[webkit-changes] [147450] trunk

Tue, 02 Apr 2013 10:45:49 -0700

Title: [147450] trunk
Revision
147450
Author
[email protected]
Date
2013-04-02 10:47:37 -0700 (Tue, 02 Apr 2013)

Log Message

Unreviewed, rolling out r147402.
http://trac.webkit.org/changeset/147402
https://bugs.webkit.org/show_bug.cgi?id=112903

Source/WebCore: 

* dom/Document.cpp:
(WebCore::Document::processHttpEquiv):
* loader/DocumentLoader.cpp:
(WebCore::DocumentLoader::responseReceived):

LayoutTests: 

* http/tests/security/XFrameOptions/x-frame-options-deny-expected.txt:
* http/tests/security/XFrameOptions/x-frame-options-deny-meta-tag-expected.txt:
* http/tests/security/XFrameOptions/x-frame-options-deny-meta-tag-in-body-expected.txt:
* http/tests/security/XFrameOptions/x-frame-options-deny-meta-tag-in-body.html:
* http/tests/security/XFrameOptions/x-frame-options-deny-meta-tag-parent-same-origin-deny-expected.txt:
* http/tests/security/XFrameOptions/x-frame-options-deny-meta-tag-parent-same-origin-deny.html:
* http/tests/security/XFrameOptions/x-frame-options-deny-meta-tag.html:
* http/tests/security/XFrameOptions/x-frame-options-deny.html:
* http/tests/security/XFrameOptions/x-frame-options-multiple-headers-sameorigin-deny-expected.txt:
* http/tests/security/XFrameOptions/x-frame-options-multiple-headers-sameorigin-deny.html:
* http/tests/security/XFrameOptions/x-frame-options-parent-same-origin-deny-expected.txt:
* http/tests/security/XFrameOptions/x-frame-options-parent-same-origin-deny.html:
* platform/chromium/http/tests/security/XFrameOptions/x-frame-options-deny-expected.txt:
* platform/chromium/http/tests/security/XFrameOptions/x-frame-options-deny-meta-tag-expected.txt:
* platform/chromium/http/tests/security/XFrameOptions/x-frame-options-deny-meta-tag-in-body-expected.txt:
* platform/chromium/http/tests/security/XFrameOptions/x-frame-options-deny-meta-tag-parent-same-origin-deny-expected.txt:
* platform/chromium/http/tests/security/XFrameOptions/x-frame-options-multiple-headers-sameorigin-deny-expected.txt:
* platform/chromium/http/tests/security/XFrameOptions/x-frame-options-parent-same-origin-deny-expected.txt:

Modified Paths

Diff

Modified: trunk/LayoutTests/ChangeLog (147449 => 147450)


--- trunk/LayoutTests/ChangeLog	2013-04-02 17:45:40 UTC (rev 147449)
+++ trunk/LayoutTests/ChangeLog	2013-04-02 17:47:37 UTC (rev 147450)
@@ -1,3 +1,28 @@
+2013-04-02  Nate Chapin  <[email protected]>
+
+        Unreviewed, rolling out r147402.
+        http://trac.webkit.org/changeset/147402
+        https://bugs.webkit.org/show_bug.cgi?id=112903
+
+        * http/tests/security/XFrameOptions/x-frame-options-deny-expected.txt:
+        * http/tests/security/XFrameOptions/x-frame-options-deny-meta-tag-expected.txt:
+        * http/tests/security/XFrameOptions/x-frame-options-deny-meta-tag-in-body-expected.txt:
+        * http/tests/security/XFrameOptions/x-frame-options-deny-meta-tag-in-body.html:
+        * http/tests/security/XFrameOptions/x-frame-options-deny-meta-tag-parent-same-origin-deny-expected.txt:
+        * http/tests/security/XFrameOptions/x-frame-options-deny-meta-tag-parent-same-origin-deny.html:
+        * http/tests/security/XFrameOptions/x-frame-options-deny-meta-tag.html:
+        * http/tests/security/XFrameOptions/x-frame-options-deny.html:
+        * http/tests/security/XFrameOptions/x-frame-options-multiple-headers-sameorigin-deny-expected.txt:
+        * http/tests/security/XFrameOptions/x-frame-options-multiple-headers-sameorigin-deny.html:
+        * http/tests/security/XFrameOptions/x-frame-options-parent-same-origin-deny-expected.txt:
+        * http/tests/security/XFrameOptions/x-frame-options-parent-same-origin-deny.html:
+        * platform/chromium/http/tests/security/XFrameOptions/x-frame-options-deny-expected.txt:
+        * platform/chromium/http/tests/security/XFrameOptions/x-frame-options-deny-meta-tag-expected.txt:
+        * platform/chromium/http/tests/security/XFrameOptions/x-frame-options-deny-meta-tag-in-body-expected.txt:
+        * platform/chromium/http/tests/security/XFrameOptions/x-frame-options-deny-meta-tag-parent-same-origin-deny-expected.txt:
+        * platform/chromium/http/tests/security/XFrameOptions/x-frame-options-multiple-headers-sameorigin-deny-expected.txt:
+        * platform/chromium/http/tests/security/XFrameOptions/x-frame-options-parent-same-origin-deny-expected.txt:
+
 2013-04-02  Julien Chaffraix  <[email protected]>
 
         webkit fails IETC grid-column-002

Modified: trunk/LayoutTests/http/tests/security/XFrameOptions/x-frame-options-deny-expected.txt (147449 => 147450)


