccfe3f
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/style-src/style-src-multiple-policies-multiple-hashing-algorithms.html.ini
@@ -0,0 +1,7 @@
+[style-src-multiple-policies-multiple-hashing-algorithms.html]
+ expected:
+ if (os == "android") and not swgl and fission: [OK, TIMEOUT]
+ if (os == "android") and not swgl and not fission: [OK, TIMEOUT]
+ [Violation report status OK.]
+ expected:
+ if (os == "android") and not swgl: [PASS, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/style-src/style-src-none-blocked.html.ini b/testing/web-platform/meta/content-security-policy/style-src/style-src-none-blocked.html.ini
new file mode 100644
index 0000000000..23c4decb65
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/style-src/style-src-none-blocked.html.ini
@@ -0,0 +1,3 @@
+[style-src-none-blocked.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/style-src/style-src-star-allowed.html.ini b/testing/web-platform/meta/content-security-policy/style-src/style-src-star-allowed.html.ini
new file mode 100644
index 0000000000..21945a9a54
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/style-src/style-src-star-allowed.html.ini
@@ -0,0 +1,3 @@
+[style-src-star-allowed.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/style-src/style-src-stylesheet-nonce-allowed.html.ini b/testing/web-platform/meta/content-security-policy/style-src/style-src-stylesheet-nonce-allowed.html.ini
new file mode 100644
index 0000000000..9f7577a0b9
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/style-src/style-src-stylesheet-nonce-allowed.html.ini
@@ -0,0 +1,3 @@
+[style-src-stylesheet-nonce-allowed.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/style-src/style-src-stylesheet-nonce-blocked.html.ini b/testing/web-platform/meta/content-security-policy/style-src/style-src-stylesheet-nonce-blocked.html.ini
new file mode 100644
index 0000000000..9a85ab84c5
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/style-src/style-src-stylesheet-nonce-blocked.html.ini
@@ -0,0 +1,3 @@
+[style-src-stylesheet-nonce-blocked.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/style-src/stylehash-allowed.sub.html.ini b/testing/web-platform/meta/content-security-policy/style-src/stylehash-allowed.sub.html.ini
new file mode 100644
index 0000000000..145cc32bd4
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/style-src/stylehash-allowed.sub.html.ini
@@ -0,0 +1,3 @@
+[stylehash-allowed.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/style-src/stylehash-basic-blocked.sub.html.ini b/testing/web-platform/meta/content-security-policy/style-src/stylehash-basic-blocked.sub.html.ini
new file mode 100644
index 0000000000..c0b74d4cad
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/style-src/stylehash-basic-blocked.sub.html.ini
@@ -0,0 +1,3 @@
+[stylehash-basic-blocked.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/style-src/stylehash-default-src.sub.html.ini b/testing/web-platform/meta/content-security-policy/style-src/stylehash-default-src.sub.html.ini
new file mode 100644
index 0000000000..a19ec40ea4
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/style-src/stylehash-default-src.sub.html.ini
@@ -0,0 +1,3 @@
+[stylehash-default-src.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/style-src/stylenonce-allowed.sub.html.ini b/testing/web-platform/meta/content-security-policy/style-src/stylenonce-allowed.sub.html.ini
new file mode 100644
index 0000000000..8b12084afc
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/style-src/stylenonce-allowed.sub.html.ini
@@ -0,0 +1,3 @@
+[stylenonce-allowed.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/style-src/stylenonce-blocked.sub.html.ini b/testing/web-platform/meta/content-security-policy/style-src/stylenonce-blocked.sub.html.ini
new file mode 100644
index 0000000000..3b903d4914
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/style-src/stylenonce-blocked.sub.html.ini
@@ -0,0 +1,3 @@
+[stylenonce-blocked.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/svg/object-in-svg-foreignobject.sub.html.ini b/testing/web-platform/meta/content-security-policy/svg/object-in-svg-foreignobject.sub.html.ini
new file mode 100644
index 0000000000..f387e7d522
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/svg/object-in-svg-foreignobject.sub.html.ini
@@ -0,0 +1,2 @@
+[object-in-svg-foreignobject.sub.html]
+ disabled: https://github.com/web-platform-tests/wpt/issues/12282
diff --git a/testing/web-platform/meta/content-security-policy/unsafe-eval/eval-blocked.sub.html.ini b/testing/web-platform/meta/content-security-policy/unsafe-eval/eval-blocked.sub.html.ini
new file mode 100644
index 0000000000..863656d03d
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/unsafe-eval/eval-blocked.sub.html.ini
