WebKit currently fails test 95 and 101 on http://csptesting.herokuapp.com/. These test variations on whitelisting a source via a 'frame-src' directive, and then loading a whitelisted frame from that source which redirects to a non-whitelisted source. This redirection should be blocked, but currently isn't.
Created attachment 181289 [details] Patch
Hi Adam! This patch moves the CSP check for 'frame-src' out of SubframeLoader and into PolicyChecker, which allows us to validate the whole redirect chain, and also seems like a better location semantically. FrameLoader is pretty complex, however, so I'm not actually sure I'm doing the right thing here. Would you mind taking a look? Thanks!
Comment on attachment 181289 [details] Patch Yeah, putting this in policy checker is much better.
Comment on attachment 181289 [details] Patch Glad I interpreted things correctly. Thanks for the review!
Comment on attachment 181289 [details] Patch Clearing flags on attachment: 181289 Committed r138818: <http://trac.webkit.org/changeset/138818>
All reviewed patches have been landed. Closing bug.