Diff
Modified: trunk/LayoutTests/ChangeLog (125046 => 125047)
--- trunk/LayoutTests/ChangeLog 2012-08-08 17:22:21 UTC (rev 125046)
+++ trunk/LayoutTests/ChangeLog 2012-08-08 17:24:41 UTC (rev 125047)
@@ -1,3 +1,28 @@
+2012-08-08 Mike West <[email protected]>
+
+ Until CSP fully supports paths, we should log a warning if we encounter a source with a path.
+ https://bugs.webkit.org/show_bug.cgi?id=93468
+
+ Reviewed by Adam Barth.
+
+ * http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowconnectionto.html:
+ * http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowfontfrom.html:
+ * http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowframefrom.html:
+ * http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowimagefrom.html:
+ * http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowmediafrom.html:
+ * http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowobjectfrom.html:
+ * http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowscriptfrom.html:
+ * http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowstylefrom.html:
+ * http/tests/security/contentSecurityPolicy/1.1/securitypolicy-reporturi.html:
+ All of the SecurityPolicy API tests with source lists contained
+ sources with a trailing `/`. I've fixed that oversight.
+ * http/tests/security/contentSecurityPolicy/source-list-parsing-05-expected.txt:
+ * http/tests/security/contentSecurityPolicy/source-list-parsing-05.html:
+ * http/tests/security/contentSecurityPolicy/source-list-parsing-06-expected.txt:
+ * http/tests/security/contentSecurityPolicy/source-list-parsing-06.html:
+ Updating the text of the test, and updating them to include the new
+ console warnings.
+
2012-08-08 Pavel Feldman <[email protected]>
Web Inspector: generate preview for the objects dumped into the console upon logging.
Modified: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowconnectionto.html (125046 => 125047)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowconnectionto.html 2012-08-08 17:22:21 UTC (rev 125046)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowconnectionto.html 2012-08-08 17:24:41 UTC (rev 125047)
@@ -9,7 +9,7 @@
log('FAIL connection is not allowed when no policy exists.');
- injectPolicy("connect-src http://notexample.com/;");
+ injectPolicy("connect-src http://notexample.com;");
if (!document.SecurityPolicy.allowsConnectionTo('http://example.com/'))
log('PASS connection is not allowed when policy exists.');
Modified: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowfontfrom.html (125046 => 125047)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowfontfrom.html 2012-08-08 17:22:21 UTC (rev 125046)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowfontfrom.html 2012-08-08 17:24:41 UTC (rev 125047)
@@ -8,7 +8,7 @@
else
log('FAIL font is not allowed when no policy exists.');
- injectPolicy("font-src http://notexample.com/;");
+ injectPolicy("font-src http://notexample.com;");
if (!document.SecurityPolicy.allowsFontFrom('http://example.com/'))
log('PASS font is not allowed when policy exists.');
Modified: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowframefrom.html (125046 => 125047)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowframefrom.html 2012-08-08 17:22:21 UTC (rev 125046)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowframefrom.html 2012-08-08 17:24:41 UTC (rev 125047)
@@ -8,7 +8,7 @@
else
log('FAIL frame is not allowed when no policy exists.');
- injectPolicy("frame-src http://notexample.com/;");
+ injectPolicy("frame-src http://notexample.com;");
if (!document.SecurityPolicy.allowsFrameFrom('http://example.com/'))
log('PASS frame is not allowed when policy exists.');
Modified: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowimagefrom.html (125046 => 125047)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowimagefrom.html 2012-08-08 17:22:21 UTC (rev 125046)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowimagefrom.html 2012-08-08 17:24:41 UTC (rev 125047)
@@ -8,7 +8,7 @@
else
log('FAIL image is not allowed when no policy exists.');
- injectPolicy("img-src http://notexample.com/;");
+ injectPolicy("img-src http://notexample.com;");
if (!document.SecurityPolicy.allowsImageFrom('http://example.com/'))
log('PASS image is not allowed when policy exists.');
Modified: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowmediafrom.html (125046 => 125047)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowmediafrom.html 2012-08-08 17:22:21 UTC (rev 125046)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowmediafrom.html 2012-08-08 17:24:41 UTC (rev 125047)
@@ -8,7 +8,7 @@
else
log('FAIL media is not allowed when no policy exists.');
- injectPolicy("media-src http://notexample.com/;");
+ injectPolicy("media-src http://notexample.com;");
