136452 – [Cocoa][Win] Enable of X-Content-Type-Options: nosniff header

RESOLVED FIXED 136452

[Cocoa][Win] Enable of X-Content-Type-Options: nosniff header

https://bugs.webkit.org/show_bug.cgi?id=136452

Summary [Cocoa][Win] Enable of X-Content-Type-Options: nosniff header

Nagy Renátó

Reported 2014-09-02 08:31:34 PDT

The support of X-Content-Type-Options: nosniff header for EFL was enabled in https://trac.webkit.org/changeset/164848 and https://trac.webkit.org/changeset/164848. This patch removes the #if guards and enables it on all platforms unconditionally.

Attachments
Proposed patch (15.89 KB, patch) 2014-09-02 08:36 PDT, Nagy Renátó	ap: review- ap: commit-queue-	Details Formatted Diff Diff
Part 1: Enable X-Content-Type-Options: nosniff on Mac, iOS and Windows platforms (53.49 KB, patch) 2017-04-21 17:32 PDT, Daniel Bates	no flags	Details Formatted Diff Diff
Part 2: Honor nosniff header for stylesheets, update tests and expected results (25.19 KB, patch) 2017-04-21 17:33 PDT, Daniel Bates	no flags	Details Formatted Diff Diff
All-in-one patch for EWS (72.64 KB, patch) 2017-04-21 17:34 PDT, Daniel Bates	no flags	Details Formatted Diff Diff
Part 1: Enable X-Content-Type-Options: nosniff on Mac, iOS and Windows platforms (51.08 KB, patch) 2017-04-21 17:55 PDT, Daniel Bates	no flags	Details Formatted Diff Diff
Part 2: Honor nosniff header for stylesheets, update tests and expected results (25.13 KB, patch) 2017-04-21 17:55 PDT, Daniel Bates	bfulgham: review+ buildbot: commit-queue-	Details Formatted Diff Diff
All-in-one patch for EWS (70.05 KB, patch) 2017-04-21 17:55 PDT, Daniel Bates	no flags	Details Formatted Diff Diff
All-in-one patch for EWS (69.82 KB, patch) 2017-04-21 18:11 PDT, Daniel Bates	no flags	Details Formatted Diff Diff
All-in-one patch for EWS (69.84 KB, patch) 2017-04-21 18:14 PDT, Daniel Bates	buildbot: commit-queue-	Details Formatted Diff Diff
Part 1: Enable X-Content-Type-Options: nosniff on Mac, iOS and Windows platforms (50.87 KB, patch) 2017-04-21 18:14 PDT, Daniel Bates	buildbot: commit-queue-	Details Formatted Diff Diff
Archive of layout-test-results from ews105 for mac-elcapitan-wk2 (920.58 KB, application/zip) 2017-04-21 18:55 PDT, Build Bot	no flags	Details
Archive of layout-test-results from ews117 for mac-elcapitan (1.62 MB, application/zip) 2017-04-21 19:29 PDT, Build Bot	no flags	Details
Archive of layout-test-results from ews102 for mac-elcapitan (800.78 KB, application/zip) 2017-04-21 19:43 PDT, Build Bot	no flags	Details
Archive of layout-test-results from ews123 for ios-simulator-wk2 (23.10 MB, application/zip) 2017-04-21 19:59 PDT, Build Bot	no flags	Details
Archive of layout-test-results from ews104 for mac-elcapitan-wk2 (1.02 MB, application/zip) 2017-04-21 20:06 PDT, Build Bot	no flags	Details
Archive of layout-test-results from ews107 for mac-elcapitan-wk2 (1.49 MB, application/zip) 2017-04-21 20:19 PDT, Build Bot	no flags	Details
Archive of layout-test-results from ews101 for mac-elcapitan (1.16 MB, application/zip) 2017-04-21 20:24 PDT, Build Bot	no flags	Details
Archive of layout-test-results from ews116 for mac-elcapitan (1.66 MB, application/zip) 2017-04-21 20:41 PDT, Build Bot	no flags	Details
Archive of layout-test-results from ews103 for mac-elcapitan (999.76 KB, application/zip) 2017-04-21 20:54 PDT, Build Bot	no flags	Details
Archive of layout-test-results from ews117 for mac-elcapitan (1.74 MB, application/zip) 2017-04-21 21:16 PDT, Build Bot	no flags	Details
Archive of layout-test-results from ews123 for ios-simulator-wk2 (5.32 MB, application/zip) 2017-04-21 22:01 PDT, Build Bot	no flags	Details
Archive of layout-test-results from ews122 for ios-simulator-wk2 (7.46 MB, application/zip) 2017-04-21 22:11 PDT, Build Bot	no flags	Details
Archive of layout-test-results from ews126 for ios-simulator-wk2 (742.95 KB, application/zip) 2017-04-21 23:38 PDT, Build Bot	no flags	Details
All-in-one patch for EWS (76.80 KB, patch) 2017-04-24 16:08 PDT, Daniel Bates	no flags	Details Formatted Diff Diff
All-in-one patch for EWS (78.33 KB, patch) 2017-04-24 17:13 PDT, Daniel Bates	no flags	Details Formatted Diff Diff
Part 1: Enable X-Content-Type-Options: nosniff on Mac, iOS and Windows platforms (50.94 KB, patch) 2017-04-24 20:08 PDT, Daniel Bates	bfulgham: review+ buildbot: commit-queue-	Details Formatted Diff Diff
Part 2: Honor nosniff header for stylesheets, update tests and expected results (35.74 KB, patch) 2017-04-24 20:08 PDT, Daniel Bates	bfulgham: review+ buildbot: commit-queue-	Details Formatted Diff Diff
Archive of layout-test-results from ews100 for mac-elcapitan (921.13 KB, application/zip) 2017-04-24 21:18 PDT, Build Bot	no flags	Details
Archive of layout-test-results from ews107 for mac-elcapitan-wk2 (1.12 MB, application/zip) 2017-04-24 21:18 PDT, Build Bot	no flags	Details
Archive of layout-test-results from ews101 for mac-elcapitan (749.48 KB, application/zip) 2017-04-24 21:37 PDT, Build Bot	no flags	Details
Archive of layout-test-results from ews106 for mac-elcapitan-wk2 (942.51 KB, application/zip) 2017-04-24 21:42 PDT, Build Bot	no flags	Details
Archive of layout-test-results from ews117 for mac-elcapitan (1.61 MB, application/zip) 2017-04-24 22:10 PDT, Build Bot	no flags	Details
Archive of layout-test-results from ews112 for mac-elcapitan (1.69 MB, application/zip) 2017-04-24 22:12 PDT, Build Bot	no flags	Details
Archive of layout-test-results from ews125 for ios-simulator-wk2 (819.18 KB, application/zip) 2017-04-24 22:49 PDT, Build Bot	no flags	Details
Archive of layout-test-results from ews124 for ios-simulator-wk2 (10.99 MB, application/zip) 2017-04-24 22:57 PDT, Build Bot	no flags	Details
Show Obsolete (32) View All Add attachment proposed patch, testcase, etc.

