Bug 223079

<rdar://problem/75323779>

Created attachment 422953 [details]
Patch

Comment on attachment 422953 [details]
Patch

This was part of a batch of the http/tests/security php files that had issues with the Python conversion and should not have been included in part 1 of 2 for the security directory. Reverted test back to reference the PHP version. This will be converted in part 2.

Comment on attachment 422953 [details]
Patch

No reason to keep the bots red this weekend, cq+ing as well

Committed r274392: <https://commits.webkit.org/r274392>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 422953 [details].

It looks like the changes in https://trac.webkit.org/changeset/274392/webkit

broke http/tests/security/contentSecurityPolicy/report-only-from-header.py

History:
https://results.webkit.org/?suite=layout-tests&test=http%2Ftests%2Fsecurity%2FcontentSecurityPolicy%2Freport-only-from-header.py

this is a fairly clear regression in history

This seems to point to the problem: 'Refused to connect to http://localhost:8000/security/contentSecurityPolicy/resources/echo-report.php because it does not appear in the connect-src directive of the Content Security Policy'

Reopening to attach new patch.

Created attachment 423530 [details]
Patch

Comment on attachment 423530 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=423530&action=review

> LayoutTests/http/tests/security/contentSecurityPolicy/connect-src-xmlhttprequest-redirect-to-blocked-expected.txt:1
> +CONSOLE MESSAGE: Refused to connect to http://localhost:8000/security/contentSecurityPolicy/resources/xhr-redirect-not-allowed.py because it does not appear in the connect-src directive of the Content Security Policy.

Starting process of conversion of pearl files in this patch.

> LayoutTests/http/tests/security/contentSecurityPolicy/report-document-uri-after-blocked-redirect-expected.txt:1
> +CONSOLE MESSAGE: Refused to connect to http://localhost:8000/security/contentSecurityPolicy/resources/xhr-redirect-not-allowed.py because it does not appear in the connect-src directive of the Content Security Policy.

Starting process of conversion of pearl files in this patch.

> LayoutTests/http/tests/security/contentSecurityPolicy/report-document-uri-after-blocked-redirect.html:24
> +            xhr.open("GET", "resources/redir.php?url=http://localhost:8000/security/contentSecurityPolicy/resources/xhr-redirect-not-allowed.py", true);

Starting process of conversion of pearl files in this patch.

> LayoutTests/http/tests/security/contentSecurityPolicy/user-style-sheet-font-crasher-expected.txt:2
> +Blocked access to external URL https://webkit.org/report

Python automatically switched to https above http so changed the url & expectations

> LayoutTests/http/tests/security/contentSecurityPolicy/user-style-sheet-font-crasher.py:6
> +    'Content-Security-Policy: font-src https://webkit.org; report-uri https://webkit.org/report;\r\n'

Python automatically switched to https above http so changed the url & expectations

> LayoutTests/http/tests/security/contentSecurityPolicy/resources/go-to-echo-report.py:10
> +    'Content-Type: text/html\r\n\r\n'

When running cURL requests, PHP was returning text/html Content-Type, not application/javascript

> LayoutTests/http/tests/security/contentSecurityPolicy/resources/worker-importScript-redirect-cross-origin-allowed.py:8
> +    'Content-Type: text/html\r\n\r\n'

When running cURL requests, PHP was returning text/html Content-Type, not application/javascript

> LayoutTests/http/tests/security/contentSecurityPolicy/resources/worker-importScript-redirect-cross-origin-blocked.py:8
> +    'Content-Type: text/html\r\n\r\n'

When running cURL requests, PHP was returning text/html Content-Type, not application/javascript

> LayoutTests/http/tests/security/contentSecurityPolicy/resources/worker-xhr-allowed.py:8
> +    'Content-Type: text/html\r\n\r\n'

When running cURL requests, PHP was returning text/html Content-Type, not application/javascript

> LayoutTests/http/tests/security/contentSecurityPolicy/resources/worker-xhr-redirect-cross-origin-allowed.py:7
> +    'Content-Type: text/html\r\n\r\n'

When running cURL requests, PHP was returning text/html Content-Type, not application/javascript

> LayoutTests/http/tests/security/contentSecurityPolicy/resources/worker-xhr-redirect-cross-origin-blocked.py:8
> +    'Content-Type: text/html\r\n\r\n'

When running cURL requests, PHP was returning text/html Content-Type, not application/javascript

> LayoutTests/http/tests/security/contentSecurityPolicy/resources/xhr-redirect-not-allowed.py:1
> +#!/usr/bin/env python3

Starting process of conversion of pearl files in this patch.

Comment on attachment 423530 [details]
Patch

Looks good, let's wait until EWS is happy

Created attachment 423548 [details]
Patch

Created attachment 423604 [details]
Patch

Comment on attachment 423604 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=423604&action=review

> LayoutTests/ChangeLog:1
> +2021-03-18  Chris Gambrell  <cgambrell@apple.com>

http/tests/security/contentSecurityPolicy/user-style-sheet-font-crasher-expected.txt got updated to match the original PHP version. Changed the version of http/tests/security/contentSecurityPolicy/user-style-sheet-font-crasher.py to match the PHP version.

Committed r274671: <https://commits.webkit.org/r274671>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 423604 [details].