From 7da580014899ca6ac0f4bb8b303ff22914023dd2 Mon Sep 17 00:00:00 2001 From: Marco Castelluccio Date: Tue, 16 Feb 2021 00:38:32 +0000 Subject: [PATCH] Bug 1690981 [wpt PR 27500] - CSP: Remove 'plugin-types' directive, a=testonly Automatic update from web-platform-tests CSP: Remove 'plugin-types' directive The Content Security Policy directive 'plugin-types' is being removed by the specification (https://github.com/w3c/webappsec-csp/pull/456). This CL removes the code parsing and checking the 'plugin-types' directive from Blink and from the services/network CSP parser. All WP tests for plugin-types are removed, too. When parsing a plugin-types directive, we display a console error message informing that the directive has been removed and that object-src can be used instead. Bug: 1168001 Change-Id: I61420677a0f11f8daf46c473e578d66c932751d1 Cq-Do-Not-Cancel-Tryjobs: true Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2643282 Reviewed-by: Arthur Sonzogni Reviewed-by: Mike West Commit-Queue: Antonio Sartori Cr-Commit-Position: refs/heads/master{#851760} -- wpt-commits: 8959b13684b68186781340c044d9c1b62a388358 wpt-pr: 27500 UltraBlame original commit: 4e4ad3f0b99feaf9b72d23791ccb770a652cca20 --- .../subsumption_algorithm-general.html | 10 +++++--- .../plugin-types/plugintypes-empty.sub.html | 22 ------------------ .../plugintypes-mismatched-data.html | 22 ------------------ .../plugintypes-mismatched-url.html | 22 ------------------ .../plugin-types/plugintypes-notype-data.html | 23 ------------------- .../plugin-types/plugintypes-notype-url.html | 23 ------------------- .../plugintypes-nourl-allowed.html | 16 ------------- ...plugintypes-nourl-allowed.html.sub.headers | 2 -- .../plugintypes-nourl-blocked.html | 22 ------------------ 9 files changed, 7 insertions(+), 155 deletions(-) delete mode 100644 testing/web-platform/tests/content-security-policy/plugin-types/plugintypes-empty.sub.html delete mode 100644 testing/web-platform/tests/content-security-policy/plugin-types/plugintypes-mismatched-data.html delete mode 100644 testing/web-platform/tests/content-security-policy/plugin-types/plugintypes-mismatched-url.html delete mode 100644 testing/web-platform/tests/content-security-policy/plugin-types/plugintypes-notype-data.html delete mode 100644 testing/web-platform/tests/content-security-policy/plugin-types/plugintypes-notype-url.html delete mode 100644 testing/web-platform/tests/content-security-policy/plugin-types/plugintypes-nourl-allowed.html delete mode 100644 testing/web-platform/tests/content-security-policy/plugin-types/plugintypes-nourl-allowed.html.sub.headers delete mode 100644 testing/web-platform/tests/content-security-policy/plugin-types/plugintypes-nourl-blocked.html diff --git a/testing/web-platform/tests/content-security-policy/embedded-enforcement/subsumption_algorithm-general.html b/testing/web-platform/tests/content-security-policy/embedded-enforcement/subsumption_algorithm-general.html index a275096ce2eda..14dbf5211f232 100644 --- a/testing/web-platform/tests/content-security-policy/embedded-enforcement/subsumption_algorithm-general.html +++ b/testing/web-platform/tests/content-security-policy/embedded-enforcement/subsumption_algorithm-general.html @@ -69,14 +69,18 @@ "returned_csp": "style-src http://*.example.com:*", "returned_csp_2": "style-src http://*.com", "expected": IframeLoad.EXPECT_LOAD }, - { "name": "Iframe should block if plugin-types directive is not subsumed.", + { "name": "Removed plugin-types directive should be ignored.", "required_csp": "plugin-types application/pdf", "returned_csp": null, - "expected": IframeLoad.EXPECT_BLOCK }, - { "name": "Iframe should load if plugin-types directive is subsumed.", + "expected": IframeLoad.EXPECT_LOAD }, + { "name": "Removed plugin-types directive should be ignored 2.", "required_csp": "plugin-types application/pdf application/x-java-applet", "returned_csp": "plugin-types