content-security-policy/frame-src/frame-src-redirect.html is expected TIMEOUT
Categories
(Core :: DOM: Security, defect, P2)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox78 | --- | fixed |
People
(Reporter: jmaher, Assigned: ckerschb)
References
Details
(Whiteboard: [domsecurity-active])
Attachments
(1 file, 1 obsolete file)
|
(deleted),
text/x-phabricator-request
|
Details |
In going through the WPT tests that are expected TIMEOUT, I have been filing bugs and found this test.
I see this in the devtools console:
Content Security Policy: This site (http://web-platform.test:8000) has a Report-Only policy without a report URI. CSP will not block and cannot report violations of this policy.
Content Security Policy: This site (http://web-platform.test:8000) has a Report-Only policy without a report URI. CSP will not block and cannot report violations of this policy.
The character encoding of the HTML document was not declared. The document will render with garbled text in some browser configurations if the document contains characters from outside the US-ASCII range. The character encoding of the page must be declared in the document or in the transfer protocol. frame-src-redirect.html
Content Security Policy: The page’s settings observed the loading of a resource at http://web-platform.test:8000/common/redirect.py?location=ht…2Fcontent-security-policy%2Fframe-src%2Fsupport%2Fframe.html (“frame-src”). A CSP report is being sent. frame-src-redirect.html:32:20
Content Security Policy: This site (http://web-platform.test:8000) has a Report-Only policy without a report URI. CSP will not block and cannot report violations of this policy. 3
Content Security Policy: The page’s settings blocked the loading of a resource at http://xn--n8j6ds53lwwkrqhv28a.web-platform.test:8000/content-security-policy/frame-src/support/frame.html (“frame-src”).
Content Security Policy: The page’s settings observed the loading of a resource at http://xn--n8j6ds53lwwkrqhv28a.web-platform.test:8000/content-security-policy/frame-src/support/frame.html (“frame-src”). A CSP report is being sent.
Content Security Policy: The page’s settings blocked the loading of a resource at http://xn--n8j6ds53lwwkrqhv28a.web-platform.test:8000/content-security-policy/frame-src/support/frame.html (“frame-src”).
Content Security Policy: The page’s settings observed the loading of a resource at http://xn--n8j6ds53lwwkrqhv28a.web-platform.test:8000/content-security-policy/frame-src/support/frame.html (“frame-src”). A CSP report is being sent.
we should figure out if this test is testing the right things and if there is anything to change in firefox.
|
||
Comment 1•5 years ago
|
||
I looked at this briefly last night, and afaict we aren't getting securitypolicyviolation events for the things we block (or the test isn't recieving them). This test does pass in Chrome so it's not just totally broken.
|
Reporter | |
Comment 2•5 years ago
|
||
:jgraham, what are the next steps here? do you have work to do to verify if this is a test/harness issue? is this an issue product should own?
|
|
Reporter | |
Comment 4•5 years ago
|
||
:ckerschb, can you get this in the queue to figure out if the test is ok/supported/needswork/etc. ?
|
Assignee | |
Updated•5 years ago
|
|
|
Assignee | |
Comment 5•5 years ago
|
||
|
||
Updated•4 years ago
|
|
|
Assignee | |
Comment 6•4 years ago
|
||
|
||
Comment 7•4 years ago
|
||
The severity field is not set for this bug.
:ckerschb, could you have a look please?
For more information, please visit auto_nag documentation.
|
|
Assignee | |
Updated•4 years ago
|
|
|
||
Comment 9•4 years ago
|
||
The severity field is not set for this bug.
:ckerschb, could you have a look please?
For more information, please visit auto_nag documentation.
|
|
Assignee | |
Updated•4 years ago
|
|
||
Comment 10•4 years ago
|
||
| bugherder | ||
|
||
Updated•4 years ago
|
Description
•