Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add a few cases to preload SRI #33326

Merged
merged 4 commits into from
Mar 29, 2022
Merged

Add a few cases to preload SRI #33326

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
e570c2b
Add two cases to preload SRI
noamr Mar 23, 2022
bdae220
Add test for stronger/weaker digest
noamr Mar 23, 2022
154d760
Fix expected results for video loading from multiple origins
noamr Mar 24, 2022
dcfdb8b
Add another case
noamr Mar 24, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
45 changes: 45 additions & 0 deletions preload/subresource-integrity.html
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -309,6 +309,51 @@
{integrity: "sha256-deaddeadbeefYHFvsYdWumweeFAw0hJDTFt9seErghA="}
)

SRIPreloadTest(
true,
true,
`Same-origin ${destination} with matching digest does not reuse preload without digest.`,
2,
destination,
same_origin_prefix + destination + ext + `?${token()}`,
{},
{integrity: sha256}
)

// This is an acceptable failure
SRIPreloadTest(
hiroshige-g marked this conversation as resolved.
Show resolved Hide resolved
true,
true,
`[Tentative] Same-origin ${destination} with matching digest does not reuse preload with matching but stronger digest.`,
2,
destination,
same_origin_prefix + destination + ext + `?${token()}`,
{integrity: sha384},
{integrity: sha256},
)

SRIPreloadTest(
true,
true,
`Same-origin ${destination} with matching digest does not reuse preload with matching but weaker digest.`,
2,
destination,
same_origin_prefix + destination + ext + `?${token()}`,
{integrity: sha256},
{integrity: sha384},
)

hiroshige-g marked this conversation as resolved.
Show resolved Hide resolved
SRIPreloadTest(
true,
false,
`Same-origin ${destination} with non-matching digest reuses preload with no digest but fails.`,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

"does not reuse preload"? (as Line 350 is "2")

2,
destination,
same_origin_prefix + destination + ext + `?${token()}`,
{},
{integrity: "sha256-sha256-deadbeefdeadbeefdeadbeefdeadbeefdeadbeefdead"},
)

} // if.

} // for-of.
Expand Down
7 changes: 3 additions & 4 deletions service-workers/service-worker/fetch-canvas-tainting-video-with-range-request.https.html
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -63,12 +63,11 @@

// (3) Range responses come from multiple origins. The first response comes from
// cross-origin (and without CORS sharing, so is opaque). Subsequent
// responses come from same-origin. The canvas should be tainted (but in
// Chrome this is a LOAD_ERROR since it disallows range responses from
// multiple origins, period).
// responses come from same-origin. This should result in a load error, as regardless of canvas
// loading range requests from multiple opaque origins can reveal information across those origins.
range_request_test(
'resources/range-request-to-different-origins-worker.js',
'TAINTED',
'LOAD_ERROR',
'range responses from multiple origins (cross-origin first)');

// (4) Range responses come from multiple origins. The first response comes from
Expand Down