Nagy Renátó

Comment 1 2014-09-02 08:36:46 PDT

Created attachment 237489 [details] Proposed patch

Csaba Osztrogonác

Comment 2 2014-09-02 09:33:22 PDT

It would be great to ask the community on webkit-dev mailing list if they want this feature or not. I don't know why others haven't enabled it yet, maybe they have a good reason for it.

Anne van Kesteren

Comment 3 2014-09-02 11:24:46 PDT

Is it documented how this interacts with http://mimesniff.spec.whatwg.org/ and resource loading in general? Last I checked this header was not really implemented consistently.

Alexey Proskuryakov

Comment 4 2014-09-02 23:44:55 PDT

> Is it documented how this interacts with http://mimesniff.spec.whatwg.org/ and resource loading in general? Could you please elaborate? http://mimesniff.spec.whatwg.org appears to tell exactly what to do with X-Content-Type-Options: nosniff. Or are you asking whether the implementation matches this spec? That's certainly a valid question, and I do not know the answer.

Alexey Proskuryakov

Comment 5 2014-09-02 23:57:42 PDT

Comment on attachment 237489 [details] Proposed patch View in context: https://bugs.webkit.org/attachment.cgi?id=237489&action=review r- for not having any tests. Also, looks like what this patch does is enable MIME type checking on scripts when the headers field is present. This doesn't appear to be part of the spec that Anne cited. Do other browsers actually do this? In particular, does Chrome still do this? Actual nosniff support needs to be implemented by underlying networking libraries, and CFNetwork does implement it for Safari. Other platforms should probably do this at the same level. > ChangeLog:3 > + Enable of X-Content-Type-Options: nosniff header, and remove #if guards. As Ossy said, this is something that needs to be announced on webkit-dev. But also, if we are to get a new feature, then we need tests for it.

Anne van Kesteren

Comment 6 2014-09-03 02:12:50 PDT

Fair. It's not clear to me that specification is correct.

Csaba Osztrogonác

Comment 7 2014-09-04 01:55:20 PDT

We already have tests for nosniff in http/tests/security/contentTypeOptions directory, but they are skipped in TestExpectations of gtk/mac/win/wincairo/wk2 . All of these tests pass on EFL and Mac too with applying the patch. I haven't checked if the implementation and the test fulfil the spec. Google implemented this feature in WebKit era: - added compile time flag - bug109029 - http://trac.webkit.org/changeset/141985 - added implementation and tests - bug71851 - http://trac.webkit.org/changeset/142683 - removed the ifdefs after the Blink fork - https://codereview.chromium.org/13724004 I found only one patch after the fork: https://codereview.chromium.org/185593011 Probably we should merge it to WebKit before enabling.

