Bug 154555 - REGRESSION (r196892): No longer emit error message when CSP form-action directive is used as a source expression
Summary: REGRESSION (r196892): No longer emit error message when CSP form-action direc...
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebCore Misc. (show other bugs)
Version: WebKit Local Build
Hardware: All All
: P2 Normal
Assignee: Daniel Bates
URL: data:text/html,<!DOCTYPE html><html><...
Keywords: InRadar
Depends on: 154520
  Show dependency treegraph
Reported: 2016-02-22 13:44 PST by Daniel Bates
Modified: 2016-02-23 13:32 PST (History)
5 users (show)

See Also:

Patch and Layout Test (5.54 KB, patch)
2016-02-22 13:54 PST, Daniel Bates
no flags Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Daniel Bates 2016-02-22 13:44:31 PST
Suppose a page has the following HTML meta element with malformed Content Security Policy:

<meta http-equiv="Content-Security-Policy" content="script-src 'self' form-action 'self'">

Then we show a console error of the form:

[Error] The Content Security Policy directive 'script-src' contains 'form-action' as a source expression. Did you mean 'script-src ...; form-action...' (note the semicolon)?

But we no longer emit this console error following <http://trac.webkit.org/changeset/196892> (bug #154520).
Comment 1 Radar WebKit Bug Importer 2016-02-22 13:45:00 PST
Comment 2 Daniel Bates 2016-02-22 13:54:35 PST
Created attachment 271953 [details]
Patch and Layout Test
Comment 3 Daniel Bates 2016-02-23 13:32:49 PST
Comment on attachment 271953 [details]
Patch and Layout Test

Clearing flags on attachment: 271953

Committed r196992: <http://trac.webkit.org/changeset/196992>
Comment 4 Daniel Bates 2016-02-23 13:32:52 PST
All reviewed patches have been landed.  Closing bug.