Bug 316182
| Summary: | [Site Isolation] CSP upgrade-insecure-requests misses cross-origin iframe-to-top navigations | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | roberto_rodriguez2 |
| Component: | New Bugs | Assignee: | roberto_rodriguez2 |
| Status: | RESOLVED FIXED | ||
| Severity: | Normal | CC: | webkit-bug-importer |
| Priority: | P2 | Keywords: | InRadar |
| Version: | WebKit Nightly Build | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
roberto_rodriguez2
When a cross-origin sandboxed iframe with upgrade-insecure-requests does window.top.location = "http://...", the URL should get upgraded to https but doesn't. The upgrade logic looks at the target frame's CSP origin set, which only knows about the target frame's own origin. Since the URL points to the iframe's origin (not the top frame's), nothing matches.
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Radar WebKit Bug Importer
<rdar://problem/178591146>
roberto_rodriguez2
Pull request: https://github.com/WebKit/WebKit/pull/66347
EWS
Committed 314523@main (c1ab79ebcc0f): <https://commits.webkit.org/314523@main>
Reviewed commits have been landed. Closing PR #66347 and removing active labels.