Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add a few cases to preload SRI #33326

Merged
merged 4 commits into from
Mar 29, 2022
Merged

Add a few cases to preload SRI #33326

merged 4 commits into from
Mar 29, 2022

Conversation

noamr
Copy link
Contributor

@noamr noamr commented Mar 23, 2022
edited
Loading

  1. preload without SRI, resource with matching SRI
  2. Both preload and resource with matching SRI, but different algorithm

These two cases don't show the same results across browsers.

  • In Chromium both would not reuse the preload
  • In WebKit they both reuse the preload
  • In Gecko the first one does not reuse and the second one does.

Note that in webkit most of the tests in this file currently fail, WebKit does not perform SRI matching on preload/consume.

The test results in this PR match chromium, but they are not necessarily "correct".

yoavweiss
yoavweiss approved these changes Mar 23, 2022
View reviewed changes
Copy link
Contributor

@yoavweiss yoavweiss left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@noamr noamr mentioned this pull request Mar 23, 2022
Closed
3 tasks
@noamr
Copy link
Contributor Author

noamr commented Mar 23, 2022

LGTM

Thanks! I want to reach a consensus on whatwg/fetch#1418 before merging.

@noamr noamr mentioned this pull request Mar 23, 2022
Merged
3 tasks
@noamr noamr changed the title Add two cases to preload SRI Add a few cases to preload SRI Mar 23, 2022
@wpt-pr-bot wpt-pr-bot requested a review from snuggs March 23, 2022 16:10
@noamr
Fix expected results for video loading from multiple origins
154d760 
See whatwg/html#7655

When loading video from multiple opaque origins (by a middleman service-worker),
video loading should fail rather than be alllowed and taint the canvas.

That's because some of the video responses may contain metadata such as duration that
would leak to the subsequent requests.

See whatwg/html#2814 (comment) for further details.

This change makes the test case pass in all browsers.
@noamr noamr closed this Mar 25, 2022
@noamr noamr reopened this Mar 25, 2022
@noamr noamr merged commit 6a214e8 into master Mar 29, 2022
@noamr noamr deleted the preload-sri branch March 29, 2022 14:14
hiroshige-g
hiroshige-g reviewed Apr 1, 2022
View reviewed changes
preload/subresource-integrity.html
SRIPreloadTest(
true,
false,
`Same-origin ${destination} with non-matching digest reuses preload with no digest but fails.`,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

"does not reuse preload"? (as Line 350 is "2")

@hiroshige-g
Copy link
Contributor

sorry for delay, LGTM (with a minor comment)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hiroshige-g hiroshige-g hiroshige-g left review comments

@yoavweiss yoavweiss yoavweiss approved these changes

@domfarolino domfarolino Awaiting requested review from domfarolino

@snuggs snuggs Awaiting requested review from snuggs

@asutherland asutherland Awaiting requested review from asutherland

@mkruisselbrink mkruisselbrink Awaiting requested review from mkruisselbrink

@wanderview wanderview Awaiting requested review from wanderview

Assignees

@yoavweiss yoavweiss

Labels
preload service-workers wg-sw wg-webperf
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@noamr @hiroshige-g @yoavweiss @wpt-pr-bot