application/pdf", "expected": IframeLoad.EXPECT_LOAD }, + { "name": "Removed plugin-types directive should be ignored 3.", + "required_csp": "style-src 'none'; plugin-types application/pdf", + "returned_csp": null, + "expected": IframeLoad.EXPECT_BLOCK }, ]; tests.forEach(test => { diff --git a/testing/web-platform/tests/content-security-policy/plugin-types/plugintypes-empty.sub.html b/testing/web-platform/tests/content-security-policy/plugin-types/plugintypes-empty.sub.html deleted file mode 100644 index 0cd1a70a1dd93..0000000000000 --- a/testing/web-platform/tests/content-security-policy/plugin-types/plugintypes-empty.sub.html +++ /dev/null @@ -1,22 +0,0 @@ - - - - - - - - - - - - - - - - diff --git a/testing/web-platform/tests/content-security-policy/plugin-types/plugintypes-mismatched-data.html b/testing/web-platform/tests/content-security-policy/plugin-types/plugintypes-mismatched-data.html deleted file mode 100644 index 430a3a1eb9feb..0000000000000 --- a/testing/web-platform/tests/content-security-policy/plugin-types/plugintypes-mismatched-data.html +++ /dev/null @@ -1,22 +0,0 @@ - - - - - - - - - - - - - - - - diff --git a/testing/web-platform/tests/content-security-policy/plugin-types/plugintypes-mismatched-url.html b/testing/web-platform/tests/content-security-policy/plugin-types/plugintypes-mismatched-url.html deleted file mode 100644 index 306d08f79e166..0000000000000 --- a/testing/web-platform/tests/content-security-policy/plugin-types/plugintypes-mismatched-url.html +++ /dev/null @@ -1,22 +0,0 @@ - - - - - - - - - - - - - - - - diff --git a/testing/web-platform/tests/content-security-policy/plugin-types/plugintypes-notype-data.html b/testing/web-platform/tests/content-security-policy/plugin-types/plugintypes-notype-data.html deleted file mode 100644 index d03e5e7fec3c0..0000000000000 --- a/testing/web-platform/tests/content-security-policy/plugin-types/plugintypes-notype-data.html +++ /dev/null @@ -1,23 +0,0 @@ - - - - - - - - - - - - - - - - - diff --git a/testing/web-platform/tests/content-security-policy/plugin-types/plugintypes-notype-url.html b/testing/web-platform/tests/content-security-policy/plugin-types/plugintypes-notype-url.html deleted file mode 100644 index 59c221f06ebf8..0000000000000 --- a/testing/web-platform/tests/content-security-policy/plugin-types/plugintypes-notype-url.html +++ /dev/null @@ -1,23 +0,0 @@ - - - - - - - - - - - - - - - - - diff --git a/testing/web-platform/tests/content-security-policy/plugin-types/plugintypes-nourl-allowed.html b/testing/web-platform/tests/content-security-policy/plugin-types/plugintypes-nourl-allowed.html deleted file mode 100644 index a45a7e0b408fc..0000000000000 --- a/testing/web-platform/tests/content-security-policy/plugin-types/plugintypes-nourl-allowed.html +++ /dev/null @@ -1,16 +0,0 @@ - - - - - - - - - - - - - - - - diff --git a/testing/web-platform/tests/content-security-policy/plugin-types/plugintypes-nourl-allowed.html.sub.headers b/testing/web-platform/tests/content-security-policy/plugin-types/plugintypes-nourl-allowed.html.sub.headers deleted file mode 100644 index b67f5c74c1a66..0000000000000 --- a/testing/web-platform/tests/content-security-policy/plugin-types/plugintypes-nourl-allowed.html.sub.headers +++ /dev/null @@ -1,2 +0,0 @@ -Set-Cookie: plugintypes-nourl-allowed={{$id:uuid()}}; Path=/content-security-policy/plugin-types/ -Content-Security-Policy: plugin-types application/x-shockwave-flash; report-uri /reporting/resources/report.py?op=put&reportID={{$id}} diff --git a/testing/web-platform/tests/content-security-policy/plugin-types/plugintypes-nourl-blocked.html b/testing/web-platform/tests/content-security-policy/plugin-types/plugintypes-nourl-blocked.html deleted file mode 100644 index 02da1e0d1e6a2..0000000000000 --- a/testing/web-platform/tests/content-security-policy/plugin-types/plugintypes-nourl-blocked.html +++ /dev/null @@ -1,22 +0,0 @@ - - - - - - - - - - - - - - - -