Diff
Modified: trunk/LayoutTests/ChangeLog (201741 => 201742)
--- trunk/LayoutTests/ChangeLog 2016-06-07 05:54:11 UTC (rev 201741)
+++ trunk/LayoutTests/ChangeLog 2016-06-07 06:05:03 UTC (rev 201742)
@@ -1,3 +1,18 @@
+2016-06-06 Commit Queue <[email protected]>
+
+ Unreviewed, rolling out r201679.
+ https://bugs.webkit.org/show_bug.cgi?id=158464
+
+ http/tests/websocket/tests/hybi/upgrade-simple-ws.html is
+ flaky (Requested by ap on #webkit).
+
+ Reverted changeset:
+
+ "CSP: Content Security Policy directive, upgrade-insecure-
+ requests (UIR)"
+ https://bugs.webkit.org/show_bug.cgi?id=143653
+ http://trac.webkit.org/changeset/201679
+
2016-06-06 Jiewen Tan <[email protected]>
URLs containing tabs or newlines are parsed incorrectly
Deleted: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/report-only-upgrade-insecure-expected.txt (201741 => 201742)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/report-only-upgrade-insecure-expected.txt 2016-06-07 05:54:11 UTC (rev 201741)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/report-only-upgrade-insecure-expected.txt 2016-06-07 06:05:03 UTC (rev 201742)
@@ -1,9 +0,0 @@
-CONSOLE MESSAGE: The Content Security Policy directive 'upgrade-insecure-requests' is ignored when delivered in a report-only policy.
-CONSOLE MESSAGE: line 1: [Report Only] Refused to execute a script because its hash, its nonce, or 'unsafe-inline' does not appear in the script-src directive of the Content Security Policy.
-ALERT: PASS
-CSP report received:
-CONTENT_TYPE: application/csp-report
-HTTP_REFERER: http://127.0.0.1:8000/security/contentSecurityPolicy/report-only-upgrade-insecure.php
-REQUEST_METHOD: POST
-=== POST DATA =""
-{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-only-upgrade-insecure.php","referrer":"","violated-directive":"script-src 'self'","effective-directive":"script-src","original-policy":"script-src 'self'; upgrade-insecure-requests; report-uri resources/save-report.php","blocked-uri":"","status-code":200}}
Deleted: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/report-only-upgrade-insecure.php (201741 => 201742)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/report-only-upgrade-insecure.php 2016-06-07 05:54:11 UTC (rev 201741)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/report-only-upgrade-insecure.php 2016-06-07 06:05:03 UTC (rev 201742)
@@ -1,8 +0,0 @@
-<?php
- header("Content-Security-Policy-Report-Only: script-src 'self'; upgrade-insecure-requests; report-uri resources/save-report.php");
-?>
-<script>
-// This script block will trigger a violation report but shouldn't be blocked.
-alert('PASS');
-</script>
-<script src=""
Deleted: trunk/LayoutTests/http/tests/security/resources/post-origin-to-parent.html (201741 => 201742)
--- trunk/LayoutTests/http/tests/security/resources/post-origin-to-parent.html 2016-06-07 05:54:11 UTC (rev 201741)
+++ trunk/LayoutTests/http/tests/security/resources/post-origin-to-parent.html 2016-06-07 06:05:03 UTC (rev 201742)
@@ -1,3 +0,0 @@
-<script>
- window.parent.postMessage({ 'origin': document.origin }, '*');
-</script>
\ No newline at end of file
Deleted: trunk/LayoutTests/http/tests/ssl/iframe-upgrade.https-expected.txt (201741 => 201742)
--- trunk/LayoutTests/http/tests/ssl/iframe-upgrade.https-expected.txt 2016-06-07 05:54:11 UTC (rev 201741)
+++ trunk/LayoutTests/http/tests/ssl/iframe-upgrade.https-expected.txt 2016-06-07 06:05:03 UTC (rev 201742)
@@ -1,6 +0,0 @@
-
-
-PASS Same-host frames are upgraded.
-PASS Cross-host frames are upgraded.
-PASS Upgrade policy cascades to nested, same-host frames.
-
Deleted: trunk/LayoutTests/http/tests/ssl/iframe-upgrade.https.html (201741 => 201742)
--- trunk/LayoutTests/http/tests/ssl/iframe-upgrade.https.html 2016-06-07 05:54:11 UTC (rev 201741)
+++ trunk/LayoutTests/http/tests/ssl/iframe-upgrade.https.html 2016-06-07 06:05:03 UTC (rev 201742)
@@ -1,57 +0,0 @@
-<!DOCTYPE html>
-<head>
-<title>Upgrade Insecure Requests: IFrames.</title>
-<script src=""
-<script src=""
-
-<meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
-</head>
-<body>
-<script>
-// This test is a bit of a hack. UPGRADE doesn't upgrade the port number, so we
-// specify this non-existent URL ('http' over port 8443). If UPGRADE doesn't
-// work, it won't load.
-async_test(t => {
- var iframe = document.createElement('iframe');
- iframe.src = ""
-
- window.addEventListener('message', t.step_func(e => {
- if (e.source == iframe.contentWindow) {
- assert_equals(e.data.origin, "https_127.0.0.1_8443");
- t.done();
- }
- }));
-
- document.body.appendChild(iframe);
-}, "Same-host frames are upgraded.");
-
-async_test(t => {
- var iframe = document.createElement('iframe');
- iframe.src = ""
-
- window.addEventListener('message', t.step_func(e => {
- if (e.source == iframe.contentWindow) {
- assert_equals(e.data.origin, "https_localhost_8443");
- t.done();
- }
- }));
-
- document.body.appendChild(iframe);
-}, "Cross-host frames are upgraded.");
-
-async_test(t => {
- var iframe = document.createElement('iframe');
- iframe.srcdoc = "<a href=''>Navigate!</a>" +
- "<script>document.querySelector('a').click()</scr" + "ipt>";
-
- window.addEventListener('message', t.step_func(e => {
- if (e.source == iframe.contentWindow) {
- assert_equals(e.data.origin, "https_127.0.0.1_8443");
- t.done();
- }
- }));
-
- document.body.appendChild(iframe);
-}, "Upgrade policy cascades to nested, same-host frames.");
-</script>
-</body>
\ No newline at end of file
Deleted: trunk/LayoutTests/http/tests/ssl/resources/origin-usage-iframe-1.html (201741 => 201742)
--- trunk/LayoutTests/http/tests/ssl/resources/origin-usage-iframe-1.html 2016-06-07 05:54:11 UTC (rev 201741)
+++ trunk/LayoutTests/http/tests/ssl/resources/origin-usage-iframe-1.html 2016-06-07 06:05:03 UTC (rev 201742)
@@ -1,9 +0,0 @@
-<html manifest="origin-usage-iframe-1.manifest">
-<script>
-// iframe-1 is expected to succeed.
