Diff
Modified: trunk/LayoutTests/ChangeLog (258788 => 258789)
--- trunk/LayoutTests/ChangeLog 2020-03-20 21:15:35 UTC (rev 258788)
+++ trunk/LayoutTests/ChangeLog 2020-03-20 21:21:04 UTC (rev 258789)
@@ -1,3 +1,16 @@
+2020-03-20 David Kilzer <[email protected]>
+
+ Fix name of "X-Content-Type:" HTTP header in console logging
+ <https://webkit.org/b/209348>
+
+ Reviewed by Devin Rousso.
+
+ * http/tests/security/contentTypeOptions/nosniff-dynamic-script-blocked-expected.txt:
+ * http/tests/security/contentTypeOptions/nosniff-script-blocked-expected.txt:
+ * http/tests/security/contentTypeOptions/nosniff-script-without-content-type-blocked-expected.txt:
+ - Update test results for the correct name of the header:
+ "X-Content-Type-Options:".
+
2020-03-20 Ali Juma <[email protected]>
Intersection Observer intersections are wrong with zooming
Modified: trunk/LayoutTests/http/tests/security/contentTypeOptions/nosniff-dynamic-script-blocked-expected.txt (258788 => 258789)
--- trunk/LayoutTests/http/tests/security/contentTypeOptions/nosniff-dynamic-script-blocked-expected.txt 2020-03-20 21:15:35 UTC (rev 258788)
+++ trunk/LayoutTests/http/tests/security/contentTypeOptions/nosniff-dynamic-script-blocked-expected.txt 2020-03-20 21:21:04 UTC (rev 258789)
@@ -1,4 +1,4 @@
-CONSOLE MESSAGE: Refused to execute http://127.0.0.1:8000/security/contentTypeOptions/resources/script-with-header.pl?mime=application/json as script because "X-Content-Type: nosniff" was given and its Content-Type is not a script MIME type.
+CONSOLE MESSAGE: Refused to execute http://127.0.0.1:8000/security/contentTypeOptions/resources/script-with-header.pl?mime=application/json as script because "X-Content-Type-Options: nosniff" was given and its Content-Type is not a script MIME type.
Check that script sent with an 'X-Content-Type-Options: nosniff' header is correctly blocked if the MIME type isn't scripty.
On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
Modified: trunk/LayoutTests/http/tests/security/contentTypeOptions/nosniff-script-blocked-expected.txt (258788 => 258789)
--- trunk/LayoutTests/http/tests/security/contentTypeOptions/nosniff-script-blocked-expected.txt 2020-03-20 21:15:35 UTC (rev 258788)
+++ trunk/LayoutTests/http/tests/security/contentTypeOptions/nosniff-script-blocked-expected.txt 2020-03-20 21:21:04 UTC (rev 258789)
@@ -1,9 +1,9 @@
-CONSOLE MESSAGE: Refused to execute http://127.0.0.1:8000/security/contentTypeOptions/resources/script-with-header.pl?mime=application/json as script because "X-Content-Type: nosniff" was given and its Content-Type is not a script MIME type.
-CONSOLE MESSAGE: Refused to execute http://127.0.0.1:8000/security/contentTypeOptions/resources/script-with-header.pl?mime=image/png as script because "X-Content-Type: nosniff" was given and its Content-Type is not a script MIME type.
-CONSOLE MESSAGE: Refused to execute http://127.0.0.1:8000/security/contentTypeOptions/resources/script-with-header.pl?mime=text/html as script because "X-Content-Type: nosniff" was given and its Content-Type is not a script MIME type.
-CONSOLE MESSAGE: Refused to execute http://127.0.0.1:8000/security/contentTypeOptions/resources/script-with-header.pl?mime=text/vbs as script because "X-Content-Type: nosniff" was given and its Content-Type is not a script MIME type.
-CONSOLE MESSAGE: Refused to execute http://127.0.0.1:8000/security/contentTypeOptions/resources/script-with-header.pl?mime=text/_vbscript_ as script because "X-Content-Type: nosniff" was given and its Content-Type is not a script MIME type.
-CONSOLE MESSAGE: Refused to execute http://127.0.0.1:8000/security/contentTypeOptions/resources/script-with-header.pl?mime=text/xx-_javascript_ as script because "X-Content-Type: nosniff" was given and its Content-Type is not a script MIME type.
+CONSOLE MESSAGE: Refused to execute http://127.0.0.1:8000/security/contentTypeOptions/resources/script-with-header.pl?mime=application/json as script because "X-Content-Type-Options: nosniff" was given and its Content-Type is not a script MIME type.
+CONSOLE MESSAGE: Refused to execute http://127.0.0.1:8000/security/contentTypeOptions/resources/script-with-header.pl?mime=image/png as script because "X-Content-Type-Options: nosniff" was given and its Content-Type is not a script MIME type.
+CONSOLE MESSAGE: Refused to execute http://127.0.0.1:8000/security/contentTypeOptions/resources/script-with-header.pl?mime=text/html as script because "X-Content-Type-Options: nosniff" was given and its Content-Type is not a script MIME type.
+CONSOLE MESSAGE: Refused to execute http://127.0.0.1:8000/security/contentTypeOptions/resources/script-with-header.pl?mime=text/vbs as script because "X-Content-Type-Options: nosniff" was given and its Content-Type is not a script MIME type.
+CONSOLE MESSAGE: Refused to execute http://127.0.0.1:8000/security/contentTypeOptions/resources/script-with-header.pl?mime=text/_vbscript_ as script because "X-Content-Type-Options: nosniff" was given and its Content-Type is not a script MIME type.
+CONSOLE MESSAGE: Refused to execute http://127.0.0.1:8000/security/contentTypeOptions/resources/script-with-header.pl?mime=text/xx-_javascript_ as script because "X-Content-Type-Options: nosniff" was given and its Content-Type is not a script MIME type.
Check that script sent with an 'X-Content-Type-Options: nosniff' header is correctly blocked if the MIME type isn't scripty.
On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
Modified: trunk/LayoutTests/http/tests/security/contentTypeOptions/nosniff-script-without-content-type-blocked-expected.txt (258788 => 258789)
--- trunk/LayoutTests/http/tests/security/contentTypeOptions/nosniff-script-without-content-type-blocked-expected.txt 2020-03-20 21:15:35 UTC (rev 258788)
+++ trunk/LayoutTests/http/tests/security/contentTypeOptions/nosniff-script-without-content-type-blocked-expected.txt 2020-03-20 21:21:04 UTC (rev 258789)
@@ -1,4 +1,4 @@
-CONSOLE MESSAGE: Refused to execute http://127.0.0.1:8000/security/contentTypeOptions/resources/script-with-header.pl as script because "X-Content-Type: nosniff" was given and its Content-Type is not a script MIME type.
+CONSOLE MESSAGE: Refused to execute http://127.0.0.1:8000/security/contentTypeOptions/resources/script-with-header.pl as script because "X-Content-Type-Options: nosniff" was given and its Content-Type is not a script MIME type.
Check that script sent with an 'X-Content-Type-Options: nosniff' header is correctly blocked if no 'Content-Type' header is present.
On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
Modified: trunk/Source/WebCore/ChangeLog (258788 => 258789)
--- trunk/Source/WebCore/ChangeLog 2020-03-20 21:15:35 UTC (rev 258788)
+++ trunk/Source/WebCore/ChangeLog 2020-03-20 21:21:04 UTC (rev 258789)
@@ -1,3 +1,19 @@
+2020-03-20 David Kilzer <[email protected]>
+
+ Fix name of "X-Content-Type:" HTTP header in console logging
+ <https://webkit.org/b/209348>
+
+ Reviewed by Devin Rousso.
+
+ * css/StyleSheetContents.cpp:
+ (WebCore::StyleSheetContents::parseAuthorStyleSheet):
+ * dom/LoadableClassicScript.cpp:
+ (WebCore::LoadableClassicScript::notifyFinished):
+ * workers/WorkerScriptLoader.cpp:
+ (WebCore::WorkerScriptLoader::validateWorkerResponse):
+ - Change "X-Content-Type:" to "X-Content-Type-Options:" to fix
+ the name of the header.