--- trunk/LayoutTests/http/tests/security/XFrameOptions/x-frame-options-deny-expected.txt	2013-04-02 17:45:40 UTC (rev 147449)
+++ trunk/LayoutTests/http/tests/security/XFrameOptions/x-frame-options-deny-expected.txt	2013-04-02 17:47:37 UTC (rev 147450)
@@ -1,8 +1,7 @@
 http://127.0.0.1:8000/security/XFrameOptions/resources/x-frame-options-deny.cgi - willSendRequest <NSURLRequest URL http://127.0.0.1:8000/security/XFrameOptions/resources/x-frame-options-deny.cgi, main document URL http://127.0.0.1:8000/security/XFrameOptions/x-frame-options-deny.html, http method GET> redirectResponse (null)
 <unknown> - didFinishLoading
 CONSOLE MESSAGE: Refused to display 'http://127.0.0.1:8000/security/XFrameOptions/resources/x-frame-options-deny.cgi' in a frame because it set 'X-Frame-Options' to 'deny'.
-CONSOLE MESSAGE: Sandbox access violation: Blocked a frame at "http://127.0.0.1:8000" from accessing a frame at "null".  The frame being accessed is sandboxed and lacks the "allow-same-origin" flag.
-CONSOLE MESSAGE: line 13: PASS: Could not read contentWindow.location.href
+ALERT: PASS: onload fired.
 http://127.0.0.1:8000/security/XFrameOptions/resources/x-frame-options-deny.cgi - didFailLoadingWithError: <NSError domain NSURLErrorDomain, code -999, failing URL "http://127.0.0.1:8000/security/XFrameOptions/resources/x-frame-options-deny.cgi">
 There should be no content in the iframe below

Modified: trunk/LayoutTests/http/tests/security/XFrameOptions/x-frame-options-deny-meta-tag-expected.txt (147449 => 147450)


--- trunk/LayoutTests/http/tests/security/XFrameOptions/x-frame-options-deny-meta-tag-expected.txt	2013-04-02 17:45:40 UTC (rev 147449)
+++ trunk/LayoutTests/http/tests/security/XFrameOptions/x-frame-options-deny-meta-tag-expected.txt	2013-04-02 17:47:37 UTC (rev 147450)
@@ -3,12 +3,6 @@
 http://127.0.0.1:8000/security/XFrameOptions/resources/x-frame-options-deny-meta-tag-subframe.html - didReceiveResponse <NSURLResponse http://127.0.0.1:8000/security/XFrameOptions/resources/x-frame-options-deny-meta-tag-subframe.html, http status code 200>
 http://127.0.0.1:8000/security/XFrameOptions/resources/x-frame-options-deny-meta-tag-subframe.html - didFailLoadingWithError: <NSError domain NSURLErrorDomain, code -999, failing URL "http://127.0.0.1:8000/security/XFrameOptions/resources/x-frame-options-deny-meta-tag-subframe.html">
 CONSOLE MESSAGE: Refused to display 'http://127.0.0.1:8000/security/XFrameOptions/resources/x-frame-options-deny-meta-tag-subframe.html' in a frame because it set 'X-Frame-Options' to 'deny'.
-data:text/html,%3Cp%3E%3C/p%3E - willSendRequest <NSURLRequest URL data:text/html,%3Cp%3E%3C/p%3E, main document URL http://127.0.0.1:8000/security/XFrameOptions/x-frame-options-deny-meta-tag.html, http method GET> redirectResponse (null)
-data:text/html,%3Cp%3E%3C/p%3E - didReceiveResponse <NSURLResponse data:text/html,%3Cp%3E%3C/p%3E, http status code 0>
-data:text/html,%3Cp%3E%3C/p%3E - didFinishLoading
-CONSOLE MESSAGE: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "null".  The frame requesting access has a protocol of "http", the frame being accessed has a protocol of "data". Protocols must match.
-
-CONSOLE MESSAGE: line 13: PASS: Could not read contentWindow.location.href
 There should be no content in the iframe below

Modified: trunk/LayoutTests/http/tests/security/XFrameOptions/x-frame-options-deny-meta-tag-in-body-expected.txt (147449 => 147450)


