Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: d89d47f7fd454c799ae34539434109f3e422bede
https://github.com/WebKit/WebKit/commit/d89d47f7fd454c799ae34539434109f3e422bede
Author: Carlos Garcia Campos <cgar...@igalia.com>
Date: 2022-12-20 (Tue, 20 Dec 2022)
Changed paths:
A
LayoutTests/http/tests/security/contentSecurityPolicy/blob-url-invalid-http-header-expected.txt
A
LayoutTests/http/tests/security/contentSecurityPolicy/blob-url-invalid-http-header.html
M Source/WebCore/page/csp/ContentSecurityPolicy.cpp
Log Message:
-----------
Images are not loaded in element application
https://bugs.webkit.org/show_bug.cgi?id=249213
Reviewed by Xabier Rodriguez-Calvar.
Element application uses the fetch api to download images and convert
them to a blob that is then requested. The problem is that the blob
request is failing due to invalid HTTP header in response. The invalid
header is Content-Security-Policy that is generated by the blob loader
using the security context policy. The document policy comes from
http-equiv meta and contains newlines, which are allowed there, but
invalid for an HTTP header value.
Test:
http/tests/security/contentSecurityPolicy/blob-url-invalid-http-header.html
*
LayoutTests/http/tests/security/contentSecurityPolicy/blob-url-invalid-http-header-expected.txt:
Added.
*
LayoutTests/http/tests/security/contentSecurityPolicy/blob-url-invalid-http-header.html:
Added.
* Source/WebCore/page/csp/ContentSecurityPolicy.cpp:
(WebCore::ContentSecurityPolicy::responseHeaders const): Make the http header
value valid if needed.
Canonical link: https://commits.webkit.org/258130@main
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