+
2020-03-20 Ali Juma <[email protected]>
Intersection Observer intersections are wrong with zooming
Modified: trunk/Source/WebCore/css/StyleSheetContents.cpp (258788 => 258789)
--- trunk/Source/WebCore/css/StyleSheetContents.cpp 2020-03-20 21:15:35 UTC (rev 258788)
+++ trunk/Source/WebCore/css/StyleSheetContents.cpp 2020-03-20 21:21:04 UTC (rev 258789)
@@ -330,7 +330,7 @@
if (isStrictParserMode(m_parserContext.mode))
page->console().addMessage(MessageSource::Security, MessageLevel::Error, makeString("Did not parse stylesheet at '", cachedStyleSheet->url().stringCenterEllipsizedToLength(), "' because non CSS MIME types are not allowed in strict mode."));
else if (!cachedStyleSheet->mimeTypeAllowedByNosniff())
- page->console().addMessage(MessageSource::Security, MessageLevel::Error, makeString("Did not parse stylesheet at '", cachedStyleSheet->url().stringCenterEllipsizedToLength(), "' because non CSS MIME types are not allowed when 'X-Content-Type: nosniff' is given."));
+ page->console().addMessage(MessageSource::Security, MessageLevel::Error, makeString("Did not parse stylesheet at '", cachedStyleSheet->url().stringCenterEllipsizedToLength(), "' because non CSS MIME types are not allowed when 'X-Content-Type-Options: nosniff' is given."));
else
page->console().addMessage(MessageSource::Security, MessageLevel::Error, makeString("Did not parse stylesheet at '", cachedStyleSheet->url().stringCenterEllipsizedToLength(), "' because non CSS MIME types are not allowed for cross-origin stylesheets."));
}
Modified: trunk/Source/WebCore/dom/LoadableClassicScript.cpp (258788 => 258789)
--- trunk/Source/WebCore/dom/LoadableClassicScript.cpp 2020-03-20 21:15:35 UTC (rev 258788)
+++ trunk/Source/WebCore/dom/LoadableClassicScript.cpp 2020-03-20 21:21:04 UTC (rev 258789)
@@ -91,7 +91,7 @@
ConsoleMessage {
MessageSource::Security,
MessageLevel::Error,
- makeString("Refused to execute ", m_cachedScript->url().stringCenterEllipsizedToLength(), " as script because \"X-Content-Type: nosniff\" was given and its Content-Type is not a script MIME type.")
+ makeString("Refused to execute ", m_cachedScript->url().stringCenterEllipsizedToLength(), " as script because \"X-Content-Type-Options: nosniff\" was given and its Content-Type is not a script MIME type.")
}
};
}
Modified: trunk/Source/WebCore/workers/WorkerScriptLoader.cpp (258788 => 258789)
--- trunk/Source/WebCore/workers/WorkerScriptLoader.cpp 2020-03-20 21:15:35 UTC (rev 258788)
+++ trunk/Source/WebCore/workers/WorkerScriptLoader.cpp 2020-03-20 21:21:04 UTC (rev 258789)
@@ -159,7 +159,7 @@
return ResourceError { errorDomainWebKitInternal, 0, response.url(), "Response is not 2xx"_s, ResourceError::Type::General };
if (!isScriptAllowedByNosniff(response)) {
- String message = makeString("Refused to execute ", response.url().stringCenterEllipsizedToLength(), " as script because \"X-Content-Type: nosniff\" was given and its Content-Type is not a script MIME type.");
+ String message = makeString("Refused to execute ", response.url().stringCenterEllipsizedToLength(), " as script because \"X-Content-Type-Options: nosniff\" was given and its Content-Type is not a script MIME type.");
return ResourceError { errorDomainWebKitInternal, 0, response.url(), WTFMove(message), ResourceError::Type::General };
}