--- trunk/LayoutTests/http/tests/security/XFrameOptions/x-frame-options-deny-meta-tag-in-body-expected.txt	2013-04-02 17:45:40 UTC (rev 147449)
+++ trunk/LayoutTests/http/tests/security/XFrameOptions/x-frame-options-deny-meta-tag-in-body-expected.txt	2013-04-02 17:47:37 UTC (rev 147450)
@@ -3,11 +3,6 @@
 http://127.0.0.1:8000/security/XFrameOptions/resources/x-frame-options-deny-meta-tag-subframe-in-body.html - didReceiveResponse <NSURLResponse http://127.0.0.1:8000/security/XFrameOptions/resources/x-frame-options-deny-meta-tag-subframe-in-body.html, http status code 200>
 http://127.0.0.1:8000/security/XFrameOptions/resources/x-frame-options-deny-meta-tag-subframe-in-body.html - didFailLoadingWithError: <NSError domain NSURLErrorDomain, code -999, failing URL "http://127.0.0.1:8000/security/XFrameOptions/resources/x-frame-options-deny-meta-tag-subframe-in-body.html">
 CONSOLE MESSAGE: Refused to display 'http://127.0.0.1:8000/security/XFrameOptions/resources/x-frame-options-deny-meta-tag-subframe-in-body.html' in a frame because it set 'X-Frame-Options' to 'deny'.
-data:text/html,%3Cp%3E%3C/p%3E - willSendRequest <NSURLRequest URL data:text/html,%3Cp%3E%3C/p%3E, main document URL http://127.0.0.1:8000/security/XFrameOptions/x-frame-options-deny-meta-tag-in-body.html, http method GET> redirectResponse (null)
-data:text/html,%3Cp%3E%3C/p%3E - didReceiveResponse <NSURLResponse data:text/html,%3Cp%3E%3C/p%3E, http status code 0>
-CONSOLE MESSAGE: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "null".  The frame requesting access has a protocol of "http", the frame being accessed has a protocol of "data". Protocols must match.
-
-CONSOLE MESSAGE: line 13: PASS: Could not read contentWindow.location.href
 There should be no content in the iframe below

Modified: trunk/LayoutTests/http/tests/security/XFrameOptions/x-frame-options-deny-meta-tag-in-body.html (147449 => 147450)


--- trunk/LayoutTests/http/tests/security/XFrameOptions/x-frame-options-deny-meta-tag-in-body.html	2013-04-02 17:45:40 UTC (rev 147449)
+++ trunk/LayoutTests/http/tests/security/XFrameOptions/x-frame-options-deny-meta-tag-in-body.html	2013-04-02 17:47:37 UTC (rev 147450)
@@ -6,14 +6,10 @@
         testRunner.waitUntilDone();
     }
 
-    function checkIfDone() {
-        var url = ""
-
-        if (!url)
-            console.log("PASS: Could not read contentWindow.location.href");
-        else
-            console.log("FAIL: Could read contentWindow.location.href");
-        testRunner.notifyDone();
+    function checkIfDone()
+    {
+        if (document.getElementsByTagName("iframe")[0].contentWindow.location == "about:blank")
+            testRunner.notifyDone();
     }
 </script>

Modified: trunk/LayoutTests/http/tests/security/XFrameOptions/x-frame-options-deny-meta-tag-parent-same-origin-deny-expected.txt (147449 => 147450)


--- trunk/LayoutTests/http/tests/security/XFrameOptions/x-frame-options-deny-meta-tag-parent-same-origin-deny-expected.txt	2013-04-02 17:45:40 UTC (rev 147449)
+++ trunk/LayoutTests/http/tests/security/XFrameOptions/x-frame-options-deny-meta-tag-parent-same-origin-deny-expected.txt	2013-04-02 17:47:37 UTC (rev 147450)
@@ -3,12 +3,6 @@
 http://localhost:8000/security/XFrameOptions/resources/x-frame-options-deny-meta-tag-subframe-parent-same-origin-deny.html - didReceiveResponse <NSURLResponse http://localhost:8000/security/XFrameOptions/resources/x-frame-options-deny-meta-tag-subframe-parent-same-origin-deny.html, http status code 200>
 http://localhost:8000/security/XFrameOptions/resources/x-frame-options-deny-meta-tag-subframe-parent-same-origin-deny.html - didFailLoadingWithError: <NSError domain NSURLErrorDomain, code -999, failing URL "http://localhost:8000/security/XFrameOptions/resources/x-frame-options-deny-meta-tag-subframe-parent-same-origin-deny.html">
 CONSOLE MESSAGE: Refused to display 'http://localhost:8000/security/XFrameOptions/resources/x-frame-options-deny-meta-tag-subframe-parent-same-origin-deny.html' in a frame because it set 'X-Frame-Options' to 'sameorigin'.
-data:text/html,%3Cp%3E%3C/p%3E - willSendRequest <NSURLRequest URL data:text/html,%3Cp%3E%3C/p%3E, main document URL http://127.0.0.1:8000/security/XFrameOptions/x-frame-options-deny-meta-tag-parent-same-origin-deny.html, http method GET> redirectResponse (null)
-data:text/html,%3Cp%3E%3C/p%3E - didReceiveResponse <NSURLResponse data:text/html,%3Cp%3E%3C/p%3E, http status code 0>
-data:text/html,%3Cp%3E%3C/p%3E - didFinishLoading
-CONSOLE MESSAGE: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "null".  The frame requesting access has a protocol of "http", the frame being accessed has a protocol of "data". Protocols must match.
-
-CONSOLE MESSAGE: line 13: PASS: Could not read contentWindow.location.href
 There should be no content in the iframe below

