[webkit-reviews] review granted: [Bug 198676] Import Content Security Policy Web Platform Tests : [Attachment 371616] A bunch of tests
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Jun 7 15:22:32 PDT 2019
youenn fablet <youennf at gmail.com> has granted Daniel Bates
<dbates at webkit.org>'s request for review:
Bug 198676: Import Content Security Policy Web Platform Tests
https://bugs.webkit.org/show_bug.cgi?id=198676
Attachment 371616: A bunch of tests
https://bugs.webkit.org/attachment.cgi?id=371616&action=review
--- Comment #3 from youenn fablet <youennf at gmail.com> ---
Comment on attachment 371616
--> https://bugs.webkit.org/attachment.cgi?id=371616
A bunch of tests
r=me once bots are happy.
Please skip tests that are timing out, at least the ones that have no PASS.
It would be really good to remove the www1/www2 wherever possible.
Instead, you can rely on hosts[alt].
This can be done as a follow-up and should be upstreamed in WPT.
View in context: https://bugs.webkit.org/attachment.cgi?id=371616&action=review
>
LayoutTests/imported/w3c/web-platform-tests/content-security-policy/base-uri/ba
se-uri-deny.sub-expected.txt:1
> +CONSOLE MESSAGE: Refused to change the document base URL to
http://www2.localhost:8800/ because it does not appear in the base-uri
directive of the Content Security Policy.
Usually, we prefer to use non www1/www2 URLS if possible.
If we can, it would be nice to update the test upstream to use hosts[alt], or
different port or protocol.
>
LayoutTests/imported/w3c/web-platform-tests/content-security-policy/base-uri/ba
se-uri_iframe_sandbox.sub-expected.txt:1
> +CONSOLE MESSAGE: Refused to change the document base URL to
http://www2.localhost:8800/base/ because it does not appear in the base-uri
directive of the Content Security Policy.
Ditto.
>
LayoutTests/imported/w3c/web-platform-tests/content-security-policy/base-uri/re
port-uri-does-not-respect-base-uri.sub-expected.txt:8
> +TIMEOUT Event is fired Test timed out
Test is timing out, we may want to skip it.
>
LayoutTests/imported/w3c/web-platform-tests/content-security-policy/blob/blob-u
rls-do-not-match-self.sub-expected.txt:1
> +CONSOLE MESSAGE: Refused to load
blob:http://localhost:8800/d820d6f6-f018-4285-b815-0c92b963e921 because it does
not appear in the script-src directive of the Content Security Policy.
Test will probably be flaky, use DumpJSConsoleLogInStdErr if needed.
>
LayoutTests/imported/w3c/web-platform-tests/content-security-policy/blob/self-d
oesnt-match-blob.sub-expected.txt:1
> +CONSOLE MESSAGE: Refused to load
blob:http://localhost:8800/f7ffe13f-be1a-482e-b2ab-ccc3114b5110 because it does
not appear in the child-src directive of the Content Security Policy.
Will probably be flaky. You can use DumpJSConsoleLogInStdErr.
>
LayoutTests/imported/w3c/web-platform-tests/content-security-policy/blob/star-d
oesnt-match-blob.sub-expected.txt:1
> +CONSOLE MESSAGE: Refused to load
blob:http://localhost:8800/9636972c-adc4-43d0-a730-fa5498d6bb99 because it does
not appear in the child-src directive of the Content Security Policy.
Ditto.
>
LayoutTests/imported/w3c/web-platform-tests/content-security-policy/child-src/c
hild-src-cross-origin-load.sub-expected.txt:1
> +CONSOLE MESSAGE: Refused to load
http://www2.localhost:8800/content-security-policy/support/postmessage-fail.htm
l because it does not appear in the child-src directive of the Content Security
Policy.
www2 issue here as well.
It might be that the test is timing out due to that.
Might be best to skip it and fix it as a follow-up.
>
LayoutTests/imported/w3c/web-platform-tests/content-security-policy/connect-src
/connect-src-beacon-blocked.sub-expected.txt:1
> +CONSOLE MESSAGE: Refused to connect to
http://www1.localhost:8800/security/contentSecurityPolicy/echo-report.php
because it does not appear in the connect-src directive of the Content Security
Policy.
www1 potential issue, here and below.
>
LayoutTests/imported/w3c/web-platform-tests/content-security-policy/securitypol
icyviolation/img-src-redirect-upgrade-reporting.https-expected.txt:6
> +TIMEOUT Image that redirects to http:// URL prohibited by Report-Only must
generate a violation report, even with upgrade-insecure-requests Test timed out
Please skip this one and others that are timing out.
>
LayoutTests/imported/w3c/web-platform-tests/content-security-policy/securitypol
icyviolation/inside-dedicated-worker-expected.txt:8
> +TIMEOUT SecurityPolicyViolation event fired on global with the correct
blockedURI. Test timed out
Ditto here.
More information about the webkit-reviews
mailing list