RESOLVED FIXED 153151
CSP: Remove stubs for dynamically-added favicons (via link rel="icon")
https://bugs.webkit.org/show_bug.cgi?id=153151
Summary CSP: Remove stubs for dynamically-added favicons (via link rel="icon")
Daniel Bates
Reported 2016-01-15 14:57:01 PST
We should merge <https://src.chromium.org/viewvc/blink?view=rev&revision=155362>. Make dynamically-added favicons (via link rel="icon") obey Content-Security-Policy. This is the spec'd behaviour.
Attachments
Dan Bates Patch (9.02 KB, patch)
2016-04-15 17:43 PDT, Brent Fulgham
no flags
Patch (8.99 KB, patch)
2016-04-15 17:57 PDT, Brent Fulgham
no flags
Patch (17.13 KB, patch)
2016-04-15 18:26 PDT, Brent Fulgham
no flags
Archive of layout-test-results from ews102 for mac-yosemite (1.06 MB, application/zip)
2016-04-15 18:53 PDT, Build Bot
no flags
Archive of layout-test-results from ews115 for mac-yosemite (956.60 KB, application/zip)
2016-04-15 19:32 PDT, Build Bot
no flags
Patch (16.75 KB, patch)
2016-04-16 21:07 PDT, Brent Fulgham
darin: review+
Radar WebKit Bug Importer
Comment 1 2016-01-27 20:33:58 PST
Brent Fulgham
Comment 2 2016-04-15 17:43:13 PDT
Created attachment 276532 [details] Dan Bates Patch
Brent Fulgham
Comment 3 2016-04-15 17:49:52 PDT
Comment on attachment 276532 [details] Dan Bates Patch Note that this patch is actually Dan Bates' work, not mine :-)
Brent Fulgham
Comment 4 2016-04-15 17:50:29 PDT
Comment on attachment 276532 [details] Dan Bates Patch r=me. Will land if the tests all pass.
WebKit Commit Bot
Comment 5 2016-04-15 17:51:52 PDT
Comment on attachment 276532 [details] Dan Bates Patch Rejecting attachment 276532 [details] from commit-queue. Failed to run "['/Volumes/Data/EWS/WebKit/Tools/Scripts/webkit-patch', '--status-host=webkit-queues.webkit.org', '--bot-id=webkit-cq-01', 'validate-changelog', '--check-oops', '--non-interactive', 276532, '--port=mac']" exit_code: 1 cwd: /Volumes/Data/EWS/WebKit ChangeLog entry in LayoutTests/ChangeLog contains OOPS!. Full output: http://webkit-queues.webkit.org/results/1165865
Brent Fulgham
Comment 6 2016-04-15 17:57:32 PDT
Brent Fulgham
Comment 7 2016-04-15 18:26:15 PDT
Build Bot
Comment 8 2016-04-15 18:53:23 PDT
Comment on attachment 276535 [details] Patch Attachment 276535 [details] did not pass mac-ews (mac): Output: http://webkit-queues.webkit.org/results/1166029 New failing tests: webarchive/test-link-rel-icon-beforeload.html
Build Bot
Comment 9 2016-04-15 18:53:27 PDT
Created attachment 276536 [details] Archive of layout-test-results from ews102 for mac-yosemite The attached test failures were seen while running run-webkit-tests on the mac-ews. Bot: ews102 Port: mac-yosemite Platform: Mac OS X 10.10.5
Build Bot
Comment 10 2016-04-15 19:32:06 PDT
Comment on attachment 276535 [details] Patch Attachment 276535 [details] did not pass mac-debug-ews (mac): Output: http://webkit-queues.webkit.org/results/1166093 New failing tests: webarchive/test-link-rel-icon-beforeload.html
Build Bot
Comment 11 2016-04-15 19:32:10 PDT
Created attachment 276539 [details] Archive of layout-test-results from ews115 for mac-yosemite The attached test failures were seen while running run-webkit-tests on the mac-debug-ews. Bot: ews115 Port: mac-yosemite Platform: Mac OS X 10.10.5
Brent Fulgham
Comment 12 2016-04-16 21:07:45 PDT
Brent Fulgham
Comment 13 2016-04-16 21:08:57 PDT
Updated patch to continue to emit the onbeforeload event for icon loads.
Darin Adler
Comment 14 2016-04-17 09:19:53 PDT
Comment on attachment 276571 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=276571&action=review > Source/WebCore/ChangeLog:3 > + CSP: Make dynamically-added favicons (via link rel="icon") obey Content-Security-Policy This no longer seems like an appropriate bug title for this code change. > Source/WebCore/loader/LinkLoader.cpp:41 > +#include "ContentSecurityPolicy.h" Please don’t add this include.
Brent Fulgham
Comment 15 2016-04-18 09:45:18 PDT
Note You need to log in before you can comment on or make changes to this bug.