[webkit-changes] [WebKit/WebKit] 58bcce: CSP violations are reported in the console twice i...

Wed, 16 Apr 2025 05:24:17 -0700 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 58bccea8c81b84c2bf53b799e47a996c114a7745
      
https://github.com/WebKit/WebKit/commit/58bccea8c81b84c2bf53b799e47a996c114a7745
  Author: Youenn Fablet <[email protected]>
  Date:   2025-04-16 (Wed, 16 Apr 2025)

  Changed paths:
    M 
LayoutTests/http/tests/loading/do-not-preload-css-blocked-by-csp-expected.txt
    M 
LayoutTests/http/tests/loading/do-not-preload-script-src-blocked-by-csp-expected.txt
    M 
LayoutTests/imported/w3c/web-platform-tests/wasm/webapi/esm-integration/script-src-blocks-wasm.tentative.sub-expected.txt
    M Source/WebCore/loader/cache/CachedResourceLoader.cpp
    M Source/WebCore/loader/cache/CachedResourceLoader.h
    M Source/WebCore/page/csp/ContentSecurityPolicy.cpp
    M Source/WebCore/page/csp/ContentSecurityPolicy.h

  Log Message:
  -----------
  CSP violations are reported in the console twice in case preload scanner 
kicks in
rdar://149210434
https://bugs.webkit.org/show_bug.cgi?id=291524

Reviewed by Alex Christensen.

A subresource load may be started as a preload via the preload scanner and 
quickly after as a regular subresource load.
Before the patch, CSP would report the violation twice, once for the preload 
scanner and once for the regular load.
We disable report violation for the preload scanner as it is redundant 
information and may trigger flakinesses in tests like in 
https://bugs.webkit.org/show_bug.cgi?id=291436.

* LayoutTests/http/tests/loading/do-not-preload-css-blocked-by-csp-expected.txt:
* 
LayoutTests/http/tests/loading/do-not-preload-script-src-blocked-by-csp-expected.txt:
* 
LayoutTests/imported/w3c/web-platform-tests/wasm/webapi/esm-integration/script-src-blocks-wasm.tentative.sub-expected.txt:
* Source/WebCore/loader/cache/CachedResourceLoader.cpp:
(WebCore::CachedResourceLoader::requestImage):
(WebCore::CachedResourceLoader::allowedByContentSecurityPolicy const):
(WebCore::CachedResourceLoader::canRequest):
(WebCore::CachedResourceLoader::requestResource):
* Source/WebCore/loader/cache/CachedResourceLoader.h:
* Source/WebCore/page/csp/ContentSecurityPolicy.cpp:
(WebCore::ContentSecurityPolicy::logToConsole const):
* Source/WebCore/page/csp/ContentSecurityPolicy.h:

Canonical link: https://commits.webkit.org/293751@main



To unsubscribe from these emails, change your notification settings at 
https://github.com/WebKit/WebKit/settings/notifications
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to