Diff
Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/preload/link-header-preload-nonce-expected.txt (294818 => 294819)
--- trunk/LayoutTests/imported/w3c/web-platform-tests/preload/link-header-preload-nonce-expected.txt 2022-05-25 19:39:09 UTC (rev 294818)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/preload/link-header-preload-nonce-expected.txt 2022-05-25 19:53:21 UTC (rev 294819)
@@ -1,7 +1,4 @@
CONSOLE MESSAGE: Refused to load http://localhost:8800/preload/resources/dummy.js?from-header&without-nonce because it does not appear in the script-src directive of the Content Security Policy.
-CONSOLE MESSAGE: Refused to load http://localhost:8800/preload/resources/dummy.js?from-header&with-nonce because it does not appear in the script-src directive of the Content Security Policy.
-CONSOLE MESSAGE: Error: assert_equals: resources/dummy.js?from-header&with-nonce expected 1 but got 0
-Harness Error (FAIL), message = Error: assert_equals: resources/dummy.js?from-header&with-nonce expected 1 but got 0
+PASS Makes sure that Link headers preload resources with CSP nonce
-
Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/preload/link-header-preload-nonce.html (294818 => 294819)
--- trunk/LayoutTests/imported/w3c/web-platform-tests/preload/link-header-preload-nonce.html 2022-05-25 19:39:09 UTC (rev 294818)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/preload/link-header-preload-nonce.html 2022-05-25 19:53:21 UTC (rev 294819)
@@ -5,7 +5,7 @@
<script nonce="abc" src=""
<body>
<script nonce="abc">
- setup({explicit_done: true});
+ setup({single_test: true});
var iterations = 0;
Modified: trunk/Source/WebCore/html/HTMLLinkElement.cpp (294818 => 294819)
--- trunk/Source/WebCore/html/HTMLLinkElement.cpp 2022-05-25 19:39:09 UTC (rev 294818)
+++ trunk/Source/WebCore/html/HTMLLinkElement.cpp 2022-05-25 19:53:21 UTC (rev 294819)
@@ -263,6 +263,7 @@
attributeWithoutSynchronization(crossoriginAttr),
attributeWithoutSynchronization(imagesrcsetAttr),
attributeWithoutSynchronization(imagesizesAttr),
+ nonce(),
referrerPolicy(),
};
Modified: trunk/Source/WebCore/loader/LinkHeader.cpp (294818 => 294819)
--- trunk/Source/WebCore/loader/LinkHeader.cpp 2022-05-25 19:39:09 UTC (rev 294818)
+++ trunk/Source/WebCore/loader/LinkHeader.cpp 2022-05-25 19:53:21 UTC (rev 294819)
@@ -157,6 +157,8 @@
return LinkHeader::LinkParameterImageSrcSet;
if (equalLettersIgnoringASCIICase(name, "imagesizes"_s))
return LinkHeader::LinkParameterImageSizes;
+ if (equalLettersIgnoringASCIICase(name, "nonce"_s))
+ return LinkHeader::LinkParameterNonce;
return LinkHeader::LinkParameterUnknown;
}
@@ -280,6 +282,9 @@
case LinkParameterImageSizes:
m_imageSizes = WTFMove(value);
break;
+ case LinkParameterNonce:
+ m_nonce = WTFMove(value);
+ break;
case LinkParameterTitle:
case LinkParameterRev:
case LinkParameterHreflang:
Modified: trunk/Source/WebCore/loader/LinkHeader.h (294818 => 294819)
--- trunk/Source/WebCore/loader/LinkHeader.h 2022-05-25 19:39:09 UTC (rev 294818)
+++ trunk/Source/WebCore/loader/LinkHeader.h 2022-05-25 19:53:21 UTC (rev 294819)
@@ -44,6 +44,7 @@
const String& crossOrigin() const { return m_crossOrigin; }
const String& imageSrcSet() const { return m_imageSrcSet; }
const String& imageSizes() const { return m_imageSizes; }
+ const String& nonce() const { return m_nonce; }
bool valid() const { return m_isValid; }
bool isViewportDependent() const { return !media().isEmpty() || !imageSrcSet().isEmpty() || !imageSizes().isEmpty(); }
@@ -61,6 +62,7 @@
LinkParameterAs,
LinkParameterImageSrcSet,
LinkParameterImageSizes,
+ LinkParameterNonce,
};
private:
@@ -74,6 +76,7 @@
String m_crossOrigin;
String m_imageSrcSet;
String m_imageSizes;
+ String m_nonce;
bool m_isValid { true };
};
Modified: trunk/Source/WebCore/loader/LinkLoader.cpp (294818 => 294819)
--- trunk/Source/WebCore/loader/LinkLoader.cpp 2022-05-25 19:39:09 UTC (rev 294818)
+++ trunk/Source/WebCore/loader/LinkLoader.cpp 2022-05-25 19:53:21 UTC (rev 294819)
@@ -112,7 +112,7 @@
if (equalIgnoringFragmentIdentifier(url, baseURL))
continue;
- LinkLoadParameters params { relAttribute, url, header.as(), header.media(), header.mimeType(), header.crossOrigin(), header.imageSrcSet(), header.imageSizes(), ReferrerPolicy::EmptyString };
+ LinkLoadParameters params { relAttribute, url, header.as(), header.media(), header.mimeType(), header.crossOrigin(), header.imageSrcSet(), header.imageSizes(), header.nonce(), ReferrerPolicy::EmptyString };
preconnectIfNeeded(params, document);
preloadIfNeeded(params, document, nullptr);
}
@@ -261,6 +261,7 @@
auto options = CachedResourceLoader::defaultCachedResourceOptions();
options.referrerPolicy = params.referrerPolicy;
+ options.nonce = params.nonce;
auto linkRequest = createPotentialAccessControlRequest(url, WTFMove(options), document, params.crossOrigin);
linkRequest.setPriority(DefaultResourceLoadPriority::forResourceType(type.value()));
linkRequest.setInitiator("link"_s);
@@ -302,6 +303,7 @@
options.serviceWorkersMode = ServiceWorkersMode::None;
options.cachingPolicy = CachingPolicy::DisallowCaching;
options.referrerPolicy = params.referrerPolicy;
+ options.nonce = params.nonce;
m_cachedLinkResource = document.cachedResourceLoader().requestLinkResource(type, CachedResourceRequest(ResourceRequest { document.completeURL(params.href.string()) }, options, priority)).value_or(nullptr);
if (m_cachedLinkResource)
m_cachedLinkResource->addClient(*this);
Modified: trunk/Source/WebCore/loader/LinkLoader.h (294818 => 294819)
--- trunk/Source/WebCore/loader/LinkLoader.h 2022-05-25 19:39:09 UTC (rev 294818)
+++ trunk/Source/WebCore/loader/LinkLoader.h 2022-05-25 19:53:21 UTC (rev 294819)
@@ -52,6 +52,7 @@
String crossOrigin;
String imageSrcSet;
String imageSizes;
+ String nonce;
ReferrerPolicy referrerPolicy { ReferrerPolicy::EmptyString };
};
