Bug 160905 - Upgrade-Insecure-Request state is improperly retained between navigations
Summary: Upgrade-Insecure-Request state is improperly retained between navigations
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebCore Misc. (show other bugs)
Version: WebKit Nightly Build
Hardware: All All
: P2 Normal
Assignee: Brent Fulgham
Keywords: InRadar
Depends on:
Reported: 2016-08-16 11:44 PDT by Brent Fulgham
Modified: 2016-08-16 13:34 PDT (History)
9 users (show)

See Also:

Patch (10.98 KB, patch)
2016-08-16 11:56 PDT, Brent Fulgham
aestes: review+
Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Brent Fulgham 2016-08-16 11:44:12 PDT
If you load a website that has the Upgrade-Insecure-Request header, then navigate to a second site that does NOT have the header set, WebKit will continue to process resource loads as though the UIR header was active.

While we want to perform sub-frame loads with an inherited UIR state, we do NOT want this to happen when performing a top-level navigation that replaces the content of the frame.
Comment 1 Brent Fulgham 2016-08-16 11:46:53 PDT
Comment 2 Brent Fulgham 2016-08-16 11:56:24 PDT
Created attachment 286189 [details]
Comment 3 Brent Fulgham 2016-08-16 13:34:31 PDT
Committed r204521: <http://trac.webkit.org/changeset/204521>