nephele
/
haikuwebkit
1
0
Fork 0
Code Issues Releases Activity
haikuwebkit/LayoutTests/platform/win/http/tests
History
Kate Cheney 4b0a22b5f3 Report correct blocked URI in CSP violation report 
https://bugs.webkit.org/show_bug.cgi?id=226316
<rdar://problem/78552912>

Reviewed by Alex Christensen.

Source/WebCore:

Tests: http/tests/security/contentSecurityPolicy/report-blocked-uri-after-blocked-redirect.html
       http/tests/security/contentSecurityPolicy/report-blocked-uri-after-multiple-redirects.html

Currently for a blocked redirection we report the blocked URI as the
target URL. This is not up to spec and we should actually report the
requested URL.

* loader/DocumentThreadableLoader.cpp:
(WebCore::DocumentThreadableLoader::redirectReceived):
(WebCore::DocumentThreadableLoader::isAllowedByContentSecurityPolicy):
* loader/DocumentThreadableLoader.h:
* page/csp/ContentSecurityPolicy.cpp:
(WebCore::ContentSecurityPolicy::allowConnectToSource const):
(WebCore::ContentSecurityPolicy::reportViolation const):
* page/csp/ContentSecurityPolicy.h:

Source/WebKit:

Currently for a blocked redirection we report the blocked URI as the
target URL. This is not up to spec and we should actually report the
requested URL.

* NetworkProcess/NetworkLoadChecker.cpp:
(WebKit::NetworkLoadChecker::check):
(WebKit::NetworkLoadChecker::checkRedirection):
(WebKit::NetworkLoadChecker::checkRequest):
(WebKit::NetworkLoadChecker::isAllowedByContentSecurityPolicy):
* NetworkProcess/NetworkLoadChecker.h:

LayoutTests:

* http/tests/security/contentSecurityPolicy/report-blocked-uri-after-blocked-redirect-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/report-blocked-uri-after-blocked-redirect.html: Added.
* http/tests/security/contentSecurityPolicy/report-blocked-uri-after-multiple-redirects-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/report-blocked-uri-after-multiple-redirects.html: Added.
* platform/mac-wk1/http/tests/security/contentSecurityPolicy/report-blocked-uri-after-multiple-redirects-expected.txt: Added.
* platform/mac-wk1/http/tests/security/contentSecurityPolicy/report-blocked-uri-after-blocked-redirect-expected.txt: Added.
* platform/win/http/tests/security/contentSecurityPolicy/report-blocked-uri-after-blocked-redirect-expected.txt: Added.
* platform/win/http/tests/security/contentSecurityPolicy/report-blocked-uri-after-multiple-redirects-expected.txt: Added.
WebKitLegacy and Win have different console logging.


Canonical link: https://commits.webkit.org/240818@main
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@281431 268f45cc-cd09-0410-ab3c-d52691b4dbfc
 		2021-08-23 02:24:23 +00:00
..
images
inspector
loading [LayoutTests] Convert http/tests/misc convert PHP to Python 2021-03-03 17:14:52 +00:00
local
misc Rebaselining [ Win EWS ] http/tests/misc/webtiming-slow-load.py. 2021-08-17 20:44:04 +00:00
multipart
navigation
security Report correct blocked URI in CSP violation report 2021-08-23 02:24:23 +00:00
uri
webarchive
workers
xmlhttprequest Perform port blocking earlier in the load 2021-04-17 03:22:00 +00:00