Modified: trunk/LayoutTests/http/tests/security/XFrameOptions/x-frame-options-deny-meta-tag-parent-same-origin-deny.html (147449 => 147450)


--- trunk/LayoutTests/http/tests/security/XFrameOptions/x-frame-options-deny-meta-tag-parent-same-origin-deny.html	2013-04-02 17:45:40 UTC (rev 147449)
+++ trunk/LayoutTests/http/tests/security/XFrameOptions/x-frame-options-deny-meta-tag-parent-same-origin-deny.html	2013-04-02 17:47:37 UTC (rev 147450)
@@ -6,14 +6,10 @@
         testRunner.waitUntilDone();
     }
 
-    function checkIfDone() {
-        var url = ""
-
-        if (!url)
-            console.log("PASS: Could not read contentWindow.location.href");
-        else
-            console.log("FAIL: Could read contentWindow.location.href");
-        testRunner.notifyDone();
+    function checkIfDone()
+    {
+        if (document.getElementsByTagName("iframe")[0].contentWindow.location == "about:blank")
+            testRunner.notifyDone();
     }
 </script>

Modified: trunk/LayoutTests/http/tests/security/XFrameOptions/x-frame-options-deny-meta-tag.html (147449 => 147450)


--- trunk/LayoutTests/http/tests/security/XFrameOptions/x-frame-options-deny-meta-tag.html	2013-04-02 17:45:40 UTC (rev 147449)
+++ trunk/LayoutTests/http/tests/security/XFrameOptions/x-frame-options-deny-meta-tag.html	2013-04-02 17:47:37 UTC (rev 147450)
@@ -6,14 +6,11 @@
         testRunner.waitUntilDone();
     }
 
-    function checkIfDone() {
-        var url = ""
 
-        if (!url)
-            console.log("PASS: Could not read contentWindow.location.href");
-        else
-            console.log("FAIL: Could read contentWindow.location.href");
-        testRunner.notifyDone();
+    function checkIfDone()
+    {
+        if (document.getElementsByTagName("iframe")[0].contentWindow.location == "about:blank")
+            testRunner.notifyDone();
     }
 </script>

Modified: trunk/LayoutTests/http/tests/security/XFrameOptions/x-frame-options-deny.html (147449 => 147450)


--- trunk/LayoutTests/http/tests/security/XFrameOptions/x-frame-options-deny.html	2013-04-02 17:45:40 UTC (rev 147449)
+++ trunk/LayoutTests/http/tests/security/XFrameOptions/x-frame-options-deny.html	2013-04-02 17:47:37 UTC (rev 147450)
@@ -3,19 +3,8 @@
         testRunner.dumpAsText();
         testRunner.dumpChildFramesAsText();
         testRunner.dumpResourceLoadCallbacks();
-        testRunner.waitUntilDone();
     }
-
-    function checkIfDone() {
-        var url = ""
-
-        if (!url)
-            console.log("PASS: Could not read contentWindow.location.href");
-        else
-            console.log("FAIL: Could read contentWindow.location.href");
-        testRunner.notifyDone();
-    }
 </script>
 
 <p>There should be no content in the iframe below</p>
-<iframe style="width:500px; height:500px" src="" _onload_="checkIfDone()"></iframe>
+<iframe style="width:500px; height:500px" src="" _onload_="alert('PASS: onload fired.');"></iframe>

Modified: trunk/LayoutTests/http/tests/security/XFrameOptions/x-frame-options-multiple-headers-sameorigin-deny-expected.txt (147449 => 147450)


--- trunk/LayoutTests/http/tests/security/XFrameOptions/x-frame-options-multiple-headers-sameorigin-deny-expected.txt	2013-04-02 17:45:40 UTC (rev 147449)
+++ trunk/LayoutTests/http/tests/security/XFrameOptions/x-frame-options-multiple-headers-sameorigin-deny-expected.txt	2013-04-02 17:47:37 UTC (rev 147450)
@@ -1,8 +1,6 @@
 http://localhost:8000/security/XFrameOptions/resources/x-frame-options-multiple-headers-sameorigin.cgi - willSendRequest <NSURLRequest URL http://localhost:8000/security/XFrameOptions/resources/x-frame-options-multiple-headers-sameorigin.cgi, main document URL http://127.0.0.1:8000/security/XFrameOptions/x-frame-options-multiple-headers-sameorigin-deny.html, http method GET> redirectResponse (null)
 <unknown> - didFinishLoading
 CONSOLE MESSAGE: Refused to display 'http://localhost:8000/security/XFrameOptions/resources/x-frame-options-multiple-headers-sameorigin.cgi' in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN, SAMEORIGIN'.
-CONSOLE MESSAGE: Sandbox access violation: Blocked a frame at "http://127.0.0.1:8000" from accessing a frame at "null".  The frame being accessed is sandboxed and lacks the "allow-same-origin" flag.
-CONSOLE MESSAGE: line 16: PASS: Could not read contentWindow.location.href
 http://localhost:8000/security/XFrameOptions/resources/x-frame-options-multiple-headers-sameorigin.cgi - didFailLoadingWithError: <NSError domain NSURLErrorDomain, code -999, failing URL "http://localhost:8000/security/XFrameOptions/resources/x-frame-options-multiple-headers-sameorigin.cgi">
 The frame below should not load, proving that 'sameorigin, sameorigin' === 'sameorigin'.