if (!document.SecurityPolicy.allowsMediaFrom('http://example.com/'))
log('PASS media is not allowed when policy exists.');
Modified: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowobjectfrom.html (125046 => 125047)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowobjectfrom.html 2012-08-08 17:22:21 UTC (rev 125046)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowobjectfrom.html 2012-08-08 17:24:41 UTC (rev 125047)
@@ -8,7 +8,7 @@
else
log('FAIL object is not allowed when no policy exists.');
- injectPolicy("object-src http://notexample.com/;");
+ injectPolicy("object-src http://notexample.com;");
if (!document.SecurityPolicy.allowsObjectFrom('http://example.com/'))
log('PASS object is not allowed when policy exists.');
Modified: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowscriptfrom.html (125046 => 125047)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowscriptfrom.html 2012-08-08 17:22:21 UTC (rev 125046)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowscriptfrom.html 2012-08-08 17:24:41 UTC (rev 125047)
@@ -8,7 +8,7 @@
else
log('FAIL script is not allowed when no policy exists.');
- injectPolicy("script-src http://notexample.com/;");
+ injectPolicy("script-src http://notexample.com;");
if (!document.SecurityPolicy.allowsScriptFrom('http://example.com/'))
log('PASS script is not allowed when policy exists.');
Modified: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowstylefrom.html (125046 => 125047)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowstylefrom.html 2012-08-08 17:22:21 UTC (rev 125046)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowstylefrom.html 2012-08-08 17:24:41 UTC (rev 125047)
@@ -8,7 +8,7 @@
else
log('FAIL style is not allowed when no policy exists.');
- injectPolicy("style-src http://notexample.com/;");
+ injectPolicy("style-src http://notexample.com;");
if (!document.SecurityPolicy.allowsStyleFrom('http://example.com/'))
log('PASS style is not allowed when policy exists.');
Modified: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-reporturi.html (125046 => 125047)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-reporturi.html 2012-08-08 17:22:21 UTC (rev 125046)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicy-reporturi.html 2012-08-08 17:24:41 UTC (rev 125047)
@@ -8,7 +8,7 @@
else
log('FAIL document.SecurityPolicy.reportURIs has length ' + document.SecurityPolicy.reportURIs.length + ' when no policy exists.');
- injectPolicy('report-uri http://example.com/');
+ injectPolicy('report-uri http://example.com');
if (document.SecurityPolicy.reportURIs.length === 1)
log('PASS document.SecurityPolicy.reportURIs has length 1 when policy exists.');
Modified: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/source-list-parsing-05-expected.txt (125046 => 125047)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/source-list-parsing-05-expected.txt 2012-08-08 17:22:21 UTC (rev 125046)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/source-list-parsing-05-expected.txt 2012-08-08 17:24:41 UTC (rev 125047)
@@ -1,6 +1,16 @@
+CONSOLE MESSAGE: The source list for Content Security Policy directive 'script-src' contains the source '127.0.0.1:*/'. Content Security Policy 1.0 supports only schemes, hosts, and ports. Paths might be supported in the future, but for now, '/' is being ignored. Be careful.
+CONSOLE MESSAGE: The source list for Content Security Policy directive 'script-src' contains the source '127.0.0.1:*/path'. Content Security Policy 1.0 supports only schemes, hosts, and ports. Paths might be supported in the future, but for now, '/path' is being ignored. Be careful.
+CONSOLE MESSAGE: The source list for Content Security Policy directive 'script-src' contains the source '127.0.0.1:*/path?query=string'. Content Security Policy 1.0 supports only schemes, hosts, and ports. Paths might be supported in the future, but for now, '/path?query=string' is being ignored. Be careful.
+CONSOLE MESSAGE: The source list for Content Security Policy directive 'script-src' contains the source '127.0.0.1:*/path#anchor'. Content Security Policy 1.0 supports only schemes, hosts, and ports. Paths might be supported in the future, but for now, '/path#anchor' is being ignored. Be careful.
+CONSOLE MESSAGE: The source list for Content Security Policy directive 'script-src' contains the source '127.0.0.1:8000/'. Content Security Policy 1.0 supports only schemes, hosts, and ports. Paths might be supported in the future, but for now, '/' is being ignored. Be careful.
+CONSOLE MESSAGE: The source list for Content Security Policy directive 'script-src' contains the source '127.0.0.1:8000/path'. Content Security Policy 1.0 supports only schemes, hosts, and ports. Paths might be supported in the future, but for now, '/path' is being ignored. Be careful.
