Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: dc48a9812a13182fc73335fd21b56d779818853e
https://github.com/WebKit/WebKit/commit/dc48a9812a13182fc73335fd21b56d779818853e
Author: Youenn Fablet <[email protected]>
Date: 2024-03-28 (Thu, 28 Mar 2024)
Changed paths:
A
LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-beacon-in-iframe-expected.txt
A
LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-beacon-in-iframe.html
A
LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-ping-in-iframe-expected.txt
A
LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-ping-in-iframe.https-expected.txt
A
LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-ping-in-iframe.https.html
A
LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/resources/frame-with-insecure-beacon.html
A
LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/resources/frame-with-insecure-ping.html
M LayoutTests/platform/ios/TestExpectations
M LayoutTests/platform/mac-wk1/TestExpectations
Log Message:
-----------
Plaintext Ping requests not blocked by mixed-content checks (262117)
rdar://116054889
Reviewed by Alex Christensen.
Enforce mixed content checks for beacons and poings, like we do for regular
xhr/fetch.
This aligns the behavior with Chrome and Firefox.
We have to change some tests so that preloads kick in deterministically.
Preloads might not kick in if an early JS resource is already in the cache.
We therefore clear the memory cache to ensure
dump-securitypolicyviolation-and-notify-done.js gets fetched again, which will
trigger both preload and resource load.
Otherwise, we will get only one CONSOLE MESSAGE for the actual blocked load.
We also have to change some tests so that they use HTTPS and not HTTP.
*
LayoutTests/http/tests/blink/sendbeacon/beacon-cross-origin.https-expected.txt:
*
LayoutTests/http/tests/navigation/ping-attribute/anchor-cross-origin-from-https-expected.txt:
*
LayoutTests/http/tests/navigation/ping-attribute/anchor-cross-origin-from-https.html:
*
LayoutTests/http/tests/navigation/ping-attribute/area-cross-origin-from-https-expected.txt:
*
LayoutTests/http/tests/navigation/ping-attribute/area-cross-origin-from-https.html:
*
LayoutTests/http/tests/navigation/ping-attribute/resources/secure-anchor-cross-origin.html:
*
LayoutTests/http/tests/navigation/ping-attribute/secure-anchor-cross-origin-expected.txt:
*
LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-beacon-in-iframe-expected.txt:
Added.
*
LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-beacon-in-iframe.html:
Added.
*
LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-image-in-iframe-expected.txt:
*
LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-image-in-main-frame-expected.txt:
*
LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-ping-in-iframe-expected.txt:
Added.
*
LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-ping-in-iframe.https-expected.txt:
Added.
*
LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-ping-in-iframe.https.html:
Added.
*
LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-script-in-iframe-expected.txt:
*
LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-script-in-main-frame-expected.txt:
*
LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/resources/frame-with-insecure-beacon.html:
Added.
*
LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/resources/frame-with-insecure-css.html:
*
LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/resources/frame-with-insecure-iframe.html:
*
LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/resources/frame-with-insecure-image.html:
*
LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/resources/frame-with-insecure-ping.html:
Added.
*
LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/resources/frame-with-insecure-plugin.html:
*
LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/resources/frame-with-insecure-script.html:
*
LayoutTests/imported/w3c/web-platform-tests/mixed-content/gen/top.http-rp/opt-in/beacon.https-expected.txt:
*
LayoutTests/imported/w3c/web-platform-tests/mixed-content/gen/top.meta/opt-in/beacon.https-expected.txt:
*
LayoutTests/imported/w3c/web-platform-tests/mixed-content/gen/top.meta/unset/beacon.https-expected.txt:
*
LayoutTests/platform/glib/imported/w3c/web-platform-tests/mixed-content/gen/top.http-rp/opt-in/beacon.https-expected.txt:
Removed.
*
LayoutTests/platform/glib/imported/w3c/web-platform-tests/mixed-content/gen/top.meta/opt-in/beacon.https-expected.txt:
Removed.
*
LayoutTests/platform/glib/imported/w3c/web-platform-tests/mixed-content/gen/top.meta/unset/beacon.https-expected.txt:
Removed.
* LayoutTests/platform/ios/TestExpectations:
* LayoutTests/platform/mac-wk1/TestExpectations:
*
LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-image-in-iframe-expected.txt:
*
LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-image-in-main-frame-expected.txt:
*
LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-script-in-main-frame-expected.txt:
* Source/WebCore/loader/cache/CachedResourceLoader.cpp:
(WebCore::CachedResourceLoader::checkInsecureContent const):
Originally-landed-as: 272448.10@safari-7618-branch (b856378e0a55).
rdar://124557284
Canonical link: https://commits.webkit.org/276787@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
