Bug 236049

Summary: Many CSP tests timing out with "Blocked access to external URL" error
Product: WebKit Reporter: Kate Cheney <katherine_cheney>
Component: New BugsAssignee: Kate Cheney <katherine_cheney>
Status: NEW    
Severity: Normal CC: bfulgham, clopez, eric.carlson, ews-watchlist, glenn, jer.noble, mkwst, pgriffis, philipj, sergio, webkit-bug-importer, youennf
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
See Also: https://bugs.webkit.org/show_bug.cgi?id=232223
https://bugs.webkit.org/show_bug.cgi?id=127676
https://bugs.webkit.org/show_bug.cgi?id=160504
Attachments:
Description Flags
Patch
none
WIP 2
none
WIP 3
none
Patch ews-feeder: commit-queue-

Kate Cheney
Reported 2022-02-02 17:27:53 PST
Many CSP tests timing out with "Blocked access to external URL" error
Attachments
Patch (269.52 KB, patch)
2022-02-02 17:29 PST, Kate Cheney 		no flags
DetailsFormatted DiffDiff
WIP 2 (269.79 KB, patch)
2022-02-08 15:42 PST, Kate Cheney 		no flags
DetailsFormatted DiffDiff
WIP 3 (278.62 KB, patch)
2022-02-09 13:15 PST, Kate Cheney 		no flags
DetailsFormatted DiffDiff
Patch (278.62 KB, patch)
2022-02-10 10:07 PST, Kate Cheney 		ews-feeder: commit-queue-
DetailsFormatted DiffDiff
Show Obsolete (3) View All Add attachment proposed patch, testcase, etc.
Kate Cheney
Comment 1 2022-02-02 17:29:40 PST
Created attachment 450721 [details] Patch
EWS Watchlist
Comment 2 2022-02-02 17:31:10 PST
This patch modifies the imported WPT tests. Please ensure that any changes on the tests (not coming from a WPT import) are exported to WPT. Please see https://trac.webkit.org/wiki/WPTExportProcess
Kate Cheney
Comment 3 2022-02-08 15:42:39 PST
Created attachment 451315 [details] WIP 2
youenn fablet
Comment 4 2022-02-09 00:48:38 PST
Comment on attachment 451315 [details] WIP 2 View in context: https://bugs.webkit.org/attachment.cgi?id=451315&action=review > LayoutTests/imported/w3c/web-platform-tests/common/security-features/resources/common.sub.js:977 > + const crossOriginHost = "127.0.0.1"; const crossOriginHost = {{hosts[alt][]}} > LayoutTests/imported/w3c/web-platform-tests/common/security-features/subresource/subresource.py:31 > + return "127.0.0.1" Can we check whether subdomain is important here or whether we could use alternate here as well?
Kate Cheney
Comment 5 2022-02-09 12:18:01 PST
Comment on attachment 451315 [details] WIP 2 View in context: https://bugs.webkit.org/attachment.cgi?id=451315&action=review >> LayoutTests/imported/w3c/web-platform-tests/common/security-features/resources/common.sub.js:977 >> + const crossOriginHost = "127.0.0.1"; > > const crossOriginHost = {{hosts[alt][]}} Will change. >> LayoutTests/imported/w3c/web-platform-tests/common/security-features/subresource/subresource.py:31 >> + return "127.0.0.1" > > Can we check whether subdomain is important here or whether we could use alternate here as well? CSP tests use this to perform a swap-origin redirect, which is referenced in the wpt repo (https://github.com/web-platform-tests/wpt/pull/1856) as being when the final origin of the load after redirection is cross origin. That leads me to believe this function is only trying to get a cross origin domain and the existence of a subdomain doesn't actually matter. This aligns with the if-else which checks the netloc and returns a cross-origin host regardless of whether it exists (e.g. a netloc of ww1.localhost returns localhost, and a netloc of localhost returns ww1.localhost). A solution that aligns more with our http tests would be to return "127.0.0.1" if netloc is "localhost" and vice versa.
Kate Cheney
Comment 6 2022-02-09 13:15:10 PST
Created attachment 451433 [details] WIP 3
Kate Cheney
Comment 7 2022-02-09 13:15:52 PST
Comment on attachment 451433 [details] WIP 3 View in context: https://bugs.webkit.org/attachment.cgi?id=451433&action=review > LayoutTests/imported/w3c/web-platform-tests/common/security-features/subresource/subresource.py:28 > + if netloc == "localhost": @Youenn is there a way to get localhost without hardcoding?
Radar WebKit Bug Importer
Comment 8 2022-02-09 17:28:19 PST
<rdar://problem/88724733>
Kate Cheney
Comment 9 2022-02-10 10:07:52 PST
Created attachment 451560 [details] Patch
Note You need to log in before you can comment on or make changes to this bug.