Diff
Modified: branches/safari-609-branch/LayoutTests/ChangeLog (260874 => 260875)
--- branches/safari-609-branch/LayoutTests/ChangeLog 2020-04-29 05:56:54 UTC (rev 260874)
+++ branches/safari-609-branch/LayoutTests/ChangeLog 2020-04-29 06:04:31 UTC (rev 260875)
@@ -1,5 +1,60 @@
2020-04-28 Ryan Haddad <ryanhad...@apple.com>
+ Cherry-pick r259880. rdar://problem/62271251
+
+ Fix failing legacy CSP tests by converting them to modern tests instead.
+ https://bugs.webkit.org/show_bug.cgi?id=210310
+
+ Reviewed by Daniel Bates.
+
+ Convert these tests from verifying the (now removed) X-WebKit-CSP
+ header to the modern Content-Security-Policy header. Since we
+ don't have equivalent tests for the modern CSP header and it's not
+ very useful to have tons of tests for a feature we no longer
+ support.
+
+ * http/tests/security/contentSecurityPolicy/1.1/form-action-src-allowed.html:
+ * http/tests/security/contentSecurityPolicy/1.1/form-action-src-blocked-expected.txt:
+ * http/tests/security/contentSecurityPolicy/1.1/form-action-src-blocked.html:
+ * http/tests/security/contentSecurityPolicy/1.1/form-action-src-default-ignored.html:
+ * http/tests/security/contentSecurityPolicy/1.1/form-action-src-get-allowed.html:
+ * http/tests/security/contentSecurityPolicy/1.1/form-action-src-get-blocked-expected.txt:
+ * http/tests/security/contentSecurityPolicy/1.1/form-action-src-get-blocked.html:
+ * http/tests/security/contentSecurityPolicy/1.1/form-action-src-_javascript_-blocked-expected.txt:
+ * http/tests/security/contentSecurityPolicy/1.1/form-action-src-_javascript_-blocked.html:
+ * http/tests/security/contentSecurityPolicy/1.1/form-action-src-redirect-blocked-expected.txt:
+ * http/tests/security/contentSecurityPolicy/1.1/form-action-src-redirect-blocked.html:
+
+
+ git-svn-id: https://svn.webkit.org/repository/webkit/trunk@259880 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+ 2020-04-10 Keith Miller <keith_mil...@apple.com>
+
+ Fix failing legacy CSP tests by converting them to modern tests instead.
+ https://bugs.webkit.org/show_bug.cgi?id=210310
+
+ Reviewed by Daniel Bates.
+
+ Convert these tests from verifying the (now removed) X-WebKit-CSP
+ header to the modern Content-Security-Policy header. Since we
+ don't have equivalent tests for the modern CSP header and it's not
+ very useful to have tons of tests for a feature we no longer
+ support.
+
+ * http/tests/security/contentSecurityPolicy/1.1/form-action-src-allowed.html:
+ * http/tests/security/contentSecurityPolicy/1.1/form-action-src-blocked-expected.txt:
+ * http/tests/security/contentSecurityPolicy/1.1/form-action-src-blocked.html:
+ * http/tests/security/contentSecurityPolicy/1.1/form-action-src-default-ignored.html:
+ * http/tests/security/contentSecurityPolicy/1.1/form-action-src-get-allowed.html:
+ * http/tests/security/contentSecurityPolicy/1.1/form-action-src-get-blocked-expected.txt:
+ * http/tests/security/contentSecurityPolicy/1.1/form-action-src-get-blocked.html:
+ * http/tests/security/contentSecurityPolicy/1.1/form-action-src-_javascript_-blocked-expected.txt:
+ * http/tests/security/contentSecurityPolicy/1.1/form-action-src-_javascript_-blocked.html:
+ * http/tests/security/contentSecurityPolicy/1.1/form-action-src-redirect-blocked-expected.txt:
+ * http/tests/security/contentSecurityPolicy/1.1/form-action-src-redirect-blocked.html:
+
+2020-04-28 Ryan Haddad <ryanhad...@apple.com>
+
Unreviewed, land test expectations for rdar://62268126
* TestExpectations:
Modified: branches/safari-609-branch/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/form-action-src-allowed.html (260874 => 260875)
--- branches/safari-609-branch/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/form-action-src-allowed.html 2020-04-29 05:56:54 UTC (rev 260874)
+++ branches/safari-609-branch/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/form-action-src-allowed.html 2020-04-29 06:04:31 UTC (rev 260875)
@@ -1,7 +1,7 @@
<!DOCTYPE html>
<html>
<head>
-<meta http-equiv="X-WebKit-CSP" content="form-action 'self'">
+<meta http-equiv="Content-Security-Policy" content="form-action 'self'">
<script>
if (window.testRunner) {
testRunner.dumpAsText();
Modified: branches/safari-609-branch/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/form-action-src-blocked-expected.txt (260874 => 260875)
--- branches/safari-609-branch/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/form-action-src-blocked-expected.txt 2020-04-29 05:56:54 UTC (rev 260874)
+++ branches/safari-609-branch/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/form-action-src-blocked-expected.txt 2020-04-29 06:04:31 UTC (rev 260875)
@@ -1,10 +1,7 @@
-This page was requested with the HTTP method POST.
