Bug 313262
| Summary: | [Site Isolation] http/tests/security/frameNavigation/not-opener.html has intentional log diff | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Anthony Tarbinian <a.tarbinian> |
| Component: | Tools / Tests | Assignee: | Nobody <webkit-unassigned> |
| Status: | RESOLVED FIXED | ||
| Severity: | Normal | CC: | webkit-bug-importer |
| Priority: | P2 | Keywords: | InRadar |
| Version: | WebKit Nightly Build | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
Anthony Tarbinian
With site isolation enabled,
http/tests/security/frameNavigation/not-opener.html
has an intentional test difference between the output
when run with site isolation disabled. See the following diff:
@@ -1,3 +1,3 @@
-CONSOLE MESSAGE: Unsafe JavaScript attempt to initiate navigation for frame with URL 'http://127.0.0.1:8000/security/frameNavigation/resources/ready.html' from frame with URL 'http://localhost:8000/security/frameNavigation/resources/not-opener-helper.html'. The frame attempting navigation is neither same-origin with the target, nor is it the target's parent or opener.
+CONSOLE MESSAGE: Unsafe JavaScript attempt to initiate navigation for frame with URL 'http://127.0.0.1:8000/' from frame with URL 'http://localhost:8000/security/frameNavigation/resources/not-opener-helper.html'. The frame attempting navigation is neither same-origin with the target, nor is it the target's parent or opener.
This was an intentional difference caused by https://commits.webkit.org/310093@main
since we don't want to allow a web process to access the full URL of a remote frame.
Also see https://commits.webkit.org/310523@main
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Radar WebKit Bug Importer
<rdar://problem/175533445>
Anthony Tarbinian
Pull request: https://github.com/WebKit/WebKit/pull/63548
EWS
Committed 312005@main (82c23c393f9b): <https://commits.webkit.org/312005@main>
Reviewed commits have been landed. Closing PR #63548 and removing active labels.