New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 718935 link

Starred by 2 users
Status: Fixed
Owner:
xiaofeng...@intel.com
Email to this user bounced
Closed: Jul 2017
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 2
Type: Bug

Blocking:
issue 678905



Sign in to add a comment

Pass the web-platform-test: fetch-request-resources.https.html

Reported by m...@bocoup.com, May 5 2017 
UserAgent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/58.0.3029.81 Chrome/58.0.3029.81 Safari/537.36

Steps to reproduce the problem:
Run the test at external/wpt/service-workers/service-worker/fetch-request-resources.https.html

What is the expected behavior?
The test should pass

What went wrong?
The test fails

Did this work before? N/A 

Does this work in other browsers? N/A

Chrome version: 58.0.3029.81  Channel: n/a
OS Version: 
Flash Version: 

Chromium maintains a less rigorous version of this test at:

    http/tests/serviceworker/chromium.fetch-request-resources.html

That file should be removed when the upstream version can be made to pass.

Comment 1 by falken@chromium.org, May 8 2017

Blocking: 678905
Status: Available (was: Unconfirmed)
Failing expectation:
FAIL Verify FetchEvent for resources. assert_equals: integrity of Script load (url:https://web-platform.test:8444/service-workers/service-worker/resources/dummy?test21) must be      . expected "     " but got ""

Probably the failing test is:
script_integrity_test(f, LOCAL_URL, '     ', '     ');

Comment 2 by kkaluri@chromium.org, May 8 2017

Labels: TE-NeedsTriageHelp

Comment 3 by falken@chromium.org, May 9 2017

Labels: -TE-NeedsTriageHelp
Why TE-NeedsTriageHelp? This issue is triaged and has an component.

Comment 4 by xiaofeng...@intel.com, Jun 8 2017 

Hi falken, 
I am interested in this issue, and would like to own it.

After initial analysis, I think issue maybe caused by the missing of `integrity` implementation in blink::WebServiceWorkerRequest which will be used in DispatchFetchEvent.

So it seems Chrome is never support "Subresource Integrity"(https://www.w3.org/TR/SRI/) feature before?

Comment 5 by xiaofeng...@intel.com, Jun 15 2017 

I create a cl(https://codereview.chromium.org/2941883003/) that can make the failed tests(script_integrity_test and css_integrity_test) pass.

However, after investigation, I wonder if the tests are needed?

Because `integrity` feature is to verify if the hash values are matched instead of get back the value. And current chromium already has such verification implementation, see ParseIntegrityAttribute in SubresourceIntegrity.cpp and Resource::MustRefetchDueToIntegrityMetadata.

Comment 6 by falken@chromium.org, Jun 15 2017

Owner: xiaofeng...@intel.com
Status: Started (was: Available)
Sorry for missing the Jun 8 comment.

Thanks for working on this test.

I don't understand what you mean about whether the tests are needed. As I understand it, the test is doing something like:
<script src="src.js" integrity="blahblahblah">

And verifying that the FetchEvent has a request with integrity="blahblahblah". Do you know if the spec mandates this? If so, that's why the test is needed. If not, the test is not needed.

Comment 7 by xiaofeng...@intel.com, Jun 19 2017 

Thanks falken.
>Do you know if the spec mandates this?
I am not very sure. I'd like to continue working on the fix firstly.
Project Member

Comment 8 by bugdroid1@chromium.org, Jul 19 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/3f0fe92c5ed031281aa70e8598e03b538b73585a

commit 3f0fe92c5ed031281aa70e8598e03b538b73585a
Author: xiaofeng.zhang <xiaofeng.zhang@intel.com>
Date: Wed Jul 19 01:26:58 2017

[ServiceWorker] FetchEvent should returns integrity attribute

This patch is to pass the web-platform-test:fetch-request-resources.https.html.
Current failed cases(script_integrity_test and css_integrity_test) are caused
by integrity attribute data will not be returned in FetchEvent.

