Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Check the bundle URL for CSP while loading urn:uuid resources #654

Merged
merged 4 commits into from
Jun 23, 2021
Merged

Check the bundle URL for CSP while loading urn:uuid resources #654

merged 4 commits into from
Jun 23, 2021

Conversation

horo-t
Copy link
Collaborator

@horo-t horo-t commented May 11, 2021

I created this pull request on @hayatoito 's behalf (PR #653 for Issue #651), because he is busy on other tasks.

Here is the Chromium side CL: https://crrev.com/c/2886721

@horo-t horo-t requested review from hayatoito and kinu May 11, 2021 14:25
@horo-t horo-t mentioned this pull request May 11, 2021
Closed
chromium-wpt-export-bot pushed a commit to web-platform-tests/wpt that referenced this pull request May 11, 2021
@horo-t @chromium-wpt-export-bot
Check the bundle URL for CSP while loading urn:uuid resources
90f7c02 
Explainer PR: WICG/webpackage#654

Change-Id: I82ee816dcf5664f130c9fb5de844143bb7276b30
@chromium-wpt-export-bot chromium-wpt-export-bot mentioned this pull request May 11, 2021
Merged
chromium-wpt-export-bot pushed a commit to web-platform-tests/wpt that referenced this pull request May 12, 2021
@horo-t @chromium-wpt-export-bot
Check the bundle URL for CSP while loading urn:uuid resources
142ce94 
Explainer PR: WICG/webpackage#654

Change-Id: I82ee816dcf5664f130c9fb5de844143bb7276b30
kinu
kinu reviewed May 12, 2021
View reviewed changes
explainers/subresource-loading-opaque-origin-iframes.md Outdated
allowed when "\*" is set in the CSP
[source expression](https://w3c.github.io/webappsec-csp/#source-expression).
This is different from the CSP behavior that `data:` and `blob:` schemes are
excluded from matching a policy of "\*".
Copy link
Collaborator

@kinu kinu May 12, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could we also write why (extract some relevant part from the issue about why) it is okay for urn:uuid (contrary to data: and blob: where it's considered not okay) to do this?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done. How about this?
4f06ad3

chromium-wpt-export-bot pushed a commit to web-platform-tests/wpt that referenced this pull request May 12, 2021
@horo-t @chromium-wpt-export-bot
Check the bundle URL for CSP while loading urn:uuid resources
356e86d 
Explainer PR: WICG/webpackage#654

Change-Id: I82ee816dcf5664f130c9fb5de844143bb7276b30
chromium-wpt-export-bot pushed a commit to web-platform-tests/wpt that referenced this pull request May 12, 2021
@horo-t @chromium-wpt-export-bot
Check the bundle URL for CSP while loading urn:uuid resources
6040d3c 
Explainer PR: WICG/webpackage#654

Change-Id: I82ee816dcf5664f130c9fb5de844143bb7276b30
chromium-wpt-export-bot pushed a commit to web-platform-tests/wpt that referenced this pull request May 12, 2021
@horo-t @chromium-wpt-export-bot
Check the bundle URL for CSP while loading urn:uuid resources
3a80259 
Explainer PR: WICG/webpackage#654

Bug: 1082020

Change-Id: I82ee816dcf5664f130c9fb5de844143bb7276b30
chromium-wpt-export-bot pushed a commit to web-platform-tests/wpt that referenced this pull request May 12, 2021
@horo-t @chromium-wpt-export-bot
Check the bundle URL for CSP while loading urn:uuid resources
13d8295 
Explainer PR: WICG/webpackage#654

Bug: 1082020

Change-Id: I82ee816dcf5664f130c9fb5de844143bb7276b30
chromium-wpt-export-bot pushed a commit to web-platform-tests/wpt that referenced this pull request May 13, 2021
@horo-t @chromium-wpt-export-bot
Check the bundle URL for CSP while loading urn:uuid resources
5b0d307 
Explainer PR: WICG/webpackage#654

Bug: 1082020

Change-Id: I82ee816dcf5664f130c9fb5de844143bb7276b30
@horo-t horo-t requested a review from kinu May 14, 2021 05:59
chromium-wpt-export-bot pushed a commit to web-platform-tests/wpt that referenced this pull request May 14, 2021
@horo-t @chromium-wpt-export-bot
Check the bundle URL for CSP while loading urn:uuid resources
b0c15ab 
Explainer PR: WICG/webpackage#654

Bug: 1082020

Change-Id: I82ee816dcf5664f130c9fb5de844143bb7276b30
chromium-wpt-export-bot pushed a commit to web-platform-tests/wpt that referenced this pull request May 17, 2021
@horo-t @chromium-wpt-export-bot
Check the bundle URL for CSP while loading urn:uuid resources
c677ef4 
Explainer PR: WICG/webpackage#654