@@ -0,0 +1,3 @@
+[eval-blocked.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/unsafe-eval/eval-scripts-setInterval-allowed.sub.html.ini b/testing/web-platform/meta/content-security-policy/unsafe-eval/eval-scripts-setInterval-allowed.sub.html.ini
new file mode 100644
index 0000000000..a559eea3da
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/unsafe-eval/eval-scripts-setInterval-allowed.sub.html.ini
@@ -0,0 +1,3 @@
+[eval-scripts-setInterval-allowed.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/unsafe-eval/eval-scripts-setTimeout-allowed.sub.html.ini b/testing/web-platform/meta/content-security-policy/unsafe-eval/eval-scripts-setTimeout-allowed.sub.html.ini
new file mode 100644
index 0000000000..2d63d56194
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/unsafe-eval/eval-scripts-setTimeout-allowed.sub.html.ini
@@ -0,0 +1,3 @@
+[eval-scripts-setTimeout-allowed.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/unsafe-eval/eval-scripts-setTimeout-blocked.sub.html.ini b/testing/web-platform/meta/content-security-policy/unsafe-eval/eval-scripts-setTimeout-blocked.sub.html.ini
new file mode 100644
index 0000000000..dcdb661da4
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/unsafe-eval/eval-scripts-setTimeout-blocked.sub.html.ini
@@ -0,0 +1,6 @@
+[eval-scripts-setTimeout-blocked.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Expecting logs: ["PASS","violated-directive=script-src"\]]
+ expected:
+ if (processor == "x86") and not debug: [PASS, FAIL]
diff --git a/testing/web-platform/meta/content-security-policy/unsafe-eval/function-constructor-allowed.sub.html.ini b/testing/web-platform/meta/content-security-policy/unsafe-eval/function-constructor-allowed.sub.html.ini
new file mode 100644
index 0000000000..d83338f248
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/unsafe-eval/function-constructor-allowed.sub.html.ini
@@ -0,0 +1,3 @@
+[function-constructor-allowed.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/unsafe-eval/function-constructor-blocked.sub.html.ini b/testing/web-platform/meta/content-security-policy/unsafe-eval/function-constructor-blocked.sub.html.ini
new file mode 100644
index 0000000000..cdc2153fbf
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/unsafe-eval/function-constructor-blocked.sub.html.ini
@@ -0,0 +1,3 @@
+[function-constructor-blocked.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/unsafe-hashes/__dir__.ini b/testing/web-platform/meta/content-security-policy/unsafe-hashes/__dir__.ini
new file mode 100644
index 0000000000..ecd25ae52a
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/unsafe-hashes/__dir__.ini
@@ -0,0 +1 @@
+prefs: [dom.targetBlankNoOpener.enabled:false, security.csp.unsafe-hashes.enabled:true]
diff --git a/testing/web-platform/meta/content-security-policy/unsafe-hashes/javascript_src_allowed-href_blank.html.ini b/testing/web-platform/meta/content-security-policy/unsafe-hashes/javascript_src_allowed-href_blank.html.ini
new file mode 100644
index 0000000000..b246e21d3d
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/unsafe-hashes/javascript_src_allowed-href_blank.html.ini
@@ -0,0 +1,3 @@
+[javascript_src_allowed-href_blank.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/unsafe-hashes/javascript_src_allowed-window_location.html.ini b/testing/web-platform/meta/content-security-policy/unsafe-hashes/javascript_src_allowed-window_location.html.ini
new file mode 100644
index 0000000000..8389a861b3
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/unsafe-hashes/javascript_src_allowed-window_location.html.ini
@@ -0,0 +1,3 @@
+[javascript_src_allowed-window_location.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/unsafe-hashes/javascript_src_allowed-window_open.html.ini b/testing/web-platform/meta/content-security-policy/unsafe-hashes/javascript_src_allowed-window_open.html.ini
new file mode 100644
index 0000000000..ba124c7b54
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/unsafe-hashes/javascript_src_allowed-window_open.html.ini
@@ -0,0 +1,3 @@
+[javascript_src_allowed-window_open.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/unsafe-hashes/javascript_src_denied_missing_unsafe_hashes-href_blank-script-src-attr.html.ini b/testing/web-platform/meta/content-security-policy/unsafe-hashes/javascript_src_denied_missing_unsafe_hashes-href_blank-script-src-attr.html.ini
new file mode 100644
index 0000000000..c292b6d3da
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/unsafe-hashes/javascript_src_denied_missing_unsafe_hashes-href_blank-script-src-attr.html.ini
@@ -0,0 +1,3 @@
