156092 – CSP: child-src violations reported as frame-src violation

RESOLVED FIXED 156092

CSP: child-src violations reported as frame-src violation

https://bugs.webkit.org/show_bug.cgi?id=156092

Summary CSP: child-src violations reported as frame-src violation

Daniel Bates

Reported 2016-03-31 16:44:48 PDT

Frame loads blocked by directive child-src are reported as being blocked by directive frame-src in both the console message and dispatched SecurityPolicyViolation event. You can see observe these issue by opening the attached test, test.html, and looking at the test output and the console message emitted in the Web Inspector.

Attachments
Test case (1.18 KB, text/html) 2016-03-31 16:47 PDT, Daniel Bates	no flags	Details
Patch and Layout Tests (19.16 KB, patch) 2016-03-31 18:29 PDT, Daniel Bates	aestes: review+	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Daniel Bates

Comment 1 2016-03-31 16:47:40 PDT

Created attachment 275356 [details] Test case

Radar WebKit Bug Importer

Comment 2 2016-03-31 17:04:05 PDT

<rdar://problem/25478509>

Daniel Bates

Comment 3 2016-03-31 18:29:56 PDT

Created attachment 275364 [details] Patch and Layout Tests

Daniel Bates

Comment 4 2016-04-01 11:40:26 PDT

Committed r198951: <http://trac.webkit.org/changeset/198951>

Ryan Haddad

Comment 5 2016-04-01 14:01:28 PDT

The tests added with this change were rebaselined in <http://trac.webkit.org/changeset/198954>

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Local Build

Hardware All

OS All

Product WebKit

Component WebCore Misc.

Assignee

Daniel Bates

Reported

2016-03-31 16:44 PDT

Modified

2016-04-01 14:01 PDT History

CC List

6 users Show

URL

Keywords InRadar, WebExposed

Depends on

Blocks