Summary: | CSP 3: Update Content Security Policy when header sent as part of a 304 response | ||
---|---|---|---|
Product: | WebKit | Reporter: | Hercules Hjalmarsson <hhjalmarsson> |
Component: | Page Loading | Assignee: | Ryan Reno <rreno> |
Status: | RESOLVED FIXED | ||
Severity: | Normal | CC: | achristensen, beidson, bfulgham, rreno, webkit-bot-watchers-bugzilla, webkit-bug-importer, wilander, youennf |
Priority: | P2 | Keywords: | InRadar |
Version: | WebKit Nightly Build | ||
Hardware: | Unspecified | ||
OS: | Unspecified |
Description
Hercules Hjalmarsson
2022-08-31 15:11:32 PDT
My previous comment is mentioning failing expectedly from the DIFF output and not in the history. This issue can be bisected to 253966@main using command: run-webkit-tests --iterations=2 -1 imported/w3c/web-platform-tests/content-security-policy/generic/304-response-should-update-csp.sub.html Test gardening commit 254011@main (f787f2f60509): <https://commits.webkit.org/254011@main> Reviewed commits have been landed. Closing PR #3881 and removing active labels. We aren't updating the CSP when we get a new header as part of a 304 response which is why this test is failing. See discussion https://github.com/w3c/webappsec-csp/issues/161 We also fail https://wpt.fyi/results/cors/304.htm?label=experimental&label=master&aligned So we likely fail any WPT that tests our behavior w.r.t. updating the cache entry upon a 304 response. Pull request: https://github.com/WebKit/WebKit/pull/8629 Committed 258931@main (9bcb547791aa): <https://commits.webkit.org/258931@main> Reviewed commits have been landed. Closing PR #8629 and removing active labels. |