+CONSOLE MESSAGE: The source list for Content Security Policy directive 'script-src' contains the source '127.0.0.1:8000/path?query=string'. Content Security Policy 1.0 supports only schemes, hosts, and ports. Paths might be supported in the future, but for now, '/path?query=string' is being ignored. Be careful.
+CONSOLE MESSAGE: The source list for Content Security Policy directive 'script-src' contains the source '127.0.0.1:8000/path#anchor'. Content Security Policy 1.0 supports only schemes, hosts, and ports. Paths might be supported in the future, but for now, '/path#anchor' is being ignored. Be careful.
+CONSOLE MESSAGE: The source list for Content Security Policy directive 'script-src' contains the source '127.0.0.1:8000/thisisa'. Content Security Policy 1.0 supports only schemes, hosts, and ports. Paths might be supported in the future, but for now, '/thisisa' is being ignored. Be careful.
CONSOLE MESSAGE: Unrecognized Content-Security-Policy directive 'pathwithasemicolon'.
-Paths should be ignored when evaluating sources.
+CONSOLE MESSAGE: The source list for Content Security Policy directive 'script-src' contains the source '127.0.0.1:8000/this'. Content Security Policy 1.0 supports only schemes, hosts, and ports. Paths might be supported in the future, but for now, '/this' is being ignored. Be careful.
+Paths should be ignored when evaluating sources. This test passes if FAIL does not appear in the output, and each of the tests generates a warning about the path component.
Modified: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/source-list-parsing-05.html (125046 => 125047)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/source-list-parsing-05.html 2012-08-08 17:22:21 UTC (rev 125046)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/source-list-parsing-05.html 2012-08-08 17:24:41 UTC (rev 125047)
@@ -19,5 +19,7 @@
</head>
<body _onload_="test()">
<p>
- Paths should be ignored when evaluating sources.
+ Paths should be ignored when evaluating sources. This test passes if FAIL
+ does not appear in the output, and each of the tests generates a warning
+ about the path component.
</p>
Modified: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/source-list-parsing-06-expected.txt (125046 => 125047)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/source-list-parsing-06-expected.txt 2012-08-08 17:22:21 UTC (rev 125046)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/source-list-parsing-06-expected.txt 2012-08-08 17:24:41 UTC (rev 125047)
@@ -1,6 +1,16 @@
+CONSOLE MESSAGE: The source list for Content Security Policy directive 'script-src' contains the source 'http://127.0.0.1:*/'. Content Security Policy 1.0 supports only schemes, hosts, and ports. Paths might be supported in the future, but for now, '/' is being ignored. Be careful.
+CONSOLE MESSAGE: The source list for Content Security Policy directive 'script-src' contains the source 'http://127.0.0.1:*/path'. Content Security Policy 1.0 supports only schemes, hosts, and ports. Paths might be supported in the future, but for now, '/path' is being ignored. Be careful.
+CONSOLE MESSAGE: The source list for Content Security Policy directive 'script-src' contains the source 'http://127.0.0.1:*/path?query=string'. Content Security Policy 1.0 supports only schemes, hosts, and ports. Paths might be supported in the future, but for now, '/path?query=string' is being ignored. Be careful.
+CONSOLE MESSAGE: The source list for Content Security Policy directive 'script-src' contains the source 'http://127.0.0.1:*/path#anchor'. Content Security Policy 1.0 supports only schemes, hosts, and ports. Paths might be supported in the future, but for now, '/path#anchor' is being ignored. Be careful.
+CONSOLE MESSAGE: The source list for Content Security Policy directive 'script-src' contains the source 'http://127.0.0.1:8000/'. Content Security Policy 1.0 supports only schemes, hosts, and ports. Paths might be supported in the future, but for now, '/' is being ignored. Be careful.
+CONSOLE MESSAGE: The source list for Content Security Policy directive 'script-src' contains the source 'http://127.0.0.1:8000/path'. Content Security Policy 1.0 supports only schemes, hosts, and ports. Paths might be supported in the future, but for now, '/path' is being ignored. Be careful.
+CONSOLE MESSAGE: The source list for Content Security Policy directive 'script-src' contains the source 'http://127.0.0.1:8000/path?query=string'. Content Security Policy 1.0 supports only schemes, hosts, and ports. Paths might be supported in the future, but for now, '/path?query=string' is being ignored. Be careful.
+CONSOLE MESSAGE: The source list for Content Security Policy directive 'script-src' contains the source 'http://127.0.0.1:8000/path#anchor'. Content Security Policy 1.0 supports only schemes, hosts, and ports. Paths might be supported in the future, but for now, '/path#anchor' is being ignored. Be careful.
