about:blank windows should inherit the content security policy of their opener document.
<rdar://problem/29426639>
Created attachment 296398 [details] Patch and layout test I chose to remove the upgrade-insecure-requests comment from Document::initContentSecurityPolicy() because I did not see the value in it and its second to last sentence was inaccurate with respect to this function. Let me know if there is value in adding a comment to Document::initContentSecurityPolicy() about how we handle upgrade insecure requests. We should look to centralize the upgrade-insecure-requests inheritance logic for child frames and child windows. Currently this logic is dispersed across Document::initSecurityContext(), Document::initContentSecurityPolicy(), and DocumentWriter::begin(). I suggest we do this in a separate bug.
Comment on attachment 296398 [details] Patch and layout test Looks good. r=me.
Comment on attachment 296398 [details] Patch and layout test Clearing flags on attachment: 296398 Committed r209608: <http://trac.webkit.org/changeset/209608>
All reviewed patches have been landed. Closing bug.