Closed Bug 1752126 Opened 3 years ago Closed 3 years ago

[wpt-sync] Sync PR 32554 - Revert "Fix wrong expectations for a test in wpt/cors"

Categories

(Core :: DOM: Security, task, P4)

Product:
Core
Component:
DOM: Security
Type:
task

Tracking

()

Status:
RESOLVED FIXED
Milestone:
99 Branch
Tracking Flags:
Tracking Status
firefox99 --- fixed

People

(Reporter: mozilla.org, Unassigned)

References

(Depends on 1 open bug,
URL
)

Details

(Whiteboard: [wptsync downstream][domsecurity-backlog])

Sync web-platform-tests PR 32554 into mozilla-central (this bug is closed when the sync is complete).

PR: https://github.com/web-platform-tests/wpt/pull/32554
Details from upstream follow.

Ryo Ogawa <negibokken@gmail.com> wrote:

Revert "Fix wrong expectations for a test in wpt/cors"

This reverts commit 8bb11414e09852b645122825d2eecdb2734db54a.

Revert this commit because the commit follows the wrong algorithm. The
list of Access Control Expose Headers is set by extracting header values
algorithm [1] rather than the algorithm to get parsing structured field
value [2]. The algorithm [1] says follow HTTP ABNF to parse field
values for Access Control Expose Headers. The ABNF of Access Control
Expose Header is defined as follows in the Fetch Standard [3].

Access-Control-Expose-Headers = #field-name

The #rule is described in [4], it says the # is a rule for a list and
the parsing algorithm should accept the empty list elements for
compatibility with the legacy system.

For compatibility with legacy list rules, a recipient MUST parse and
ignore a reasonable number of empty list elements: enough to handle
common mistakes by senders that merge values, but not so much that
they could be used as a denial-of-service mechanism. In other words, a
recipient MUST accept lists that satisfy the following syntax:

#element => [ ( "," / element ) *( OWS "," [ OWS element ] ) ]

1#element => *( "," OWS ) element *( OWS "," [ OWS element ] )

So the expected value is true and the parsing algorithm must accept and
ignore the empty elements.

[1] https://fetch.spec.whatwg.org/#concept-response-cors-exposed-header-name-list
[2] https://fetch.spec.whatwg.org/#concept-header-list-get-structured-header
[3] https://fetch.spec.whatwg.org/#http-new-header-syntax
[4] https://datatracker.ietf.org/doc/html/rfc7230#section-7

Bug: 978146
Change-Id: Icf2630e72dde920246f999ed6c987e25aeb482bc

Reviewed-on: https://chromium-review.googlesource.com/3411091
WPT-Export-Revision: c00a14c65eca8fbb0912c478adbff7bcaba6b674

Component: web-platform-tests → DOM: Security
Product: Testing → Core
Whiteboard: [wptsync downstream] → [wptsync downstream][domsecurity-backlog]
Whiteboard: [wptsync downstream][domsecurity-backlog] → [wptsync downstream]

CI Results

Ran 0 Firefox configurations based on mozilla-central, and Firefox, Chrome, and Safari on GitHub CI

Total 1 tests and 16 subtests

Status Summary

Firefox

OK : 1
PASS: 16

Chrome

OK : 1
PASS: 14
FAIL: 2

Safari

OK : 1
PASS: 16

Links

GitHub PR Head
GitHub PR Base

Whiteboard: [wptsync downstream] → [wptsync downstream][domsecurity-backlog]
Pushed by wptsync@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/9a2aafd0d334 [wpt PR 32554] - Revert "Fix wrong expectations for a test in wpt/cors", a=testonly
Pushed by wptsync@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/c1d64675b368 [wpt PR 32554] - Revert "Fix wrong expectations for a test in wpt/cors", a=testonly

https://hg.mozilla.org/mozilla-central/rev/c1d64675b368

Status: NEW → RESOLVED
Closed: 3 years ago
status-firefox99: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 99 Branch
You need to log in before you can comment on or make changes to this bug.