RESOLVED FIXED 225862
CSP does not apply to AudioWorklets 
https://bugs.webkit.org/show_bug.cgi?id=225862
Summary CSP does not apply to AudioWorklets
Attachments
WIP Patch (5.53 KB, patch)
2021-05-25 12:52 PDT, Chris Dumez 		no flags
DetailsFormatted DiffDiff
WIP Patch (791 bytes, patch)
2021-05-25 14:56 PDT, Chris Dumez 		no flags
DetailsFormatted DiffDiff
Patch (7.34 KB, patch)
2021-05-25 15:34 PDT, Chris Dumez 		no flags
DetailsFormatted DiffDiff
Patch (10.84 KB, patch)
2021-05-25 15:42 PDT, Chris Dumez 		no flags
DetailsFormatted DiffDiff
Show Obsolete (3) View All Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2021-05-17 03:15:36 PDT
<rdar://problem/78098440>
Chris Dumez
Comment 2 2021-05-25 12:52:18 PDT
Created attachment 429681 [details] WIP Patch
Chris Dumez
Comment 3 2021-05-25 12:57:51 PDT
(In reply to Sam Sneddon [:gsnedders] from comment #0) > c.f.: > > https://wpt.fyi/results/content-security-policy/gen/top.http-rp/script-src- > self/worklet-audio.https.html > https://wpt.fyi/results/content-security-policy/gen/top.http-rp/script-src- > self/worklet-audio-import-data.https.html > https://wpt.fyi/results/content-security-policy/gen/top.http-rp/script-src- > wildcard/worklet-audio-import-data.https.html > > These all seem to be doing much worse than the related Worker tests. Sadly the tests in questions are not part of our test suite yet.
Chris Dumez
Comment 4 2021-05-25 14:56:37 PDT
Created attachment 429696 [details] WIP Patch
Chris Dumez
Comment 5 2021-05-25 15:34:52 PDT
Created attachment 429700 [details] Patch
Chris Dumez
Comment 6 2021-05-25 15:42:56 PDT
Created attachment 429703 [details] Patch
EWS
Comment 7 2021-05-25 17:29:10 PDT
Committed r278068 (238147@main): <https://commits.webkit.org/238147@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 429703 [details].
Truitt Savell
Comment 8 2021-05-26 13:31:43 PDT
Looks like the new tests added in https://trac.webkit.org/changeset/278068/webkit http/tests/security/contentSecurityPolicy/audioworklet-script-src-blocked.html http/tests/security/contentSecurityPolicy/audioworklet-script-src-allowed.html are constant timeouts on windows. history: https://results.webkit.org/?suite=layout-tests&suite=layout-tests&test=http%2Ftests%2Fsecurity%2FcontentSecurityPolicy%2Faudioworklet-script-src-allowed.html&test=http%2Ftests%2Fsecurity%2FcontentSecurityPolicy%2Faudioworklet-script-src-blocked.html
Chris Dumez
Comment 9 2021-05-26 13:32:24 PDT
(In reply to Truitt Savell from comment #8) > Looks like the new tests added in > https://trac.webkit.org/changeset/278068/webkit > > http/tests/security/contentSecurityPolicy/audioworklet-script-src-blocked. > html > http/tests/security/contentSecurityPolicy/audioworklet-script-src-allowed. > html > > are constant timeouts on windows. > history: > https://results.webkit.org/?suite=layout-tests&suite=layout- > tests&test=http%2Ftests%2Fsecurity%2FcontentSecurityPolicy%2Faudioworklet- > script-src-allowed. > html&test=http%2Ftests%2Fsecurity%2FcontentSecurityPolicy%2Faudioworklet- > script-src-blocked.html OH, Windows doesn't have WebAudio. We need to skip the tests there with the other WebAudio tests.
Chris Dumez
Comment 10 2021-05-26 13:36:42 PDT
(In reply to Chris Dumez from comment #9) > (In reply to Truitt Savell from comment #8) > > Looks like the new tests added in > > https://trac.webkit.org/changeset/278068/webkit > > > > http/tests/security/contentSecurityPolicy/audioworklet-script-src-blocked. > > html > > http/tests/security/contentSecurityPolicy/audioworklet-script-src-allowed. > > html > > > > are constant timeouts on windows. > > history: > > https://results.webkit.org/?suite=layout-tests&suite=layout- > > tests&test=http%2Ftests%2Fsecurity%2FcontentSecurityPolicy%2Faudioworklet- > > script-src-allowed. > > html&test=http%2Ftests%2Fsecurity%2FcontentSecurityPolicy%2Faudioworklet- > > script-src-blocked.html > > OH, Windows doesn't have WebAudio. We need to skip the tests there with the > other WebAudio tests. <https://commits.webkit.org/r278122>
Note You need to log in before you can comment on or make changes to this bug.