nephele
/
haikuwebkit
1
0
Fork 0
Code Issues Releases Activity
haikuwebkit/LayoutTests/platform/win
History
Kate Cheney 4b0a22b5f3 Report correct blocked URI in CSP violation report 
https://bugs.webkit.org/show_bug.cgi?id=226316
<rdar://problem/78552912>

Reviewed by Alex Christensen.

Source/WebCore:

Tests: http/tests/security/contentSecurityPolicy/report-blocked-uri-after-blocked-redirect.html
       http/tests/security/contentSecurityPolicy/report-blocked-uri-after-multiple-redirects.html

Currently for a blocked redirection we report the blocked URI as the
target URL. This is not up to spec and we should actually report the
requested URL.

* loader/DocumentThreadableLoader.cpp:
(WebCore::DocumentThreadableLoader::redirectReceived):
(WebCore::DocumentThreadableLoader::isAllowedByContentSecurityPolicy):
* loader/DocumentThreadableLoader.h:
* page/csp/ContentSecurityPolicy.cpp:
(WebCore::ContentSecurityPolicy::allowConnectToSource const):
(WebCore::ContentSecurityPolicy::reportViolation const):
* page/csp/ContentSecurityPolicy.h:

Source/WebKit:

Currently for a blocked redirection we report the blocked URI as the
target URL. This is not up to spec and we should actually report the
requested URL.

* NetworkProcess/NetworkLoadChecker.cpp:
(WebKit::NetworkLoadChecker::check):
(WebKit::NetworkLoadChecker::checkRedirection):
(WebKit::NetworkLoadChecker::checkRequest):
(WebKit::NetworkLoadChecker::isAllowedByContentSecurityPolicy):
* NetworkProcess/NetworkLoadChecker.h:

LayoutTests:

* http/tests/security/contentSecurityPolicy/report-blocked-uri-after-blocked-redirect-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/report-blocked-uri-after-blocked-redirect.html: Added.
* http/tests/security/contentSecurityPolicy/report-blocked-uri-after-multiple-redirects-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/report-blocked-uri-after-multiple-redirects.html: Added.
* platform/mac-wk1/http/tests/security/contentSecurityPolicy/report-blocked-uri-after-multiple-redirects-expected.txt: Added.
* platform/mac-wk1/http/tests/security/contentSecurityPolicy/report-blocked-uri-after-blocked-redirect-expected.txt: Added.
* platform/win/http/tests/security/contentSecurityPolicy/report-blocked-uri-after-blocked-redirect-expected.txt: Added.
* platform/win/http/tests/security/contentSecurityPolicy/report-blocked-uri-after-multiple-redirects-expected.txt: Added.
WebKitLegacy and Win have different console logging.


Canonical link: https://commits.webkit.org/240818@main
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@281431 268f45cc-cd09-0410-ab3c-d52691b4dbfc
 		2021-08-23 02:24:23 +00:00
..
accessibility Fix for LayoutTests/accessibility/canvas-fallback-content.html in isolated tree mode. 2021-01-18 23:54:57 +00:00
animations
compositing Delete LayoutTests/platform/mac-mountainlion directory 2015-02-16 23:01:54 +00:00
css1
css2.1 Remove duplicate layout test results 2020-08-03 17:27:52 +00:00
css3 [Win] Implement scroll-snap-points on Windows 2021-06-04 11:05:02 +00:00
editing
fast Skip shadow-root creation for input element if it is not necessary 2021-06-20 10:53:42 +00:00
fonts
http Report correct blocked URI in CSP violation report 2021-08-23 02:24:23 +00:00
ietestcenter/css3
imported/w3c/web-platform-tests
inspector-protocol/debugger
inverted-colors
js/dom
mathml
media Remove unused JS and CSS files of media controls 2021-03-22 22:17:49 +00:00
performance-api [ Win EWS ] performance-api/performance-timeline-api.html needs to be rebaselined. 2021-08-17 23:10:11 +00:00
platform
plugins Remove duplicate layout test results 2020-08-03 17:27:52 +00:00
printing Remove <br> render tree dump quirk 2020-10-15 11:32:32 +00:00
scrollbars
streams/reference-implementation
svg
tables
transforms
transitions
webarchive/loading
TestExpectations overwriteCodePoint() in createAndFillGlyphPage() is wrong 2021-08-22 05:41:27 +00:00
aria-labelledby-overrides-aria-label-actual.txt