Alexey Proskuryakov

Comment 8 2014-09-04 09:27:05 PDT

Thanks Ossy! I tried nosniff-script-blocked.html, and it fails in Firefox. I did not try IE. The code that this patch enables appears to implement something that is not specced, and what looks quite strange. Its effect is that X-Content-Type-Options: nosniff does two different things at separate levels of browser stack: 1. It disables Content-Type sniffing, which is implemented by low level networking code such as CFNetwork. 2. It enables strict MIME type checking for scripts. For some context, strict MIME type checking for CSS is enabled with HTML parser strict mode, so it's controlled by the embedding document, not by the script resource itself. It's quite inconsistent to do the opposite for scripts. To proceed with this patch, we need to understand why this makes sense, and it would also be helpful to find out why Mozilla doesn't implement #2. If we decide to not proceed, it would probably be best to remove the code from trunk.

Adam Roben (:aroben)

Comment 9 2014-09-23 07:53:15 PDT

(In reply to comment #8) > To proceed with this patch, we need to understand why this makes sense, and it would also be helpful to find out why Mozilla doesn't implement #2. Alexey, it looks like Mozilla doesn't implement X-Content-Type-Options: nosniff at all: https://bugzilla.mozilla.org/show_bug.cgi?id=471020

Alexey Proskuryakov

Comment 10 2014-09-23 10:51:03 PDT

Thanks Adam, nice discussion in that bug, as they are also unsure what to do with scripts (and then with all other resource types, such as images).

Brent Fulgham

Comment 11 2015-11-05 15:24:04 PST

<rdar://problem/23412620>

Anne van Kesteren

Comment 12 2015-11-06 08:02:18 PST

Since I last commented https://fetch.spec.whatwg.org/ defines this header in more detail now. I also submitted tests for it to web-platform-tests.

teppeis

Comment 13 2016-07-20 20:47:05 PDT

Finally, Mozilla has fixed this issue in Firefox 50! https://bugzilla.mozilla.org/show_bug.cgi?id=471020

Daniel Bates

Comment 14 2017-04-21 17:32:18 PDT

Created attachment 307846 [details] Part 1: Enable X-Content-Type-Options: nosniff on Mac, iOS and Windows platforms

Daniel Bates

Comment 15 2017-04-21 17:33:17 PDT

Created attachment 307848 [details] Part 2: Honor nosniff header for stylesheets, update tests and expected results

Daniel Bates

Comment 16 2017-04-21 17:34:11 PDT

Created attachment 307849 [details] All-in-one patch for EWS

Daniel Bates

Comment 17 2017-04-21 17:55:05 PDT

Created attachment 307852 [details] Part 1: Enable X-Content-Type-Options: nosniff on Mac, iOS and Windows platforms

Daniel Bates

Comment 18 2017-04-21 17:55:24 PDT

Created attachment 307853 [details] Part 2: Honor nosniff header for stylesheets, update tests and expected results

Daniel Bates

Comment 19 2017-04-21 17:55:56 PDT

Created attachment 307854 [details] All-in-one patch for EWS

Daniel Bates

Comment 20 2017-04-21 18:11:15 PDT

Created attachment 307856 [details] All-in-one patch for EWS

Daniel Bates

Comment 21 2017-04-21 18:14:28 PDT

Created attachment 307858 [details] All-in-one patch for EWS

Daniel Bates

Comment 22 2017-04-21 18:14:51 PDT

Created attachment 307859 [details] Part 1: Enable X-Content-Type-Options: nosniff on Mac, iOS and Windows platforms

Build Bot

Comment 23 2017-04-21 18:55:24 PDT

Comment on attachment 307853 [details] Part 2: Honor nosniff header for stylesheets, update tests and expected results Attachment 307853 [details] did not pass mac-wk2-ews (mac-wk2): Output: http://webkit-queues.webkit.org/results/3580348 New failing tests: imported/w3c/web-platform-tests/fetch/nosniff/script.html imported/w3c/web-platform-tests/fetch/nosniff/parsing-nosniff.html http/tests/security/contentTypeOptions/nosniff-script-blocked.html http/tests/security/contentTypeOptions/nosniff-script-without-content-type-blocked.html imported/w3c/web-platform-tests/fetch/nosniff/importscripts.html

