| Summary: | CSP does not apply to AudioWorklets | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Product: | WebKit | Reporter: | Sam Sneddon [:gsnedders] <gsnedders> | ||||||||||
| Component: | Media | Assignee: | Chris Dumez <cdumez> | ||||||||||
| Status: | RESOLVED FIXED | ||||||||||||
| Severity: | Normal | CC: | achristensen, bfulgham, cdumez, darin, eric.carlson, ews-watchlist, ggaren, glenn, jer.noble, mkwst, peng.liu6, philipj, sergio, tsavell, webkit-bug-importer, youennf | ||||||||||
| Priority: | P2 | Keywords: | InRadar | ||||||||||
| Version: | WebKit Nightly Build | ||||||||||||
| Hardware: | Unspecified | ||||||||||||
| OS: | Unspecified | ||||||||||||
| Attachments: |
|
||||||||||||
|
Description
Sam Sneddon [:gsnedders]
2021-05-17 03:14:17 PDT
Created attachment 429681 [details]
WIP Patch
(In reply to Sam Sneddon [:gsnedders] from comment #0) > c.f.: > > https://wpt.fyi/results/content-security-policy/gen/top.http-rp/script-src- > self/worklet-audio.https.html > https://wpt.fyi/results/content-security-policy/gen/top.http-rp/script-src- > self/worklet-audio-import-data.https.html > https://wpt.fyi/results/content-security-policy/gen/top.http-rp/script-src- > wildcard/worklet-audio-import-data.https.html > > These all seem to be doing much worse than the related Worker tests. Sadly the tests in questions are not part of our test suite yet. Created attachment 429696 [details]
WIP Patch
Created attachment 429700 [details]
Patch
Created attachment 429703 [details]
Patch
Committed r278068 (238147@main): <https://commits.webkit.org/238147@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 429703 [details]. Looks like the new tests added in https://trac.webkit.org/changeset/278068/webkit http/tests/security/contentSecurityPolicy/audioworklet-script-src-blocked.html http/tests/security/contentSecurityPolicy/audioworklet-script-src-allowed.html are constant timeouts on windows. history: https://results.webkit.org/?suite=layout-tests&suite=layout-tests&test=http%2Ftests%2Fsecurity%2FcontentSecurityPolicy%2Faudioworklet-script-src-allowed.html&test=http%2Ftests%2Fsecurity%2FcontentSecurityPolicy%2Faudioworklet-script-src-blocked.html (In reply to Truitt Savell from comment #8) > Looks like the new tests added in > https://trac.webkit.org/changeset/278068/webkit > > http/tests/security/contentSecurityPolicy/audioworklet-script-src-blocked. > html > http/tests/security/contentSecurityPolicy/audioworklet-script-src-allowed. > html > > are constant timeouts on windows. > history: > https://results.webkit.org/?suite=layout-tests&suite=layout- > tests&test=http%2Ftests%2Fsecurity%2FcontentSecurityPolicy%2Faudioworklet- > script-src-allowed. > html&test=http%2Ftests%2Fsecurity%2FcontentSecurityPolicy%2Faudioworklet- > script-src-blocked.html OH, Windows doesn't have WebAudio. We need to skip the tests there with the other WebAudio tests. (In reply to Chris Dumez from comment #9) > (In reply to Truitt Savell from comment #8) > > Looks like the new tests added in > > https://trac.webkit.org/changeset/278068/webkit > > > > http/tests/security/contentSecurityPolicy/audioworklet-script-src-blocked. > > html > > http/tests/security/contentSecurityPolicy/audioworklet-script-src-allowed. > > html > > > > are constant timeouts on windows. > > history: > > https://results.webkit.org/?suite=layout-tests&suite=layout- > > tests&test=http%2Ftests%2Fsecurity%2FcontentSecurityPolicy%2Faudioworklet- > > script-src-allowed. > > html&test=http%2Ftests%2Fsecurity%2FcontentSecurityPolicy%2Faudioworklet- > > script-src-blocked.html > > OH, Windows doesn't have WebAudio. We need to skip the tests there with the > other WebAudio tests. <https://commits.webkit.org/r278122> |