Modified: trunk/LayoutTests/http/tests/security/XFrameOptions/x-frame-options-multiple-headers-sameorigin-deny.html (147449 => 147450)


--- trunk/LayoutTests/http/tests/security/XFrameOptions/x-frame-options-multiple-headers-sameorigin-deny.html	2013-04-02 17:45:40 UTC (rev 147449)
+++ trunk/LayoutTests/http/tests/security/XFrameOptions/x-frame-options-multiple-headers-sameorigin-deny.html	2013-04-02 17:47:37 UTC (rev 147450)
@@ -6,22 +6,11 @@
             testRunner.dumpAsText();
             testRunner.dumpChildFramesAsText();
             testRunner.dumpResourceLoadCallbacks();
-            testRunner.waitUntilDone();
         }
-
-        function checkIfDone() {
-            var url = ""
-
-            if (!url)
-                console.log("PASS: Could not read contentWindow.location.href");
-            else
-                console.log("FAIL: Could read contentWindow.location.href");
-            testRunner.notifyDone();
-        }
     </script>
 </head>
 <body>
     <p>The frame below should not load, proving that 'sameorigin, sameorigin' === 'sameorigin'.</p>
-    <iframe style="width:500px; height:500px" src="" _onload_="checkIfDone()"></iframe>
+    <iframe style="width:500px; height:500px" src=""
 </body>
 </html>

Modified: trunk/LayoutTests/http/tests/security/XFrameOptions/x-frame-options-parent-same-origin-deny-expected.txt (147449 => 147450)


--- trunk/LayoutTests/http/tests/security/XFrameOptions/x-frame-options-parent-same-origin-deny-expected.txt	2013-04-02 17:45:40 UTC (rev 147449)
+++ trunk/LayoutTests/http/tests/security/XFrameOptions/x-frame-options-parent-same-origin-deny-expected.txt	2013-04-02 17:47:37 UTC (rev 147450)
@@ -1,8 +1,7 @@
 http://localhost:8000/security/XFrameOptions/resources/x-frame-options-parent-same-origin-allow.cgi - willSendRequest <NSURLRequest URL http://localhost:8000/security/XFrameOptions/resources/x-frame-options-parent-same-origin-allow.cgi, main document URL http://127.0.0.1:8000/security/XFrameOptions/x-frame-options-parent-same-origin-deny.html, http method GET> redirectResponse (null)
 <unknown> - didFinishLoading
 CONSOLE MESSAGE: Refused to display 'http://localhost:8000/security/XFrameOptions/resources/x-frame-options-parent-same-origin-allow.cgi' in a frame because it set 'X-Frame-Options' to 'sameorigin'.
-CONSOLE MESSAGE: Sandbox access violation: Blocked a frame at "http://127.0.0.1:8000" from accessing a frame at "null".  The frame being accessed is sandboxed and lacks the "allow-same-origin" flag.
-CONSOLE MESSAGE: line 13: PASS: Could not read contentWindow.location.href
+ALERT: PASS: onload fired.
 http://localhost:8000/security/XFrameOptions/resources/x-frame-options-parent-same-origin-allow.cgi - didFailLoadingWithError: <NSError domain NSURLErrorDomain, code -999, failing URL "http://localhost:8000/security/XFrameOptions/resources/x-frame-options-parent-same-origin-allow.cgi">
 There should be no content in the iframe below

Modified: trunk/LayoutTests/http/tests/security/XFrameOptions/x-frame-options-parent-same-origin-deny.html (147449 => 147450)


--- trunk/LayoutTests/http/tests/security/XFrameOptions/x-frame-options-parent-same-origin-deny.html	2013-04-02 17:45:40 UTC (rev 147449)
+++ trunk/LayoutTests/http/tests/security/XFrameOptions/x-frame-options-parent-same-origin-deny.html	2013-04-02 17:47:37 UTC (rev 147450)
@@ -3,19 +3,8 @@
         testRunner.dumpAsText();
         testRunner.dumpChildFramesAsText();
         testRunner.dumpResourceLoadCallbacks();
-        testRunner.waitUntilDone();
     }
-
-    function checkIfDone() {
-        var url = ""
-
-        if (!url)
-            console.log("PASS: Could not read contentWindow.location.href");
-        else
-            console.log("FAIL: Could read contentWindow.location.href");
-        testRunner.notifyDone();
-    }
 </script>
 
 <p>There should be no content in the iframe below</p>
-<iframe style="width:500px; height:500px" src="" _onload_="checkIfDone()"></iframe>
+<iframe style="width:500px; height:500px" src="" _onload_="alert('PASS: onload fired.');"></iframe>

