Changeset 129168 in webkit
- Timestamp:
- Sep 20, 2012 2:25:09 PM (12 years ago)
- Location:
- trunk
- Files:
-
- 8 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r129163 r129168 1 2012-09-20 Mike West <mkwst@chromium.org> 2 3 CSP reports should send an empty "blocked-uri" rather than nothing. 4 https://bugs.webkit.org/show_bug.cgi?id=97256 5 6 Reviewed by Adam Barth. 7 8 * http/tests/security/contentSecurityPolicy/report-and-enforce-expected.txt: 9 * http/tests/security/contentSecurityPolicy/report-only-expected.txt: 10 * http/tests/security/contentSecurityPolicy/report-only-from-header-expected.txt: 11 * http/tests/security/contentSecurityPolicy/report-uri-expected.txt: 12 * http/tests/security/contentSecurityPolicy/report-uri-from-child-frame-expected.txt: 13 Updating test expectations to include an explicitly empty 14 "blocked-uri" as opposed to leaving it off entirely. 15 1 16 2012-09-20 Simon Fraser <simon.fraser@apple.com> 2 17 -
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/report-and-enforce-expected.txt
r129150 r129168 9 9 REQUEST_METHOD: POST 10 10 === POST DATA === 11 {"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-and-enforce.html","referrer":"","violated-directive":"script-src 'self'","original-policy":"script-src 'self'; report-uri resources/save-report.php" }}11 {"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-and-enforce.html","referrer":"","violated-directive":"script-src 'self'","original-policy":"script-src 'self'; report-uri resources/save-report.php","blocked-uri":""}} -
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/report-only-expected.txt
r129150 r129168 7 7 REQUEST_METHOD: POST 8 8 === POST DATA === 9 {"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-only.html","referrer":"","violated-directive":"script-src 'self'","original-policy":"script-src 'self'; report-uri resources/save-report.php" }}9 {"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-only.html","referrer":"","violated-directive":"script-src 'self'","original-policy":"script-src 'self'; report-uri resources/save-report.php","blocked-uri":""}} -
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/report-only-from-header-expected.txt
r129150 r129168 7 7 REQUEST_METHOD: POST 8 8 === POST DATA === 9 {"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-only-from-header.php","referrer":"","violated-directive":"script-src 'self'","original-policy":"script-src 'self'; report-uri resources/save-report.php" }}9 {"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-only-from-header.php","referrer":"","violated-directive":"script-src 'self'","original-policy":"script-src 'self'; report-uri resources/save-report.php","blocked-uri":""}} -
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/report-uri-expected.txt
r129150 r129168 6 6 REQUEST_METHOD: POST 7 7 === POST DATA === 8 {"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-uri.html","referrer":"","violated-directive":"script-src 'self'","original-policy":"script-src 'self'; report-uri resources/save-report.php" }}8 {"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-uri.html","referrer":"","violated-directive":"script-src 'self'","original-policy":"script-src 'self'; report-uri resources/save-report.php","blocked-uri":""}} -
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/report-uri-from-child-frame-expected.txt
r118585 r129168 11 11 REQUEST_METHOD: POST 12 12 === POST DATA === 13 {"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/resources/generate-csp-report.html","referrer":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-uri-from-child-frame.html","violated-directive":"script-src 'self'","original-policy":"script-src 'self'; report-uri save-report.php" }}13 {"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/resources/generate-csp-report.html","referrer":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-uri-from-child-frame.html","violated-directive":"script-src 'self'","original-policy":"script-src 'self'; report-uri save-report.php","blocked-uri":""}} -
trunk/Source/WebCore/ChangeLog
r129165 r129168 1 2012-09-20 Mike West <mkwst@chromium.org> 2 3 CSP reports should send an empty "blocked-uri" rather than nothing. 4 https://bugs.webkit.org/show_bug.cgi?id=97256 5 6 Reviewed by Adam Barth. 7 8 In cases where a Content Security Policy violation report is generated 9 without blocking a resource at a particular URI (inline scripts, for 10 example), we currently leave the "blocked-uri" attribute out of the 11 report entirely. For the same reason that we included the "referrer" 12 attribute in webkit.org/b/97233, we should include an explicitly empty 13 "blocked-uri" in these cases. 14 15 This new behavior is covered by updates to existing test expectations 16 around the reporting functionality. 17 18 * page/ContentSecurityPolicy.cpp: 19 (WebCore::ContentSecurityPolicy::reportViolation): 20 If the 'blocked-uri' is invalid, add a "blocked-uri" attribute that 21 is explicitly empty. 22 1 23 2012-09-20 Patrick Gansterer <paroga@webkit.org> 2 24 -
trunk/Source/WebCore/page/ContentSecurityPolicy.cpp
r129150 r129168 1528 1528 if (blockedURL.isValid()) 1529 1529 cspReport->setString("blocked-uri", document->securityOrigin()->canRequest(blockedURL) ? blockedURL.strippedForUseAsReferrer() : SecurityOrigin::create(blockedURL)->toString()); 1530 else 1531 cspReport->setString("blocked-uri", String()); 1530 1532 1531 1533 RefPtr<InspectorObject> reportObject = InspectorObject::create();
Note: See TracChangeset
for help on using the changeset viewer.