| commit | b587ec0a1caf47bdeac2116c44f8c1aaee579b97 | |
| author | Antonio Sartori <antoniosartori@chromium.org> | |
| Tue, 2 Feb 2021 09:13:06 +0000 (2 09:13 +0000) | ||
| committer | moz-wptsync-bot <wptsync@mozilla.com> | |
| Tue, 2 Feb 2021 17:08:03 +0000 (2 17:08 +0000) | ||
| tree | 0dd0c5e0944c9ea348cbe4e4a171440fc764af7f | treesnapshot (tar.gz zip) |
| parent | d77205db5a7e24a94b4e8b4c254788df5a9a45d8 | commitdiff |
Bug 1687911 [wpt PR 27271] - CSP: Use parsed policies for initializing Workers/Worklets, a=testonly
Automatic update from web-platform-tests
CSP: Use parsed policies for initializing Workers/Worklets
Workers/Worklet need to take into account Content Security Policies,
which are sometimes inherited by the creating document and sometimes
parsed from the HTTP headers directly. At the moment, we are storing
and sending around the raw CSP policies. For example, when a Worker
inherits the CSPs from the creating document, we send the raw strings,
which were just parsed in the document, to the Worker, where they are
parsed a second time.
Not only this multiple parsing of the same policy is superfluous and
can be avoided. It can also create inconsistencies (see the failing WP
test content-security-policy/sandbox/meta-element.sub.html)
This change replaces the raw policies with the parsed CSP types,
avoids multiple parsing, and fixes that test.
Bug: 1021462,1149272
Change-Id: Ib431253419226d6642a086923620b3aba34feb43
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2636314
Commit-Queue: Antonio Sartori <antoniosartori@chromium.org>
Reviewed-by: Mike West <mkwst@chromium.org>
Reviewed-by: Hiroki Nakagawa <nhiroki@chromium.org>
Reviewed-by: Arthur Sonzogni <arthursonzogni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#848069}
--
wpt-commits: 9ff620bc1109a3f7f8c9acca76726f9da783bb63
wpt-pr: 27271
Automatic update from web-platform-tests
CSP: Use parsed policies for initializing Workers/Worklets
Workers/Worklet need to take into account Content Security Policies,
which are sometimes inherited by the creating document and sometimes
parsed from the HTTP headers directly. At the moment, we are storing
and sending around the raw CSP policies. For example, when a Worker
inherits the CSPs from the creating document, we send the raw strings,
which were just parsed in the document, to the Worker, where they are
parsed a second time.
Not only this multiple parsing of the same policy is superfluous and
can be avoided. It can also create inconsistencies (see the failing WP
test content-security-policy/sandbox/meta-element.sub.html)
This change replaces the raw policies with the parsed CSP types,
avoids multiple parsing, and fixes that test.
Bug: 1021462,1149272
Change-Id: Ib431253419226d6642a086923620b3aba34feb43
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2636314
Commit-Queue: Antonio Sartori <antoniosartori@chromium.org>
Reviewed-by: Mike West <mkwst@chromium.org>
Reviewed-by: Hiroki Nakagawa <nhiroki@chromium.org>
Reviewed-by: Arthur Sonzogni <arthursonzogni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#848069}
--
wpt-commits: 9ff620bc1109a3f7f8c9acca76726f9da783bb63
wpt-pr: 27271
| testing/web-platform/tests/content-security-policy/script-src/worker-data-set-timeout.sub.html | [new file with mode: 0644] | blob |