BUG= 718935 , 678905

Review-Url: https://codereview.chromium.org/2941883003
Cr-Commit-Position: refs/heads/master@{#487710}

[modify] https://crrev.com/3f0fe92c5ed031281aa70e8598e03b538b73585a/content/browser/loader/resource_dispatcher_host_impl.cc
[modify] https://crrev.com/3f0fe92c5ed031281aa70e8598e03b538b73585a/content/browser/service_worker/foreign_fetch_request_handler.cc
[modify] https://crrev.com/3f0fe92c5ed031281aa70e8598e03b538b73585a/content/browser/service_worker/foreign_fetch_request_handler.h
[modify] https://crrev.com/3f0fe92c5ed031281aa70e8598e03b538b73585a/content/browser/service_worker/foreign_fetch_request_handler_unittest.cc
[modify] https://crrev.com/3f0fe92c5ed031281aa70e8598e03b538b73585a/content/browser/service_worker/link_header_support_unittest.cc
[modify] https://crrev.com/3f0fe92c5ed031281aa70e8598e03b538b73585a/content/browser/service_worker/service_worker_context_request_handler_unittest.cc
[modify] https://crrev.com/3f0fe92c5ed031281aa70e8598e03b538b73585a/content/browser/service_worker/service_worker_controllee_request_handler.cc
[modify] https://crrev.com/3f0fe92c5ed031281aa70e8598e03b538b73585a/content/browser/service_worker/service_worker_controllee_request_handler.h
[modify] https://crrev.com/3f0fe92c5ed031281aa70e8598e03b538b73585a/content/browser/service_worker/service_worker_controllee_request_handler_unittest.cc
[modify] https://crrev.com/3f0fe92c5ed031281aa70e8598e03b538b73585a/content/browser/service_worker/service_worker_data_pipe_reader_unittest.cc
[modify] https://crrev.com/3f0fe92c5ed031281aa70e8598e03b538b73585a/content/browser/service_worker/service_worker_provider_host.cc
[modify] https://crrev.com/3f0fe92c5ed031281aa70e8598e03b538b73585a/content/browser/service_worker/service_worker_provider_host.h
[modify] https://crrev.com/3f0fe92c5ed031281aa70e8598e03b538b73585a/content/browser/service_worker/service_worker_request_handler.cc
[modify] https://crrev.com/3f0fe92c5ed031281aa70e8598e03b538b73585a/content/browser/service_worker/service_worker_request_handler.h
[modify] https://crrev.com/3f0fe92c5ed031281aa70e8598e03b538b73585a/content/browser/service_worker/service_worker_request_handler_unittest.cc
[modify] https://crrev.com/3f0fe92c5ed031281aa70e8598e03b538b73585a/content/browser/service_worker/service_worker_url_request_job.cc
[modify] https://crrev.com/3f0fe92c5ed031281aa70e8598e03b538b73585a/content/browser/service_worker/service_worker_url_request_job.h
[modify] https://crrev.com/3f0fe92c5ed031281aa70e8598e03b538b73585a/content/browser/service_worker/service_worker_url_request_job_unittest.cc
[modify] https://crrev.com/3f0fe92c5ed031281aa70e8598e03b538b73585a/content/browser/service_worker/service_worker_write_to_cache_job_unittest.cc
[modify] https://crrev.com/3f0fe92c5ed031281aa70e8598e03b538b73585a/content/child/web_url_loader_impl.cc
[modify] https://crrev.com/3f0fe92c5ed031281aa70e8598e03b538b73585a/content/child/web_url_request_util.cc
[modify] https://crrev.com/3f0fe92c5ed031281aa70e8598e03b538b73585a/content/child/web_url_request_util.h
[modify] https://crrev.com/3f0fe92c5ed031281aa70e8598e03b538b73585a/content/common/resource_messages.h
[modify] https://crrev.com/3f0fe92c5ed031281aa70e8598e03b538b73585a/content/common/service_worker/service_worker_fetch_request_struct_traits.cc
[modify] https://crrev.com/3f0fe92c5ed031281aa70e8598e03b538b73585a/content/common/service_worker/service_worker_fetch_request_struct_traits.h