+[javascript_src_denied_missing_unsafe_hashes-href_blank-script-src-attr.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/unsafe-hashes/javascript_src_denied_missing_unsafe_hashes-href_blank-script-src-elem.html.ini b/testing/web-platform/meta/content-security-policy/unsafe-hashes/javascript_src_denied_missing_unsafe_hashes-href_blank-script-src-elem.html.ini
new file mode 100644
index 0000000000..39167678ec
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/unsafe-hashes/javascript_src_denied_missing_unsafe_hashes-href_blank-script-src-elem.html.ini
@@ -0,0 +1,3 @@
+[javascript_src_denied_missing_unsafe_hashes-href_blank-script-src-elem.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/unsafe-hashes/javascript_src_denied_missing_unsafe_hashes-href_blank.html.ini b/testing/web-platform/meta/content-security-policy/unsafe-hashes/javascript_src_denied_missing_unsafe_hashes-href_blank.html.ini
new file mode 100644
index 0000000000..d0c3fca4c7
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/unsafe-hashes/javascript_src_denied_missing_unsafe_hashes-href_blank.html.ini
@@ -0,0 +1,3 @@
+[javascript_src_denied_missing_unsafe_hashes-href_blank.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/unsafe-hashes/javascript_src_denied_missing_unsafe_hashes-window_location.html.ini b/testing/web-platform/meta/content-security-policy/unsafe-hashes/javascript_src_denied_missing_unsafe_hashes-window_location.html.ini
new file mode 100644
index 0000000000..6da98d6a99
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/unsafe-hashes/javascript_src_denied_missing_unsafe_hashes-window_location.html.ini
@@ -0,0 +1,3 @@
+[javascript_src_denied_missing_unsafe_hashes-window_location.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/unsafe-hashes/javascript_src_denied_missing_unsafe_hashes-window_open.html.ini b/testing/web-platform/meta/content-security-policy/unsafe-hashes/javascript_src_denied_missing_unsafe_hashes-window_open.html.ini
new file mode 100644
index 0000000000..61473ae657
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/unsafe-hashes/javascript_src_denied_missing_unsafe_hashes-window_open.html.ini
@@ -0,0 +1,3 @@
+[javascript_src_denied_missing_unsafe_hashes-window_open.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/unsafe-hashes/javascript_src_denied_wrong_hash-href.html.ini b/testing/web-platform/meta/content-security-policy/unsafe-hashes/javascript_src_denied_wrong_hash-href.html.ini
new file mode 100644
index 0000000000..5c7214748b
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/unsafe-hashes/javascript_src_denied_wrong_hash-href.html.ini
@@ -0,0 +1,3 @@
+[javascript_src_denied_wrong_hash-href.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/unsafe-hashes/javascript_src_denied_wrong_hash-href_blank-script-src-attr.html.ini b/testing/web-platform/meta/content-security-policy/unsafe-hashes/javascript_src_denied_wrong_hash-href_blank-script-src-attr.html.ini
new file mode 100644
index 0000000000..2276ff8dac
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/unsafe-hashes/javascript_src_denied_wrong_hash-href_blank-script-src-attr.html.ini
@@ -0,0 +1,3 @@
+[javascript_src_denied_wrong_hash-href_blank-script-src-attr.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/unsafe-hashes/javascript_src_denied_wrong_hash-href_blank-script-src-elem.html.ini b/testing/web-platform/meta/content-security-policy/unsafe-hashes/javascript_src_denied_wrong_hash-href_blank-script-src-elem.html.ini
new file mode 100644
index 0000000000..bf8489cbba
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/unsafe-hashes/javascript_src_denied_wrong_hash-href_blank-script-src-elem.html.ini
@@ -0,0 +1,3 @@
+[javascript_src_denied_wrong_hash-href_blank-script-src-elem.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/unsafe-hashes/javascript_src_denied_wrong_hash-href_blank.html.ini b/testing/web-platform/meta/content-security-policy/unsafe-hashes/javascript_src_denied_wrong_hash-href_blank.html.ini
new file mode 100644
index 0000000000..965ac7f2a2
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/unsafe-hashes/javascript_src_denied_wrong_hash-href_blank.html.ini
@@ -0,0 +1,3 @@
+[javascript_src_denied_wrong_hash-href_blank.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/unsafe-hashes/javascript_src_denied_wrong_hash-window_location.html.ini b/testing/web-platform/meta/content-security-policy/unsafe-hashes/javascript_src_denied_wrong_hash-window_location.html.ini
new file mode 100644
index 0000000000..afce1781e9
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/unsafe-hashes/javascript_src_denied_wrong_hash-window_location.html.ini
@@ -0,0 +1,3 @@
+[javascript_src_denied_wrong_hash-window_location.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/unsafe-hashes/javascript_src_denied_wrong_hash-window_open.html.ini b/testing/web-platform/meta/content-security-policy/unsafe-hashes/javascript_src_denied_wrong_hash-window_open.html.ini
