On a frame-ancestors violation the violation report may be sent to the wrong domain.
<rdar://problem/28321575>
Note that reporting of a frame-ancestors violation for a document occurs before the URL of that document is known; => we do not have a script execution context. So we make use of the parent frame's document as part of the reporting machinery. Among other things we use the parent frame's document to compute the absolute URL for a CSP report URI that is a relative URL. But we should use the blocked URL as base of this computed absolute URL.
Created attachment 289093 [details] Patch
Comment on attachment 289093 [details] Patch Attachment 289093 [details] did not pass mac-ews (mac): Output: http://webkit-queues.webkit.org/results/2089679 New failing tests: http/tests/security/xssAuditor/report-script-tag-replace-state.html http/tests/security/contentSecurityPolicy/report-same-origin-no-cookies-when-private-browsing-toggled.php http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies-when-private-browsing-enabled.php http/tests/security/contentSecurityPolicy/report-same-origin-with-cookies-when-private-browsing-enabled.php http/tests/security/xssAuditor/report-script-tag.html http/tests/security/xssAuditor/report-script-tag-full-block.html http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies-when-private-browsing-toggled.php
Created attachment 289098 [details] Archive of layout-test-results from ews103 for mac-yosemite The attached test failures were seen while running run-webkit-tests on the mac-ews. Bot: ews103 Port: mac-yosemite Platform: Mac OS X 10.10.5
Comment on attachment 289093 [details] Patch Attachment 289093 [details] did not pass mac-debug-ews (mac): Output: http://webkit-queues.webkit.org/results/2089692 New failing tests: http/tests/security/xssAuditor/report-script-tag-replace-state.html http/tests/security/contentSecurityPolicy/report-same-origin-no-cookies-when-private-browsing-toggled.php http/tests/security/contentSecurityPolicy/report-same-origin-with-cookies-when-private-browsing-enabled.php http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies-when-private-browsing-enabled.php http/tests/security/xssAuditor/report-script-tag.html http/tests/security/xssAuditor/report-script-tag-full-block.html http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies-when-private-browsing-toggled.php
Created attachment 289099 [details] Archive of layout-test-results from ews114 for mac-yosemite The attached test failures were seen while running run-webkit-tests on the mac-debug-ews. Bot: ews114 Port: mac-yosemite Platform: Mac OS X 10.10.5
Comment on attachment 289093 [details] Patch Attachment 289093 [details] did not pass mac-wk2-ews (mac-wk2): Output: http://webkit-queues.webkit.org/results/2089779 New failing tests: http/tests/security/xssAuditor/report-script-tag.html http/tests/security/xssAuditor/report-script-tag-full-block.html http/tests/security/xssAuditor/report-script-tag-replace-state.html
Created attachment 289100 [details] Archive of layout-test-results from ews106 for mac-yosemite-wk2 The attached test failures were seen while running run-webkit-tests on the mac-wk2-ews. Bot: ews106 Port: mac-yosemite-wk2 Platform: Mac OS X 10.10.5
Created attachment 289101 [details] Patch Rebase more expected test results.
Comment on attachment 289101 [details] Patch Clearing flags on attachment: 289101 Committed r206278: <http://trac.webkit.org/changeset/206278>
All reviewed patches have been landed. Closing bug.