[modify] https://crrev.com/3f0fe92c5ed031281aa70e8598e03b538b73585a/content/common/service_worker/service_worker_messages.h
[modify] https://crrev.com/3f0fe92c5ed031281aa70e8598e03b538b73585a/content/common/service_worker/service_worker_types.h
[modify] https://crrev.com/3f0fe92c5ed031281aa70e8598e03b538b73585a/content/public/common/resource_request.h
[modify] https://crrev.com/3f0fe92c5ed031281aa70e8598e03b538b73585a/content/renderer/service_worker/service_worker_context_client.cc
[delete] https://crrev.com/b23b23ecf4b942ef20299133947baaac267c61cd/third_party/WebKit/LayoutTests/external/wpt/service-workers/service-worker/fetch-request-resources.https-expected.txt
[delete] https://crrev.com/b23b23ecf4b942ef20299133947baaac267c61cd/third_party/WebKit/LayoutTests/http/tests/serviceworker/chromium.fetch-request-resources.html
[modify] https://crrev.com/3f0fe92c5ed031281aa70e8598e03b538b73585a/third_party/WebKit/Source/core/dom/ScriptLoader.cpp
[modify] https://crrev.com/3f0fe92c5ed031281aa70e8598e03b538b73585a/third_party/WebKit/Source/core/html/LinkStyle.cpp
[modify] https://crrev.com/3f0fe92c5ed031281aa70e8598e03b538b73585a/third_party/WebKit/Source/modules/fetch/FetchRequestData.cpp
[modify] https://crrev.com/3f0fe92c5ed031281aa70e8598e03b538b73585a/third_party/WebKit/Source/modules/fetch/Request.cpp
[modify] https://crrev.com/3f0fe92c5ed031281aa70e8598e03b538b73585a/third_party/WebKit/Source/platform/exported/WebServiceWorkerRequest.cpp
[modify] https://crrev.com/3f0fe92c5ed031281aa70e8598e03b538b73585a/third_party/WebKit/Source/platform/exported/WebURLRequest.cpp
[modify] https://crrev.com/3f0fe92c5ed031281aa70e8598e03b538b73585a/third_party/WebKit/Source/platform/loader/fetch/ResourceRequest.cpp
[modify] https://crrev.com/3f0fe92c5ed031281aa70e8598e03b538b73585a/third_party/WebKit/Source/platform/loader/fetch/ResourceRequest.h
[modify] https://crrev.com/3f0fe92c5ed031281aa70e8598e03b538b73585a/third_party/WebKit/Source/platform/mojo/FetchAPIRequestStructTraits.cpp
[modify] https://crrev.com/3f0fe92c5ed031281aa70e8598e03b538b73585a/third_party/WebKit/Source/platform/mojo/FetchAPIRequestStructTraits.h
[modify] https://crrev.com/3f0fe92c5ed031281aa70e8598e03b538b73585a/third_party/WebKit/public/platform/WebURLRequest.h
[modify] https://crrev.com/3f0fe92c5ed031281aa70e8598e03b538b73585a/third_party/WebKit/public/platform/modules/fetch/fetch_api_request.mojom
[modify] https://crrev.com/3f0fe92c5ed031281aa70e8598e03b538b73585a/third_party/WebKit/public/platform/modules/serviceworker/WebServiceWorkerRequest.h

Comment 9 by nhiroki@chromium.org, Jul 26 2017 

xiaofeng.zhang@: regarding c#8, is this developer-facing change? If so, are there chromestatus entry, intent-to-ship etc?

(I'm now writing up the worker updates to be sent to blink-dev)

Comment 10 by xiaofeng...@intel.com, Jul 26 2017 

nhiroki@, it's not developer-facing change, it is spec requirement.
But I didn't fully understand that before, here (https://github.com/w3c/webappsec-subresource-integrity/issues/71) is the detailed explanation from w3c owner @wanderview.

I think we can close this issue now/

Comment 11 by xiaofeng...@intel.com, Jul 26 2017

Status: Fixed (was: Started)

Comment 12 by shimazu@chromium.org, Jul 27 2017 

Re c#9:
I think we don't need a chromestatus entry and intent-to-ship because this change only fixes the content of "Request.integrity" attribute and didn't change any idl.

Sign in to add a comment