Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add web platform test for CSP frame-ancestors with path #49722

Merged
merged 1 commit into from
Dec 24, 2024
Merged

Add web platform test for CSP frame-ancestors with path #49722

merged 1 commit into from
Dec 24, 2024

Conversation

chromium-wpt-export-bot
Copy link
Collaborator

@chromium-wpt-export-bot chromium-wpt-export-bot commented Dec 17, 2024
edited
Loading

The CSP frame-ancestors checking algorithm matches the frame
ancestor's origin against the source list. An origin will never match
a URL with a path in the source list. Hence this CL adds a web
platform test checking that frame loads are blocked if frame-ancestors
includes a URL with a path.

Bug: 40780874
Change-Id: I33a461a1f69b040d8a5e803978161352821d4161
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/6094569
Reviewed-by: Antonio Sartori <antoniosartori@chromium.org>
Commit-Queue: Emily Stark <estark@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1397345}

@chromium-wpt-export-bot chromium-wpt-export-bot marked this pull request as ready for review December 17, 2024 16:54
@estark37 @chromium-wpt-export-bot
Add web platform test for CSP frame-ancestors with path
05158d8 
The CSP frame-ancestors checking algorithm matches the frame
ancestor's origin against the source list. An origin will never match
a URL with a path in the source list. Hence this CL adds a web
platform test checking that frame loads are blocked if frame-ancestors
includes a URL with a path.

Bug: 40780874
Change-Id: I33a461a1f69b040d8a5e803978161352821d4161
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/6094569
Reviewed-by: Antonio Sartori <antoniosartori@chromium.org>
Commit-Queue: Emily Stark <estark@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1397345}
wpt-pr-bot
wpt-pr-bot approved these changes Dec 17, 2024
View reviewed changes
Copy link
Collaborator

@wpt-pr-bot wpt-pr-bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The review process for this patch is being conducted in the Chromium project.

@dev-ansung
Copy link
Contributor

WPT Command: python3 ./wpt run --channel=nightly --verify --verify-no-chaos-mode --verify-repeat-loop=0 --verify-repeat-restart=10 --github-checks-text-file=/home/test/artifacts/checkrun.md --affected base_head --log-mach-level=info --log-mach=- -y --no-pause --no-restart-on-unexpected --install-fonts --no-headless --verify-log-full --binary=/home/test/build/firefox/firefox firefox

Some affected tests had inconsistent (flaky) results:

Unstable results

Test Subtest Results Messages
/content-security-policy/frame-ancestors/frame-ancestors-path-ignored.window.html A 'frame-ancestors' CSP directive with a URL that includes a path should be ignored. FAIL: 2/10, PASS: 8/10 assert_unreached: The IFrame should have been blocked (or cross-origin). It wasn't. Reached unreachable code

These may be pre-existing or new flakes. Please try to reproduce (see the above WPT command, though some flags may not be needed when running locally) and determine if your change introduced the flake. If you are unable to reproduce the problem, please tag @web-platform-tests/wpt-core-team in a comment for help.

@dev-ansung
Copy link
Contributor

created https://crbug.com/385786172
@KyleJu @DanielRyanSmith can you help admin merge? Thanks!

@DanielRyanSmith DanielRyanSmith merged commit 91e727c into master Dec 24, 2024
19 of 21 checks passed
@DanielRyanSmith DanielRyanSmith deleted the chromium-export-cl-6094569 branch December 24, 2024 00:22
sadym-chromium pushed a commit that referenced this pull request Jan 14, 2025
@chromium-wpt-export-bot @estark37 @sadym-chromium
Add web platform test for CSP frame-ancestors with path (#49722)
5b7b51e 
The CSP frame-ancestors checking algorithm matches the frame
ancestor's origin against the source list. An origin will never match
a URL with a path in the source list. Hence this CL adds a web
platform test checking that frame loads are blocked if frame-ancestors
includes a URL with a path.

Bug: 40780874
Change-Id: I33a461a1f69b040d8a5e803978161352821d4161
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/6094569
Reviewed-by: Antonio Sartori <antoniosartori@chromium.org>
Commit-Queue: Emily Stark <estark@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1397345}

Co-authored-by: Emily Stark <estark@google.com>
@mbrodesser-Igalia mbrodesser-Igalia mentioned this pull request Jan 28, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@wpt-pr-bot wpt-pr-bot wpt-pr-bot approved these changes

Assignees
No one assigned
Labels
chromium-export content-security-policy
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@chromium-wpt-export-bot @dev-ansung @wpt-pr-bot @jonathan-j-lee @DanielRyanSmith @estark37