Diff
Modified: trunk/LayoutTests/ChangeLog (286762 => 286763)
--- trunk/LayoutTests/ChangeLog 2021-12-09 05:27:01 UTC (rev 286762)
+++ trunk/LayoutTests/ChangeLog 2021-12-09 06:34:52 UTC (rev 286763)
@@ -1,3 +1,15 @@
+2021-12-08 Patrick Griffis <pgrif...@igalia.com>
+
+ CSP: Skip whitespace at beginning of policy header
+ https://bugs.webkit.org/show_bug.cgi?id=233951
+
+ Reviewed by Kate Cheney.
+
+ No longer skip a test and update results to not have leading whitespace.
+
+ * TestExpectations:
+ * http/tests/security/contentSecurityPolicy/1.1/script-blocked-sends-multiple-reports-expected.txt:
+
2021-12-08 Arcady Goldmints-Orlov <agoldmi...@igalia.com>
[WPE] Update test baselines after r284521. Unreviewed test gardening.
Modified: trunk/LayoutTests/TestExpectations (286762 => 286763)
--- trunk/LayoutTests/TestExpectations 2021-12-09 05:27:01 UTC (rev 286762)
+++ trunk/LayoutTests/TestExpectations 2021-12-09 06:34:52 UTC (rev 286763)
@@ -980,7 +980,6 @@
imported/w3c/web-platform-tests/content-security-policy/securitypolicyviolation/targeting.html [ Skip ]
imported/w3c/web-platform-tests/content-security-policy/frame-src/frame-src-cross-origin-load.sub.html [ Skip ]
imported/w3c/web-platform-tests/content-security-policy/generic/304-response-should-update-csp.sub.html [ Skip ]
-imported/w3c/web-platform-tests/content-security-policy/script-src/script-src-strict_dynamic_double_policy_honor_source_expressions.sub.html [ Skip ]
imported/w3c/web-platform-tests/content-security-policy/unsafe-hashes/_javascript__src_allowed-href_blank.html [ Skip ]
# FIXME: Skip Content Security Policy tests whose output is non-deterministic
Modified: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/script-blocked-sends-multiple-reports-expected.txt (286762 => 286763)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/script-blocked-sends-multiple-reports-expected.txt 2021-12-09 05:27:01 UTC (rev 286762)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/script-blocked-sends-multiple-reports-expected.txt 2021-12-09 06:34:52 UTC (rev 286763)
@@ -37,4 +37,4 @@
REQUEST_METHOD: POST
REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.py?test=script-blocked-sends-multiple-reports-enforced-2
=== POST DATA =""
-{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/script-blocked-sends-multiple-reports.py","referrer":"","violated-directive":"script-src-elem","effective-directive":"script-src","original-policy":" script-src http://127.0.0.1:8000 https://127.0.0.1:8443 'unsafe-inline'; report-uri ../resources/save-report.py?test=script-blocked-sends-multiple-reports-enforced-2","blocked-uri":"http://localhost:8000/security/contentSecurityPolicy/resources/alert-fail.js","status-code":200}}
+{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/script-blocked-sends-multiple-reports.py","referrer":"","violated-directive":"script-src-elem","effective-directive":"script-src","original-policy":"script-src http://127.0.0.1:8000 https://127.0.0.1:8443 'unsafe-inline'; report-uri ../resources/save-report.py?test=script-blocked-sends-multiple-reports-enforced-2","blocked-uri":"http://localhost:8000/security/contentSecurityPolicy/resources/alert-fail.js","status-code":200}}
Modified: trunk/LayoutTests/imported/w3c/ChangeLog (286762 => 286763)
--- trunk/LayoutTests/imported/w3c/ChangeLog 2021-12-09 05:27:01 UTC (rev 286762)
+++ trunk/LayoutTests/imported/w3c/ChangeLog 2021-12-09 06:34:52 UTC (rev 286763)
@@ -1,3 +1,14 @@
+2021-12-08 Patrick Griffis <pgrif...@igalia.com>
+
+ CSP: Skip whitespace at beginning of policy header
+ https://bugs.webkit.org/show_bug.cgi?id=233951
+
+ Reviewed by Kate Cheney.
+
+ Update expectations as passing.
+
+ * web-platform-tests/content-security-policy/script-src/script-src-strict_dynamic_double_policy_honor_source_expressions.sub-expected.txt:
+
2021-12-08 Antti Koivisto <an...@apple.com>
[CSS Cascade Layers] CSSImportRule.cssText doesn't include layer parameter
Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/content-security-policy/script-src/script-src-strict_dynamic_double_policy_honor_source_expressions.sub-expected.txt (286762 => 286763)
--- trunk/LayoutTests/imported/w3c/web-platform-tests/content-security-policy/script-src/script-src-strict_dynamic_double_policy_honor_source_expressions.sub-expected.txt 2021-12-09 05:27:01 UTC (rev 286762)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/content-security-policy/script-src/script-src-strict_dynamic_double_policy_honor_source_expressions.sub-expected.txt 2021-12-09 06:34:52 UTC (rev 286763)
@@ -1,8 +1,6 @@
Source expressions in a separate policy are honored with `strict-dynamic` in the script-src directive.
-Harness Error (TIMEOUT), message = null
-
PASS Script injected via `appendChild` is permitted with `strict-dynamic` + a nonce+allowed double policy.
-TIMEOUT Non-allowed script injected via `appendChild` is not permitted with `strict-dynamic` + a nonce+allowed double policy. Test timed out
+PASS Non-allowed script injected via `appendChild` is not permitted with `strict-dynamic` + a nonce+allowed double policy.
Modified: trunk/Source/WebCore/ChangeLog (286762 => 286763)
--- trunk/Source/WebCore/ChangeLog 2021-12-09 05:27:01 UTC (rev 286762)
+++ trunk/Source/WebCore/ChangeLog 2021-12-09 06:34:52 UTC (rev 286763)
@@ -1,3 +1,16 @@
+2021-12-08 Patrick Griffis <pgrif...@igalia.com>
+
+ CSP: Skip whitespace at beginning of policy header
+ https://bugs.webkit.org/show_bug.cgi?id=233951
+
+ Reviewed by Kate Cheney.
+
+ This should have no practical effect but it fixes matching
+ the originalPolicy property in WPT results.
+
+ * page/csp/ContentSecurityPolicy.cpp:
+ (WebCore::ContentSecurityPolicy::didReceiveHeader):
+
2021-12-08 Megan Gardner <megan_gard...@apple.com>
Show correct content menu for images services chevron.
Modified: trunk/Source/WebCore/page/csp/ContentSecurityPolicy.cpp (286762 => 286763)
--- trunk/Source/WebCore/page/csp/ContentSecurityPolicy.cpp 2021-12-09 05:27:01 UTC (rev 286762)
+++ trunk/Source/WebCore/page/csp/ContentSecurityPolicy.cpp 2021-12-09 06:34:52 UTC (rev 286763)
@@ -204,8 +204,9 @@
// be combined with a comma. Walk the header string, and parse each comma
// separated chunk as a separate header.
readCharactersForParsing(header, [&](auto buffer) {
+ skipWhile<isASCIISpace>(buffer);
auto begin = buffer.position();
-
+
while (buffer.hasCharactersRemaining()) {
skipUntil(buffer, ',');