-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This is the first step at implementing the new fetching semantics from the updated origin policy specification. It also deletes some parts that are no longer in the spec and would have needed updating anyway. In particular, this removes: * The distinction between default origin policies and versioned origin policies, and along with it, the "latest version map". This removes, for now, the application of origin policies to pages without an Origin-Policy header; that will be added back as part of the caching work in crbug.com/1042040. * Redirect-handling logic for default policies. Redirects are now always an error. * Parsing of the response header from the server. We currently just check for its presence, and will do parsing according to the new spec as part of crbug.com/1042036. * Sending Sec-Origin-Policy: 0 on the request. We may add this back later, but it is still under discussion: WICG/origin-policy#51 * A good amount of C++ "unit tests" that were rather integration test-ey, and would have had to be rewritten anyway. Instead they are replaced with web platform test integration tests. * A thorough web platform test of the origin policy installation/deletion cycle, which would have had to be rewritten, and then rewritten again once we tackle crbug.com/1042049. We'll want to refer to it in version history once those foundations are stable. * Reporting, for now. We need to first spec this and then add it back. See WICG/origin-policy#62. Additionally, although we removed all parsing of the response header, we changed the code to look for the presence of Origin-Policy instead of Sec-Origin-Policy per the latest spec. Apart from removals, this CL's biggest changes are to the web platform tests. This implements the plan discussed at web-platform-tests#20773 and web-platform-tests/rfcs#44 which allows us to serve different origin policies per subdomain. The test origin policies also now contain "id" members, but those are not used or tested for now; that will occur in https://crbug.com/1042036. Bug: 1042034 Change-Id: I4674fe2cfbc1f3e174c76415d86a487e750cdb0d Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2020488 Commit-Queue: Domenic Denicola <[email protected]> Reviewed-by: Martin Šrámek <[email protected]> Reviewed-by: Matt Mueller <[email protected]> Reviewed-by: Kinuko Yasuda <[email protected]> Reviewed-by: Dominic Battré <[email protected]> Reviewed-by: Daniel Vogelheim <[email protected]> Cr-Commit-Position: refs/heads/master@{#745187}
- Loading branch information
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
import os | ||
import glob | ||
|
||
|
||
def main(request, response): | ||
host_piece = request.url_parts.hostname.split(".")[0] | ||
|
||
filepath_pattern = os.path.normpath(os.path.join(os.path.dirname(os.path.abspath( | ||
__file__)), "../origin-policy/policies/", "{} *.json".format(host_piece))) | ||
|
||
matches = glob.glob(filepath_pattern) | ||
|
||
if len(matches) != 1: | ||
return 404, [], '{} origin policies found at a path matching "{}"'.format(len(matches), filepath_pattern) | ||
|
||
with open(matches[0]) as f: | ||
data = f.read() | ||
return 200, [('Content-Type', 'application/originpolicy+json')], data |
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
This file was deleted.
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
import { runCSPTest } from "./helper.mjs"; | ||
|
||
runCSPTest({ unsafeEval: true, img: false }); |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
import { runCSPTest } from "./helper.mjs"; | ||
|
||
runCSPTest({ unsafeEval: true }); |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
import { runCSPTest } from "./helper.mjs"; | ||
|
||
runCSPTest({ unsafeEval: false, img: false }); |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
import { waitForOneSecurityPolicyViolationEvent, waitForImgSuccess } from "./helper.mjs"; | ||
|
||
promise_test(() => { | ||
const imgURL = (new URL("/common/security-features/subresource/image.py", document.location)).href; | ||
|
||
return Promise.all([ | ||
waitForOneSecurityPolicyViolationEvent(imgURL).then(blockedURI => { | ||
assert_equals(blockedURI, imgURL); | ||
}), | ||
waitForImgSuccess(imgURL) | ||
]); | ||
}); |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
import { waitForOneSecurityPolicyViolationEvent, waitForImgFail } from "./helper.mjs"; | ||
|
||
promise_test(() => { | ||
const imgURL = (new URL("/common/security-features/subresource/image.py", document.location)).href; | ||
|
||
return Promise.all([ | ||
waitForOneSecurityPolicyViolationEvent(imgURL).then(blockedURI => { | ||
assert_equals(blockedURI, imgURL); | ||
}), | ||
waitForImgFail(imgURL) | ||
]); | ||
}); |
This file was deleted.
This file was deleted.