new file mode 100644
index 0000000000..adec8f787a
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/unsafe-hashes/javascript_src_denied_wrong_hash-window_open.html.ini
@@ -0,0 +1,3 @@
+[javascript_src_denied_wrong_hash-window_open.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/unsafe-hashes/script_event_handlers_allowed.html.ini b/testing/web-platform/meta/content-security-policy/unsafe-hashes/script_event_handlers_allowed.html.ini
new file mode 100644
index 0000000000..0a0ba91a7a
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/unsafe-hashes/script_event_handlers_allowed.html.ini
@@ -0,0 +1,3 @@
+[script_event_handlers_allowed.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/unsafe-hashes/script_event_handlers_denied_missing_unsafe_hashes.html.ini b/testing/web-platform/meta/content-security-policy/unsafe-hashes/script_event_handlers_denied_missing_unsafe_hashes.html.ini
new file mode 100644
index 0000000000..418322bc42
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/unsafe-hashes/script_event_handlers_denied_missing_unsafe_hashes.html.ini
@@ -0,0 +1,3 @@
+[script_event_handlers_denied_missing_unsafe_hashes.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/unsafe-hashes/script_event_handlers_denied_wrong_hash.html.ini b/testing/web-platform/meta/content-security-policy/unsafe-hashes/script_event_handlers_denied_wrong_hash.html.ini
new file mode 100644
index 0000000000..e0bb62d364
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/unsafe-hashes/script_event_handlers_denied_wrong_hash.html.ini
@@ -0,0 +1,3 @@
+[script_event_handlers_denied_wrong_hash.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/unsafe-hashes/style_attribute_allowed.html.ini b/testing/web-platform/meta/content-security-policy/unsafe-hashes/style_attribute_allowed.html.ini
new file mode 100644
index 0000000000..57ee65f4d6
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/unsafe-hashes/style_attribute_allowed.html.ini
@@ -0,0 +1,3 @@
+[style_attribute_allowed.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/unsafe-hashes/style_attribute_denied_missing_unsafe_hashes.html.ini b/testing/web-platform/meta/content-security-policy/unsafe-hashes/style_attribute_denied_missing_unsafe_hashes.html.ini
new file mode 100644
index 0000000000..4989198df5
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/unsafe-hashes/style_attribute_denied_missing_unsafe_hashes.html.ini
@@ -0,0 +1,3 @@
+[style_attribute_denied_missing_unsafe_hashes.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/unsafe-hashes/style_attribute_denied_wrong_hash.html.ini b/testing/web-platform/meta/content-security-policy/unsafe-hashes/style_attribute_denied_wrong_hash.html.ini
new file mode 100644
index 0000000000..babb086a64
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/unsafe-hashes/style_attribute_denied_wrong_hash.html.ini
@@ -0,0 +1,3 @@
+[style_attribute_denied_wrong_hash.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/wasm-unsafe-eval/default-src-blocks-wasm.any.js.ini b/testing/web-platform/meta/content-security-policy/wasm-unsafe-eval/default-src-blocks-wasm.any.js.ini
new file mode 100644
index 0000000000..7922f69997
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/wasm-unsafe-eval/default-src-blocks-wasm.any.js.ini
@@ -0,0 +1,13 @@
+[default-src-blocks-wasm.any.serviceworker.html]
+
+[default-src-blocks-wasm.any.sharedworker.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+
+[default-src-blocks-wasm.any.worker.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+
+[default-src-blocks-wasm.any.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/wasm-unsafe-eval/default-src-unsafe-eval-allows-wasm.any.js.ini b/testing/web-platform/meta/content-security-policy/wasm-unsafe-eval/default-src-unsafe-eval-allows-wasm.any.js.ini
new file mode 100644
index 0000000000..395e40e207
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/wasm-unsafe-eval/default-src-unsafe-eval-allows-wasm.any.js.ini
@@ -0,0 +1,15 @@
+[default-src-unsafe-eval-allows-wasm.any.worker.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+
+[default-src-unsafe-eval-allows-wasm.any.html]
+ expected:
+ if (os == "android") and fission: [TIMEOUT, OK]
+
+[default-src-unsafe-eval-allows-wasm.any.serviceworker.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+
+[default-src-unsafe-eval-allows-wasm.any.sharedworker.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/wasm-unsafe-eval/default-src-wasm-unsafe-eval-allows-wasm.any.js.ini b/testing/web-platform/meta/content-security-policy/wasm-unsafe-eval/default-src-wasm-unsafe-eval-allows-wasm.any.js.ini
new file mode 100644
index 0000000000..1b0636899e
