[Signature-based SRI] Simplify path-based tests.

Currently, our tentative WPTs rely on a resource file that lives in the `/tentative` directory. This directory impacts the signature in some cases (e.g. the `@path` derived component), and it would be ideal to avoid that as we introduce more cases where it might occur. This CL moves the resouce file out of the `/tentative` directory so that the signatures will remain stable even as the tests shift from tentative to non-tentative. Bug: 383409584 Change-Id: Ie8cbba80e856e4a1b051e80e095875cefe7c5aa6 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/6268259 Commit-Queue: Mike West <mkwst@chromium.org> Reviewed-by: Joe DeBlasio <jdeblasio@chromium.org> Cr-Commit-Position: refs/heads/main@{#1421795}
web-platform-tests · Feb 19, 2025 · 9d6ac04 · 9d6ac04
1 parent a2f4f58
commit 9d6ac04
Show file tree

Hide file tree

Showing 3 changed files with 5 additions and 8 deletions.
diff --git a/...ntegrity/signatures/tentative/resource.py → subresource-integrity/signatures/resource.py b/...ntegrity/signatures/tentative/resource.py → subresource-integrity/signatures/resource.py
diff --git a/subresource-integrity/signatures/tentative/helper.js b/subresource-integrity/signatures/tentative/helper.js
@@ -37,7 +37,7 @@ function resourceURL(data) {
   data.type ??= "application/javascript";
   data.counter = counter;
   let params = new URLSearchParams(data);
-  return "./resource.py?" + params.toString();
+  return "/subresource-integrity/signatures/resource.py?" + params.toString();
 }
 
 function generate_fetch_test(request_data, integrity, expectation, description) {

diff --git a/subresource-integrity/signatures/tentative/path.window.js b/subresource-integrity/signatures/tentative/path.window.js
@@ -22,36 +22,33 @@
 //
 // {"hello": "world"}
 // ```
-//
-// TODO: When we remove the `tentative` label from the path, we'll need to
-// regenerate the expected signatures below, as the signature base will change.
 
 // Metadata from the response above:
 const kRequestsWithValidSignature = [
   // `unencoded-digest` then `@path`, with the following signature base:
   //
   // ```
   // "unencoded-digest";sf: sha-256=:PZJ+9CdAAIacg7wfUe4t/RkDQJVKM0mCZ2K7qiRhHFc=:
-  // "@path";req: /subresource-integrity/signatures/tentative/resource.py
+  // "@path";req: /subresource-integrity/signatures/resource.py
   // "@signature-params": ("unencoded-digest";sf "@path";req);keyid="JrQLj5P/89iXES9+vFgrIy29clF9CC/oPPsw3c5D0bs=";tag="sri"
   // ```
   {
     body: "window.hello = `world`;",
     digest: "sha-256=:PZJ+9CdAAIacg7wfUe4t/RkDQJVKM0mCZ2K7qiRhHFc=:",
-    signature: `signature=:7tDPtzmoGvVu/qv3xJgdlyy5ss6FobmL0aR7Gzez3BvyTMSlIOb4ErCNRDyCMK4UesKSwfOrIH1y7xgAdr/OBw==:`,
+    signature: `signature=:+sRkplliS3TanqASHirBTokxhOn6fRTodc7i6Q6PUMsSPP0RJ2Xdb/woWz0+JXaBXAfa55qj+N9paXP5j7DFCw==:`,
     signatureInput: `signature=("unencoded-digest";sf "@path";req);keyid="${kValidKeys['rfc']}";tag="sri"`
   },
   // `@path` then `unencoded-digest`, with the following signature base:
   //
   // ```
-  // "@path";req: /subresource-integrity/signatures/tentative/resource.py
+  // "@path";req: /subresource-integrity/signatures/resource.py
   // "unencoded-digest";sf: sha-256=:PZJ+9CdAAIacg7wfUe4t/RkDQJVKM0mCZ2K7qiRhHFc=:
   // "@signature-params": ("@path";req "unencoded-digest";sf);keyid="JrQLj5P/89iXES9+vFgrIy29clF9CC/oPPsw3c5D0bs=";tag="sri"
   // ```
   {
     body: "window.hello = `world`;",
     digest: "sha-256=:PZJ+9CdAAIacg7wfUe4t/RkDQJVKM0mCZ2K7qiRhHFc=:",
-    signature: `signature=:nw0vxi/Gj/UDbKTFddPEwKYAP5crT1sE916F+/rjb55LUaoxJcXDFPfUINzMOpHI5i6g6pn9tCOoFb6KwjXGDQ==:`,
+    signature: `signature=:YPH2/cRdbR+DPhb1hVG1BgwCpzPLECsAyBavmb7QaXtCF1Hx2QyYp0ki1mi7UftMOnLVpBJdfdLb99Nzf0XqDg==:`,
     signatureInput: `signature=("@path";req "unencoded-digest";sf);keyid="${kValidKeys['rfc']}";tag="sri"`
   }
 ];