RESOLVED FIXED Bug 165531
[CSP] Policy of window opener not applied to about:blank window 
https://bugs.webkit.org/show_bug.cgi?id=165531
Summary [CSP] Policy of window opener not applied to about:blank window
Daniel Bates
Reported 2016-12-07 10:24:52 PST
about:blank windows should inherit the content security policy of their opener document.
Attachments
Patch and layout test (11.80 KB, patch)
2016-12-07 10:35 PST, Daniel Bates 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Daniel Bates
Comment 1 2016-12-07 10:25:29 PST
<rdar://problem/29426639>
Daniel Bates
Comment 2 2016-12-07 10:35:33 PST
Created attachment 296398 [details] Patch and layout test I chose to remove the upgrade-insecure-requests comment from Document::initContentSecurityPolicy() because I did not see the value in it and its second to last sentence was inaccurate with respect to this function. Let me know if there is value in adding a comment to Document::initContentSecurityPolicy() about how we handle upgrade insecure requests. We should look to centralize the upgrade-insecure-requests inheritance logic for child frames and child windows. Currently this logic is dispersed across Document::initSecurityContext(), Document::initContentSecurityPolicy(), and DocumentWriter::begin(). I suggest we do this in a separate bug.
Brent Fulgham
Comment 3 2016-12-09 09:24:02 PST
Comment on attachment 296398 [details] Patch and layout test Looks good. r=me.
Daniel Bates
Comment 4 2016-12-09 09:27:56 PST
Comment on attachment 296398 [details] Patch and layout test Clearing flags on attachment: 296398 Committed r209608: <http://trac.webkit.org/changeset/209608>
Daniel Bates
Comment 5 2016-12-09 09:28:01 PST
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.