Modified: trunk/LayoutTests/platform/chromium/http/tests/security/XFrameOptions/x-frame-options-deny-expected.txt (147449 => 147450)


--- trunk/LayoutTests/platform/chromium/http/tests/security/XFrameOptions/x-frame-options-deny-expected.txt	2013-04-02 17:45:40 UTC (rev 147449)
+++ trunk/LayoutTests/platform/chromium/http/tests/security/XFrameOptions/x-frame-options-deny-expected.txt	2013-04-02 17:47:37 UTC (rev 147450)
@@ -1,7 +1,6 @@
 http://127.0.0.1:8000/security/XFrameOptions/resources/x-frame-options-deny.cgi - willSendRequest <NSURLRequest URL http://127.0.0.1:8000/security/XFrameOptions/resources/x-frame-options-deny.cgi, main document URL http://127.0.0.1:8000/security/XFrameOptions/x-frame-options-deny.html, http method GET> redirectResponse (null)
 CONSOLE MESSAGE: Refused to display 'http://127.0.0.1:8000/security/XFrameOptions/resources/x-frame-options-deny.cgi' in a frame because it set 'X-Frame-Options' to 'deny'.
-CONSOLE MESSAGE: Sandbox access violation: Blocked a frame at "http://127.0.0.1:8000" from accessing a frame at "null".  The frame being accessed is sandboxed and lacks the "allow-same-origin" flag.
-CONSOLE MESSAGE: line 13: PASS: Could not read contentWindow.location.href
+ALERT: PASS: onload fired.
 http://127.0.0.1:8000/security/XFrameOptions/resources/x-frame-options-deny.cgi - didFailLoadingWithError: <NSError domain NSURLErrorDomain, code -999, failing URL "http://127.0.0.1:8000/security/XFrameOptions/resources/x-frame-options-deny.cgi">
 There should be no content in the iframe below

Modified: trunk/LayoutTests/platform/chromium/http/tests/security/XFrameOptions/x-frame-options-deny-meta-tag-expected.txt (147449 => 147450)


--- trunk/LayoutTests/platform/chromium/http/tests/security/XFrameOptions/x-frame-options-deny-meta-tag-expected.txt	2013-04-02 17:45:40 UTC (rev 147449)
+++ trunk/LayoutTests/platform/chromium/http/tests/security/XFrameOptions/x-frame-options-deny-meta-tag-expected.txt	2013-04-02 17:47:37 UTC (rev 147450)
@@ -2,11 +2,6 @@
 http://127.0.0.1:8000/security/XFrameOptions/resources/x-frame-options-deny-meta-tag-subframe.html - didReceiveResponse <NSURLResponse http://127.0.0.1:8000/security/XFrameOptions/resources/x-frame-options-deny-meta-tag-subframe.html, http status code 200>
 http://127.0.0.1:8000/security/XFrameOptions/resources/x-frame-options-deny-meta-tag-subframe.html - didFinishLoading
 CONSOLE MESSAGE: Refused to display 'http://127.0.0.1:8000/security/XFrameOptions/resources/x-frame-options-deny-meta-tag-subframe.html' in a frame because it set 'X-Frame-Options' to 'deny'.
-data:text/html,<p></p> - willSendRequest <NSURLRequest URL data:text/html,<p></p>, main document URL http://127.0.0.1:8000/security/XFrameOptions/x-frame-options-deny-meta-tag.html, http method GET> redirectResponse (null)
-data:text/html,<p></p> - didReceiveResponse <NSURLResponse data:text/html,<p></p>, http status code 0>
-CONSOLE MESSAGE: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "null".  The frame requesting access has a protocol of "http", the frame being accessed has a protocol of "data". Protocols must match.
-
-CONSOLE MESSAGE: line 13: PASS: Could not read contentWindow.location.href
 There should be no content in the iframe below

Modified: trunk/LayoutTests/platform/chromium/http/tests/security/XFrameOptions/x-frame-options-deny-meta-tag-in-body-expected.txt (147449 => 147450)


--- trunk/LayoutTests/platform/chromium/http/tests/security/XFrameOptions/x-frame-options-deny-meta-tag-in-body-expected.txt	2013-04-02 17:45:40 UTC (rev 147449)
+++ trunk/LayoutTests/platform/chromium/http/tests/security/XFrameOptions/x-frame-options-deny-meta-tag-in-body-expected.txt	2013-04-02 17:47:37 UTC (rev 147450)
@@ -2,11 +2,6 @@
 http://127.0.0.1:8000/security/XFrameOptions/resources/x-frame-options-deny-meta-tag-subframe-in-body.html - didReceiveResponse <NSURLResponse http://127.0.0.1:8000/security/XFrameOptions/resources/x-frame-options-deny-meta-tag-subframe-in-body.html, http status code 200>
 http://127.0.0.1:8000/security/XFrameOptions/resources/x-frame-options-deny-meta-tag-subframe-in-body.html - didFinishLoading
 CONSOLE MESSAGE: Refused to display 'http://127.0.0.1:8000/security/XFrameOptions/resources/x-frame-options-deny-meta-tag-subframe-in-body.html' in a frame because it set 'X-Frame-Options' to 'deny'.
-data:text/html,<p></p> - willSendRequest <NSURLRequest URL data:text/html,<p></p>, main document URL http://127.0.0.1:8000/security/XFrameOptions/x-frame-options-deny-meta-tag-in-body.html, http method GET> redirectResponse (null)
-data:text/html,<p></p> - didReceiveResponse <NSURLResponse data:text/html,<p></p>, http status code 0>
-CONSOLE MESSAGE: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "null".  The frame requesting access has a protocol of "http", the frame being accessed has a protocol of "data". Protocols must match.
-
-CONSOLE MESSAGE: line 13: PASS: Could not read contentWindow.location.href
 There should be no content in the iframe below

