Add Preload + SRI image destination tests
This CL adds all of the Preload + SRI tests for the as=image
destination. Chrome is not implementing Preload + SRI on non-{script,
style} destinations immediately, but it is good to add the tests for
these destinations so that the future implementation's success can
easily be tracked and measured.
R=kouhei@chromium.org, yhirano@chromium.org
Bug: 981419
Change-Id: I7e04c4ff9df400942782ab224ea5148f9874969f
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1689511
Reviewed-by: Yutaka Hirano <yhirano@chromium.org>
Commit-Queue: Dominic Farolino <dom@chromium.org>
Cr-Commit-Position: refs/heads/master@{#674980}
diff --git a/third_party/blink/web_tests/external/wpt/preload/subresource-integrity-expected.txt b/third_party/blink/web_tests/external/wpt/preload/subresource-integrity-expected.txt
new file mode 100644
index 0000000..a754027
--- /dev/null
+++ b/third_party/blink/web_tests/external/wpt/preload/subresource-integrity-expected.txt
@@ -0,0 +1,69 @@
+This is a testharness.js-based test.
+Found 65 tests; 59 PASS, 6 FAIL, 0 TIMEOUT, 0 NOTRUN.
+PASS Same-origin script with correct sha256 hash.
+PASS Same-origin script with correct sha384 hash.
+PASS Same-origin script with correct sha512 hash.
+PASS Same-origin script with empty integrity.
+PASS Same-origin script with incorrect hash.
+PASS Same-origin script with multiple sha256 hashes, including correct.
+PASS Same-origin script with multiple sha256 hashes, including unknown algorithm.
+PASS Same-origin script with sha256 mismatch, sha512 match
+PASS Same-origin script with sha256 match, sha512 mismatch
+PASS <crossorigin='anonymous'> script with correct hash, ACAO: *
+PASS <crossorigin='anonymous'> script with incorrect hash, ACAO: *
+PASS <crossorigin='use-credentials'> script with correct hash, CORS-eligible
+PASS <crossorigin='use-credentials'> script with incorrect hash CORS-eligible
+PASS <crossorigin='anonymous'> script with CORS-ineligible resource
+PASS Cross-origin script, not CORS request, with correct hash
+PASS Cross-origin script, not CORS request, with hash mismatch
+PASS Cross-origin script, empty integrity
+PASS Same-origin script with correct hash, options.
+PASS Same-origin script with unknown algorithm only.
+PASS Same-origin script with matching digest re-uses preload with matching digest.
+PASS Same-origin script with non-matching digest does not re-use preload with matching digest.
+PASS Same-origin script with matching digest does not re-use preload with non-matching digest.
+PASS Same-origin script with non-matching digest does not re-use preload with non-matching digest.
+PASS Same-origin style with correct sha256 hash.
+PASS Same-origin style with correct sha384 hash.
+PASS Same-origin style with correct sha512 hash.
+PASS Same-origin style with empty integrity.
+PASS Same-origin style with incorrect hash.
+PASS Same-origin style with multiple sha256 hashes, including correct.
+PASS Same-origin style with multiple sha256 hashes, including unknown algorithm.
+PASS Same-origin style with sha256 mismatch, sha512 match
+PASS Same-origin style with sha256 match, sha512 mismatch
+PASS <crossorigin='anonymous'> style with correct hash, ACAO: *
+PASS <crossorigin='anonymous'> style with incorrect hash, ACAO: *
+PASS <crossorigin='use-credentials'> style with correct hash, CORS-eligible
+PASS <crossorigin='use-credentials'> style with incorrect hash CORS-eligible
+PASS <crossorigin='anonymous'> style with CORS-ineligible resource
+PASS Cross-origin style, not CORS request, with correct hash
+PASS Cross-origin style, not CORS request, with hash mismatch
+PASS Cross-origin style, empty integrity
+PASS Same-origin style with correct hash, options.
+PASS Same-origin style with unknown algorithm only.
+PASS Same-origin style with matching digest re-uses preload with matching digest.
+PASS Same-origin style with non-matching digest does not re-use preload with matching digest.
+PASS Same-origin style with matching digest does not re-use preload with non-matching digest.
+PASS Same-origin style with non-matching digest does not re-use preload with non-matching digest.
+PASS Same-origin image with correct sha256 hash.
+PASS Same-origin image with correct sha384 hash.
+PASS Same-origin image with correct sha512 hash.
+PASS Same-origin image with empty integrity.
+FAIL Same-origin image with incorrect hash. assert_unreached: Invalid subresource load succeeded. Reached unreachable code
+PASS Same-origin image with multiple sha256 hashes, including correct.
