Using WebKit r196012 or later, perform the following: 1. Visit <http://www.blogger.com> and sign in. 2. Create a new blog if you do not already have one. 3. Create a new block post by clicking the button with the pen icon Blogger.com will navigate to the editor dashboard page and this page is almost entirely blank when it would otherwise display a document editor to create a new blog post. In the console you will see messages of the form: [Error] Refused to load https://www.blogger.com/static/v1/gwt/deferredjs/82FBD225E45CFA09FBE0B2E0F2D9D25B/13.cache.js because it does not appear in the script-src directive of the Content Security Policy. [Error] Refused to load https://www.blogger.com/static/v1/gwt/deferredjs/82FBD225E45CFA09FBE0B2E0F2D9D25B/13.cache.js?autoRetry=1 because it does not appear in the script-src directive of the Content Security Policy. [Error] Refused to load https://www.blogger.com/static/v1/gwt/deferredjs/82FBD225E45CFA09FBE0B2E0F2D9D25B/13.cache.js?autoRetry=2 because it does not appear in the script-src directive of the Content Security Policy. [Error] Refused to load https://www.blogger.com/static/v1/gwt/deferredjs/82FBD225E45CFA09FBE0B2E0F2D9D25B/13.cache.js?autoRetry=3 because it does not appear in the script-src directive of the Content Security Policy.
<rdar://problem/25351286>
Created attachment 277113 [details] Patch and Layout Tests Even though it is not strictly necessary to call ContentSecurityPolicy::updateSourceSelf() from ContentSecurityPolicy(ScriptExecutionContext&) because we will call this function when we apply the policy to the script execution context in ContentSecurityPolicy::applyPolicyToScriptExecutionContext() I thought to do so to keep symmetry with the ContentSecurityPolicy(const SecurityOrigin&, const Frame*) constructor and this code is unlikely to be sufficiently hot in a profile. Let me know if it is preferred to omit the call to ContentSecurityPolicy::updateSourceSelf() from ContentSecurityPolicy(ScriptExecutionContext&).
Committed r200030: <http://trac.webkit.org/changeset/200030>
*** Bug 157472 has been marked as a duplicate of this bug. ***