-applicationCache._oncached_ = function() { parent.postMessage("PASS - cached iframe-1", "*"); };
-applicationCache._onerror_ = function() { parent.postMessage("FAIL - error caching iframe-1, expected this to succeed", "*"); };
-applicationCache._onnoupdate_ = function() { parent.postMessage("FAIL - no update iframe-1, all caches should have been deleted before this test", "*"); };
-
-</script>
-</html>
Deleted: trunk/LayoutTests/http/tests/ssl/resources/origin-usage-iframe-1.manifest (201741 => 201742)
--- trunk/LayoutTests/http/tests/ssl/resources/origin-usage-iframe-1.manifest 2016-06-07 05:54:11 UTC (rev 201741)
+++ trunk/LayoutTests/http/tests/ssl/resources/origin-usage-iframe-1.manifest 2016-06-07 06:05:03 UTC (rev 201742)
@@ -1,6 +0,0 @@
-CACHE MANIFEST
-
-# This adds ~13K to the app cache
-
-CACHE:
-https://127.0.0.1:8443/security/resources/abe.png
Deleted: trunk/LayoutTests/http/tests/ssl/resources/origin-usage-iframe-2.html (201741 => 201742)
--- trunk/LayoutTests/http/tests/ssl/resources/origin-usage-iframe-2.html 2016-06-07 05:54:11 UTC (rev 201741)
+++ trunk/LayoutTests/http/tests/ssl/resources/origin-usage-iframe-2.html 2016-06-07 06:05:03 UTC (rev 201742)
@@ -1,8 +0,0 @@
-<html manifest="origin-usage-iframe-2.manifest">
-<script>
-// iframe-2 is expected to fail due to exceeding the origin quota.
-applicationCache._oncached_ = function() { parent.postMessage("PASS - cached iframe-2", "*"); };
-applicationCache._onerror_ = function() { parent.postMessage("FAIL - error caching iframe-2", "*"); };
-applicationCache._onnoupdate_ = function() { parent.postMessage("FAIL - no update iframe-2, all caches should have been deleted before this test", "*"); };
-</script>
-</html>
Deleted: trunk/LayoutTests/http/tests/ssl/resources/origin-usage-iframe-2.manifest (201741 => 201742)
--- trunk/LayoutTests/http/tests/ssl/resources/origin-usage-iframe-2.manifest 2016-06-07 05:54:11 UTC (rev 201741)
+++ trunk/LayoutTests/http/tests/ssl/resources/origin-usage-iframe-2.manifest 2016-06-07 06:05:03 UTC (rev 201742)
@@ -1,6 +0,0 @@
-CACHE MANIFEST
-
-# This adds ~13K to the app cache
-
-CACHE:
-https://127.0.0.1:8443/security/resources/abe.png
Deleted: trunk/LayoutTests/http/tests/ssl/upgrade-origin-usage-expected.txt (201741 => 201742)
--- trunk/LayoutTests/http/tests/ssl/upgrade-origin-usage-expected.txt 2016-06-07 05:54:11 UTC (rev 201741)
+++ trunk/LayoutTests/http/tests/ssl/upgrade-origin-usage-expected.txt 2016-06-07 06:05:03 UTC (rev 201742)
@@ -1,10 +0,0 @@
-This test checks that per-origin usage is reported correctly when upgrading insecure load requests by loading two iframes which use ~15K each and querying origin usage.
-
-Cleared application cache
-PASS - cached iframe-1
-Usage for https://127.0.0.1:8443 after first frame is between 15000 and 16000 bytes: true
-PASS - cached iframe-2
-Usage for https://127.0.0.1:8443 after second frame is between 30000 and 32000 bytes: true
-Removing Application Cache for https://127.0.0.1:8443
-Usage for https://127.0.0.1:8443: 0
-
Deleted: trunk/LayoutTests/http/tests/ssl/upgrade-origin-usage.html (201741 => 201742)
--- trunk/LayoutTests/http/tests/ssl/upgrade-origin-usage.html 2016-06-07 05:54:11 UTC (rev 201741)
+++ trunk/LayoutTests/http/tests/ssl/upgrade-origin-usage.html 2016-06-07 06:05:03 UTC (rev 201742)
@@ -1,75 +0,0 @@
-<html>
-<head>
-<meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
-<script>
-
-var drtURL = "https://127.0.0.1:8443";
-
-// Helpers.
-
-function log(message) {
- document.getElementById("console").innerHTML += message + "<br>";
-}
-
-// Start and end.
-
-function startTest() {
- if (window.testRunner) {
- testRunner.setAllowsAnySSLCertificate(true);
- testRunner.clearAllApplicationCaches();
- log("Cleared application cache");
- testRunner.dumpApplicationCacheDelegateCallbacks();
- testRunner.dumpAsText();
- testRunner.waitUntilDone();
- }
-
- addFirstIFrame();
-}
-
-function finishTest() {
- if (window.testRunner)
- testRunner.notifyDone();
-}
-
-// Stages.
-
-function addIFrameWithContinuation(src, continuation) {
- window._onmessage_ = continuation;
- var iframe = document.createElement("iframe");
- iframe.src = ""
- document.body.appendChild(iframe);
-}
-
-function addFirstIFrame() {
- // Expected to succeed.