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/wasm-unsafe-eval/default-src-wasm-unsafe-eval-allows-wasm.any.js.ini
@@ -0,0 +1,15 @@
+[default-src-wasm-unsafe-eval-allows-wasm.any.serviceworker.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+
+[default-src-wasm-unsafe-eval-allows-wasm.any.worker.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+
+[default-src-wasm-unsafe-eval-allows-wasm.any.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+
+[default-src-wasm-unsafe-eval-allows-wasm.any.sharedworker.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/wasm-unsafe-eval/postMessage-wasm-module.html.ini b/testing/web-platform/meta/content-security-policy/wasm-unsafe-eval/postMessage-wasm-module.html.ini
new file mode 100644
index 0000000000..4f48b36fc5
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/wasm-unsafe-eval/postMessage-wasm-module.html.ini
@@ -0,0 +1,3 @@
+[postMessage-wasm-module.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/wasm-unsafe-eval/script-src-blocks-wasm.any.js.ini b/testing/web-platform/meta/content-security-policy/wasm-unsafe-eval/script-src-blocks-wasm.any.js.ini
new file mode 100644
index 0000000000..11d9a6f4ab
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/wasm-unsafe-eval/script-src-blocks-wasm.any.js.ini
@@ -0,0 +1,15 @@
+[script-src-blocks-wasm.any.worker.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+
+[script-src-blocks-wasm.any.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+
+[script-src-blocks-wasm.any.sharedworker.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+
+[script-src-blocks-wasm.any.serviceworker.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/wasm-unsafe-eval/script-src-spv-asynch.any.js.ini b/testing/web-platform/meta/content-security-policy/wasm-unsafe-eval/script-src-spv-asynch.any.js.ini
new file mode 100644
index 0000000000..2427b2428f
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/wasm-unsafe-eval/script-src-spv-asynch.any.js.ini
@@ -0,0 +1,15 @@
+[script-src-spv-asynch.any.serviceworker.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+
+[script-src-spv-asynch.any.worker.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+
+[script-src-spv-asynch.any.sharedworker.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+
+[script-src-spv-asynch.any.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/wasm-unsafe-eval/script-src-unsafe-eval-allows-wasm.any.js.ini b/testing/web-platform/meta/content-security-policy/wasm-unsafe-eval/script-src-unsafe-eval-allows-wasm.any.js.ini
new file mode 100644
index 0000000000..8bb0fba2eb
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/wasm-unsafe-eval/script-src-unsafe-eval-allows-wasm.any.js.ini
@@ -0,0 +1,15 @@
+[script-src-unsafe-eval-allows-wasm.any.sharedworker.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+
+[script-src-unsafe-eval-allows-wasm.any.html]
+ expected:
+ if (os == "android") and fission: [TIMEOUT, OK]
+
+[script-src-unsafe-eval-allows-wasm.any.worker.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+
+[script-src-unsafe-eval-allows-wasm.any.serviceworker.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/wasm-unsafe-eval/script-src-wasm-unsafe-eval-allows-wasm.any.js.ini b/testing/web-platform/meta/content-security-policy/wasm-unsafe-eval/script-src-wasm-unsafe-eval-allows-wasm.any.js.ini
new file mode 100644
index 0000000000..2ff9144afc
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/wasm-unsafe-eval/script-src-wasm-unsafe-eval-allows-wasm.any.js.ini
@@ -0,0 +1,15 @@
+[script-src-wasm-unsafe-eval-allows-wasm.any.serviceworker.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+
+[script-src-wasm-unsafe-eval-allows-wasm.any.worker.html]
+ expected:
+ if (os == "android") and fission: [TIMEOUT, OK]
+
+[script-src-wasm-unsafe-eval-allows-wasm.any.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+
+[script-src-wasm-unsafe-eval-allows-wasm.any.sharedworker.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/webrtc/webrtc-allowed-explicit.html.ini b/testing/web-platform/meta/content-security-policy/webrtc/webrtc-allowed-explicit.html.ini
new file mode 100644
index 0000000000..f982824fc3
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/webrtc/webrtc-allowed-explicit.html.ini
@@ -0,0 +1,3 @@
+[webrtc-allowed-explicit.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/webrtc/webrtc-blocked-explicit.html.ini b/testing/web-platform/meta/content-security-policy/webrtc/webrtc-blocked-explicit.html.ini
new file mode 100644
index 0000000000..08f9839e5d
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/webrtc/webrtc-blocked-explicit.html.ini
@@ -0,0 +1,3 @@
+[webrtc-blocked-explicit.html]
