Bug 225862

Summary:

CSP does not apply to AudioWorklets

Product:

WebKit

Reporter:

Sam Sneddon [:gsnedders] <gsnedders>

Component:

Media

Assignee:

Chris Dumez <cdumez>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

achristensen, bfulgham, cdumez, darin, eric.carlson, ews-watchlist, ggaren, glenn, jer.noble, mkwst, peng.liu6, philipj, sergio, tsavell, webkit-bug-importer, youennf

Priority:

Keywords:

InRadar

Version:

WebKit Nightly Build

Hardware:

Unspecified

OS:

Unspecified

Attachments:

Description	Flags
WIP Patch	none
WIP Patch	none
Patch	none
Patch	none

Sam Sneddon [:gsnedders]

Reported 2021-05-17 03:14:17 PDT

c.f.: https://wpt.fyi/results/content-security-policy/gen/top.http-rp/script-src-self/worklet-audio.https.html https://wpt.fyi/results/content-security-policy/gen/top.http-rp/script-src-self/worklet-audio-import-data.https.html https://wpt.fyi/results/content-security-policy/gen/top.http-rp/script-src-wildcard/worklet-audio-import-data.https.html These all seem to be doing much worse than the related Worker tests.

Attachments
WIP Patch (5.53 KB, patch) 2021-05-25 12:52 PDT, Chris Dumez	no flags	Details Formatted Diff Diff
WIP Patch (791 bytes, patch) 2021-05-25 14:56 PDT, Chris Dumez	no flags	Details Formatted Diff Diff
Patch (7.34 KB, patch) 2021-05-25 15:34 PDT, Chris Dumez	no flags	Details Formatted Diff Diff
Patch (10.84 KB, patch) 2021-05-25 15:42 PDT, Chris Dumez	no flags	Details Formatted Diff Diff
Show Obsolete (3) View All Add attachment proposed patch, testcase, etc.

Radar WebKit Bug Importer

Comment 1 2021-05-17 03:15:36 PDT

<rdar://problem/78098440>

Chris Dumez

Comment 2 2021-05-25 12:52:18 PDT

Created attachment 429681 [details] WIP Patch

Chris Dumez

Comment 3 2021-05-25 12:57:51 PDT

(In reply to Sam Sneddon [:gsnedders] from comment #0) > c.f.: > > https://wpt.fyi/results/content-security-policy/gen/top.http-rp/script-src- > self/worklet-audio.https.html > https://wpt.fyi/results/content-security-policy/gen/top.http-rp/script-src- > self/worklet-audio-import-data.https.html > https://wpt.fyi/results/content-security-policy/gen/top.http-rp/script-src- > wildcard/worklet-audio-import-data.https.html > > These all seem to be doing much worse than the related Worker tests. Sadly the tests in questions are not part of our test suite yet.

Chris Dumez

Comment 4 2021-05-25 14:56:37 PDT

Created attachment 429696 [details] WIP Patch

Chris Dumez

Comment 5 2021-05-25 15:34:52 PDT

Created attachment 429700 [details] Patch

Chris Dumez

Comment 6 2021-05-25 15:42:56 PDT

Created attachment 429703 [details] Patch

EWS

Comment 7 2021-05-25 17:29:10 PDT

Committed r278068 (238147@main): <https://commits.webkit.org/238147@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 429703 [details].

Truitt Savell

Comment 8 2021-05-26 13:31:43 PDT

Looks like the new tests added in https://trac.webkit.org/changeset/278068/webkit http/tests/security/contentSecurityPolicy/audioworklet-script-src-blocked.html http/tests/security/contentSecurityPolicy/audioworklet-script-src-allowed.html are constant timeouts on windows. history: https://results.webkit.org/?suite=layout-tests&suite=layout-tests&test=http%2Ftests%2Fsecurity%2FcontentSecurityPolicy%2Faudioworklet-script-src-allowed.html&test=http%2Ftests%2Fsecurity%2FcontentSecurityPolicy%2Faudioworklet-script-src-blocked.html

Chris Dumez

Comment 9 2021-05-26 13:32:24 PDT

(In reply to Truitt Savell from comment #8) > Looks like the new tests added in > https://trac.webkit.org/changeset/278068/webkit > > http/tests/security/contentSecurityPolicy/audioworklet-script-src-blocked. > html > http/tests/security/contentSecurityPolicy/audioworklet-script-src-allowed. > html > > are constant timeouts on windows. > history: > https://results.webkit.org/?suite=layout-tests&suite=layout- > tests&test=http%2Ftests%2Fsecurity%2FcontentSecurityPolicy%2Faudioworklet- > script-src-allowed. > html&test=http%2Ftests%2Fsecurity%2FcontentSecurityPolicy%2Faudioworklet- > script-src-blocked.html OH, Windows doesn't have WebAudio. We need to skip the tests there with the other WebAudio tests.

Chris Dumez

Comment 10 2021-05-26 13:36:42 PDT

(In reply to Chris Dumez from comment #9) > (In reply to Truitt Savell from comment #8) > > Looks like the new tests added in > > https://trac.webkit.org/changeset/278068/webkit > > > > http/tests/security/contentSecurityPolicy/audioworklet-script-src-blocked. > > html > > http/tests/security/contentSecurityPolicy/audioworklet-script-src-allowed. > > html > > > > are constant timeouts on windows. > > history: > > https://results.webkit.org/?suite=layout-tests&suite=layout- > > tests&test=http%2Ftests%2Fsecurity%2FcontentSecurityPolicy%2Faudioworklet- > > script-src-allowed. > > html&test=http%2Ftests%2Fsecurity%2FcontentSecurityPolicy%2Faudioworklet- > > script-src-blocked.html > > OH, Windows doesn't have WebAudio. We need to skip the tests there with the > other WebAudio tests. <https://commits.webkit.org/r278122>

Note You need to log in before you can comment on or make changes to this bug.