Changeset 196582 in webkit
- Timestamp:
- Feb 15, 2016 10:54:30 AM (8 years ago)
- Location:
- trunk
- Files:
-
- 6 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r196581 r196582 1 2016-02-15 Daniel Bates <dabates@apple.com> 2 3 CSP: 'sandbox' should be ignored in report-only mode 4 https://bugs.webkit.org/show_bug.cgi?id=153167 5 <rdar://problem/22708669> 6 7 Reviewed by Brent Fulgham. 8 9 Remove the entry from the TestExpectations file for the test 10 http/tests/security/contentSecurityPolicy/sandbox-report-only.html as it now passes. 11 12 * TestExpectations: 13 1 14 2016-02-15 Daniel Bates <dabates@apple.com> 2 15 -
trunk/LayoutTests/TestExpectations
r196528 r196582 834 834 webkit.org/b/153166 webkit.org/b/153242 http/tests/security/contentSecurityPolicy/report-and-enforce.html [ Failure ] 835 835 webkit.org/b/153166 webkit.org/b/153242 http/tests/security/contentSecurityPolicy/report-blocked-data-uri.html [ Failure ] 836 webkit.org/b/153167 http/tests/security/contentSecurityPolicy/sandbox-report-only.html [ Failure ]837 836 webkit.org/b/153168 http/tests/security/contentSecurityPolicy/source-list-parsing-07.html [ Failure ] 838 837 webkit.org/b/153170 http/tests/security/contentSecurityPolicy/source-list-parsing-paths-03.html [ Failure ] -
trunk/Source/WebCore/ChangeLog
r196581 r196582 1 2016-02-15 Daniel Bates <dabates@apple.com> 2 3 CSP: 'sandbox' should be ignored in report-only mode 4 https://bugs.webkit.org/show_bug.cgi?id=153167 5 <rdar://problem/22708669> 6 7 Reviewed by Brent Fulgham. 8 9 Merged from Blink (patch by Mike West): 10 <https://src.chromium.org/viewvc/blink?revision=165322&view=revision> 11 12 * page/csp/ContentSecurityPolicy.cpp: 13 (WebCore::ContentSecurityPolicy::reportInvalidDirectiveInReportOnlyMode): Added. Logs a 14 console message to the console to explain that the specified directive is invalid in 15 report-only mode. 16 * page/csp/ContentSecurityPolicy.h: 17 * page/csp/ContentSecurityPolicyDirectiveList.cpp: 18 (WebCore::ContentSecurityPolicyDirectiveList::applySandboxPolicy): Do not apply sandbox 19 policy when in report-only mode and call ContentSecurityPolicy::reportInvalidDirectiveInReportOnlyMode() 20 to log a message to the console. 21 1 22 2016-02-15 Daniel Bates <dabates@apple.com> 2 23 -
trunk/Source/WebCore/page/csp/ContentSecurityPolicy.cpp
r196581 r196582 453 453 } 454 454 455 void ContentSecurityPolicy::reportInvalidDirectiveInReportOnlyMode(const String& directiveName) const 456 { 457 logToConsole("The Content Security Policy directive '" + directiveName + "' is ignored when delivered in a report-only policy."); 458 } 459 455 460 void ContentSecurityPolicy::reportInvalidDirectiveValueCharacter(const String& directiveName, const String& value) const 456 461 { -
trunk/Source/WebCore/page/csp/ContentSecurityPolicy.h
r196526 r196582 123 123 void reportInvalidSandboxFlags(const String&) const; 124 124 void reportInvalidReflectedXSS(const String&) const; 125 void reportInvalidDirectiveInReportOnlyMode(const String&) const; 125 126 void reportMissingReportURI(const String&) const; 126 127 void reportUnsupportedDirective(const String&) const; -
trunk/Source/WebCore/page/csp/ContentSecurityPolicyDirectiveList.cpp
r196526 r196582 505 505 void ContentSecurityPolicyDirectiveList::applySandboxPolicy(const String& name, const String& sandboxPolicy) 506 506 { 507 if (m_reportOnly) { 508 m_policy.reportInvalidDirectiveInReportOnlyMode(name); 509 return; 510 } 507 511 if (m_haveSandboxPolicy) { 508 512 m_policy.reportDuplicateDirective(name);
Note: See TracChangeset
for help on using the changeset viewer.