112573 – CSP 1.1: Schemeless source expressions match HTTPS resources on HTTP sites.

Bug 112573 - CSP 1.1: Schemeless source expressions match HTTPS resources on HTTP sites.

Summary: CSP 1.1: Schemeless source expressions match HTTPS resources on HTTP sites.

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	WebCore Misc. (show other bugs)
Version:	528+ (Nightly build)
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Mike West

URL:
Keywords:

Depends on:
Blocks:	85558
	Show dependency tree / graph

Reported:	2013-03-18 08:31 PDT by Mike West
Modified:	2013-03-18 15:56 PDT (History)
CC List:	3 users (show)

See Also:

Attachments
Patch (12.84 KB, patch) 2013-03-18 08:40 PDT, Mike West	no flags	Details \| Formatted Diff \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Mike West 2013-03-18 08:31:32 PDT

https://dvcs.w3.org/hg/content-security-policy/rev/a7dc8820946e changed schemeless source expressions to match both HTTP and HTTPS on HTTP sites.

We should implement this behind the CSP_NEXT flag.

Comment 1 Mike West 2013-03-18 08:40:37 PDT

Created attachment 193570 [details]
Patch

Comment 2 Mike West 2013-03-18 13:25:39 PDT

Bots are happy here too. WDYT, Adam?

Comment 3 Mike West 2013-03-18 15:24:22 PDT

Comment on attachment 193570 [details]
Patch

Thanks!

Comment 4 WebKit Review Bot 2013-03-18 15:56:54 PDT

Comment on attachment 193570 [details]
Patch

Clearing flags on attachment: 193570

Committed r146141: <http://trac.webkit.org/changeset/146141>

Comment 5 WebKit Review Bot 2013-03-18 15:56:57 PDT

All reviewed patches have been landed.  Closing bug.