Skip to site navigation (Press enter)

[webkit-changes] [198201] trunk/Source/WebCore

carlosgc Tue, 15 Mar 2016 00:02:08 -0700

Title: [198201] trunk/Source/WebCore

Revision: 198201
Author: [email protected]
Date: 2016-03-15 00:01:44 -0700 (Tue, 15 Mar 2016)

Log Message

REGRESSION (r197724): [GTK] Web Inspector: Images being blocked by CSP 2.0
https://bugs.webkit.org/show_bug.cgi?id=155432


Reviewed by Darin Adler.

The GTK+ port Web Inspector uses GResources for all internal
resources (images, fonts, scripts, etc.) that are now blocked by
the CSP. GResouces are like data URLs in practice, so we should
always allow them.

* page/csp/ContentSecurityPolicySourceList.cpp:
(WebCore::ContentSecurityPolicySourceList::isProtocolAllowedByStar):

Modified Paths

trunk/Source/WebCore/ChangeLog
trunk/Source/WebCore/page/csp/ContentSecurityPolicySourceList.cpp

Diff

Modified: trunk/Source/WebCore/ChangeLog (198200 => 198201)


--- trunk/Source/WebCore/ChangeLog	2016-03-15 05:47:22 UTC (rev 198200)
+++ trunk/Source/WebCore/ChangeLog	2016-03-15 07:01:44 UTC (rev 198201)
@@ -1,3 +1,18 @@
+2016-03-15  Carlos Garcia Campos  <[email protected]>
+
+        REGRESSION (r197724): [GTK] Web Inspector: Images being blocked by CSP 2.0
+        https://bugs.webkit.org/show_bug.cgi?id=155432
+
+        Reviewed by Darin Adler.
+
+        The GTK+ port Web Inspector uses GResources for all internal
+        resources (images, fonts, scripts, etc.) that are now blocked by
+        the CSP. GResouces are like data URLs in practice, so we should
+        always allow them.
+
+        * page/csp/ContentSecurityPolicySourceList.cpp:
+        (WebCore::ContentSecurityPolicySourceList::isProtocolAllowedByStar):
+
 2016-03-14  Alex Christensen  <[email protected]>
 
         Fix WinCairo build after r198195.

Modified: trunk/Source/WebCore/page/csp/ContentSecurityPolicySourceList.cpp (198200 => 198201)


--- trunk/Source/WebCore/page/csp/ContentSecurityPolicySourceList.cpp	2016-03-15 05:47:22 UTC (rev 198200)
+++ trunk/Source/WebCore/page/csp/ContentSecurityPolicySourceList.cpp	2016-03-15 07:01:44 UTC (rev 198201)
@@ -104,10 +104,17 @@
     // FIXME: We should not hardcode the directive names. We should make use of the constants in ContentSecurityPolicyDirectiveList.cpp.
     // See <https://bugs.webkit.org/show_bug.cgi?id=155133>.
     bool isAllowed = url.protocolIsInHTTPFamily();
-    if (equalLettersIgnoringASCIICase(m_directiveName, "img-src"))
+    if (equalLettersIgnoringASCIICase(m_directiveName, "img-src")) {
         isAllowed |= url.protocolIsData();
-    else if (equalLettersIgnoringASCIICase(m_directiveName, "media-src"))
+#if PLATFORM(GTK)
+        isAllowed |= url.protocolIs("resource");
+#endif
+    } else if (equalLettersIgnoringASCIICase(m_directiveName, "media-src")) {
         isAllowed |= url.protocolIsData() || url.protocolIsBlob();
+#if PLATFORM(GTK)
+        isAllowed |= url.protocolIs("resource");
+#endif
+    }
     return isAllowed;
 }

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes