Skip to site navigation (Press enter)

[webkit-changes] [198204] releases/WebKitGTK/webkit-2.12/Source/WebCore

carlosgc Tue, 15 Mar 2016 01:49:38 -0700

Title: [198204] releases/WebKitGTK/webkit-2.12/Source/WebCore

Revision: 198204
Author: [email protected]
Date: 2016-03-15 01:49:05 -0700 (Tue, 15 Mar 2016)

Log Message

Merge r198201 - REGRESSION (r197724): [GTK] Web Inspector: Images being blocked by CSP 2.0
https://bugs.webkit.org/show_bug.cgi?id=155432


Reviewed by Darin Adler.

The GTK+ port Web Inspector uses GResources for all internal
resources (images, fonts, scripts, etc.) that are now blocked by
the CSP. GResouces are like data URLs in practice, so we should
always allow them.

* page/csp/ContentSecurityPolicySourceList.cpp:
(WebCore::ContentSecurityPolicySourceList::isProtocolAllowedByStar):

Modified Paths

releases/WebKitGTK/webkit-2.12/Source/WebCore/ChangeLog
releases/WebKitGTK/webkit-2.12/Source/WebCore/page/csp/ContentSecurityPolicySourceList.cpp

Diff

Modified: releases/WebKitGTK/webkit-2.12/Source/WebCore/ChangeLog (198203 => 198204)


--- releases/WebKitGTK/webkit-2.12/Source/WebCore/ChangeLog	2016-03-15 07:53:15 UTC (rev 198203)
+++ releases/WebKitGTK/webkit-2.12/Source/WebCore/ChangeLog	2016-03-15 08:49:05 UTC (rev 198204)
@@ -1,3 +1,18 @@
+2016-03-15  Carlos Garcia Campos  <[email protected]>
+
+        REGRESSION (r197724): [GTK] Web Inspector: Images being blocked by CSP 2.0
+        https://bugs.webkit.org/show_bug.cgi?id=155432
+
+        Reviewed by Darin Adler.
+
+        The GTK+ port Web Inspector uses GResources for all internal
+        resources (images, fonts, scripts, etc.) that are now blocked by
+        the CSP. GResouces are like data URLs in practice, so we should
+        always allow them.
+
+        * page/csp/ContentSecurityPolicySourceList.cpp:
+        (WebCore::ContentSecurityPolicySourceList::isProtocolAllowedByStar):
+
 2016-03-10  Carlos Garcia Campos  <[email protected]>
 
         [GTK] Fix rendering of slider input elements

Modified: releases/WebKitGTK/webkit-2.12/Source/WebCore/page/csp/ContentSecurityPolicySourceList.cpp (198203 => 198204)


--- releases/WebKitGTK/webkit-2.12/Source/WebCore/page/csp/ContentSecurityPolicySourceList.cpp	2016-03-15 07:53:15 UTC (rev 198203)
+++ releases/WebKitGTK/webkit-2.12/Source/WebCore/page/csp/ContentSecurityPolicySourceList.cpp	2016-03-15 08:49:05 UTC (rev 198204)
@@ -102,10 +102,17 @@
     // FIXME: We should not hardcode the directive names. We should make use of the constants in ContentSecurityPolicyDirectiveList.cpp.
     // See <https://bugs.webkit.org/show_bug.cgi?id=155133>.
     bool isAllowed = url.protocolIsInHTTPFamily();
-    if (equalLettersIgnoringASCIICase(m_directiveName, "img-src"))
+    if (equalLettersIgnoringASCIICase(m_directiveName, "img-src")) {
         isAllowed |= url.protocolIsData();
-    else if (equalLettersIgnoringASCIICase(m_directiveName, "media-src"))
+#if PLATFORM(GTK)
+        isAllowed |= url.protocolIs("resource");
+#endif
+    } else if (equalLettersIgnoringASCIICase(m_directiveName, "media-src")) {
         isAllowed |= url.protocolIsData() || url.protocolIsBlob();
+#if PLATFORM(GTK)
+        isAllowed |= url.protocolIs("resource");
+#endif
+    }
     return isAllowed;
 }

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes