116067 – CSP: Redirects in DocumentThreadableLoader should respect the active policy

RESOLVED DUPLICATE of bug 69359 116067

CSP: Redirects in DocumentThreadableLoader should respect the active policy

https://bugs.webkit.org/show_bug.cgi?id=116067

Summary CSP: Redirects in DocumentThreadableLoader should respect the active policy

Ryosuke Niwa

Reported 2013-05-13 16:03:47 PDT

We should probably merge https://chromium.googlesource.com/chromium/blink/+/2853f594838e8bf24813482ad02f87853cae4366 CSP: Redirects in DocumentThreadableLoader should respect the active policy. Canary currently fails test 150[1] and 156[2] of Erlend Oftedal's "CSP Testing" checks[3]. Both fail because we currently only check the URL to which an XHR connects during 'xhr.open()'. This patch adjusts the checks happening inside DocumentThreadableLoader::redirectReceived in order to verify that the URL to which we've been redirected passes through the page's Content Security Policy as well. [1]: http://csptesting.herokuapp.com/test/load/150 [2]: http://csptesting.herokuapp.com/test/load/156 [3]: http://csptesting.herokuapp.com/

Attachments
Add attachment proposed patch, testcase, etc.

Daniel Bates

Comment 1 2016-01-15 14:38:56 PST

*** This bug has been marked as a duplicate of bug 69359 ***

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution DUPLICATE

of bug 69359

Priority P2

Severity Normal

Classification Unclassified

Version 528+ (Nightly build)

Hardware Unspecified

OS Unspecified

Product WebKit

Component Page Loading

Assignee

Nobody

Reported

2013-05-13 16:03 PDT

Modified

2016-01-15 14:38 PST History

CC List

4 users Show

URL

Keywords BlinkMergeCandidate

Depends on

Blocks