Bug 112573

Summary: CSP 1.1: Schemeless source expressions match HTTPS resources on HTTP sites.
Product: WebKit Reporter: Mike West <mkwst>
Component: WebCore Misc.Assignee: Mike West <mkwst>
Status: RESOLVED FIXED    
Severity: Normal CC: abarth, mkwst+watchlist, webkit.review.bot
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on:    
Bug Blocks: 85558    
Attachments:
Description Flags
Patch none

Description Mike West 2013-03-18 08:31:32 PDT 
https://dvcs.w3.org/hg/content-security-policy/rev/a7dc8820946e changed schemeless source expressions to match both HTTP and HTTPS on HTTP sites.

We should implement this behind the CSP_NEXT flag.
Comment 1 Mike West 2013-03-18 08:40:37 PDT 
Created attachment 193570 [details]
Patch
Comment 2 Mike West 2013-03-18 13:25:39 PDT 
Bots are happy here too. WDYT, Adam?
Comment 3 Mike West 2013-03-18 15:24:22 PDT 
Comment on attachment 193570 [details]
Patch

Thanks!
Comment 4 WebKit Review Bot 2013-03-18 15:56:54 PDT 
Comment on attachment 193570 [details]
Patch

Clearing flags on attachment: 193570

Committed r146141: <http://trac.webkit.org/changeset/146141>
Comment 5 WebKit Review Bot 2013-03-18 15:56:57 PDT 
All reviewed patches have been landed.  Closing bug.