Build Bot

Comment 24 2017-04-21 18:55:25 PDT

Created attachment 307861 [details] Archive of layout-test-results from ews105 for mac-elcapitan-wk2 The attached test failures were seen while running run-webkit-tests on the mac-wk2-ews. Bot: ews105 Port: mac-elcapitan-wk2 Platform: Mac OS X 10.11.6

Build Bot

Comment 25 2017-04-21 19:29:47 PDT

Comment on attachment 307853 [details] Part 2: Honor nosniff header for stylesheets, update tests and expected results Attachment 307853 [details] did not pass mac-debug-ews (mac): Output: http://webkit-queues.webkit.org/results/3580508 New failing tests: imported/w3c/web-platform-tests/fetch/nosniff/script.html imported/w3c/web-platform-tests/fetch/nosniff/parsing-nosniff.html http/tests/security/contentTypeOptions/nosniff-script-blocked.html http/tests/security/contentTypeOptions/nosniff-script-without-content-type-blocked.html imported/w3c/web-platform-tests/fetch/nosniff/importscripts.html

Build Bot

Comment 26 2017-04-21 19:29:49 PDT

Created attachment 307864 [details] Archive of layout-test-results from ews117 for mac-elcapitan The attached test failures were seen while running run-webkit-tests on the mac-debug-ews. Bot: ews117 Port: mac-elcapitan Platform: Mac OS X 10.11.6

Build Bot

Comment 27 2017-04-21 19:43:28 PDT

Comment on attachment 307853 [details] Part 2: Honor nosniff header for stylesheets, update tests and expected results Attachment 307853 [details] did not pass mac-ews (mac): Output: http://webkit-queues.webkit.org/results/3580670 New failing tests: imported/w3c/web-platform-tests/fetch/nosniff/script.html imported/w3c/web-platform-tests/fetch/nosniff/parsing-nosniff.html http/tests/security/contentTypeOptions/nosniff-script-blocked.html http/tests/security/contentTypeOptions/nosniff-script-without-content-type-blocked.html imported/w3c/web-platform-tests/fetch/nosniff/importscripts.html

Build Bot

Comment 28 2017-04-21 19:43:30 PDT

Created attachment 307866 [details] Archive of layout-test-results from ews102 for mac-elcapitan The attached test failures were seen while running run-webkit-tests on the mac-ews. Bot: ews102 Port: mac-elcapitan Platform: Mac OS X 10.11.6

Build Bot

Comment 29 2017-04-21 19:59:21 PDT

Comment on attachment 307853 [details] Part 2: Honor nosniff header for stylesheets, update tests and expected results Attachment 307853 [details] did not pass ios-sim-ews (ios-simulator-wk2): Output: http://webkit-queues.webkit.org/results/3580661 New failing tests: imported/w3c/web-platform-tests/fetch/nosniff/script.html http/tests/security/contentTypeOptions/nosniff-script-without-content-type-blocked.html imported/w3c/web-platform-tests/fetch/nosniff/parsing-nosniff.html http/tests/security/contentTypeOptions/nosniff-script-blocked.html imported/w3c/web-platform-tests/fetch/nosniff/importscripts.html

Build Bot

Comment 30 2017-04-21 19:59:23 PDT

Created attachment 307867 [details] Archive of layout-test-results from ews123 for ios-simulator-wk2 The attached test failures were seen while running run-webkit-tests on the ios-sim-ews. Bot: ews123 Port: ios-simulator-wk2 Platform: Mac OS X 10.11.6

Build Bot

Comment 31 2017-04-21 20:06:11 PDT

Comment on attachment 307858 [details] All-in-one patch for EWS Attachment 307858 [details] did not pass mac-wk2-ews (mac-wk2): Output: http://webkit-queues.webkit.org/results/3580684 New failing tests: imported/w3c/web-platform-tests/fetch/nosniff/script.html imported/w3c/web-platform-tests/fetch/nosniff/importscripts.html

Build Bot

Comment 32 2017-04-21 20:06:12 PDT

Created attachment 307868 [details] Archive of layout-test-results from ews104 for mac-elcapitan-wk2 The attached test failures were seen while running run-webkit-tests on the mac-wk2-ews. Bot: ews104 Port: mac-elcapitan-wk2 Platform: Mac OS X 10.11.6

Build Bot

Comment 33 2017-04-21 20:19:19 PDT

Comment on attachment 307859 [details] Part 1: Enable X-Content-Type-Options: nosniff on Mac, iOS and Windows platforms Attachment 307859 [details] did not pass mac-wk2-ews (mac-wk2): Output: http://webkit-queues.webkit.org/results/3580763 New failing tests: imported/w3c/web-platform-tests/fetch/nosniff/script.html imported/w3c/web-platform-tests/fetch/nosniff/parsing-nosniff.html

