Bug 153151

Summary: CSP: Remove stubs for dynamically-added favicons (via link rel="icon")
Product: WebKit Reporter: Daniel Bates <dbates>
Component: WebCore Misc.Assignee: Brent Fulgham <bfulgham>
Status: RESOLVED FIXED    
Severity: Normal CC: bfulgham, buildbot, cdumez, commit-queue, dbates, japhet, mkwst, rniwa, webkit-bug-importer
Priority: P2 Keywords: BlinkMergeCandidate, InRadar
Version: WebKit Local Build   
Hardware: All   
OS: All   
See Also: https://bugs.webkit.org/show_bug.cgi?id=156727
Attachments:
Description Flags
Dan Bates Patch
none
Patch
none
Patch
none
Archive of layout-test-results from ews102 for mac-yosemite
none
Archive of layout-test-results from ews115 for mac-yosemite
none
Patch darin: review+

Description Daniel Bates 2016-01-15 14:57:01 PST
We should merge <https://src.chromium.org/viewvc/blink?view=rev&revision=155362>.

Make dynamically-added favicons (via link rel="icon") obey Content-Security-Policy.  This is the spec'd behaviour.
Comment 1 Radar WebKit Bug Importer 2016-01-27 20:33:58 PST
<rdar://problem/24383176>
Comment 2 Brent Fulgham 2016-04-15 17:43:13 PDT
Created attachment 276532 [details]
Dan Bates Patch
Comment 3 Brent Fulgham 2016-04-15 17:49:52 PDT
Comment on attachment 276532 [details]
Dan Bates Patch

Note that this patch is actually Dan Bates' work, not mine :-)
Comment 4 Brent Fulgham 2016-04-15 17:50:29 PDT
Comment on attachment 276532 [details]
Dan Bates Patch

r=me. Will land if the tests all pass.
Comment 5 WebKit Commit Bot 2016-04-15 17:51:52 PDT
Comment on attachment 276532 [details]
Dan Bates Patch

Rejecting attachment 276532 [details] from commit-queue.

Failed to run "['/Volumes/Data/EWS/WebKit/Tools/Scripts/webkit-patch', '--status-host=webkit-queues.webkit.org', '--bot-id=webkit-cq-01', 'validate-changelog', '--check-oops', '--non-interactive', 276532, '--port=mac']" exit_code: 1 cwd: /Volumes/Data/EWS/WebKit

ChangeLog entry in LayoutTests/ChangeLog contains OOPS!.

Full output: http://webkit-queues.webkit.org/results/1165865
Comment 6 Brent Fulgham 2016-04-15 17:57:32 PDT
Created attachment 276533 [details]
Patch
Comment 7 Brent Fulgham 2016-04-15 18:26:15 PDT
Created attachment 276535 [details]
Patch
Comment 8 Build Bot 2016-04-15 18:53:23 PDT
Comment on attachment 276535 [details]
Patch

Attachment 276535 [details] did not pass mac-ews (mac):
Output: http://webkit-queues.webkit.org/results/1166029

New failing tests:
webarchive/test-link-rel-icon-beforeload.html
Comment 9 Build Bot 2016-04-15 18:53:27 PDT
Created attachment 276536 [details]
Archive of layout-test-results from ews102 for mac-yosemite

The attached test failures were seen while running run-webkit-tests on the mac-ews.
Bot: ews102  Port: mac-yosemite  Platform: Mac OS X 10.10.5
Comment 10 Build Bot 2016-04-15 19:32:06 PDT
Comment on attachment 276535 [details]
Patch

Attachment 276535 [details] did not pass mac-debug-ews (mac):
Output: http://webkit-queues.webkit.org/results/1166093

New failing tests:
webarchive/test-link-rel-icon-beforeload.html
Comment 11 Build Bot 2016-04-15 19:32:10 PDT
Created attachment 276539 [details]
Archive of layout-test-results from ews115 for mac-yosemite

The attached test failures were seen while running run-webkit-tests on the mac-debug-ews.
Bot: ews115  Port: mac-yosemite  Platform: Mac OS X 10.10.5
Comment 12 Brent Fulgham 2016-04-16 21:07:45 PDT
Created attachment 276571 [details]
Patch
Comment 13 Brent Fulgham 2016-04-16 21:08:57 PDT
Updated patch to continue to emit the onbeforeload event for icon loads.
Comment 14 Darin Adler 2016-04-17 09:19:53 PDT
Comment on attachment 276571 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=276571&action=review

> Source/WebCore/ChangeLog:3
> +        CSP: Make dynamically-added favicons (via link rel="icon") obey Content-Security-Policy

This no longer seems like an appropriate bug title for this code change.

> Source/WebCore/loader/LinkLoader.cpp:41
> +#include "ContentSecurityPolicy.h"

Please don’t add this include.
Comment 15 Brent Fulgham 2016-04-18 09:45:18 PDT
Committed r199673: <http://trac.webkit.org/changeset/199673>