Modified: trunk/LayoutTests/platform/chromium/http/tests/security/XFrameOptions/x-frame-options-deny-meta-tag-parent-same-origin-deny-expected.txt (147449 => 147450)


--- trunk/LayoutTests/platform/chromium/http/tests/security/XFrameOptions/x-frame-options-deny-meta-tag-parent-same-origin-deny-expected.txt	2013-04-02 17:45:40 UTC (rev 147449)
+++ trunk/LayoutTests/platform/chromium/http/tests/security/XFrameOptions/x-frame-options-deny-meta-tag-parent-same-origin-deny-expected.txt	2013-04-02 17:47:37 UTC (rev 147450)
@@ -2,11 +2,6 @@
 http://localhost:8000/security/XFrameOptions/resources/x-frame-options-deny-meta-tag-subframe-parent-same-origin-deny.html - didReceiveResponse <NSURLResponse http://localhost:8000/security/XFrameOptions/resources/x-frame-options-deny-meta-tag-subframe-parent-same-origin-deny.html, http status code 200>
 http://localhost:8000/security/XFrameOptions/resources/x-frame-options-deny-meta-tag-subframe-parent-same-origin-deny.html - didFinishLoading
 CONSOLE MESSAGE: Refused to display 'http://localhost:8000/security/XFrameOptions/resources/x-frame-options-deny-meta-tag-subframe-parent-same-origin-deny.html' in a frame because it set 'X-Frame-Options' to 'sameorigin'.
-data:text/html,<p></p> - willSendRequest <NSURLRequest URL data:text/html,<p></p>, main document URL http://127.0.0.1:8000/security/XFrameOptions/x-frame-options-deny-meta-tag-parent-same-origin-deny.html, http method GET> redirectResponse (null)
-data:text/html,<p></p> - didReceiveResponse <NSURLResponse data:text/html,<p></p>, http status code 0>
-CONSOLE MESSAGE: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "null".  The frame requesting access has a protocol of "http", the frame being accessed has a protocol of "data". Protocols must match.
-
-CONSOLE MESSAGE: line 13: PASS: Could not read contentWindow.location.href
 There should be no content in the iframe below

Modified: trunk/LayoutTests/platform/chromium/http/tests/security/XFrameOptions/x-frame-options-multiple-headers-sameorigin-deny-expected.txt (147449 => 147450)


--- trunk/LayoutTests/platform/chromium/http/tests/security/XFrameOptions/x-frame-options-multiple-headers-sameorigin-deny-expected.txt	2013-04-02 17:45:40 UTC (rev 147449)
+++ trunk/LayoutTests/platform/chromium/http/tests/security/XFrameOptions/x-frame-options-multiple-headers-sameorigin-deny-expected.txt	2013-04-02 17:47:37 UTC (rev 147450)
@@ -1,7 +1,5 @@
 http://localhost:8000/security/XFrameOptions/resources/x-frame-options-multiple-headers-sameorigin.cgi - willSendRequest <NSURLRequest URL http://localhost:8000/security/XFrameOptions/resources/x-frame-options-multiple-headers-sameorigin.cgi, main document URL http://127.0.0.1:8000/security/XFrameOptions/x-frame-options-multiple-headers-sameorigin-deny.html, http method GET> redirectResponse (null)
 CONSOLE MESSAGE: Refused to display 'http://localhost:8000/security/XFrameOptions/resources/x-frame-options-multiple-headers-sameorigin.cgi' in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN, SAMEORIGIN'.
-CONSOLE MESSAGE: Sandbox access violation: Blocked a frame at "http://127.0.0.1:8000" from accessing a frame at "null".  The frame being accessed is sandboxed and lacks the "allow-same-origin" flag.
-CONSOLE MESSAGE: line 16: PASS: Could not read contentWindow.location.href
 http://localhost:8000/security/XFrameOptions/resources/x-frame-options-multiple-headers-sameorigin.cgi - didFailLoadingWithError: <NSError domain NSURLErrorDomain, code -999, failing URL "http://localhost:8000/security/XFrameOptions/resources/x-frame-options-multiple-headers-sameorigin.cgi">
 The frame below should not load, proving that 'sameorigin, sameorigin' === 'sameorigin'.