+ [webrtc blocked with an explicit webrtc blocked policy]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/webrtc/webrtc-blocked-unknown.html.ini b/testing/web-platform/meta/content-security-policy/webrtc/webrtc-blocked-unknown.html.ini
new file mode 100644
index 0000000000..8b3a4b82f6
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/webrtc/webrtc-blocked-unknown.html.ini
@@ -0,0 +1,5 @@
+[webrtc-blocked-unknown.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [webrtc blocked with an unrecognized explicit webrtc policy]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/worker-src/__dir__.ini b/testing/web-platform/meta/content-security-policy/worker-src/__dir__.ini
new file mode 100644
index 0000000000..ad001e7142
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/worker-src/__dir__.ini
@@ -0,0 +1 @@
+lsan-allowed: [NS_NewRunnableFunction, already_AddRefed, detail::ProxyRelease, mozilla::SupportsThreadSafeWeakPtr, mozilla::ipc::BackgroundChildImpl::AllocPRemoteWorkerChild]
diff --git a/testing/web-platform/meta/content-security-policy/worker-src/dedicated-none.sub.html.ini b/testing/web-platform/meta/content-security-policy/worker-src/dedicated-none.sub.html.ini
new file mode 100644
index 0000000000..dd098643ee
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/worker-src/dedicated-none.sub.html.ini
@@ -0,0 +1,7 @@
+[dedicated-none.sub.html]
+ [Same-origin dedicated worker blocked by host-source expression.]
+ expected: FAIL
+
+ [blob: dedicated worker blocked by 'blob:'.]
+ expected: FAIL
+
diff --git a/testing/web-platform/meta/content-security-policy/worker-src/dedicated-self.sub.html.ini b/testing/web-platform/meta/content-security-policy/worker-src/dedicated-self.sub.html.ini
new file mode 100644
index 0000000000..333dde62ec
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/worker-src/dedicated-self.sub.html.ini
@@ -0,0 +1,3 @@
+[dedicated-self.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/worker-src/dedicated-worker-src-child-fallback-blocked.sub.html.ini b/testing/web-platform/meta/content-security-policy/worker-src/dedicated-worker-src-child-fallback-blocked.sub.html.ini
new file mode 100644
index 0000000000..3e47c6dde6
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/worker-src/dedicated-worker-src-child-fallback-blocked.sub.html.ini
@@ -0,0 +1,5 @@
+[dedicated-worker-src-child-fallback-blocked.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Same-origin dedicated worker allowed by worker-src 'self'.]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/worker-src/dedicated-worker-src-child-fallback.sub.html.ini b/testing/web-platform/meta/content-security-policy/worker-src/dedicated-worker-src-child-fallback.sub.html.ini
new file mode 100644
index 0000000000..4a3e1ccb1d
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/worker-src/dedicated-worker-src-child-fallback.sub.html.ini
@@ -0,0 +1,3 @@
+[dedicated-worker-src-child-fallback.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/worker-src/dedicated-worker-src-default-fallback.sub.html.ini b/testing/web-platform/meta/content-security-policy/worker-src/dedicated-worker-src-default-fallback.sub.html.ini
new file mode 100644
index 0000000000..58a02db521
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/worker-src/dedicated-worker-src-default-fallback.sub.html.ini
@@ -0,0 +1,3 @@
+[dedicated-worker-src-default-fallback.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/worker-src/dedicated-worker-src-script-fallback.sub.html.ini b/testing/web-platform/meta/content-security-policy/worker-src/dedicated-worker-src-script-fallback.sub.html.ini
new file mode 100644
index 0000000000..68995f34fe
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/worker-src/dedicated-worker-src-script-fallback.sub.html.ini
@@ -0,0 +1,3 @@
+[dedicated-worker-src-script-fallback.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/worker-src/dedicated-worker-src-self-fallback.sub.html.ini b/testing/web-platform/meta/content-security-policy/worker-src/dedicated-worker-src-self-fallback.sub.html.ini
new file mode 100644
index 0000000000..f33fec2f89
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/worker-src/dedicated-worker-src-self-fallback.sub.html.ini
@@ -0,0 +1,3 @@
+[dedicated-worker-src-self-fallback.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/worker-src/service-child.https.sub.html.ini b/testing/web-platform/meta/content-security-policy/worker-src/service-child.https.sub.html.ini
new file mode 100644
index 0000000000..94ccb6820d
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/worker-src/service-child.https.sub.html.ini
@@ -0,0 +1,6 @@
+[service-child.https.sub.html]
+ expected:
+ if (os == "win") and not debug and (processor == "x86_64"): [OK, TIMEOUT]
+ [Same-origin service worker allowed by host-source expression.]