- addIFrameWithContinuation("http://127.0.0.1:8443/ssl/resources/origin-usage-iframe-1.html", function(event) {
- log(event.data);
- var usage = testRunner.applicationCacheDiskUsageForOrigin(drtURL);
- log("Usage for " + drtURL + " after first frame is between 15000 and 16000 bytes: " + ((usage > 15000) && (usage < 16000)));
- addSecondIFrame();
- });
-}
-
-function addSecondIFrame() {
- addIFrameWithContinuation("http://127.0.0.1:8443/ssl/resources/origin-usage-iframe-2.html", function(event) {
- log(event.data);
- var usage = testRunner.applicationCacheDiskUsageForOrigin(drtURL);
- log("Usage for " + drtURL + " after second frame is between 30000 and 32000 bytes: " + ((usage > 30000) && (usage < 32000)));
-
- log("Removing Application Cache for " + drtURL);
- testRunner.clearApplicationCacheForOrigin(drtURL);
-
- log("Usage for " + drtURL + ": " + testRunner.applicationCacheDiskUsageForOrigin(drtURL));
-
- finishTest();
- });
-}
-
-</script>
-</head>
-<body _onload_="startTest()">
-<p>This test checks that per-origin usage is reported correctly when upgrading insecure load requests by loading two iframes which use ~15K each and querying origin usage.</p>
-</p>
-<pre id="console"></pre>
-</body>
-</html>
Deleted: trunk/LayoutTests/http/tests/websocket/tests/hybi/upgrade-simple-ws-expected.txt (201741 => 201742)
--- trunk/LayoutTests/http/tests/websocket/tests/hybi/upgrade-simple-ws-expected.txt 2016-06-07 05:54:11 UTC (rev 201741)
+++ trunk/LayoutTests/http/tests/websocket/tests/hybi/upgrade-simple-ws-expected.txt 2016-06-07 06:05:03 UTC (rev 201742)
@@ -1,11 +0,0 @@
-Simple upgrade insecure Web Socket test
-
-On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
-
-Created a socket to 'wss://127.0.0.1:9323/websocket/tests/hybi/simple'; readyState 0.
-The 'ws' protocol should be upgraded to 'wss'. If this happens, we will connect properly and the test will succeed.
-Connected; readyState 1
-Resolved URL: wss://127.0.0.1:9323/websocket/tests/hybi/simple
-Received: 'Hello from Simple WSH.'; readyState 1
-Closed; readyState 3.
-
Deleted: trunk/LayoutTests/http/tests/websocket/tests/hybi/upgrade-simple-ws.html (201741 => 201742)
--- trunk/LayoutTests/http/tests/websocket/tests/hybi/upgrade-simple-ws.html 2016-06-07 05:54:11 UTC (rev 201741)
+++ trunk/LayoutTests/http/tests/websocket/tests/hybi/upgrade-simple-ws.html 2016-06-07 06:05:03 UTC (rev 201742)
@@ -1,62 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
-<script src=""
-<meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
-</head>
-<body>
-<div id="description"></div>
-<div id="console"></div>
-<script type="text/_javascript_">
-description("Simple upgrade insecure Web Socket test");
-
-window.jsTestIsAsync = true;
-
-if (window.testRunner)
- testRunner.setAllowsAnySSLCertificate(true);
-
-function endTest()
-{
- clearTimeout(timeoutID);
- finishJSTest();
-}
-
-var ws = new WebSocket("ws://127.0.0.1:9323/websocket/tests/hybi/simple");
-debug("Created a socket to '" + ws.URL + "'; readyState " + ws.readyState + ".");
-debug("The 'ws' protocol should be upgraded to 'wss'. If this happens, we will connect properly and the test will succeed.");
-
-ws._onopen_ = function()
-{
- debug("Connected; readyState " + ws.readyState);
- debug("Resolved URL: " + ws.URL)
-};
-
-ws._onmessage_ = function(messageEvent)
-{
- debug("Received: '" + messageEvent.data + "'; readyState " + ws.readyState);
-};
-
-ws._onclose_ = function()
-{
- debug("Closed; readyState " + ws.readyState + ".");
- endTest();
-};
-
-ws._onerror_ = function(errorEvent)
-{
- debug("Error: '" + errorEvent.data + "'; readyState " + ws.readyState);
- endTest();
-}
-
-function timeOutCallback()
-{
- debug("Timed out in state: " + ws.readyState);
- endTest();
-}
-
-var timeoutID = setTimeout(timeOutCallback, 300);
-
-</script>
-<script src=""
-</body>
-</html>
Modified: trunk/LayoutTests/platform/mac/TestExpectations (201741 => 201742)
--- trunk/LayoutTests/platform/mac/TestExpectations 2016-06-07 05:54:11 UTC (rev 201741)
+++ trunk/LayoutTests/platform/mac/TestExpectations 2016-06-07 06:05:03 UTC (rev 201742)
@@ -1347,5 +1347,3 @@
webkit.org/b/155196 media/video-with-file-url-allowed-by-csp-media-src-star-with-AllowContentSecurityPolicySourceStarToMatchAnyProtocol-enabled.html [ Skip ]
webkit.org/b/158101 imported/blink/http/tests/plugins/get-url-notify-on-removal.html [ Pass Timeout ]
-
-webkit.org/b/143653 [ Yosemite ] http/tests/websocket/tests/hybi/upgrade-simple-ws.html [ Skip ] # Timeout
Modified: trunk/Source/WebCore/ChangeLog (201741 => 201742)
--- trunk/Source/WebCore/ChangeLog 2016-06-07 05:54:11 UTC (rev 201741)
+++ trunk/Source/WebCore/ChangeLog 2016-06-07 06:05:03 UTC (rev 201742)
@@ -1,3 +1,18 @@
+2016-06-06 Commit Queue <[email protected]>
+
+ Unreviewed, rolling out r201679.
+ https://bugs.webkit.org/show_bug.cgi?id=158464
+
+ http/tests/websocket/tests/hybi/upgrade-simple-ws.html is
+ flaky (Requested by ap on #webkit).
+
+ Reverted changeset:
+
+ "CSP: Content Security Policy directive, upgrade-insecure-
+ requests (UIR)"
+ https://bugs.webkit.org/show_bug.cgi?id=143653
+ http://trac.webkit.org/changeset/201679
+
2016-06-06 Jiewen Tan <[email protected]>
URLs containing tabs or newlines are parsed incorrectly
Modified: trunk/Source/WebCore/Modules/websockets/WebSocket.cpp (201741 => 201742)
--- trunk/Source/WebCore/Modules/websockets/WebSocket.cpp 2016-06-07 05:54:11 UTC (rev 201741)
+++ trunk/Source/WebCore/Modules/websockets/WebSocket.cpp 2016-06-07 06:05:03 UTC (rev 201742)
@@ -1,6 +1,5 @@
/*
* Copyright (C) 2011 Google Inc. All rights reserved.
- * Copyright (C) 2015-2016 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are
@@ -231,9 +230,6 @@
ec = SYNTAX_ERR;
return;
}
-
- scriptExecutionContext()->contentSecurityPolicy()->upgradeInsecureRequestIfNeeded(m_url, ContentSecurityPolicy::InsecureRequestType::Load);
-
if (!portAllowed(m_url)) {
scriptExecutionContext()->addConsoleMessage(MessageSource::JS, MessageLevel::Error, "WebSocket port " + String::number(m_url.port()) + " blocked");
m_state = CLOSED;
Modified: trunk/Source/WebCore/dom/Document.cpp (201741 => 201742)
--- trunk/Source/WebCore/dom/Document.cpp 2016-06-07 05:54:11 UTC (rev 201741)
+++ trunk/Source/WebCore/dom/Document.cpp 2016-06-07 06:05:03 UTC (rev 201742)
@@ -5194,26 +5194,16 @@
// If we do not obtain a meaningful origin from the URL, then we try to
// find one via the frame hierarchy.
