RESOLVED FIXED 112573
CSP 1.1: Schemeless source expressions match HTTPS resources on HTTP sites. 
https://bugs.webkit.org/show_bug.cgi?id=112573
Summary CSP 1.1: Schemeless source expressions match HTTPS resources on HTTP sites.
Mike West
Reported 2013-03-18 08:31:32 PDT
https://dvcs.w3.org/hg/content-security-policy/rev/a7dc8820946e changed schemeless source expressions to match both HTTP and HTTPS on HTTP sites. We should implement this behind the CSP_NEXT flag.
Attachments
Patch (12.84 KB, patch)
2013-03-18 08:40 PDT, Mike West 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Mike West
Comment 1 2013-03-18 08:40:37 PDT
Created attachment 193570 [details] Patch
Mike West
Comment 2 2013-03-18 13:25:39 PDT
Bots are happy here too. WDYT, Adam?
Mike West
Comment 3 2013-03-18 15:24:22 PDT
Comment on attachment 193570 [details] Patch Thanks!
WebKit Review Bot
Comment 4 2013-03-18 15:56:54 PDT
Comment on attachment 193570 [details] Patch Clearing flags on attachment: 193570 Committed r146141: <http://trac.webkit.org/changeset/146141>
WebKit Review Bot
Comment 5 2013-03-18 15:56:57 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.