Modified: trunk/LayoutTests/platform/chromium/http/tests/security/XFrameOptions/x-frame-options-parent-same-origin-deny-expected.txt (147449 => 147450)


--- trunk/LayoutTests/platform/chromium/http/tests/security/XFrameOptions/x-frame-options-parent-same-origin-deny-expected.txt	2013-04-02 17:45:40 UTC (rev 147449)
+++ trunk/LayoutTests/platform/chromium/http/tests/security/XFrameOptions/x-frame-options-parent-same-origin-deny-expected.txt	2013-04-02 17:47:37 UTC (rev 147450)
@@ -1,7 +1,6 @@
 http://localhost:8000/security/XFrameOptions/resources/x-frame-options-parent-same-origin-allow.cgi - willSendRequest <NSURLRequest URL http://localhost:8000/security/XFrameOptions/resources/x-frame-options-parent-same-origin-allow.cgi, main document URL http://127.0.0.1:8000/security/XFrameOptions/x-frame-options-parent-same-origin-deny.html, http method GET> redirectResponse (null)
 CONSOLE MESSAGE: Refused to display 'http://localhost:8000/security/XFrameOptions/resources/x-frame-options-parent-same-origin-allow.cgi' in a frame because it set 'X-Frame-Options' to 'sameorigin'.
-CONSOLE MESSAGE: Sandbox access violation: Blocked a frame at "http://127.0.0.1:8000" from accessing a frame at "null".  The frame being accessed is sandboxed and lacks the "allow-same-origin" flag.
-CONSOLE MESSAGE: line 13: PASS: Could not read contentWindow.location.href
+ALERT: PASS: onload fired.
 http://localhost:8000/security/XFrameOptions/resources/x-frame-options-parent-same-origin-allow.cgi - didFailLoadingWithError: <NSError domain NSURLErrorDomain, code -999, failing URL "http://localhost:8000/security/XFrameOptions/resources/x-frame-options-parent-same-origin-allow.cgi">
 There should be no content in the iframe below

Modified: trunk/Source/WebCore/ChangeLog (147449 => 147450)


--- trunk/Source/WebCore/ChangeLog	2013-04-02 17:45:40 UTC (rev 147449)
+++ trunk/Source/WebCore/ChangeLog	2013-04-02 17:47:37 UTC (rev 147450)
@@ -1,3 +1,14 @@
+2013-04-02  Nate Chapin  <[email protected]>
+
+        Unreviewed, rolling out r147402.
+        http://trac.webkit.org/changeset/147402
+        https://bugs.webkit.org/show_bug.cgi?id=112903
+
+        * dom/Document.cpp:
+        (WebCore::Document::processHttpEquiv):
+        * loader/DocumentLoader.cpp:
+        (WebCore::DocumentLoader::responseReceived):
+
 2013-04-02  ChangSeok Oh  <[email protected]>
 
         [GTK][AC] Support preserves3D css property for clutter ac backend.

Modified: trunk/Source/WebCore/dom/Document.cpp (147449 => 147450)


--- trunk/Source/WebCore/dom/Document.cpp	2013-04-02 17:45:40 UTC (rev 147449)
+++ trunk/Source/WebCore/dom/Document.cpp	2013-04-02 17:47:37 UTC (rev 147450)
@@ -2948,10 +2948,7 @@
             if (frameLoader->shouldInterruptLoadForXFrameOptions(content, url(), requestIdentifier)) {
                 String message = "Refused to display '" + url().elidedString() + "' in a frame because it set 'X-Frame-Options' to '" + content + "'.";
                 frameLoader->stopAllLoaders();
-                // Stopping the loader isn't enough, as we're already parsing the document; to honor the header's
-                // intent, we must navigate away from the possibly partially-rendered document to a location that
-                // doesn't inherit the parent's SecurityOrigin.
-                frame->navigationScheduler()->scheduleLocationChange(securityOrigin(), "data:text/html,<p></p>", String());
+                frame->navigationScheduler()->scheduleLocationChange(securityOrigin(), blankURL(), String());
                 addConsoleMessage(SecurityMessageSource, ErrorMessageLevel, message, requestIdentifier);
             }
         }

Modified: trunk/Source/WebCore/loader/DocumentLoader.cpp (147449 => 147450)


--- trunk/Source/WebCore/loader/DocumentLoader.cpp	2013-04-02 17:45:40 UTC (rev 147449)
+++ trunk/Source/WebCore/loader/DocumentLoader.cpp	2013-04-02 17:47:37 UTC (rev 147450)
@@ -591,7 +591,6 @@
             InspectorInstrumentation::continueAfterXFrameOptionsDenied(m_frame, this, identifier, response);
             String message = "Refused to display '" + response.url().elidedString() + "' in a frame because it set 'X-Frame-Options' to '" + content + "'.";
             frame()->document()->addConsoleMessage(SecurityMessageSource, ErrorMessageLevel, message, identifier);
-            frame()->document()->enforceSandboxFlags(SandboxOrigin);
             if (HTMLFrameOwnerElement* ownerElement = frame()->ownerElement())
                 ownerElement->dispatchEvent(Event::create(eventNames().loadEvent, false, false));
             cancelMainResourceLoad(frameLoader()->cancelledError(m_request));

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to