- Frame* parentFrame = m_frame->tree().parent();
- Frame* openerFrame = m_frame->loader().opener();
- Frame* ownerFrame = parentFrame;
+ Frame* ownerFrame = m_frame->tree().parent();
if (!ownerFrame)
- ownerFrame = openerFrame;
+ ownerFrame = m_frame->loader().opener();
if (!ownerFrame) {
didFailToInitializeSecurityOrigin();
return;
}
-
- Document* openerDocument = openerFrame ? openerFrame->document() : nullptr;
- // Per <http://www.w3.org/TR/upgrade-insecure-requests/>, new browsing contexts must inherit from an
- // ongoing set of upgraded requests. When opening a new browsing context, we need to capture its
- // existing upgrade request. Nested browsing contexts are handled during DocumentWriter::begin.
- if (openerDocument)
- contentSecurityPolicy()->inheritInsecureNavigationRequestsToUpgradeFromOpener(*openerDocument->contentSecurityPolicy());
-
if (isSandboxed(SandboxOrigin)) {
// If we're supposed to inherit our security origin from our owner,
// but we're also sandboxed, the only thing we inherit is the ability
Modified: trunk/Source/WebCore/dom/ScriptElement.cpp (201741 => 201742)
--- trunk/Source/WebCore/dom/ScriptElement.cpp 2016-06-07 05:54:11 UTC (rev 201741)
+++ trunk/Source/WebCore/dom/ScriptElement.cpp 2016-06-07 06:05:03 UTC (rev 201742)
@@ -2,7 +2,7 @@
* Copyright (C) 1999 Lars Knoll ([email protected])
* (C) 1999 Antti Koivisto ([email protected])
* (C) 2001 Dirk Mueller ([email protected])
- * Copyright (C) 2003-2016 Apple Inc. All rights reserved.
+ * Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008 Apple Inc. All rights reserved.
* Copyright (C) 2008 Nikolas Zimmermann <[email protected]>
*
* This library is free software; you can redistribute it and/or
@@ -264,8 +264,6 @@
CachedResourceRequest request(ResourceRequest(m_element.document().completeURL(sourceUrl)), options);
- m_element.document().contentSecurityPolicy()->upgradeInsecureRequestIfNeeded(request.mutableResourceRequest(), ContentSecurityPolicy::InsecureRequestType::Load);
-
String crossOriginMode = m_element.fastGetAttribute(HTMLNames::crossoriginAttr);
if (!crossOriginMode.isNull()) {
m_requestUsesAccessControl = true;
Modified: trunk/Source/WebCore/loader/DocumentWriter.cpp (201741 => 201742)
--- trunk/Source/WebCore/loader/DocumentWriter.cpp 2016-06-07 05:54:11 UTC (rev 201741)
+++ trunk/Source/WebCore/loader/DocumentWriter.cpp 2016-06-07 06:05:03 UTC (rev 201742)
@@ -29,7 +29,6 @@
#include "config.h"
#include "DocumentWriter.h"
-#include "ContentSecurityPolicy.h"
#include "DOMImplementation.h"
#include "DOMWindow.h"
#include "Frame.h"
@@ -144,17 +143,6 @@
else
document->createDOMWindow();
- // Per <http://www.w3.org/TR/upgrade-insecure-requests/>, we need to retain an ongoing set of upgraded
- // requests in new navigation contexts. Although this information is present when we construct the
- // Document object, it is discard in the subsequent 'clear' statements below. So, we must capture it
- // so we can restore it.
- HashSet<RefPtr<SecurityOrigin>> insecureNavigationRequestsToUpgrade;
- bool upgradeInsecureRequests = false;
- if (auto* existingDocument = m_frame->document()) {
- upgradeInsecureRequests = existingDocument->contentSecurityPolicy()->upgradeInsecureRequests();
- insecureNavigationRequestsToUpgrade = existingDocument->contentSecurityPolicy()->takeNavigationRequestsToUpgrade();
- }
-
m_frame->loader().clear(document.ptr(), !shouldReuseDefaultView, !shouldReuseDefaultView);
clear();
@@ -169,9 +157,6 @@
m_frame->loader().setOutgoingReferrer(url);
m_frame->setDocument(document.copyRef());
- document->contentSecurityPolicy()->setUpgradeInsecureRequests(upgradeInsecureRequests);
- document->contentSecurityPolicy()->setInsecureNavigationRequestsToUpgrade(WTFMove(insecureNavigationRequestsToUpgrade));
-
if (m_decoder)
document->setDecoder(m_decoder.get());
if (ownerDocument) {
Modified: trunk/Source/WebCore/loader/FormSubmission.cpp (201741 => 201742)
--- trunk/Source/WebCore/loader/FormSubmission.cpp 2016-06-07 05:54:11 UTC (rev 201741)
+++ trunk/Source/WebCore/loader/FormSubmission.cpp 2016-06-07 06:05:03 UTC (rev 201742)
@@ -1,6 +1,5 @@
/*
* Copyright (C) 2010 Google Inc. All rights reserved.
- * Copyright (C) 2015-2016 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are
@@ -32,7 +31,6 @@
#include "config.h"
#include "FormSubmission.h"
-#include "ContentSecurityPolicy.h"
#include "DOMFormData.h"
#include "Document.h"
#include "Event.h"
@@ -190,8 +188,6 @@
bool isMultiPartForm = false;
String encodingType = copiedAttributes.encodingType();
- document.contentSecurityPolicy()->upgradeInsecureRequestIfNeeded(actionURL, ContentSecurityPolicy::InsecureRequestType::FormSubmission);
-
if (copiedAttributes.method() == PostMethod) {
isMultiPartForm = copiedAttributes.isMultiPartForm();
if (isMultiPartForm && isMailtoForm) {
@@ -273,7 +269,6 @@
frameRequest.resourceRequest().setURL(requestURL());
FrameLoader::addHTTPOriginIfNeeded(frameRequest.resourceRequest(), m_origin);
- FrameLoader::addHTTPUpgradeInsecureRequestsIfNeeded(frameRequest.resourceRequest());
}
}
Modified: trunk/Source/WebCore/loader/FrameLoader.cpp (201741 => 201742)
--- trunk/Source/WebCore/loader/FrameLoader.cpp 2016-06-07 05:54:11 UTC (rev 201741)
+++ trunk/Source/WebCore/loader/FrameLoader.cpp 2016-06-07 06:05:03 UTC (rev 201742)
@@ -369,7 +369,6 @@
frameRequest.setFrameName(m_frame.document()->baseTarget());
addHTTPOriginIfNeeded(frameRequest.resourceRequest(), outgoingOrigin());
- m_frame.document()->contentSecurityPolicy()->upgradeInsecureRequestIfNeeded(frameRequest.resourceRequest(), ContentSecurityPolicy::InsecureRequestType::Navigation);
loadFrameRequest(frameRequest, triggeringEvent, nullptr);
}
@@ -2545,9 +2544,6 @@
// FIXME: Using m_loadType seems wrong for some callers.
// If we are only preparing to load the main resource, that is previous load's load type!
addExtraFieldsToRequest(request, m_loadType, true);
-
- // Upgrade-Insecure-Requests should only be added to main resource requests
- addHTTPUpgradeInsecureRequestsIfNeeded(request);
}
void FrameLoader::addExtraFieldsToRequest(ResourceRequest& request, FrameLoadType loadType, bool mainResource)
@@ -2654,16 +2650,6 @@
request.setHTTPOrigin(origin);
}
-void FrameLoader::addHTTPUpgradeInsecureRequestsIfNeeded(ResourceRequest& request)
-{
- if (request.url().protocolIs("https")) {
- // FIXME: Identify HSTS cases and avoid adding the header. <https://bugs.webkit.org/show_bug.cgi?id=157885>
- return;
- }
-
- request.setHTTPHeaderField(HTTPHeaderName::UpgradeInsecureRequests, ASCIILiteral("1"));
-}
-
void FrameLoader::loadPostRequest(const FrameLoadRequest& request, const String& referrer, FrameLoadType loadType, Event* event, PassRefPtr<FormState> prpFormState)
{
RefPtr<FormState> formState = prpFormState;
@@ -2688,9 +2674,6 @@
workingResourceRequest.setHTTPContentType(contentType);
addExtraFieldsToRequest(workingResourceRequest, loadType, true);
- if (Document* document = m_frame.document())
- document->contentSecurityPolicy()->upgradeInsecureRequestIfNeeded(workingResourceRequest, ContentSecurityPolicy::InsecureRequestType::Load);
-
NavigationAction action(workingResourceRequest, loadType, true, event, request.shouldOpenExternalURLsPolicy(), request.downloadAttribute());
if (!frameName.isEmpty()) {
@@ -2749,8 +2732,6 @@
}
#endif
- m_frame.document()->contentSecurityPolicy()->upgradeInsecureRequestIfNeeded(newRequest, ContentSecurityPolicy::InsecureRequestType::Load);
-
if (error.isNull()) {
ASSERT(!newRequest.isNull());
@@ -3334,7 +3315,6 @@
request.setHTTPContentType(item.formContentType());
RefPtr<SecurityOrigin> securityOrigin = SecurityOrigin::createFromString(item.referrer());
addHTTPOriginIfNeeded(request, securityOrigin->toString());
- addHTTPUpgradeInsecureRequestsIfNeeded(request);
// Make sure to add extra fields to the request after the Origin header is added for the FormData case.
// See https://bugs.webkit.org/show_bug.cgi?id=22194 for more discussion.
@@ -3625,7 +3605,6 @@
if (!referrer.isEmpty())
requestWithReferrer.resourceRequest().setHTTPReferrer(referrer);
FrameLoader::addHTTPOriginIfNeeded(requestWithReferrer.resourceRequest(), openerFrame.loader().outgoingOrigin());
- FrameLoader::addHTTPUpgradeInsecureRequestsIfNeeded(requestWithReferrer.resourceRequest());
Page* oldPage = openerFrame.page();
if (!oldPage)
Modified: trunk/Source/WebCore/loader/FrameLoader.h (201741 => 201742)
--- trunk/Source/WebCore/loader/FrameLoader.h 2016-06-07 05:54:11 UTC (rev 201741)
+++ trunk/Source/WebCore/loader/FrameLoader.h 2016-06-07 06:05:03 UTC (rev 201742)
@@ -202,7 +202,6 @@
void addExtraFieldsToMainResourceRequest(ResourceRequest&);
static void addHTTPOriginIfNeeded(ResourceRequest&, const String& origin);
- static void addHTTPUpgradeInsecureRequestsIfNeeded(ResourceRequest&);
FrameLoaderClient& client() const { return m_client; }
Modified: trunk/Source/WebCore/loader/PingLoader.cpp (201741 => 201742)
--- trunk/Source/WebCore/loader/PingLoader.cpp 2016-06-07 05:54:11 UTC (rev 201741)
+++ trunk/Source/WebCore/loader/PingLoader.cpp 2016-06-07 06:05:03 UTC (rev 201742)
@@ -1,7 +1,6 @@
/*
* Copyright (C) 2010 Google Inc. All rights reserved.
* Copyright (C) 2015 Roopesh Chander ([email protected])
- * Copyright (C) 2015-2016 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are
@@ -34,7 +33,6 @@
#include "config.h"
#include "PingLoader.h"
-#include "ContentSecurityPolicy.h"
#include "Document.h"
#include "FormData.h"
#include "Frame.h"
@@ -82,9 +80,6 @@
return;
#endif
- if (Document* document = frame.document())
- document->contentSecurityPolicy()->upgradeInsecureRequestIfNeeded(request, ContentSecurityPolicy::InsecureRequestType::Load);
-
request.setHTTPHeaderField(HTTPHeaderName::CacheControl, "max-age=0");
String referrer = SecurityPolicy::generateReferrerHeader(frame.document()->referrerPolicy(), request.url(), frame.loader().outgoingReferrer());
if (!referrer.isEmpty())
@@ -107,8 +102,6 @@
return;
#endif
- frame.document()->contentSecurityPolicy()->upgradeInsecureRequestIfNeeded(request, ContentSecurityPolicy::InsecureRequestType::Load);
-
request.setHTTPMethod("POST");
request.setHTTPContentType("text/ping");
request.setHTTPBody(FormData::create("PING"));
@@ -140,9 +133,6 @@
return;
#endif
- if (Document* document = frame.document())
- document->contentSecurityPolicy()->upgradeInsecureRequestIfNeeded(request, ContentSecurityPolicy::InsecureRequestType::Load);
-
request.setHTTPMethod(ASCIILiteral("POST"));
request.setHTTPBody(WTFMove(report));
switch (reportType) {
Modified: trunk/Source/WebCore/loader/SubframeLoader.cpp (201741 => 201742)
--- trunk/Source/WebCore/loader/SubframeLoader.cpp 2016-06-07 05:54:11 UTC (rev 201741)
+++ trunk/Source/WebCore/loader/SubframeLoader.cpp 2016-06-07 06:05:03 UTC (rev 201742)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2006-2016 Apple Inc. All rights reserved.
+ * Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All rights reserved.
* Copyright (C) 2008 Nokia Corporation and/or its subsidiary(-ies)
* Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved. (http://www.torchmobile.com/)
* Copyright (C) 2008 Alp Toker <[email protected]>
@@ -231,8 +231,6 @@
if (!url.isEmpty())
completedURL = completeURL(url);
- document()->contentSecurityPolicy()->upgradeInsecureRequestIfNeeded(completedURL, ContentSecurityPolicy::InsecureRequestType::Load);
-
bool hasFallbackContent = is<HTMLObjectElement>(ownerElement) && downcast<HTMLObjectElement>(ownerElement).hasFallbackContent();
bool useFallback;
@@ -302,11 +300,8 @@
return widget;
}
-Frame* SubframeLoader::loadOrRedirectSubframe(HTMLFrameOwnerElement& ownerElement, const URL& requestUrl, const AtomicString& frameName, LockHistory lockHistory, LockBackForwardList lockBackForwardList)
+Frame* SubframeLoader::loadOrRedirectSubframe(HTMLFrameOwnerElement& ownerElement, const URL& url, const AtomicString& frameName, LockHistory lockHistory, LockBackForwardList lockBackForwardList)
{
- URL url = ""
- ownerElement.document().contentSecurityPolicy()->upgradeInsecureRequestIfNeeded(url, ContentSecurityPolicy::InsecureRequestType::Load);
-
Frame* frame = ownerElement.contentFrame();
if (frame)
frame->navigationScheduler().scheduleLocationChange(m_frame.document(), m_frame.document()->securityOrigin(), url, m_frame.loader().outgoingReferrer(), lockHistory, lockBackForwardList);
Modified: trunk/Source/WebCore/loader/appcache/ApplicationCacheHost.cpp (201741 => 201742)
--- trunk/Source/WebCore/loader/appcache/ApplicationCacheHost.cpp 2016-06-07 05:54:11 UTC (rev 201741)
+++ trunk/Source/WebCore/loader/appcache/ApplicationCacheHost.cpp 2016-06-07 06:05:03 UTC (rev 201742)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2008-2016 Apple Inc. All Rights Reserved.
+ * Copyright (C) 2008, 2009 Apple Inc. All Rights Reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -29,7 +29,6 @@
#include "ApplicationCache.h"
#include "ApplicationCacheGroup.h"
#include "ApplicationCacheResource.h"
-#include "ContentSecurityPolicy.h"
#include "DocumentLoader.h"
#include "DOMApplicationCache.h"
#include "FileSystem.h"
@@ -371,18 +370,12 @@
m_applicationCache = applicationCache;
}
-bool ApplicationCacheHost::shouldLoadResourceFromApplicationCache(const ResourceRequest& originalRequest, ApplicationCacheResource*& resource)
+bool ApplicationCacheHost::shouldLoadResourceFromApplicationCache(const ResourceRequest& request, ApplicationCacheResource*& resource)
{
ApplicationCache* cache = applicationCache();
if (!cache || !cache->isComplete())
return false;
- ResourceRequest request(originalRequest);
- if (Frame* loaderFrame = m_documentLoader.frame()) {
- if (Document* document = loaderFrame->document())
- document->contentSecurityPolicy()->upgradeInsecureRequestIfNeeded(request, ContentSecurityPolicy::InsecureRequestType::Load);
- }
-
// If the resource is not to be fetched using the HTTP GET mechanism or equivalent, or if its URL has a different
// <scheme> component than the application cache's manifest, then fetch the resource normally.
if (!ApplicationCache::requestIsHTTPOrHTTPSGet(request) || !equalIgnoringASCIICase(request.url().protocol(), cache->manifestResource()->url().protocol()))
Modified: trunk/Source/WebCore/loader/cache/CachedResourceLoader.cpp (201741 => 201742)
--- trunk/Source/WebCore/loader/cache/CachedResourceLoader.cpp 2016-06-07 05:54:11 UTC (rev 201741)
+++ trunk/Source/WebCore/loader/cache/CachedResourceLoader.cpp 2016-06-07 06:05:03 UTC (rev 201742)
@@ -2,7 +2,7 @@
Copyright (C) 1998 Lars Knoll ([email protected])
Copyright (C) 2001 Dirk Mueller ([email protected])
Copyright (C) 2002 Waldo Bastian ([email protected])
- Copyright (C) 2004-2016 Apple Inc. All rights reserved.
+ Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All rights reserved.
