Changeset 96239 in webkit

Timestamp:

Sep 28, 2011 11:06:54 AM (13 years ago)

Author:

abarth@webkit.org

Message:

CSP doesn't work for a wide variety of cases
​https://bugs.webkit.org/show_bug.cgi?id=68921

Reviewed by Darin Adler.

Patch suggested by Sam Weinig. It's unclear to me how to test this
change because all our tests run on non-default ports, which is why we
have this bug in the first place. Mozilla uses a proxy while testing
so they can test with URLs like ​http://example.com, but we don't have
such a facility.

• page/ContentSecurityPolicy.cpp:

(WebCore::CSPSource::portMatches):

Location:

trunk/Source/WebCore

Files:

• ChangeLog (modified) (1 diff)
• page/ContentSecurityPolicy.cpp (modified) (1 diff)

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2011-09-28  Adam Barth  <abarth@webkit.org>
+
+        CSP doesn't work for a wide variety of cases
+        https://bugs.webkit.org/show_bug.cgi?id=68921
+
+        Reviewed by Darin Adler.
+
+        Patch suggested by Sam Weinig.  It's unclear to me how to test this
+        change because all our tests run on non-default ports, which is why we
+        have this bug in the first place.  Mozilla uses a proxy while testing
+        so they can test with URLs like http://example.com, but we don't have
+        such a facility.
+
+        * page/ContentSecurityPolicy.cpp:
+        (WebCore::CSPSource::portMatches):
+
 2011-09-28  Fady Samuel  <fsamuel@chromium.org>
 

trunk/Source/WebCore/page/ContentSecurityPolicy.cpp

@@ -148 +148 @@
         if (m_portHasWildcard)
             return true;
+
         int port = url.port();
-        return port ? port == m_port : isDefaultPortForProtocol(m_port, url.protocol());
+
+        if (port == m_port)
+            return true;
+
+        if (!port)
+            return isDefaultPortForProtocol(m_port, m_scheme);
+
+        if (!m_port)
+            return isDefaultPortForProtocol(port, m_scheme);
+
+        return false;
     }