+CONSOLE MESSAGE: Refused to load http://127.0.0.1:8000/navigation/resources/form-target.pl because it does not appear in the form-action directive of the Content Security Policy.
+
+Tests that blocking form actions works correctly. If this test passes, you will see a console error, and will not see a page indicating a form was POSTed.
-Parameters:
-
-fieldname = fieldvalue
-
============== Back Forward List ==============
- http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/form-action-src-blocked.html **nav target**
-curr-> http://127.0.0.1:8000/navigation/resources/form-target.pl **nav target**
+curr-> http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/form-action-src-blocked.html **nav target**
===============================================
Modified: branches/safari-609-branch/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/form-action-src-blocked.html (260874 => 260875)
--- branches/safari-609-branch/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/form-action-src-blocked.html 2020-04-29 05:56:54 UTC (rev 260874)
+++ branches/safari-609-branch/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/form-action-src-blocked.html 2020-04-29 06:04:31 UTC (rev 260875)
@@ -1,7 +1,7 @@
<!DOCTYPE html>
<html>
<head>
-<meta http-equiv="X-WebKit-CSP" content="form-action 'none'">
+<meta http-equiv="Content-Security-Policy" content="form-action 'none'">
<script>
if (window.testRunner) {
testRunner.dumpAsText();
@@ -27,8 +27,6 @@
<p>
Tests that blocking form actions works correctly. If this test passes, you will see a console error, and will not see a page indicating a form was POSTed.
-
- Update: Since we no longer support X-WebKit-CSP all the form should be submitted.
</p>
</body>
</html>
Modified: branches/safari-609-branch/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/form-action-src-default-ignored.html (260874 => 260875)
--- branches/safari-609-branch/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/form-action-src-default-ignored.html 2020-04-29 05:56:54 UTC (rev 260874)
+++ branches/safari-609-branch/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/form-action-src-default-ignored.html 2020-04-29 06:04:31 UTC (rev 260875)
@@ -1,7 +1,7 @@
<!DOCTYPE html>
<html>
<head>
-<meta http-equiv="X-WebKit-CSP" content="default-src 'none'; script-src 'unsafe-inline'">
+<meta http-equiv="Content-Security-Policy" content="default-src 'none'; script-src 'unsafe-inline'">
<script>
if (window.testRunner) {
testRunner.dumpAsText();
Modified: branches/safari-609-branch/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/form-action-src-get-allowed.html (260874 => 260875)
--- branches/safari-609-branch/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/form-action-src-get-allowed.html 2020-04-29 05:56:54 UTC (rev 260874)
+++ branches/safari-609-branch/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/form-action-src-get-allowed.html 2020-04-29 06:04:31 UTC (rev 260875)
@@ -1,7 +1,7 @@
<!DOCTYPE html>
<html>
<head>
-<meta http-equiv="X-WebKit-CSP" content="form-action 'self'">
+<meta http-equiv="Content-Security-Policy" content="form-action 'self'">
<script>
if (window.testRunner) {
testRunner.dumpAsText();
Modified: branches/safari-609-branch/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/form-action-src-get-blocked-expected.txt (260874 => 260875)
--- branches/safari-609-branch/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/form-action-src-get-blocked-expected.txt 2020-04-29 05:56:54 UTC (rev 260874)
+++ branches/safari-609-branch/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/form-action-src-get-blocked-expected.txt 2020-04-29 06:04:31 UTC (rev 260875)
@@ -1,9 +1,7 @@
-This page was requested with the HTTP method GET.
+CONSOLE MESSAGE: Refused to load http://127.0.0.1:8000/navigation/resources/form-target.pl?fieldname=fieldvalue because it does not appear in the form-action directive of the Content Security Policy.
+
+Tests that blocking form actions works correctly. If this test passes, you will see a console error, and will not see a page indicating a form was POSTed.
-Parameters:
-
-fieldname = fieldvalue
-
============== Back Forward List ==============
-curr-> http://127.0.0.1:8000/navigation/resources/form-target.pl?fieldname=fieldvalue **nav target**
+curr-> http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/form-action-src-get-blocked.html **nav target**
===============================================
Modified: branches/safari-609-branch/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/form-action-src-get-blocked.html (260874 => 260875)
--- branches/safari-609-branch/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/form-action-src-get-blocked.html 2020-04-29 05:56:54 UTC (rev 260874)
+++ branches/safari-609-branch/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/form-action-src-get-blocked.html 2020-04-29 06:04:31 UTC (rev 260875)
@@ -1,7 +1,7 @@
<!DOCTYPE html>
<html>
<head>
-<meta http-equiv="X-WebKit-CSP" content="form-action 'none'">
+<meta http-equiv="Content-Security-Policy" content="form-action 'none'">
<script>
if (window.testRunner) {
testRunner.dumpAsText();
@@ -25,8 +25,6 @@
<p>
Tests that blocking form actions works correctly. If this test passes, you will see a console error, and will not see a page indicating a form was POSTed.
