Bug 112573

Summary: CSP 1.1: Schemeless source expressions match HTTPS resources on HTTP sites.
Product: WebKit Reporter: Mike West <mkwst>
Component: WebCore Misc.Assignee: Mike West <mkwst>
Status: RESOLVED FIXED    
Severity: Normal CC: abarth, mkwst+watchlist, webkit.review.bot
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on:    
Bug Blocks: 85558    
Attachments:
Description Flags
Patch none

Mike West
Reported 2013-03-18 08:31:32 PDT
https://dvcs.w3.org/hg/content-security-policy/rev/a7dc8820946e changed schemeless source expressions to match both HTTP and HTTPS on HTTP sites. We should implement this behind the CSP_NEXT flag.
Attachments
Patch (12.84 KB, patch)
2013-03-18 08:40 PDT, Mike West 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Mike West
Comment 1 2013-03-18 08:40:37 PDT
Created attachment 193570 [details] Patch
Mike West
Comment 2 2013-03-18 13:25:39 PDT
Bots are happy here too. WDYT, Adam?
Mike West
Comment 3 2013-03-18 15:24:22 PDT
Comment on attachment 193570 [details] Patch Thanks!
WebKit Review Bot
Comment 4 2013-03-18 15:56:54 PDT
Comment on attachment 193570 [details] Patch Clearing flags on attachment: 193570 Committed r146141: <http://trac.webkit.org/changeset/146141>
WebKit Review Bot
Comment 5 2013-03-18 15:56:57 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.