mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-24 18:55:30 +00:00
Bug 1456723
[wpt PR 10626] - Process, but do not enforce X-Frame-Options on redirects., a=testonly
Automatic update from web-platform-testsProcess, but do not enforce X-Frame-Options on redirects. In order to make a reasonable decision about the reasonable-sounding feature request in https://crbug.com/835465, this patch starts processing XFO headers on redirect responses in order to collect metrics about how many requests we'd impact by tightening our enforcement. Bug: 835465 Change-Id: Ieb4571aae10e31fb61f1ccc245da5eb5dab791ae Reviewed-on: https://chromium-review.googlesource.com/1023393 Commit-Queue: Mike West <mkwst@chromium.org> Reviewed-by: Alex Moshchuk <alexmos@chromium.org> Cr-Commit-Position: refs/heads/master@{#553520} -- wpt-commits: 6d7173c4c7f024e537de9257a1b4727368b88006 wpt-pr: 10626
This commit is contained in:
parent
e73cdff3ee
commit
54400b1a60
@ -300810,6 +300810,11 @@
|
||||
{}
|
||||
]
|
||||
],
|
||||
"x-frame-options/support/redirect.py": [
|
||||
[
|
||||
{}
|
||||
]
|
||||
],
|
||||
"x-frame-options/support/xfo.py": [
|
||||
[
|
||||
{}
|
||||
@ -375117,6 +375122,12 @@
|
||||
{}
|
||||
]
|
||||
],
|
||||
"x-frame-options/redirect.sub.html": [
|
||||
[
|
||||
"/x-frame-options/redirect.sub.html",
|
||||
{}
|
||||
]
|
||||
],
|
||||
"x-frame-options/sameorigin.sub.html": [
|
||||
[
|
||||
"/x-frame-options/sameorigin.sub.html",
|
||||
@ -616382,6 +616393,10 @@
|
||||
"5c266799477994fe820a244fd6b5b6e7822748a0",
|
||||
"testharness"
|
||||
],
|
||||
"x-frame-options/redirect.sub.html": [
|
||||
"df0a1d522288313f4e63e6700a840f9d70622679",
|
||||
"testharness"
|
||||
],
|
||||
"x-frame-options/sameorigin.sub.html": [
|
||||
"93498833866f7f7084c08cc22aec78a31ef1721b",
|
||||
"testharness"
|
||||
@ -616394,6 +616409,10 @@
|
||||
"8cfd9ef877a813898ea2f5741ffc56ae1c6f95dc",
|
||||
"support"
|
||||
],
|
||||
"x-frame-options/support/redirect.py": [
|
||||
"195bea24439940535974f3e7f6cd000e7285c8ea",
|
||||
"support"
|
||||
],
|
||||
"x-frame-options/support/xfo.py": [
|
||||
"722b135e1633e63fbfcb06bca4759a9568a84ee8",
|
||||
"support"
|
||||
|
19
testing/web-platform/tests/x-frame-options/redirect.sub.html
Normal file
19
testing/web-platform/tests/x-frame-options/redirect.sub.html
Normal file
@ -0,0 +1,19 @@
|
||||
<!DOCTYPE html>
|
||||
<script src="/resources/testharness.js"></script>
|
||||
<script src="/resources/testharnessreport.js"></script>
|
||||
<script src="./support/helper.js"></script>
|
||||
<body>
|
||||
<script>
|
||||
async_test(t => {
|
||||
var i = document.createElement('iframe');
|
||||
i.src = "./support/redirect.py?value=DENY&url=/x-frame-options/support/xfo.py%3Fvalue%3DALLOWALL";
|
||||
|
||||
wait_for_message_from(i, t)
|
||||
.then(t.step_func_done(e => {
|
||||
assert_equals(e.data, "Loaded");
|
||||
i.remove();
|
||||
}));
|
||||
|
||||
document.body.appendChild(i);
|
||||
}, "XFO on redirect responses is ignored.");
|
||||
</script>
|
@ -0,0 +1,4 @@
|
||||
def main(request, response):
|
||||
response.status = 302
|
||||
response.headers.set("X-Frame-Options", request.GET.first("value"))
|
||||
response.headers.set("Location", request.GET.first("url"))
|
Loading…
Reference in New Issue
Block a user