+ expected:
+ if (os == "win") and not debug and (processor == "x86_64"): [PASS, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/worker-src/service-fallback.https.sub.html.ini b/testing/web-platform/meta/content-security-policy/worker-src/service-fallback.https.sub.html.ini
new file mode 100644
index 0000000000..68e3a9d40d
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/worker-src/service-fallback.https.sub.html.ini
@@ -0,0 +1,3 @@
+[service-fallback.https.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/worker-src/service-list.https.sub.html.ini b/testing/web-platform/meta/content-security-policy/worker-src/service-list.https.sub.html.ini
new file mode 100644
index 0000000000..f72a100097
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/worker-src/service-list.https.sub.html.ini
@@ -0,0 +1,3 @@
+[service-list.https.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/worker-src/service-none.https.sub.html.ini b/testing/web-platform/meta/content-security-policy/worker-src/service-none.https.sub.html.ini
new file mode 100644
index 0000000000..3c1c3eb867
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/worker-src/service-none.https.sub.html.ini
@@ -0,0 +1,5 @@
+[service-none.https.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Same-origin service worker blocked by 'none'.]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/worker-src/service-self.https.sub.html.ini b/testing/web-platform/meta/content-security-policy/worker-src/service-self.https.sub.html.ini
new file mode 100644
index 0000000000..c3c494cdf7
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/worker-src/service-self.https.sub.html.ini
@@ -0,0 +1,3 @@
+[service-self.https.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/worker-src/service-worker-src-child-fallback-blocked.https.sub.html.ini b/testing/web-platform/meta/content-security-policy/worker-src/service-worker-src-child-fallback-blocked.https.sub.html.ini
new file mode 100644
index 0000000000..297791a67c
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/worker-src/service-worker-src-child-fallback-blocked.https.sub.html.ini
@@ -0,0 +1,5 @@
+[service-worker-src-child-fallback-blocked.https.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Same-origin service worker allowed by child-src 'self'.]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/worker-src/service-worker-src-child-fallback.https.sub.html.ini b/testing/web-platform/meta/content-security-policy/worker-src/service-worker-src-child-fallback.https.sub.html.ini
new file mode 100644
index 0000000000..4a9676f353
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/worker-src/service-worker-src-child-fallback.https.sub.html.ini
@@ -0,0 +1,3 @@
+[service-worker-src-child-fallback.https.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/worker-src/service-worker-src-default-fallback.https.sub.html.ini b/testing/web-platform/meta/content-security-policy/worker-src/service-worker-src-default-fallback.https.sub.html.ini
new file mode 100644
index 0000000000..50e6893134
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/worker-src/service-worker-src-default-fallback.https.sub.html.ini
@@ -0,0 +1,3 @@
+[service-worker-src-default-fallback.https.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/worker-src/service-worker-src-script-fallback.https.sub.html.ini b/testing/web-platform/meta/content-security-policy/worker-src/service-worker-src-script-fallback.https.sub.html.ini
new file mode 100644
index 0000000000..1b9ab08618
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/worker-src/service-worker-src-script-fallback.https.sub.html.ini
@@ -0,0 +1,3 @@
+[service-worker-src-script-fallback.https.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/worker-src/service-worker-src-self-fallback.https.sub.html.ini b/testing/web-platform/meta/content-security-policy/worker-src/service-worker-src-self-fallback.https.sub.html.ini
new file mode 100644
index 0000000000..733e89e218
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/worker-src/service-worker-src-self-fallback.https.sub.html.ini
@@ -0,0 +1,3 @@
+[service-worker-src-self-fallback.https.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/worker-src/shared-child.sub.html.ini b/testing/web-platform/meta/content-security-policy/worker-src/shared-child.sub.html.ini
new file mode 100644
index 0000000000..0843099d84
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/worker-src/shared-child.sub.html.ini
@@ -0,0 +1,3 @@
+[shared-child.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/worker-src/shared-fallback.sub.html.ini b/testing/web-platform/meta/content-security-policy/worker-src/shared-fallback.sub.html.ini
new file mode 100644
index 0000000000..5a3019ae64
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/worker-src/shared-fallback.sub.html.ini
@@ -0,0 +1,6 @@
+[shared-fallback.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [blob: dedicated worker allowed by 'blob:'.]