Copyright (C) 2009 Torch Mobile Inc. http://www.torchmobile.com/
This library is free software; you can redistribute it and/or
@@ -179,8 +179,6 @@
{
if (Frame* frame = this->frame()) {
if (frame->loader().pageDismissalEventBeingDispatched() != FrameLoader::PageDismissalType::None) {
- if (Document* document = frame->document())
- document->contentSecurityPolicy()->upgradeInsecureRequestIfNeeded(request.mutableResourceRequest(), ContentSecurityPolicy::InsecureRequestType::Load);
URL requestURL = request.resourceRequest().url();
if (requestURL.isValid() && canRequest(CachedResource::ImageResource, requestURL, request.options(), request.forPreload()))
PingLoader::loadImage(*frame, requestURL);
@@ -549,9 +547,6 @@
CachedResourceHandle<CachedResource> CachedResourceLoader::requestResource(CachedResource::Type type, CachedResourceRequest& request)
{
- if (Document* document = this->document())
- document->contentSecurityPolicy()->upgradeInsecureRequestIfNeeded(request.mutableResourceRequest(), ContentSecurityPolicy::InsecureRequestType::Load);
-
URL url = ""
LOG(ResourceLoading, "CachedResourceLoader::requestResource '%s', charset '%s', priority=%d, forPreload=%u", url.stringCenterEllipsizedToLength().latin1().data(), request.charset().latin1().data(), request.priority() ? static_cast<int>(request.priority().value()) : -1, request.forPreload());
Modified: trunk/Source/WebCore/page/csp/ContentSecurityPolicy.cpp (201741 => 201742)
--- trunk/Source/WebCore/page/csp/ContentSecurityPolicy.cpp 2016-06-07 05:54:11 UTC (rev 201741)
+++ trunk/Source/WebCore/page/csp/ContentSecurityPolicy.cpp 2016-06-07 06:05:03 UTC (rev 201742)
@@ -46,7 +46,6 @@
#include "JSMainThreadExecState.h"
#include "ParsingUtilities.h"
#include "PingLoader.h"
-#include "ResourceRequest.h"
#include "RuntimeEnabledFeatures.h"
#include "SchemeRegistry.h"
#include "SecurityOrigin.h"
@@ -112,9 +111,6 @@
ASSERT(m_policies.isEmpty());
for (auto& policy : other->m_policies)
didReceiveHeader(policy->header(), policy->headerType(), ContentSecurityPolicy::PolicyFrom::Inherited);
-
- m_upgradeInsecureRequests = other->m_upgradeInsecureRequests;
- m_insecureNavigationRequestsToUpgrade.add(other->m_insecureNavigationRequestsToUpgrade.begin(), other->m_insecureNavigationRequestsToUpgrade.end());
}
void ContentSecurityPolicy::didCreateWindowShell(JSDOMWindowShell& windowShell) const
@@ -758,70 +754,5 @@
return false;
#endif
}
-
-void ContentSecurityPolicy::upgradeInsecureRequestIfNeeded(ResourceRequest& request, InsecureRequestType requestType)
-{
- URL url = ""
- upgradeInsecureRequestIfNeeded(url, requestType);
- request.setURL(url);
-}
-
-void ContentSecurityPolicy::upgradeInsecureRequestIfNeeded(URL& url, InsecureRequestType requestType)
-{
- if (!url.protocolIs("http") && !url.protocolIs("ws"))
- return;
-
- bool upgradeRequest = m_insecureNavigationRequestsToUpgrade.contains(SecurityOrigin::create(url));
- if (requestType == InsecureRequestType::Load || requestType == InsecureRequestType::FormSubmission)
- upgradeRequest |= m_upgradeInsecureRequests;
- if (!upgradeRequest)
- return;
-
- if (url.protocolIs("http"))
- url.setProtocol("https");
- else if (url.protocolIs("ws"))
- url.setProtocol("wss");
- else
- return;
-
- if (url.port() == 80)
- url.setPort(443);
}
-
-void ContentSecurityPolicy::setUpgradeInsecureRequests(bool upgradeInsecureRequests)
-{
- m_upgradeInsecureRequests = upgradeInsecureRequests;
- if (!m_upgradeInsecureRequests)
- return;
-
- if (!m_scriptExecutionContext)
- return;
-
- // Store the upgrade domain as an 'insecure' protocol so we can quickly identify
- // origins we should upgrade.
- URL upgradeURL = m_scriptExecutionContext->url();
- if (upgradeURL.protocolIs("https"))
- upgradeURL.setProtocol("http");
- else if (upgradeURL.protocolIs("wss"))
- upgradeURL.setProtocol("ws");
-
- m_insecureNavigationRequestsToUpgrade.add(SecurityOrigin::create(upgradeURL));
-}
-
-void ContentSecurityPolicy::inheritInsecureNavigationRequestsToUpgradeFromOpener(const ContentSecurityPolicy& other)
-{
- m_insecureNavigationRequestsToUpgrade.add(other.m_insecureNavigationRequestsToUpgrade.begin(), other.m_insecureNavigationRequestsToUpgrade.end());
-}
-
-HashSet<RefPtr<SecurityOrigin>>&& ContentSecurityPolicy::takeNavigationRequestsToUpgrade()
-{
- return WTFMove(m_insecureNavigationRequestsToUpgrade);
-}
-
-void ContentSecurityPolicy::setInsecureNavigationRequestsToUpgrade(HashSet<RefPtr<SecurityOrigin>>&& insecureNavigationRequests)
-{
- m_insecureNavigationRequestsToUpgrade = WTFMove(insecureNavigationRequests);
-}
-
-}
Modified: trunk/Source/WebCore/page/csp/ContentSecurityPolicy.h (201741 => 201742)
--- trunk/Source/WebCore/page/csp/ContentSecurityPolicy.h 2016-06-07 05:54:11 UTC (rev 201741)
+++ trunk/Source/WebCore/page/csp/ContentSecurityPolicy.h 2016-06-07 06:05:03 UTC (rev 201742)
@@ -27,9 +27,6 @@
#pragma once
#include "ContentSecurityPolicyResponseHeaders.h"
-#include "SecurityOrigin.h"
-#include "SecurityOriginHash.h"
-#include <wtf/HashSet.h>
#include <wtf/OptionSet.h>
#include <wtf/Vector.h>
#include <wtf/text/TextPosition.h>
@@ -50,7 +47,6 @@
class DOMStringList;
class Frame;
class JSDOMWindowShell;
-class ResourceRequest;
class ScriptExecutionContext;
class SecurityOrigin;
class TextEncoding;
@@ -152,16 +148,6 @@
// Used by ContentSecurityPolicySource
bool protocolMatchesSelf(const URL&) const;
- void setUpgradeInsecureRequests(bool);
- bool upgradeInsecureRequests() const { return m_upgradeInsecureRequests; }
- enum class InsecureRequestType { Load, FormSubmission, Navigation };
- void upgradeInsecureRequestIfNeeded(ResourceRequest&, InsecureRequestType);
- void upgradeInsecureRequestIfNeeded(URL&, InsecureRequestType);
-
- HashSet<RefPtr<SecurityOrigin>>&& takeNavigationRequestsToUpgrade();
- void inheritInsecureNavigationRequestsToUpgradeFromOpener(const ContentSecurityPolicy&);
