Skip to content

GitLab

T
tangled
Commit 68ef8178 authored by Stefan Zager's avatar Stefan Zager Committed by Commit Bot
Browse files
Options

Fix flaky test 

When the iframes are loaded in parallel, the ordering of the alert()
calls is not deterministic. This converts the test to testharness,
and loads the iframes serially to ensure determinism. If any of the
iframes fails to generate a load event, the test will time out.

BUG=1004650
R=clamy@chromium.org

Change-Id: I4c4c2f2bca388f2a157907029b155366cf27b4da
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1986958
Commit-Queue: Stefan Zager <szager@chromium.org>
Reviewed-by: default avatarDaniel Vogelheim <vogelheim@chromium.org>
Cr-Commit-Position: refs/heads/master@{#732521}
parent af5964de
Hide whitespace changes
Inline Side-by-side
Showing with 59 additions and 42 deletions
third_party/blink/web_tests/TestExpectations
View file @ 68ef8178
...@@ -240,7 +240,6 @@ crbug.com/1002049 external/wpt/css/mediaqueries/aspect-ratio-006.html [ Failure ...@@ -240,7 +240,6 @@ crbug.com/1002049 external/wpt/css/mediaqueries/aspect-ratio-006.html [ Failure
crbug.com/1007134 external/wpt/intersection-observer/v2/delay-test.html [ Pass Failure ] crbug.com/1007134 external/wpt/intersection-observer/v2/delay-test.html [ Pass Failure ]
crbug.com/1004547 external/wpt/intersection-observer/cross-origin-iframe.sub.html [ Pass Failure ] crbug.com/1004547 external/wpt/intersection-observer/cross-origin-iframe.sub.html [ Pass Failure ]
crbug.com/1004650 http/tests/security/contentSecurityPolicy/frame-src-cross-origin-load.html [ Pass Failure ]
# Display locking failures # Display locking failures
......
third_party/blink/web_tests/http/tests/security/contentSecurityPolicy/frame-src-cross-origin-load-expected.txt deleted 100644 → 0
View file @ af5964de
CONSOLE ERROR: line 24: Refused to frame 'https://localhost:8443/' because it violates the following Content Security Policy directive: "frame-src 'self' http://localhost:8080".
ALERT: PASS
ALERT: PASS
IFrames blocked by CSP should generate a 'load' event, regardless of blocked state. This means they appear to be normal cross-origin loads, thereby not leaking URL information directly to JS.
On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
PASS IFrame #1 generated a 'load' event.
PASS IFrame #2 generated a 'load' event.
PASS IFrame #3 generated a 'load' event.
PASS successfullyParsed is true
TEST COMPLETE
third_party/blink/web_tests/http/tests/security/contentSecurityPolicy/frame-src-cross-origin-load.html
View file @ 68ef8178
<!DOCTYPE html> <!DOCTYPE html>
<html> <script src="/resources/testharness.js"></script>
<head> <script src="/resources/testharnessreport.js"></script>
<script src="/js-test-resources/js-test.js"></script> <meta http-equiv="Content-Security-Policy" content="frame-src 'self' http://localhost:8080">
<meta http-equiv="Content-Security-Policy" content="frame-src 'self' http://localhost:8080">
<script> <script>
window.jsTestIsAsync = true; async_test(t => {
window.wasPostTestScriptParsed = true;
let test_urls = [
description("IFrames blocked by CSP should generate a 'load' event, regardless of blocked state. This means they appear to be normal cross-origin loads, thereby not leaking URL information directly to JS."); "https://localhost:8443/security/contentSecurityPolicy/resources/post-message-fail.html",
"/security/contentSecurityPolicy/resources/post-message-pass.html",
var loads = 0; "http://localhost:8080/security/contentSecurityPolicy/resources/post-message-pass.html"
function loadEvent() { ];
loads++;
testPassed("IFrame #" + loads + " generated a 'load' event."); let num_messages = 0;
if (loads == 3) let num_loads = 0;
finishJSTest();
} function maybe_finish() {
</script> if (num_messages == 2 && num_loads == 3) {
</head> t.done();
<body> }
<iframe src="/security/contentSecurityPolicy/resources/alert-pass.html" onload="loadEvent()"></iframe> };
<iframe src="http://localhost:8080/security/contentSecurityPolicy/resources/alert-pass.html" onload="loadEvent()"></iframe>
<iframe src="https://localhost:8443/security/contentSecurityPolicy/resources/alert-fail.html" onload="loadEvent()"></iframe> function run_url(url) {
</body> let iframe = document.createElement('iframe');
</html> iframe.src = url;
iframe.addEventListener('load', iframe_load);
document.body.appendChild(iframe);
};
function iframe_load(e) {
num_loads++;
maybe_finish();
if (test_urls.length > 0) {
run_url(test_urls.shift());
}
};
// We will only receive messages from content that actually loaded, which does
// not include any blocked content. The messages are asynchronous, so there's
// no way to know when we've waited "long enough" for a failure. This test is
// best-effort, in that it loads the failure case first; so if we receive
// "pass" messages for the subsequent iframes without receiving a "fail"
// message, we can have high confidence that the blocked content didn't load.
addEventListener('message', t.step_func(e => {
num_messages++;
assert_equals(e.data, 'PASS', 'Content from blocked frame should not load');
maybe_finish();
}));
onload = () => { run_url(test_urls.shift()) };
}, "IFrames blocked by CSP should generate a 'load' event, regardless of blocked state. This means they appear to be normal cross-origin loads, thereby not leaking URL information directly to JS.");
</script>
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment