Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: af444252a0203b11aeb4d0365797edc682309f0f
https://github.com/WebKit/WebKit/commit/af444252a0203b11aeb4d0365797edc682309f0f
Author: Yoav Weiss <[email protected]>
Date: 2026-01-21 (Wed, 21 Jan 2026)
Changed paths:
M LayoutTests/TestExpectations
M
LayoutTests/imported/w3c/web-platform-tests/content-security-policy/report-hash/default-src.https.window-expected.txt
M
LayoutTests/imported/w3c/web-platform-tests/content-security-policy/report-hash/multiple-policies.https.sub-expected.txt
M
LayoutTests/imported/w3c/web-platform-tests/content-security-policy/report-hash/reportonly-default-src.https.window-expected.txt
M
LayoutTests/imported/w3c/web-platform-tests/content-security-policy/report-hash/reportonly-script-src-elem.https.window-expected.txt
M
LayoutTests/imported/w3c/web-platform-tests/content-security-policy/report-hash/reportonly-script-src-none.https.window-expected.txt
M
LayoutTests/imported/w3c/web-platform-tests/content-security-policy/report-hash/reportonly-script-src.https.window-expected.txt
M
LayoutTests/imported/w3c/web-platform-tests/content-security-policy/report-hash/resources/report-hash-test-runner.sub.js
M
LayoutTests/imported/w3c/web-platform-tests/content-security-policy/report-hash/script-src-elem.https.window-expected.txt
M
LayoutTests/imported/w3c/web-platform-tests/content-security-policy/report-hash/script-src-sha512.https.window-expected.txt
M
LayoutTests/imported/w3c/web-platform-tests/content-security-policy/report-hash/script-src.https.window-expected.txt
M Source/WebCore/loader/SubresourceIntegrity.cpp
Log Message:
-----------
Ensure Styles with integrity don't send CSP hash reports.
https://bugs.webkit.org/show_bug.cgi?id=305466
Reviewed by Darin Adler.
Currently the CSP hash reporting logic fails to bail on styles with an
integrity attribute.
This PR fixes that by verifying that CSP hash reports are needed before
attempting to send them.
Expanded the existing stylesheet test to include a case where the style has an
integrity attribute.
* LayoutTests/TestExpectations: Removed skipping of the relevant tests.
*
LayoutTests/imported/w3c/web-platform-tests/content-security-policy/report-hash/default-src.https.window-expected.txt:
Added expectation.
*
LayoutTests/imported/w3c/web-platform-tests/content-security-policy/report-hash/multiple-policies.https.sub-expected.txt:
Added expectation.
*
LayoutTests/imported/w3c/web-platform-tests/content-security-policy/report-hash/reportonly-default-src.https.window-expected.txt:
Added expectation.
*
LayoutTests/imported/w3c/web-platform-tests/content-security-policy/report-hash/reportonly-script-src-elem.https.window-expected.txt:
Added expectation.
*
LayoutTests/imported/w3c/web-platform-tests/content-security-policy/report-hash/reportonly-script-src-none.https.window-expected.txt:
Added expectation.
*
LayoutTests/imported/w3c/web-platform-tests/content-security-policy/report-hash/reportonly-script-src.https.window-expected.txt:
Added expectation.
*
LayoutTests/imported/w3c/web-platform-tests/content-security-policy/report-hash/resources/report-hash-test-runner.sub.js:
(wait):
(async pollReportsWithTimeout): Poll multiple times to reduce flakiness.
(async pollReportsWithRetry):
(async check_reports):
(async run_tests): Added a case for a stylesheet with an integrity attribute.
*
LayoutTests/imported/w3c/web-platform-tests/content-security-policy/report-hash/script-src-elem.https.window-expected.txt:
Added expectation.
*
LayoutTests/imported/w3c/web-platform-tests/content-security-policy/report-hash/script-src-sha512.https.window-expected.txt:
Added expectation.
*
LayoutTests/imported/w3c/web-platform-tests/content-security-policy/report-hash/script-src.https.window-expected.txt:
Added expectation.
* Source/WebCore/loader/SubresourceIntegrity.cpp:
(WebCore::reportHashesIfNeeded): Bail out of reporting if it's not needed.
Canonical link: https://commits.webkit.org/305935@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