+PASS Same-origin image with multiple sha256 hashes, including unknown algorithm.
+PASS Same-origin image with sha256 mismatch, sha512 match
+FAIL Same-origin image with sha256 match, sha512 mismatch assert_unreached: Invalid subresource load succeeded. Reached unreachable code
+PASS <crossorigin='anonymous'> image with correct hash, ACAO: *
+FAIL <crossorigin='anonymous'> image with incorrect hash, ACAO: * assert_unreached: Invalid subresource load succeeded. Reached unreachable code
+PASS <crossorigin='use-credentials'> image with correct hash, CORS-eligible
+FAIL <crossorigin='use-credentials'> image with incorrect hash CORS-eligible assert_unreached: Invalid subresource load succeeded. Reached unreachable code
+PASS <crossorigin='anonymous'> image with CORS-ineligible resource
+FAIL Cross-origin image, not CORS request, with correct hash assert_unreached: Invalid subresource load succeeded. Reached unreachable code
+FAIL Cross-origin image, not CORS request, with hash mismatch assert_unreached: Invalid subresource load succeeded. Reached unreachable code
+PASS Cross-origin image, empty integrity
+PASS Same-origin image with correct hash, options.
+PASS Same-origin image with unknown algorithm only.
+Harness: the test ran to completion.
+
diff --git a/third_party/blink/web_tests/external/wpt/preload/subresource-integrity.html b/third_party/blink/web_tests/external/wpt/preload/subresource-integrity.html
index 08c7854a..52ec0f6 100644
--- a/third_party/blink/web_tests/external/wpt/preload/subresource-integrity.html
+++ b/third_party/blink/web_tests/external/wpt/preload/subresource-integrity.html
@@ -27,6 +27,12 @@
sha384: 'sha384-wDAWxH4tOWBwAwHfBn9B7XuNmFxHTMeigAMwn0iVQ0zq3FtmYMLxihcGnU64CwcX',
sha512: 'sha512-9wXDjd6Wq3H6nPAhI9zOvG7mJkUr03MTxaO+8ztTKnfJif42laL93Be/IF6YYZHHF4esitVYxiwpY2HSZX4l6w=='
},
+ {
+ destination: 'image', ext: '.png', supports_sri: false,
+ sha256: 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=',
+ sha384: 'sha384-OLBgp1GsljhM2TJ+sbHjaiH9txEUvgdDTAzHv2P24donTt6/529l+9Ua0vFImLlb',
+ sha512: 'sha512-z4PhNX7vuL3xVChQ1m2AB9Yg5AULVxXcg/SpIdNs6c5H0NE8XYXysP+DGNKHfuwvY7kxvUdBeoGlODJ6+SfaPg=='
+ },
// TODO(domfarolino): Add more destinations.
];
diff --git a/third_party/blink/web_tests/external/wpt/resources/sriharness.js b/third_party/blink/web_tests/external/wpt/resources/sriharness.js
index fe8ad2b..d30d483 100644
--- a/third_party/blink/web_tests/external/wpt/resources/sriharness.js
+++ b/third_party/blink/web_tests/external/wpt/resources/sriharness.js
@@ -34,6 +34,13 @@
document.body.appendChild(e);
};
+function set_extra_attributes(element, attrs) {
+ // Apply the rest of the attributes, if any.
+ for (const [attr_name, attr_val] of Object.entries(attrs)) {
+ element[attr_name] = attr_val;
+ }
+}
+
function buildElementFromDestination(resource_url, destination, attrs) {
// Assert: |destination| is a valid destination.
let element;
@@ -45,26 +52,24 @@
switch (destination) {
case "script":
element = document.createElement(destination);
+ set_extra_attributes(element, attrs);
element.src = resource_url;
break;
case "style":
element = document.createElement('link');
+ set_extra_attributes(element, attrs);
element.rel = 'stylesheet';
element.href = resource_url;
break;
case "image":
element = document.createElement('img');
+ set_extra_attributes(element, attrs);
element.src = resource_url;
break;
default:
assert_unreached("INVALID DESTINATION");
}
- // Apply the rest of the attributes, if any.
- for (const [attr_name, attr_val] of Object.entries(attrs)) {
- element[attr_name] = attr_val;
- }
-
return element;
}
diff --git a/third_party/blink/web_tests/external/wpt/subresource-integrity/image.png b/third_party/blink/web_tests/external/wpt/subresource-integrity/image.png
new file mode 100644
index 0000000..01c9666a
--- /dev/null
+++ b/third_party/blink/web_tests/external/wpt/subresource-integrity/image.png
Binary files differ