-
- Update: Since we no longer support X-WebKit-CSP the form should be submitted.
</p>
</body>
</html>
Modified: branches/safari-609-branch/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/form-action-src-_javascript_-blocked-expected.txt (260874 => 260875)
--- branches/safari-609-branch/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/form-action-src-_javascript_-blocked-expected.txt 2020-04-29 05:56:54 UTC (rev 260874)
+++ branches/safari-609-branch/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/form-action-src-_javascript_-blocked-expected.txt 2020-04-29 06:04:31 UTC (rev 260875)
@@ -1,6 +1,6 @@
-ALERT: RAN CODE CORRECTLY!
+CONSOLE MESSAGE: Refused to load _javascript_:alert("RAN CODE INCORRECTLY!") because it does not appear in the form-action directive of the Content Security Policy.
-Tests that blocking form actions works correctly. If this test passes, you will see a console error, and will not see a _javascript_ alert. Update: Since we no longer support X-WebKit-CSP the form should be submitted.
+Tests that blocking form actions works correctly. If this test passes, you will see a console error, and will not see a _javascript_ alert.
============== Back Forward List ==============
curr-> http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/form-action-src-_javascript_-blocked.html **nav target**
Modified: branches/safari-609-branch/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/form-action-src-_javascript_-blocked.html (260874 => 260875)
--- branches/safari-609-branch/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/form-action-src-_javascript_-blocked.html 2020-04-29 05:56:54 UTC (rev 260874)
+++ branches/safari-609-branch/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/form-action-src-_javascript_-blocked.html 2020-04-29 06:04:31 UTC (rev 260875)
@@ -1,7 +1,7 @@
<!DOCTYPE html>
<html>
<head>
-<meta http-equiv="X-WebKit-CSP" content="form-action 'none'">
+<meta http-equiv="Content-Security-Policy" content="form-action 'none'">
<script>
if (window.testRunner) {
testRunner.dumpAsText();
@@ -20,7 +20,7 @@
</script>
</head>
<body>
- <form action='' id='theform' method='post'>
+ <form action='' id='theform' method='post'>
<input type='text' name='fieldname' value='fieldvalue'>
<input type='submit' id='submit' value='submit'>
</form>
@@ -27,8 +27,6 @@
<p>
Tests that blocking form actions works correctly. If this test passes, you will see a console error, and will not see a _javascript_ alert.
-
- Update: Since we no longer support X-WebKit-CSP the form should be submitted.
</p>
</body>
</html>
Modified: branches/safari-609-branch/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/form-action-src-redirect-blocked-expected.txt (260874 => 260875)
--- branches/safari-609-branch/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/form-action-src-redirect-blocked-expected.txt 2020-04-29 05:56:54 UTC (rev 260874)
+++ branches/safari-609-branch/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/form-action-src-redirect-blocked-expected.txt 2020-04-29 06:04:31 UTC (rev 260875)
@@ -1,5 +1,3 @@
-This page was requested with the HTTP method GET.
-
-Parameters:
-
-
+CONSOLE MESSAGE: Refused to load http://localhost:8000/navigation/resources/form-target.pl because it does not appear in the form-action directive of the Content Security Policy.
+
+Tests that blocking form redirect works correctly. If this test passes, you will see a console error, and will not see a page indicating a form was POSTed.
Modified: branches/safari-609-branch/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/form-action-src-redirect-blocked.html (260874 => 260875)
--- branches/safari-609-branch/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/form-action-src-redirect-blocked.html 2020-04-29 05:56:54 UTC (rev 260874)
+++ branches/safari-609-branch/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/form-action-src-redirect-blocked.html 2020-04-29 06:04:31 UTC (rev 260875)
@@ -1,13 +1,11 @@
<!DOCTYPE html>
<html>
<head>
-<meta http-equiv="X-WebKit-CSP" content="form-action 127.0.0.1:8000">
+<meta http-equiv="Content-Security-Policy" content="form-action 127.0.0.1:8000">
<script>
if (window.testRunner) {
testRunner.dumpAsText();
testRunner.waitUntilDone();
- testRunner.clearBackForwardList();
- testRunner.dumpBackForwardList();
}
window.addEventListener('load', function() {
setTimeout(function() {
@@ -27,8 +25,6 @@
<p>
Tests that blocking form redirect works correctly. If this test passes, you will see a console error, and will not see a page indicating a form was POSTed.
-
- Update: Since we no longer support X-WebKit-CSP the form should be submitted.
</p>
</body>
</html>