- void setInsecureNavigationRequestsToUpgrade(HashSet<RefPtr<SecurityOrigin>>&&);
-
private:
void logToConsole(const String& message, const String& contextURL = String(), const WTF::OrdinalNumber& contextLine = WTF::OrdinalNumber::beforeFirst(), JSC::ExecState* = nullptr) const;
void updateSourceSelf(const SecurityOrigin&);
@@ -188,10 +174,8 @@
SandboxFlags m_sandboxFlags;
bool m_overrideInlineStyleAllowed { false };
bool m_isReportingEnabled { true };
- bool m_upgradeInsecureRequests { false };
OptionSet<ContentSecurityPolicyHashAlgorithm> m_hashAlgorithmsForInlineScripts;
OptionSet<ContentSecurityPolicyHashAlgorithm> m_hashAlgorithmsForInlineStylesheets;
- HashSet<RefPtr<SecurityOrigin>> m_insecureNavigationRequestsToUpgrade;
};
template<typename Predicate, typename... Args>
Modified: trunk/Source/WebCore/page/csp/ContentSecurityPolicyDirectiveList.cpp (201741 => 201742)
--- trunk/Source/WebCore/page/csp/ContentSecurityPolicyDirectiveList.cpp 2016-06-07 05:54:11 UTC (rev 201741)
+++ trunk/Source/WebCore/page/csp/ContentSecurityPolicyDirectiveList.cpp 2016-06-07 06:05:03 UTC (rev 201742)
@@ -100,6 +100,8 @@
ContentSecurityPolicyDirectiveList::ContentSecurityPolicyDirectiveList(ContentSecurityPolicy& policy, ContentSecurityPolicyHeaderType type)
: m_policy(policy)
, m_headerType(type)
+ , m_reportOnly(false)
+ , m_haveSandboxPolicy(false)
{
m_reportOnly = (type == ContentSecurityPolicyHeaderType::Report || type == ContentSecurityPolicyHeaderType::PrefixedReport);
}
@@ -433,20 +435,6 @@
m_policy.reportInvalidSandboxFlags(invalidTokens);
}
-void ContentSecurityPolicyDirectiveList::setUpgradeInsecureRequests(const String& name)
-{
- if (m_reportOnly) {
- m_policy.reportInvalidDirectiveInReportOnlyMode(name);
- return;
- }
- if (m_upgradeInsecureRequests) {
- m_policy.reportDuplicateDirective(name);
- return;
- }
- m_upgradeInsecureRequests = true;
- m_policy.setUpgradeInsecureRequests(true);
-}
-
void ContentSecurityPolicyDirectiveList::addDirective(const String& name, const String& value)
{
ASSERT(!name.isEmpty());
@@ -493,8 +481,6 @@
applySandboxPolicy(name, value);
else if (equalIgnoringASCIICase(name, ContentSecurityPolicyDirectiveNames::reportURI))
parseReportURI(name, value);
- else if (equalIgnoringASCIICase(name, ContentSecurityPolicyDirectiveNames::upgradeInsecureRequests))
- setUpgradeInsecureRequests(name);
else
m_policy.reportUnsupportedDirective(name);
}
Modified: trunk/Source/WebCore/page/csp/ContentSecurityPolicyDirectiveList.h (201741 => 201742)
--- trunk/Source/WebCore/page/csp/ContentSecurityPolicyDirectiveList.h 2016-06-07 05:54:11 UTC (rev 201741)
+++ trunk/Source/WebCore/page/csp/ContentSecurityPolicyDirectiveList.h 2016-06-07 06:05:03 UTC (rev 201742)
@@ -86,7 +86,6 @@
void parsePluginTypes(const String& name, const String& value);
void addDirective(const String& name, const String& value);
void applySandboxPolicy(const String& name, const String& sandboxPolicy);
- void setUpgradeInsecureRequests(const String& name);
template <class CSPDirectiveType>
void setCSPDirective(const String& name, const String& value, std::unique_ptr<CSPDirectiveType>&);
@@ -101,9 +100,8 @@
String m_header;
ContentSecurityPolicyHeaderType m_headerType;
- bool m_reportOnly { false };
- bool m_haveSandboxPolicy { false };
- bool m_upgradeInsecureRequests { false };
+ bool m_reportOnly;
+ bool m_haveSandboxPolicy;
std::unique_ptr<ContentSecurityPolicyMediaListDirective> m_pluginTypes;
std::unique_ptr<ContentSecurityPolicySourceListDirective> m_baseURI;
Modified: trunk/Source/WebCore/page/csp/ContentSecurityPolicyDirectiveNames.cpp (201741 => 201742)
--- trunk/Source/WebCore/page/csp/ContentSecurityPolicyDirectiveNames.cpp 2016-06-07 05:54:11 UTC (rev 201741)
+++ trunk/Source/WebCore/page/csp/ContentSecurityPolicyDirectiveNames.cpp 2016-06-07 06:05:03 UTC (rev 201742)
@@ -46,7 +46,6 @@
const char* const sandbox = "sandbox";
const char* const scriptSrc = "script-src";
const char* const styleSrc = "style-src";
-const char* const upgradeInsecureRequests = "upgrade-insecure-requests";
} // namespace ContentSecurityPolicyDirectiveNames
Modified: trunk/Source/WebCore/page/csp/ContentSecurityPolicyDirectiveNames.h (201741 => 201742)
--- trunk/Source/WebCore/page/csp/ContentSecurityPolicyDirectiveNames.h 2016-06-07 05:54:11 UTC (rev 201741)
+++ trunk/Source/WebCore/page/csp/ContentSecurityPolicyDirectiveNames.h 2016-06-07 06:05:03 UTC (rev 201742)
@@ -45,7 +45,6 @@
extern const char* const sandbox;
extern const char* const scriptSrc;
extern const char* const styleSrc;
-extern const char* const upgradeInsecureRequests;
} // namespace ContentSecurityPolicyDirectiveNames
Modified: trunk/Source/WebCore/platform/network/HTTPHeaderNames.in (201741 => 201742)
--- trunk/Source/WebCore/platform/network/HTTPHeaderNames.in 2016-06-07 05:54:11 UTC (rev 201741)
+++ trunk/Source/WebCore/platform/network/HTTPHeaderNames.in 2016-06-07 06:05:03 UTC (rev 201742)
@@ -89,7 +89,6 @@
Trailer
Transfer-Encoding
Upgrade
-Upgrade-Insecure-Requests
User-Agent
Vary
Via
Modified: trunk/Source/WebCore/xml/XMLHttpRequest.cpp (201741 => 201742)
--- trunk/Source/WebCore/xml/XMLHttpRequest.cpp 2016-06-07 05:54:11 UTC (rev 201741)
+++ trunk/Source/WebCore/xml/XMLHttpRequest.cpp 2016-06-07 06:05:03 UTC (rev 201742)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2016 Apple Inc. All rights reserved.
+ * Copyright (C) 2004, 2006, 2008 Apple Inc. All rights reserved.
* Copyright (C) 2005-2007 Alexey Proskuryakov <[email protected]>
* Copyright (C) 2007, 2008 Julien Chaffraix <[email protected]>
* Copyright (C) 2008, 2011 Google Inc. All rights reserved.
@@ -480,7 +480,6 @@
m_method = uppercaseKnownHTTPMethod(method);
m_url = url;
- scriptExecutionContext()->contentSecurityPolicy()->upgradeInsecureRequestIfNeeded(m_url, ContentSecurityPolicy::InsecureRequestType::Load);
m_async = async;