Build Bot

Comment 34 2017-04-21 20:19:21 PDT

Created attachment 307870 [details] Archive of layout-test-results from ews107 for mac-elcapitan-wk2 The attached test failures were seen while running run-webkit-tests on the mac-wk2-ews. Bot: ews107 Port: mac-elcapitan-wk2 Platform: Mac OS X 10.11.6

Build Bot

Comment 35 2017-04-21 20:24:46 PDT

Comment on attachment 307858 [details] All-in-one patch for EWS Attachment 307858 [details] did not pass mac-ews (mac): Output: http://webkit-queues.webkit.org/results/3580882 New failing tests: imported/w3c/web-platform-tests/fetch/nosniff/script.html imported/w3c/web-platform-tests/fetch/nosniff/importscripts.html

Build Bot

Comment 36 2017-04-21 20:24:48 PDT

Created attachment 307872 [details] Archive of layout-test-results from ews101 for mac-elcapitan The attached test failures were seen while running run-webkit-tests on the mac-ews. Bot: ews101 Port: mac-elcapitan Platform: Mac OS X 10.11.6

Build Bot

Comment 37 2017-04-21 20:41:31 PDT

Comment on attachment 307859 [details] Part 1: Enable X-Content-Type-Options: nosniff on Mac, iOS and Windows platforms Attachment 307859 [details] did not pass mac-debug-ews (mac): Output: http://webkit-queues.webkit.org/results/3580910 New failing tests: imported/w3c/web-platform-tests/fetch/nosniff/script.html imported/w3c/web-platform-tests/fetch/nosniff/parsing-nosniff.html

Build Bot

Comment 38 2017-04-21 20:41:33 PDT

Created attachment 307875 [details] Archive of layout-test-results from ews116 for mac-elcapitan The attached test failures were seen while running run-webkit-tests on the mac-debug-ews. Bot: ews116 Port: mac-elcapitan Platform: Mac OS X 10.11.6

Build Bot

Comment 39 2017-04-21 20:54:08 PDT

Comment on attachment 307859 [details] Part 1: Enable X-Content-Type-Options: nosniff on Mac, iOS and Windows platforms Attachment 307859 [details] did not pass mac-ews (mac): Output: http://webkit-queues.webkit.org/results/3581156 New failing tests: imported/w3c/web-platform-tests/fetch/nosniff/script.html imported/w3c/web-platform-tests/fetch/nosniff/parsing-nosniff.html

Build Bot

Comment 40 2017-04-21 20:54:09 PDT

Created attachment 307876 [details] Archive of layout-test-results from ews103 for mac-elcapitan The attached test failures were seen while running run-webkit-tests on the mac-ews. Bot: ews103 Port: mac-elcapitan Platform: Mac OS X 10.11.6

Build Bot

Comment 41 2017-04-21 21:16:25 PDT

Comment on attachment 307858 [details] All-in-one patch for EWS Attachment 307858 [details] did not pass mac-debug-ews (mac): Output: http://webkit-queues.webkit.org/results/3581218 New failing tests: imported/w3c/web-platform-tests/fetch/nosniff/script.html imported/w3c/web-platform-tests/fetch/nosniff/importscripts.html

Build Bot

Comment 42 2017-04-21 21:16:27 PDT

Created attachment 307880 [details] Archive of layout-test-results from ews117 for mac-elcapitan The attached test failures were seen while running run-webkit-tests on the mac-debug-ews. Bot: ews117 Port: mac-elcapitan Platform: Mac OS X 10.11.6

Build Bot

Comment 43 2017-04-21 22:01:40 PDT

Comment on attachment 307859 [details] Part 1: Enable X-Content-Type-Options: nosniff on Mac, iOS and Windows platforms Attachment 307859 [details] did not pass ios-sim-ews (ios-simulator-wk2): Output: http://webkit-queues.webkit.org/results/3581582 New failing tests: imported/w3c/web-platform-tests/fetch/nosniff/script.html imported/w3c/web-platform-tests/fetch/nosniff/parsing-nosniff.html

Build Bot

Comment 44 2017-04-21 22:01:42 PDT

Created attachment 307881 [details] Archive of layout-test-results from ews123 for ios-simulator-wk2 The attached test failures were seen while running run-webkit-tests on the ios-sim-ews. Bot: ews123 Port: ios-simulator-wk2 Platform: Mac OS X 10.11.6

Build Bot

Comment 45 2017-04-21 22:11:01 PDT

Comment on attachment 307858 [details] All-in-one patch for EWS Attachment 307858 [details] did not pass ios-sim-ews (ios-simulator-wk2): Output: http://webkit-queues.webkit.org/results/3581486 New failing tests: imported/w3c/web-platform-tests/fetch/nosniff/script.html fast/workers/worker-exception-during-navigation.html imported/w3c/web-platform-tests/fetch/nosniff/importscripts.html

