Revision 42726335c0afd7f2a9408914c52072d3a85393bd authored by Andy Paicu on 16 May 2018, 10:12:30 UTC, committed by Chromium WPT Sync on 16 May 2018, 10:12:30 UTC
This feature is getting to big for a single code review so I'm splitting it up. This is all behind the experimental CSP features flag. What is covered: The 'navigate-to' directive is now parsed and understood The navigation relevant directives are passed as part of common params A navigation csp context is created out of the navigation relevant directives This navigation csp context is used to perform the 'navigate-to' checks What is not covered but I will cover in future CRs: securitypolicyviolation events are raised on the wrong host because we don't know what the initiator is CSP reports are sent using the current frame host as an intermediary which has negative security implications There are no WPT tests for the 'unsafe-allow-redirects' flag, only unit tests I2S: https://groups.google.com/a/chromium.org/forum/#!topic/blink-dev/EJ4xF_DwZyk Spec: https://w3c.github.io/webappsec-csp/#directive-navigate-to Bug: 805886 Change-Id: Iaab324163dbe7389dcd440afa1ee51c0de215401 TBR=jochen@chromium.org Change-Id: Iaab324163dbe7389dcd440afa1ee51c0de215401 Reviewed-on: https://chromium-review.googlesource.com/957726 Commit-Queue: Andy Paicu <andypaicu@chromium.org> Reviewed-by: Jochen Eisinger <jochen@chromium.org> Reviewed-by: Alex Moshchuk <alexmos@chromium.org> Cr-Commit-Position: refs/heads/master@{#559026}
1 parent ad84337
historical.https.html
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>Historical features</title>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="/service-workers/service-worker/resources/test-helpers.sub.js"></script>
</head>
<body>
<div id="log"></div>
<script>
var removedFromWindow = [
'toNativeLineEndings',
'FileError',
'FileException',
'FileHandle',
'FileRequest',
'MutableFile',
];
removedFromWindow.forEach(function(name) {
test(function() {
assert_false(name in window);
}, '"' + name + '" should not be supported');
});
test(function() {
var b = new Blob();
var prefixes = ['op', 'moz', 'webkit', 'ms'];
for (var i = 0; i < prefixes.length; ++i) {
assert_false(prefixes[i]+'Slice' in b, "'"+prefixes[i]+"Slice' in b");
assert_false(prefixes[i]+'Slice' in Blob.prototype, "'"+prefixes[i]+"Slice in Blob.prototype");
}
}, 'Blob should not support slice prefixed');
test(function() {
var prefixes = ['', 'O', 'Moz', 'WebKit', 'MS'];
for (var i = 0; i < prefixes.length; ++i) {
assert_false(prefixes[i]+'BlobBuilder' in window, prefixes[i]+'BlobBuilder');
}
}, 'BlobBuilder should not be supported.');
test(function() {
assert_false('createFor' in URL);
}, 'createFor method should not be supported');
test(function() {
var b = new Blob();
assert_false('close' in b, 'close in b');
assert_false('close' in Blob.prototype, 'close in Blob.prototype');
assert_false('isClosed' in b, 'isClosed in b');
assert_false('isClosed' in Blob.prototype, 'isClosed in Blob.prototype');
}, 'Blob.close() should not be supported');
test(() => {
const f = new File([], "");
assert_false("lastModifiedDate" in f);
assert_false("lastModifiedDate" in File.prototype);
}, "File's lastModifiedDate should not be supported");
service_worker_test('support/historical-serviceworker.js', 'Service worker test setup');
</script>
</body>
</html>
Computing file changes ...