+ expected:
+ if (os == "android") and debug: [PASS, FAIL]
diff --git a/testing/web-platform/meta/content-security-policy/worker-src/shared-list.sub.html.ini b/testing/web-platform/meta/content-security-policy/worker-src/shared-list.sub.html.ini
new file mode 100644
index 0000000000..d9b74ddc12
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/worker-src/shared-list.sub.html.ini
@@ -0,0 +1,3 @@
+[shared-list.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/worker-src/shared-none.sub.html.ini b/testing/web-platform/meta/content-security-policy/worker-src/shared-none.sub.html.ini
new file mode 100644
index 0000000000..72c3d97eca
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/worker-src/shared-none.sub.html.ini
@@ -0,0 +1,8 @@
+[shared-none.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Same-origin shared worker blocked by 'none'.]
+ expected: FAIL
+
+ [blob: shared worker blocked by 'none'.]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/worker-src/shared-self.sub.html.ini b/testing/web-platform/meta/content-security-policy/worker-src/shared-self.sub.html.ini
new file mode 100644
index 0000000000..cfac0e6537
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/worker-src/shared-self.sub.html.ini
@@ -0,0 +1,3 @@
+[shared-self.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/worker-src/shared-worker-src-child-fallback-blocked.sub.html.ini b/testing/web-platform/meta/content-security-policy/worker-src/shared-worker-src-child-fallback-blocked.sub.html.ini
new file mode 100644
index 0000000000..4330502b4b
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/worker-src/shared-worker-src-child-fallback-blocked.sub.html.ini
@@ -0,0 +1,5 @@
+[shared-worker-src-child-fallback-blocked.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
+ [Same-origin shared worker allowed by child-src 'self'.]
+ expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/worker-src/shared-worker-src-child-fallback.sub.html.ini b/testing/web-platform/meta/content-security-policy/worker-src/shared-worker-src-child-fallback.sub.html.ini
new file mode 100644
index 0000000000..e0eeaa05ba
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/worker-src/shared-worker-src-child-fallback.sub.html.ini
@@ -0,0 +1,3 @@
+[shared-worker-src-child-fallback.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/worker-src/shared-worker-src-default-fallback.sub.html.ini b/testing/web-platform/meta/content-security-policy/worker-src/shared-worker-src-default-fallback.sub.html.ini
new file mode 100644
index 0000000000..e7407de67a
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/worker-src/shared-worker-src-default-fallback.sub.html.ini
@@ -0,0 +1,3 @@
+[shared-worker-src-default-fallback.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/worker-src/shared-worker-src-script-fallback.sub.html.ini b/testing/web-platform/meta/content-security-policy/worker-src/shared-worker-src-script-fallback.sub.html.ini
new file mode 100644
index 0000000000..e896159e44
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/worker-src/shared-worker-src-script-fallback.sub.html.ini
@@ -0,0 +1,3 @@
+[shared-worker-src-script-fallback.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/worker-src/shared-worker-src-self-fallback.sub.html.ini b/testing/web-platform/meta/content-security-policy/worker-src/shared-worker-src-self-fallback.sub.html.ini
new file mode 100644
index 0000000000..a4d0b66057
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/worker-src/shared-worker-src-self-fallback.sub.html.ini
@@ -0,0 +1,3 @@
+[shared-worker-src-self-fallback.sub.html]
+ expected:
+ if (os == "android") and fission: [OK, TIMEOUT]