Build Bot

Comment 46 2017-04-21 22:11:03 PDT

Created attachment 307882 [details] Archive of layout-test-results from ews122 for ios-simulator-wk2 The attached test failures were seen while running run-webkit-tests on the ios-sim-ews. Bot: ews122 Port: ios-simulator-wk2 Platform: Mac OS X 10.11.6

Build Bot

Comment 47 2017-04-21 23:38:14 PDT

Comment on attachment 307858 [details] All-in-one patch for EWS Attachment 307858 [details] did not pass ios-sim-ews (ios-simulator-wk2): Output: http://webkit-queues.webkit.org/results/3582344 New failing tests: imported/w3c/web-platform-tests/fetch/nosniff/script.html imported/w3c/web-platform-tests/fetch/nosniff/importscripts.html

Build Bot

Comment 48 2017-04-21 23:38:16 PDT

Created attachment 307895 [details] Archive of layout-test-results from ews126 for ios-simulator-wk2 The attached test failures were seen while running run-webkit-tests on the ios-sim-ews. Bot: ews126 Port: ios-simulator-wk2 Platform: Mac OS X 10.11.6

Brent Fulgham

Comment 49 2017-04-24 10:06:33 PDT

Comment on attachment 307859 [details] Part 1: Enable X-Content-Type-Options: nosniff on Mac, iOS and Windows platforms View in context: https://bugs.webkit.org/attachment.cgi?id=307859&action=review r=me. > Tools/Scripts/webkitperl/FeatureList.pm:330 > + define => "ENABLE_NOSNIFF", default => (isAppleCocoaWebKit() || isAppleWinWebKit() || isEfl()), value => \$nosniffSupport }, Is EFL still a thing we support?

Brent Fulgham

Comment 50 2017-04-24 10:13:49 PDT

Comment on attachment 307853 [details] Part 2: Honor nosniff header for stylesheets, update tests and expected results Looks good! r=me.

Brent Fulgham

Comment 51 2017-04-24 10:14:32 PDT

It looks like the EWS failures are due to general build issues unrelated to this patch.

Daniel Bates

Comment 52 2017-04-24 16:08:27 PDT

Created attachment 308018 [details] All-in-one patch for EWS

Daniel Bates

Comment 53 2017-04-24 17:13:45 PDT

Created attachment 308024 [details] All-in-one patch for EWS

Daniel Bates

Comment 54 2017-04-24 20:08:21 PDT

Created attachment 308053 [details] Part 1: Enable X-Content-Type-Options: nosniff on Mac, iOS and Windows platforms

Daniel Bates

Comment 55 2017-04-24 20:08:57 PDT

Created attachment 308054 [details] Part 2: Honor nosniff header for stylesheets, update tests and expected results

Build Bot

Comment 56 2017-04-24 21:18:16 PDT

Comment on attachment 308054 [details] Part 2: Honor nosniff header for stylesheets, update tests and expected results Attachment 308054 [details] did not pass mac-ews (mac): Output: http://webkit-queues.webkit.org/results/3599176 New failing tests: imported/w3c/web-platform-tests/fetch/nosniff/script.html http/tests/security/contentTypeOptions/nosniff-script-without-content-type-blocked.html http/tests/security/contentTypeOptions/nosniff-script-blocked.html imported/w3c/web-platform-tests/fetch/nosniff/parsing-nosniff.html imported/w3c/web-platform-tests/fetch/nosniff/stylesheet.html http/tests/security/contentTypeOptions/nosniff-dynamic-script-blocked.html

Build Bot

Comment 57 2017-04-24 21:18:18 PDT

Created attachment 308060 [details] Archive of layout-test-results from ews100 for mac-elcapitan The attached test failures were seen while running run-webkit-tests on the mac-ews. Bot: ews100 Port: mac-elcapitan Platform: Mac OS X 10.11.6

Build Bot

Comment 58 2017-04-24 21:18:41 PDT

Comment on attachment 308054 [details] Part 2: Honor nosniff header for stylesheets, update tests and expected results Attachment 308054 [details] did not pass mac-wk2-ews (mac-wk2): Output: http://webkit-queues.webkit.org/results/3599152 New failing tests: imported/w3c/web-platform-tests/fetch/nosniff/script.html http/tests/security/contentTypeOptions/nosniff-script-without-content-type-blocked.html http/tests/security/contentTypeOptions/nosniff-script-blocked.html imported/w3c/web-platform-tests/fetch/nosniff/parsing-nosniff.html imported/w3c/web-platform-tests/fetch/nosniff/stylesheet.html http/tests/security/contentTypeOptions/nosniff-dynamic-script-blocked.html