Bug: 1082020

Change-Id: I82ee816dcf5664f130c9fb5de844143bb7276b30
chromium-wpt-export-bot pushed a commit to web-platform-tests/wpt that referenced this pull request May 18, 2021
@horo-t @chromium-wpt-export-bot
Check the bundle URL for CSP while loading urn:uuid resources
fb51e33 
Explainer PR: WICG/webpackage#654

Bug: 1082020

Change-Id: I82ee816dcf5664f130c9fb5de844143bb7276b30
chromium-wpt-export-bot pushed a commit to web-platform-tests/wpt that referenced this pull request May 18, 2021
@horo-t @chromium-wpt-export-bot
Check the bundle URL for CSP while loading urn:uuid resources
6fd462b 
Explainer PR: WICG/webpackage#654

Bug: 1082020

Change-Id: I82ee816dcf5664f130c9fb5de844143bb7276b30
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2886721
Reviewed-by: Hayato Ito <hayato@chromium.org>
Reviewed-by: Kinuko Yasuda <kinuko@chromium.org>
Reviewed-by: Antonio Sartori <antoniosartori@chromium.org>
Reviewed-by: Kunihiko Sakamoto <ksakamoto@chromium.org>
Commit-Queue: Tsuyoshi Horo <horo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#883887}
chromium-wpt-export-bot pushed a commit to web-platform-tests/wpt that referenced this pull request May 18, 2021
@horo-t @chromium-wpt-export-bot
Check the bundle URL for CSP while loading urn:uuid resources
65a85ed 
Explainer PR: WICG/webpackage#654

Bug: 1082020

Change-Id: I82ee816dcf5664f130c9fb5de844143bb7276b30
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2886721
Reviewed-by: Hayato Ito <hayato@chromium.org>
Reviewed-by: Kinuko Yasuda <kinuko@chromium.org>
Reviewed-by: Antonio Sartori <antoniosartori@chromium.org>
Reviewed-by: Kunihiko Sakamoto <ksakamoto@chromium.org>
Commit-Queue: Tsuyoshi Horo <horo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#883887}
blueboxd pushed a commit to blueboxd/chromium-legacy that referenced this pull request May 18, 2021
@horo-t
Check the bundle URL for CSP while loading urn:uuid resources
7a2408f 
Explainer PR: WICG/webpackage#654

Bug: 1082020

Change-Id: I82ee816dcf5664f130c9fb5de844143bb7276b30
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2886721
Reviewed-by: Hayato Ito <hayato@chromium.org>
Reviewed-by: Kinuko Yasuda <kinuko@chromium.org>
Reviewed-by: Antonio Sartori <antoniosartori@chromium.org>
Reviewed-by: Kunihiko Sakamoto <ksakamoto@chromium.org>
Commit-Queue: Tsuyoshi Horo <horo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#883887}
moz-v2v-gh pushed a commit to mozilla/gecko-dev that referenced this pull request May 20, 2021
@horo-t @moz-wptsync-bot
Bug 1710653 [wpt PR 28958] - Check the bundle URL for CSP while loadi…
227d66a 
…ng urn:uuid resources, a=testonly

Automatic update from web-platform-tests
Check the bundle URL for CSP while loading urn:uuid resources

Explainer PR: WICG/webpackage#654

Bug: 1082020

Change-Id: I82ee816dcf5664f130c9fb5de844143bb7276b30
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2886721
Reviewed-by: Hayato Ito <hayato@chromium.org>
Reviewed-by: Kinuko Yasuda <kinuko@chromium.org>
Reviewed-by: Antonio Sartori <antoniosartori@chromium.org>
Reviewed-by: Kunihiko Sakamoto <ksakamoto@chromium.org>
Commit-Queue: Tsuyoshi Horo <horo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#883887}

--

wpt-commits: 65a85edb4ba6663db9a20755771c7d8ac5cedb03
wpt-pr: 28958
@horo-t
Copy link
Collaborator Author

horo-t commented May 24, 2021

@hayatoito @kinu
Ping?

hayatoito
hayatoito approved these changes May 24, 2021
View reviewed changes
Copy link
Collaborator

@hayatoito hayatoito left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

kinu
kinu approved these changes May 24, 2021
View reviewed changes
Copy link
Collaborator

@kinu kinu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry for the delay, lgtm!

@horo-t horo-t requested a review from jyasskin May 24, 2021 06:55
@horo-t
Copy link
Collaborator Author

horo-t commented May 24, 2021

@jyasskin
Could you please review this PR if you have time?

jyasskin
jyasskin approved these changes Jun 23, 2021
View reviewed changes
Copy link
Member

@jyasskin jyasskin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry for the slow review. This looks good.

@jyasskin jyasskin merged commit 39b429d into WICG:main Jun 23, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jyasskin jyasskin jyasskin approved these changes

@hayatoito hayatoito hayatoito approved these changes

@kinu kinu kinu approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@horo-t @jyasskin @hayatoito @kinu