Changeset 116268 in webkit
- Timestamp:
- May 6, 2012 9:34:30 PM (12 years ago)
- Location:
- trunk
- Files:
-
- 10 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r116263 r116268 1 2012-05-06 Adam Barth <abarth@webkit.org> 2 3 Content Security Policy reports should be reported with content-type application/json, should contain all required fields 4 https://bugs.webkit.org/show_bug.cgi?id=61360 5 6 Reviewed by Eric Seidel. 7 8 Update results to show JSON format. 9 10 * http/tests/security/contentSecurityPolicy/report-and-enforce-expected.txt: 11 * http/tests/security/contentSecurityPolicy/report-only-expected.txt: 12 * http/tests/security/contentSecurityPolicy/report-only-from-header-expected.txt: 13 * http/tests/security/contentSecurityPolicy/report-uri-expected.txt: 14 * http/tests/security/contentSecurityPolicy/report-uri-from-child-frame-expected.txt: 15 * http/tests/security/contentSecurityPolicy/resources/save-report.php: 16 1 17 2012-05-06 Kenichi Ishibashi <bashi@chromium.org> 2 18 -
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/report-and-enforce-expected.txt
r116254 r116268 5 5 6 6 CSP report received: 7 CONTENT_TYPE: application/ x-www-form-urlencoded7 CONTENT_TYPE: application/json 8 8 HTTP_REFERER: http://127.0.0.1:8000/security/contentSecurityPolicy/report-and-enforce.html 9 9 REQUEST_METHOD: POST 10 10 === POST DATA === 11 document-url: http://127.0.0.1:8000/security/contentSecurityPolicy/report-and-enforce.html 12 violated-directive: script-src 'self' 11 {"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-and-enforce.html","violated-directive":"script-src 'self'"}} -
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/report-only-expected.txt
r104803 r116268 3 3 ALERT: PASS 4 4 CSP report received: 5 CONTENT_TYPE: application/ x-www-form-urlencoded5 CONTENT_TYPE: application/json 6 6 HTTP_REFERER: http://127.0.0.1:8000/security/contentSecurityPolicy/report-only.html 7 7 REQUEST_METHOD: POST 8 8 === POST DATA === 9 document-url: http://127.0.0.1:8000/security/contentSecurityPolicy/report-only.html 10 violated-directive: script-src 'self' 9 {"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-only.html","violated-directive":"script-src 'self'"}} -
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/report-only-from-header-expected.txt
r104803 r116268 3 3 ALERT: PASS 4 4 CSP report received: 5 CONTENT_TYPE: application/ x-www-form-urlencoded5 CONTENT_TYPE: application/json 6 6 HTTP_REFERER: http://127.0.0.1:8000/security/contentSecurityPolicy/report-only-from-header.php 7 7 REQUEST_METHOD: POST 8 8 === POST DATA === 9 document-url: http://127.0.0.1:8000/security/contentSecurityPolicy/report-only-from-header.php 10 violated-directive: script-src 'self' 9 {"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-only-from-header.php","violated-directive":"script-src 'self'"}} -
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/report-uri-expected.txt
r104803 r116268 2 2 3 3 CSP report received: 4 CONTENT_TYPE: application/ x-www-form-urlencoded4 CONTENT_TYPE: application/json 5 5 HTTP_REFERER: http://127.0.0.1:8000/security/contentSecurityPolicy/report-uri.html 6 6 REQUEST_METHOD: POST 7 7 === POST DATA === 8 document-url: http://127.0.0.1:8000/security/contentSecurityPolicy/report-uri.html 9 violated-directive: script-src 'self' 8 {"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-uri.html","violated-directive":"script-src 'self'"}} -
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/report-uri-from-child-frame-expected.txt
r104803 r116268 7 7 -------- 8 8 CSP report received: 9 CONTENT_TYPE: application/ x-www-form-urlencoded9 CONTENT_TYPE: application/json 10 10 HTTP_REFERER: http://127.0.0.1:8000/security/contentSecurityPolicy/resources/generate-csp-report.html 11 11 REQUEST_METHOD: POST 12 12 === POST DATA === 13 document-url: http://127.0.0.1:8000/security/contentSecurityPolicy/resources/generate-csp-report.html 14 violated-directive: script-src 'self' 13 {"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/resources/generate-csp-report.html","violated-directive":"script-src 'self'"}} -
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/save-report.php
r84502 r116268 16 16 } 17 17 fwrite($reportFile, "=== POST DATA ===\n"); 18 foreach ($_POST as $name => $value) { 19 $name = undoMagicQuotes($name); 20 $value = undoMagicQuotes($value); 21 fwrite($reportFile, "$name: $value\n"); 22 } 18 fwrite($reportFile, file_get_contents("php://input")); 23 19 fclose($reportFile); 24 20 rename("csp-report.txt.tmp", "csp-report.txt"); -
trunk/Source/WebCore/ChangeLog
r116265 r116268 1 2012-05-06 Adam Barth <abarth@webkit.org> 2 3 Content Security Policy reports should be reported with content-type application/json, should contain all required fields 4 https://bugs.webkit.org/show_bug.cgi?id=61360 5 6 Reviewed by Eric Seidel. 7 8 This patch changes ContentSecurityPolicy to use JSON format for sending 9 violation reports rather than wwwform-encoding. This patch aligns our 10 behavior with the specification and with Mozilla. A follow up patch 11 will update the list of fields in the report to match the spec. 12 13 * loader/PingLoader.cpp: 14 (WebCore::PingLoader::reportContentSecurityPolicyViolation): 15 * page/ContentSecurityPolicy.cpp: 16 (WebCore::CSPDirectiveList::reportViolation): 17 1 18 2012-05-06 Mary Wu <mary.wu@torchmobile.com.cn> 2 19 -
trunk/Source/WebCore/loader/PingLoader.cpp
r106655 r116268 111 111 #endif 112 112 request.setHTTPMethod("POST"); 113 request.setHTTPContentType("application/ x-www-form-urlencoded");113 request.setHTTPContentType("application/json"); 114 114 request.setHTTPBody(report); 115 115 frame->loader()->addExtraFieldsToSubresourceRequest(request); -
trunk/Source/WebCore/page/ContentSecurityPolicy.cpp
r116254 r116268 32 32 #include "FormDataList.h" 33 33 #include "Frame.h" 34 #include "InspectorValues.h" 34 35 #include "PingLoader.h" 35 36 #include "ScriptCallStack.h" … … 602 603 // harmless information. 603 604 604 FormDataList reportList(UTF8Encoding());605 reportList.appendData("document-url", document->url());605 RefPtr<InspectorObject> cspReport = InspectorObject::create(); 606 cspReport->setString("document-uri", document->url()); 606 607 if (!directiveText.isEmpty()) 607 reportList.appendData("violated-directive", directiveText); 608 609 RefPtr<FormData> report = FormData::create(reportList, UTF8Encoding()); 608 cspReport->setString("violated-directive", directiveText); 609 610 RefPtr<InspectorObject> reportObject = InspectorObject::create(); 611 reportObject->setObject("csp-report", cspReport.release()); 612 613 RefPtr<FormData> report = FormData::create(reportObject->toJSONString().utf8()); 610 614 611 615 for (size_t i = 0; i < m_reportURLs.size(); ++i)
Note: See TracChangeset
for help on using the changeset viewer.