Build Bot

Comment 59 2017-04-24 21:18:43 PDT

Created attachment 308061 [details] Archive of layout-test-results from ews107 for mac-elcapitan-wk2 The attached test failures were seen while running run-webkit-tests on the mac-wk2-ews. Bot: ews107 Port: mac-elcapitan-wk2 Platform: Mac OS X 10.11.6

Build Bot

Comment 60 2017-04-24 21:37:10 PDT

Comment on attachment 308053 [details] Part 1: Enable X-Content-Type-Options: nosniff on Mac, iOS and Windows platforms Attachment 308053 [details] did not pass mac-ews (mac): Output: http://webkit-queues.webkit.org/results/3599142 New failing tests: imported/w3c/web-platform-tests/fetch/nosniff/script.html imported/w3c/web-platform-tests/fetch/nosniff/parsing-nosniff.html

Build Bot

Comment 61 2017-04-24 21:37:12 PDT

Created attachment 308062 [details] Archive of layout-test-results from ews101 for mac-elcapitan The attached test failures were seen while running run-webkit-tests on the mac-ews. Bot: ews101 Port: mac-elcapitan Platform: Mac OS X 10.11.6

Build Bot

Comment 62 2017-04-24 21:42:24 PDT

Comment on attachment 308053 [details] Part 1: Enable X-Content-Type-Options: nosniff on Mac, iOS and Windows platforms Attachment 308053 [details] did not pass mac-wk2-ews (mac-wk2): Output: http://webkit-queues.webkit.org/results/3599156 New failing tests: imported/w3c/web-platform-tests/fetch/nosniff/script.html imported/w3c/web-platform-tests/fetch/nosniff/parsing-nosniff.html

Build Bot

Comment 63 2017-04-24 21:42:26 PDT

Created attachment 308063 [details] Archive of layout-test-results from ews106 for mac-elcapitan-wk2 The attached test failures were seen while running run-webkit-tests on the mac-wk2-ews. Bot: ews106 Port: mac-elcapitan-wk2 Platform: Mac OS X 10.11.6

Build Bot

Comment 64 2017-04-24 22:10:44 PDT

Comment on attachment 308054 [details] Part 2: Honor nosniff header for stylesheets, update tests and expected results Attachment 308054 [details] did not pass mac-debug-ews (mac): Output: http://webkit-queues.webkit.org/results/3599390 New failing tests: imported/w3c/web-platform-tests/fetch/nosniff/script.html http/tests/security/contentTypeOptions/nosniff-script-without-content-type-blocked.html http/tests/security/contentTypeOptions/nosniff-script-blocked.html imported/w3c/web-platform-tests/fetch/nosniff/parsing-nosniff.html imported/w3c/web-platform-tests/fetch/nosniff/stylesheet.html http/tests/security/contentTypeOptions/nosniff-dynamic-script-blocked.html

Build Bot

Comment 65 2017-04-24 22:10:46 PDT

Created attachment 308064 [details] Archive of layout-test-results from ews117 for mac-elcapitan The attached test failures were seen while running run-webkit-tests on the mac-debug-ews. Bot: ews117 Port: mac-elcapitan Platform: Mac OS X 10.11.6

Build Bot

Comment 66 2017-04-24 22:12:12 PDT

Comment on attachment 308053 [details] Part 1: Enable X-Content-Type-Options: nosniff on Mac, iOS and Windows platforms Attachment 308053 [details] did not pass mac-debug-ews (mac): Output: http://webkit-queues.webkit.org/results/3599299 New failing tests: imported/w3c/web-platform-tests/fetch/nosniff/script.html imported/w3c/web-platform-tests/fetch/nosniff/parsing-nosniff.html

Build Bot

Comment 67 2017-04-24 22:12:14 PDT

Created attachment 308065 [details] Archive of layout-test-results from ews112 for mac-elcapitan The attached test failures were seen while running run-webkit-tests on the mac-debug-ews. Bot: ews112 Port: mac-elcapitan Platform: Mac OS X 10.11.6

Build Bot

Comment 68 2017-04-24 22:49:04 PDT

Comment on attachment 308054 [details] Part 2: Honor nosniff header for stylesheets, update tests and expected results Attachment 308054 [details] did not pass ios-sim-ews (ios-simulator-wk2): Output: http://webkit-queues.webkit.org/results/3599494 New failing tests: imported/w3c/web-platform-tests/fetch/nosniff/script.html http/tests/security/contentTypeOptions/nosniff-script-without-content-type-blocked.html http/tests/security/contentTypeOptions/nosniff-script-blocked.html imported/w3c/web-platform-tests/fetch/nosniff/parsing-nosniff.html imported/w3c/web-platform-tests/fetch/nosniff/stylesheet.html http/tests/security/contentTypeOptions/nosniff-dynamic-script-blocked.html