+CONSOLE MESSAGE: The source list for Content Security Policy directive 'script-src' contains the source 'http://127.0.0.1:8000/thisisa'. Content Security Policy 1.0 supports only schemes, hosts, and ports. Paths might be supported in the future, but for now, '/thisisa' is being ignored. Be careful.
CONSOLE MESSAGE: Unrecognized Content-Security-Policy directive 'pathwithasemicolon'.
-Paths should be ignored when evaluating sources.
+CONSOLE MESSAGE: The source list for Content Security Policy directive 'script-src' contains the source 'http://127.0.0.1:8000/this'. Content Security Policy 1.0 supports only schemes, hosts, and ports. Paths might be supported in the future, but for now, '/this' is being ignored. Be careful.
+Paths should be ignored when evaluating sources. This test passes if FAIL does not appear in the output, and each of the tests generates a warning about the path component.
Modified: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/source-list-parsing-06.html (125046 => 125047)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/source-list-parsing-06.html 2012-08-08 17:22:21 UTC (rev 125046)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/source-list-parsing-06.html 2012-08-08 17:24:41 UTC (rev 125047)
@@ -19,5 +19,7 @@
</head>
<body _onload_="test()">
<p>
- Paths should be ignored when evaluating sources.
+ Paths should be ignored when evaluating sources. This test passes if FAIL
+ does not appear in the output, and each of the tests generates a warning
+ about the path component.
</p>
Modified: trunk/Source/WebCore/ChangeLog (125046 => 125047)
--- trunk/Source/WebCore/ChangeLog 2012-08-08 17:22:21 UTC (rev 125046)
+++ trunk/Source/WebCore/ChangeLog 2012-08-08 17:24:41 UTC (rev 125047)
@@ -1,3 +1,42 @@
+2012-08-08 Mike West <[email protected]>
+
+ Until CSP fully supports paths, we should log a warning if we encounter a source with a path.
+ https://bugs.webkit.org/show_bug.cgi?id=93468
+
+ Reviewed by Adam Barth.
+
+ CSP 1.0 ignores path components of sources in directives' source lists.
+ 'script-src http://example.com/path/to/directory' is treated exactly the
+ same as 'script-src http://example.com'. It's likely that this behavior
+ will change in CSP 1.1, which could break with developers' expectations.
+ This patch adds a warning when a path is encountered, alerting
+ developers to the fact that their current source is interpreted
+ differently than they might expect.
+
+ See http://crbug.com/128493 for additional context and discussion.
+
+ Tests for this change are covered by updating the existing Content
+ Security Policy tests to include the new console warnings.
+
+ * page/ContentSecurityPolicy.cpp:
+ (CSPSourceList):
+ (WebCore::CSPSourceList::CSPSourceList):
+ Passing the directive name down into CSPSourceList so that we can
+ generate informative error messages.
+ (WebCore::CSPSourceList::parse):
+ Create a 'path' string, pass it into 'parseSource', and use it after
+ parsing each source to determine whether a warning should be sent.
+ (WebCore::CSPSourceList::parseSource):
+ Adding a 'path' argument so that we can see whether or not a
+ specific source should generate a warning.
+ (WebCore::CSPDirective::CSPDirective):
+ Passing the directive name down into CSPSourceList so that we can
+ generate informative error messages.
+ (WebCore::ContentSecurityPolicy::reportIgnoredPathComponent):
+ Generate the new warning message.
+ (WebCore):
+ * page/ContentSecurityPolicy.h:
+
2012-08-08 Pavel Feldman <[email protected]>
Web Inspector: generate preview for the objects dumped into the console upon logging.
