[Signature-based SRI] Fixing fetch.any.js.

I commented out some tests while I was debugging a specific interaction, and then neglected to turn them back on again once I'd fixed it. Oops! This CL reverts the bad part of the change that happened in https://chromium-review.googlesource.com/c/chromium/src/+/6087895/. Bug: 383409575 Change-Id: Ib28480d57a4c8e4ceb6f1a7b90fb91e6a58e5b8d Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/6097229 Commit-Queue: Mike West <mkwst@chromium.org> Reviewed-by: Antonio Sartori <antoniosartori@chromium.org> Cr-Commit-Position: refs/heads/main@{#1396692}
tkntjsdw · Dec 16, 2024 · f4515a8 · f4515a8
1 parent 4d4e12e
commit f4515a8
Showing 1 changed file with 9 additions and 5 deletions.
diff --git a/subresource-integrity/signatures/tentative/fetch.any.js b/subresource-integrity/signatures/tentative/fetch.any.js
@@ -65,7 +65,15 @@ function generate_test(request_data, integrity, expectation, description) {
     if (expectation == EXPECT_LOADED) {
       return fetcher.then(r => {
         assert_equals(r.status, 200, "Response status is 200.");
-        if (integrity.includes(`ed25519-${kValidKey}`)) {
+
+        // Verify `accept-signatures`: if the invalid key is present, both a valid and invalid
+        // key were set. If just the valid key is present, that's the only key we should see
+        // in the header.
+        if (integrity.includes(`ed25519-${kInvalidKey}`)) {
+          assert_equals(r.headers.get('accept-signatures'),
+                        `sig0=("identity-digest";sf);keyid="${kInvalidKey}";tag="sri", sig1=("identity-digest";sf);keyid="${kValidKey}";tag="sri"`,
+                        "`accept-signatures` was set.");
+        } else if (integrity.includes(`ed25519-${kValidKey}`)) {
           assert_equals(r.headers.get('accept-signatures'),
                         `sig0=("identity-digest";sf);keyid="${kValidKey}";tag="sri"`,
                         "`accept-signatures` was set.");
@@ -77,9 +85,6 @@ function generate_test(request_data, integrity, expectation, description) {
   }, description);
 }
 
-generate_test(kRequestWithValidSignature, `ed25519-${kValidKey}`, EXPECT_LOADED,
-              "Valid signature, matching integrity check: loads.");
-/*
 generate_test({}, "", EXPECT_LOADED,
               "No signature, no integrity check: loads.");
 
@@ -122,4 +127,3 @@ generate_test(kRequestWithInvalidSignature, `ed25519-${kInvalidKey}`, EXPECT_BLO
 generate_test(kRequestWithInvalidSignature,
               `ed25519-${kValidKey} ed25519-${kInvalidKey}`, EXPECT_BLOCKED,
               "Invalid signature, one valid integrity check: blocked.");
-*/