Bug 160905

Summary: Upgrade-Insecure-Request state is improperly retained between navigations
Product: WebKit Reporter: Brent Fulgham <bfulgham>
Component: WebCore Misc.Assignee: Brent Fulgham <bfulgham>
Status: RESOLVED FIXED    
Severity: Normal CC: aestes, bfulgham, cdumez, commit-queue, dbates, esprehn+autocc, japhet, kangil.han, mkwst
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: All   
OS: All   
Attachments:
Description Flags
Patch aestes: review+

Brent Fulgham
Reported 2016-08-16 11:44:12 PDT
If you load a website that has the Upgrade-Insecure-Request header, then navigate to a second site that does NOT have the header set, WebKit will continue to process resource loads as though the UIR header was active. While we want to perform sub-frame loads with an inherited UIR state, we do NOT want this to happen when performing a top-level navigation that replaces the content of the frame.
Attachments
Patch (10.98 KB, patch)
2016-08-16 11:56 PDT, Brent Fulgham 		aestes: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Brent Fulgham
Comment 1 2016-08-16 11:46:53 PDT
<rdar://problem/27075526>
Brent Fulgham
Comment 2 2016-08-16 11:56:24 PDT
Created attachment 286189 [details] Patch
Brent Fulgham
Comment 3 2016-08-16 13:34:31 PDT
Committed r204521: <http://trac.webkit.org/changeset/204521>
Note You need to log in before you can comment on or make changes to this bug.