Modified: trunk/Source/WebCore/page/ContentSecurityPolicy.cpp (125046 => 125047)
--- trunk/Source/WebCore/page/ContentSecurityPolicy.cpp 2012-08-08 17:22:21 UTC (rev 125046)
+++ trunk/Source/WebCore/page/ContentSecurityPolicy.cpp 2012-08-08 17:24:41 UTC (rev 125047)
@@ -185,7 +185,7 @@
class CSPSourceList {
public:
- explicit CSPSourceList(ContentSecurityPolicy*);
+ CSPSourceList(ContentSecurityPolicy*, const String& directiveName);
void parse(const String&);
bool matches(const KURL&);
@@ -195,7 +195,7 @@
private:
void parse(const UChar* begin, const UChar* end);
- bool parseSource(const UChar* begin, const UChar* end, String& scheme, String& host, int& port, bool& hostHasWildcard, bool& portHasWildcard);
+ bool parseSource(const UChar* begin, const UChar* end, String& scheme, String& host, int& port, String& path, bool& hostHasWildcard, bool& portHasWildcard);
bool parseScheme(const UChar* begin, const UChar* end, String& scheme);
bool parseHost(const UChar* begin, const UChar* end, String& host, bool& hostHasWildcard);
bool parsePort(const UChar* begin, const UChar* end, int& port, bool& portHasWildcard);
@@ -208,13 +208,15 @@
ContentSecurityPolicy* m_policy;
Vector<CSPSource> m_list;
+ String m_directiveName;
bool m_allowStar;
bool m_allowInline;
bool m_allowEval;
};
-CSPSourceList::CSPSourceList(ContentSecurityPolicy* policy)
+CSPSourceList::CSPSourceList(ContentSecurityPolicy* policy, const String& directiveName)
: m_policy(policy)
+ , m_directiveName(directiveName)
, m_allowStar(false)
, m_allowInline(false)
, m_allowEval(false)
@@ -256,14 +258,16 @@
return; // We represent 'none' as an empty m_list.
isFirstSourceInList = false;
- String scheme, host;
+ String scheme, host, path;
int port = 0;
bool hostHasWildcard = false;
bool portHasWildcard = false;
- if (parseSource(beginSource, position, scheme, host, port, hostHasWildcard, portHasWildcard)) {
+ if (parseSource(beginSource, position, scheme, host, port, path, hostHasWildcard, portHasWildcard)) {
if (scheme.isEmpty())
scheme = m_policy->securityOrigin()->protocol();
+ if (!path.isEmpty())
+ m_policy->reportIgnoredPathComponent(m_directiveName, String(beginSource, position - beginSource), path);
m_list.append(CSPSource(scheme, host, port, hostHasWildcard, portHasWildcard));
}
@@ -276,11 +280,9 @@
// / "'self'"
//
bool CSPSourceList::parseSource(const UChar* begin, const UChar* end,
- String& scheme, String& host, int& port,
+ String& scheme, String& host, int& port, String& path,
bool& hostHasWildcard, bool& portHasWildcard)
{
- String path; // FIXME: We're ignoring the path component for now.
-
if (begin == end)
return false;
@@ -517,7 +519,7 @@
class CSPDirective {
public:
CSPDirective(const String& name, const String& value, ContentSecurityPolicy* policy)
- : m_sourceList(policy)
+ : m_sourceList(policy, name)
, m_text(name + ' ' + value)
, m_selfURL(policy->url())
{
@@ -1295,6 +1297,12 @@
logToConsole(message);
}
+void ContentSecurityPolicy::reportIgnoredPathComponent(const String& directiveName, const String& completeSource, const String& path) const
+{
+ String message = makeString("The source list for Content Security Policy directive '", directiveName, "' contains the source '", completeSource, "'. Content Security Policy 1.0 supports only schemes, hosts, and ports. Paths might be supported in the future, but for now, '", path, "' is being ignored. Be careful.");
+ logToConsole(message);
+}
+
void ContentSecurityPolicy::logToConsole(const String& message, const String& contextURL, const WTF::OrdinalNumber& contextLine, PassRefPtr<ScriptCallStack> callStack) const
{
m_scriptExecutionContext->addConsoleMessage(JSMessageSource, LogMessageType, ErrorMessageLevel, message, contextURL, contextLine.oneBasedInt(), callStack);
Modified: trunk/Source/WebCore/page/ContentSecurityPolicy.h (125046 => 125047)
--- trunk/Source/WebCore/page/ContentSecurityPolicy.h 2012-08-08 17:22:21 UTC (rev 125046)
+++ trunk/Source/WebCore/page/ContentSecurityPolicy.h 2012-08-08 17:24:41 UTC (rev 125047)
@@ -98,6 +98,7 @@
void reportDuplicateDirective(const String&) const;
void reportInvalidNonce(const String&) const;
+ void reportIgnoredPathComponent(const String& directiveName, const String& completeSource, const String& path) const;
void reportUnrecognizedDirective(const String&) const;
void reportViolation(const String& directiveText, const String& consoleMessage, const KURL& blockedURL, const Vector<KURL>& reportURIs, const String& header, const String& contextURL = String(), const WTF::OrdinalNumber& contextLine = WTF::OrdinalNumber::beforeFirst(), PassRefPtr<ScriptCallStack> = 0) const;