Build Bot

Comment 69 2017-04-24 22:49:06 PDT

Created attachment 308068 [details] Archive of layout-test-results from ews125 for ios-simulator-wk2 The attached test failures were seen while running run-webkit-tests on the ios-sim-ews. Bot: ews125 Port: ios-simulator-wk2 Platform: Mac OS X 10.11.6

Build Bot

Comment 70 2017-04-24 22:57:56 PDT

Comment on attachment 308053 [details] Part 1: Enable X-Content-Type-Options: nosniff on Mac, iOS and Windows platforms Attachment 308053 [details] did not pass ios-sim-ews (ios-simulator-wk2): Output: http://webkit-queues.webkit.org/results/3599464 New failing tests: imported/w3c/web-platform-tests/fetch/nosniff/script.html imported/w3c/web-platform-tests/fetch/nosniff/parsing-nosniff.html

Build Bot

Comment 71 2017-04-24 22:57:58 PDT

Created attachment 308069 [details] Archive of layout-test-results from ews124 for ios-simulator-wk2 The attached test failures were seen while running run-webkit-tests on the ios-sim-ews. Bot: ews124 Port: ios-simulator-wk2 Platform: Mac OS X 10.11.6

Daniel Bates

Comment 72 2017-04-25 03:23:58 PDT

(In reply to Build Bot from comment #68) > Comment on attachment 308054 [details] > Part 2: Honor nosniff header for stylesheets, update tests and expected > results > > Attachment 308054 [details] did not pass ios-sim-ews (ios-simulator-wk2): > Output: http://webkit-queues.webkit.org/results/3599494 > > New failing tests: > imported/w3c/web-platform-tests/fetch/nosniff/script.html > http/tests/security/contentTypeOptions/nosniff-script-without-content-type- > blocked.html > http/tests/security/contentTypeOptions/nosniff-script-blocked.html > imported/w3c/web-platform-tests/fetch/nosniff/parsing-nosniff.html > imported/w3c/web-platform-tests/fetch/nosniff/stylesheet.html > http/tests/security/contentTypeOptions/nosniff-dynamic-script-blocked.html Disregard these failures. Notice that the all-in-one patch (attachment #308024 [details]) passed all EWS bots. This part fails EWS because it unskips nosniff tests but ENABLE(NOSNIFF) is disabled.

Daniel Bates

Comment 73 2017-04-25 03:25:41 PDT

(In reply to Build Bot from comment #70) > Comment on attachment 308053 [details] > Part 1: Enable X-Content-Type-Options: nosniff on Mac, iOS and Windows > platforms > > Attachment 308053 [details] did not pass ios-sim-ews (ios-simulator-wk2): > Output: http://webkit-queues.webkit.org/results/3599464 > > New failing tests: > imported/w3c/web-platform-tests/fetch/nosniff/script.html > imported/w3c/web-platform-tests/fetch/nosniff/parsing- Disregard these failures. Notice that the all-in-one patch (attachment #308024 [details]) passed all EWS bots. This part fails EWS because ENABLE(NOSNIFF) is enabled, but it does not contain updated expected results.

Daniel Bates

Comment 74 2017-04-25 03:30:05 PDT

(In reply to Brent Fulgham from comment #49) > > Tools/Scripts/webkitperl/FeatureList.pm:330 > > + define => "ENABLE_NOSNIFF", default => (isAppleCocoaWebKit() || isAppleWinWebKit() || isEfl()), value => \$nosniffSupport }, > > Is EFL still a thing we support? Will remove before landing as we no longer have EFL build.webkit.org buildbots or EWS bots.

Brent Fulgham

Comment 75 2017-04-25 08:48:51 PDT

Comment on attachment 308053 [details] Part 1: Enable X-Content-Type-Options: nosniff on Mac, iOS and Windows platforms r=me.

Brent Fulgham

Comment 76 2017-04-25 08:50:11 PDT

Comment on attachment 308054 [details] Part 2: Honor nosniff header for stylesheets, update tests and expected results r=me

Daniel Bates

Comment 77 2017-04-25 13:26:21 PDT

Committed r215753: <http://trac.webkit.org/changeset/215753>

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version 528+ (Nightly build)

Hardware Unspecified

OS Unspecified

Product WebKit

Component New Bugs

Assignee

Nobody

Reported

2014-09-02 08:31 PDT

Modified

2017-04-25 13:27 PDT History

CC List

20 users Show

URL

Keywords InRadar

Depends on

Blocks

157145 171248

Dependencies

tree graph

annevk
ap
aroben
bfulgham
buildbot
commit-queue
dbates
esprehn+autocc
gyuyoung.kim
japhet
kangil.han
miyajan777
mkwst
ossy
rakuco
rniwa
ryuan.choi
sergio
syoichi
teppeis