CSP: Fire 'securitypolicyviolation' events in Workers.

CSP: Fire 'securitypolicyviolation' events in Workers.

Currently, we fire a violation event only if the violation occurs within
a document. We ought to fire the event for Workers as well. This patch
does so.

Intent to Ship: https://groups.google.com/a/chromium.org/d/msg/blink-dev/VYhixsNgEHM/SilKZTYOAwAJ

BUG=665356
Committed: https://crrev.com/e597dade5ea41f95c5b50f564fbb1d77553c396b
Cr-Commit-Position: refs/heads/master@{#432835}

[Mike West, 2016-11-15 12:03:06]

The CQ bit was checked by mkwst@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2016-11-15 12:03:14]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[Mike West, 2016-11-15 12:36:13]

The CQ bit was checked by mkwst@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2016-11-15 12:36:29]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[Mike West, 2016-11-15 12:36:58]

mkwst@chromium.org changed reviewers:
+ estark@chromium.org, foolip@chromium.org

[Mike West, 2016-11-15 12:36:59]

foolip@: Interested in looking at these tests?

estark@: Mind looking at the code in your copious free time? :)

[commit-bot: I haz the power, 2016-11-15 13:23:13]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2016-11-15 13:23:13]

Dry run: Try jobs failed on following builders:
  linux_chromium_asan_rel_ng on master.tryserver.chromium.linux (JOB_FAILED,
http://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_...)

[Mike West, 2016-11-15 15:13:55]

The CQ bit was checked by mkwst@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2016-11-15 15:14:12]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[foolip, 2016-11-15 16:10:17]

tests lgtm % nits

https://codereview.chromium.org/2500383002/diff/40001/third_party/WebKit/Layo...
File
third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/resources/testharness-helper.js
(right):

https://codereview.chromium.org/2500383002/diff/40001/third_party/WebKit/Layo...
third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/resources/testharness-helper.js:2:
var context = (typeof WorkerGlobalScope === "function") ? self : document;
You did change the spec to bubble and all, could these tests all just use self,
with a single test to verify that the target is in fact document?

https://codereview.chromium.org/2500383002/diff/40001/third_party/WebKit/Layo...
File
third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/securitypolicyviolation/resources/inside-worker.php
(right):

https://codereview.chromium.org/2500383002/diff/40001/third_party/WebKit/Layo...
third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/securitypolicyviolation/resources/inside-worker.php:11:
if (e.data == "SecurityPolicyViolation from Document")
A simple typo here would break the tests. If this is the only message event
expected, instead assert what e.data is? Below too.

https://codereview.chromium.org/2500383002/diff/40001/third_party/WebKit/Layo...
third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/securitypolicyviolation/resources/inside-worker.php:23:
assert_no_csp_event_for_url(t,
"http://127.0.0.1:8000/security/resources/cors-hello.php");
Maybe break out the URL so that's it's obviously the same and typo-free?

[commit-bot: I haz the power, 2016-11-15 17:34:14]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2016-11-15 17:34:14]

Dry run: This issue passed the CQ dry run.

[estark, 2016-11-16 04:47:40]

lgtm

https://codereview.chromium.org/2500383002/diff/40001/third_party/WebKit/Layo...
File
third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/securitypolicyviolation/inside-dedicated-worker.html
(right):

https://codereview.chromium.org/2500383002/diff/40001/third_party/WebKit/Layo...
third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/securitypolicyviolation/inside-dedicated-worker.html:16:
// none are fired.
missing paren at the end

[Mike West, 2016-11-17 08:16:13]

The CQ bit was checked by mkwst@chromium.org

[Mike West, 2016-11-17 08:16:14]

The patchset sent to the CQ was uploaded after l-g-t-m from foolip@chromium.org,
estark@chromium.org
Link to the patchset: https://codereview.chromium.org/2500383002/#ps60001
(title: "Feedback.")

[commit-bot: I haz the power, 2016-11-17 08:16:43]

CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[Mike West, 2016-11-17 08:59:15]

Thanks to you both.

https://codereview.chromium.org/2500383002/diff/40001/third_party/WebKit/Layo...
File
third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/resources/testharness-helper.js
(right):

https://codereview.chromium.org/2500383002/diff/40001/third_party/WebKit/Layo...
third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/resources/testharness-helper.js:2:
var context = (typeof WorkerGlobalScope === "function") ? self : document;
On 2016/11/15 at 16:10:17, foolip wrote:
> You did change the spec to bubble and all, could these tests all just use
self, with a single test to verify that the target is in fact document?

Sure, makes sense.

https://codereview.chromium.org/2500383002/diff/40001/third_party/WebKit/Layo...
File
third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/securitypolicyviolation/resources/inside-worker.php
(right):

https://codereview.chromium.org/2500383002/diff/40001/third_party/WebKit/Layo...
third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/securitypolicyviolation/resources/inside-worker.php:11:
if (e.data == "SecurityPolicyViolation from Document")
On 2016/11/15 at 16:10:17, foolip wrote:
> A simple typo here would break the tests. If this is the only message event
expected, instead assert what e.data is? Below too.

I did this because I have no idea how `fetch_tests_from_worker` works. It must
send messages, right? But are they bidirectional? Who knows? I'd prefer to err
on the side of something test-specific.

[foolip, 2016-11-17 09:09:23]

https://codereview.chromium.org/2500383002/diff/40001/third_party/WebKit/Layo...
File
third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/securitypolicyviolation/resources/inside-worker.php
(right):

https://codereview.chromium.org/2500383002/diff/40001/third_party/WebKit/Layo...
third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/securitypolicyviolation/resources/inside-worker.php:11:
if (e.data == "SecurityPolicyViolation from Document")
On 2016/11/17 08:59:15, Mike West wrote:
> On 2016/11/15 at 16:10:17, foolip wrote:
> > A simple typo here would break the tests. If this is the only message event
> expected, instead assert what e.data is? Below too.
> 
> I did this because I have no idea how `fetch_tests_from_worker` works. It must
> send messages, right? But are they bidirectional? Who knows? I'd prefer to err
> on the side of something test-specific.

OK then :)

[commit-bot: I haz the power, 2016-11-17 10:37:02]

Committed patchset #4 (id:60001)

[commit-bot: I haz the power, 2016-11-17 10:39:39]

Description was changed from

==========
CSP: Fire 'securitypolicyviolation' events in Workers.

Currently, we fire a violation event only if the violation occurs within
a document. We ought to fire the event for Workers as well. This patch
does so.

Intent to Ship:
https://groups.google.com/a/chromium.org/d/msg/blink-dev/VYhixsNgEHM/SilKZTYO...

BUG=665356
==========

to

==========
CSP: Fire 'securitypolicyviolation' events in Workers.

Currently, we fire a violation event only if the violation occurs within
a document. We ought to fire the event for Workers as well. This patch
does so.

Intent to Ship:
https://groups.google.com/a/chromium.org/d/msg/blink-dev/VYhixsNgEHM/SilKZTYO...

BUG=665356

Committed: https://crrev.com/e597dade5ea41f95c5b50f564fbb1d77553c396b
Cr-Commit-Position: refs/heads/master@{#432835}
==========

[commit-bot: I haz the power, 2016-11-17 10:39:40]

Patchset 4 (id:??) landed as
https://crrev.com/e597dade5ea41f95c5b50f564fbb1d77553c396b
Cr-Commit-Position: refs/heads/master@{#432835}