Bug 160905

Summary: Upgrade-Insecure-Request state is improperly retained between navigations
Product: WebKit Reporter: Brent Fulgham <bfulgham>
Component: WebCore Misc.Assignee: Brent Fulgham <bfulgham>
Status: RESOLVED FIXED    
Severity: Normal CC: aestes, bfulgham, cdumez, commit-queue, dbates, esprehn+autocc, japhet, kangil.han, mkwst
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: All   
OS: All   
Attachments:
Description Flags
Patch aestes: review+

Description Brent Fulgham 2016-08-16 11:44:12 PDT
If you load a website that has the Upgrade-Insecure-Request header, then navigate to a second site that does NOT have the header set, WebKit will continue to process resource loads as though the UIR header was active.

While we want to perform sub-frame loads with an inherited UIR state, we do NOT want this to happen when performing a top-level navigation that replaces the content of the frame.
Comment 1 Brent Fulgham 2016-08-16 11:46:53 PDT
<rdar://problem/27075526>
Comment 2 Brent Fulgham 2016-08-16 11:56:24 PDT
Created attachment 286189 [details]
Patch
Comment 3 Brent Fulgham 2016-08-16 13:34:31 PDT
Committed r204521: <http://trac.webkit.org/changeset/204521>