Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: c1ab79ebcc0fff886aad0217b9d1a9b8f20a20cf
https://github.com/WebKit/WebKit/commit/c1ab79ebcc0fff886aad0217b9d1a9b8f20a20cf
Author: Roberto Rodriguez <[email protected]>
Date: 2026-06-03 (Wed, 03 Jun 2026)
Changed paths:
M
LayoutTests/imported/w3c/web-platform-tests/upgrade-insecure-requests/link-upgrade.sub.https-expected.txt
M LayoutTests/platform/ios-site-isolation/TestExpectations
M Source/WebCore/loader/FrameLoader.cpp
M Source/WebKit/UIProcess/WebPageProxy.cpp
Log Message:
-----------
[Site Isolation] CSP upgrade-insecure-requests misses cross-origin
iframe-to-top navigations
https://bugs.webkit.org/show_bug.cgi?id=316182
rdar://178591146
Reviewed by Sihui Liu.
When a cross-origin sandboxed iframe with upgrade-insecure-requests does
window.top.location = "http://...";, the URL should get upgraded to https but
doesn't. The
upgrade logic looks at the target frame's CSP origin set, which only knows
about the target
frame's own origin. Since the URL points to the iframe's origin (not the top
frame's),
nothing matches.
Check the requesting document's CSP for non-site isolation config. For site
isolation, look
up the originating frame's CSP origin set in the UIProcess.
*
LayoutTests/imported/w3c/web-platform-tests/upgrade-insecure-requests/link-upgrade.sub.https-expected.txt:
* LayoutTests/platform/ios-site-isolation/TestExpectations:
* Source/WebCore/loader/FrameLoader.cpp:
(WebCore::FrameLoader::changeLocation):
* Source/WebKit/UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::receivedNavigationActionPolicyDecision):
Canonical link: https://commits.webkit.org/314523@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
