CSP: Content Security Policy should allow '*' to match the originating page's scheme
authorjiewen_tan@apple.com <jiewen_tan@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 17 Jun 2016 03:51:00 +0000 (03:51 +0000)
committerjiewen_tan@apple.com <jiewen_tan@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 17 Jun 2016 03:51:00 +0000 (03:51 +0000)
commit25a3ff98dc4e7f8aafef0e5ee5be064a3cbe9570
treecf30ecc5cbd3d039c6d575c9c9ad96f944086318
parent51e941b62a260ff07b6fbe4d03d12de18aa28b5d
CSP: Content Security Policy should allow '*' to match the originating page's scheme
https://bugs.webkit.org/show_bug.cgi?id=158811
<rdar://problem/26819568>

Reviewed by Daniel Bates.

Source/WebCore:

Tests: security/contentSecurityPolicy/image-with-file-url-allowed-by-img-src-star.html
       security/contentSecurityPolicy/link-with-file-url-allowed-by-style-src-star.html
       security/contentSecurityPolicy/script-with-file-url-allowed-by-script-src-star.html
       security/contentSecurityPolicy/video-with-file-url-allowed-by-media-src-star.html

* page/csp/ContentSecurityPolicySourceList.cpp:
(WebCore::ContentSecurityPolicySourceList::isProtocolAllowedByStar):

LayoutTests:

* security/contentSecurityPolicy/image-with-file-url-allowed-by-img-src-star-expected.html: Added.
* security/contentSecurityPolicy/image-with-file-url-allowed-by-img-src-star.html: Added.
* security/contentSecurityPolicy/image-with-file-url-blocked-by-img-src-star-expected.html: Removed.
* security/contentSecurityPolicy/image-with-file-url-blocked-by-img-src-star.html: Removed.
* security/contentSecurityPolicy/link-with-file-url-allowed-by-style-src-star-expected.html: Added.
* security/contentSecurityPolicy/link-with-file-url-allowed-by-style-src-star.html: Added.
* security/contentSecurityPolicy/link-with-file-url-blocked-by-style-src-star-expected.html: Removed.
* security/contentSecurityPolicy/link-with-file-url-blocked-by-style-src-star.html: Removed.
* security/contentSecurityPolicy/resources/alert-pass.js: Added.
* security/contentSecurityPolicy/script-with-file-url-allowed-by-script-src-star-expected.txt: Added.
* security/contentSecurityPolicy/script-with-file-url-allowed-by-script-src-star.html: Added.
* security/contentSecurityPolicy/video-with-file-url-allowed-by-media-src-star-expected.html: Copied from LayoutTests/security/contentSecurityPolicy/video-with-file-url-blocked-by-media-src-star.html.
* security/contentSecurityPolicy/video-with-file-url-allowed-by-media-src-star.html: Renamed from LayoutTests/security/contentSecurityPolicy/video-with-file-url-blocked-by-media-src-star.html.
* security/contentSecurityPolicy/video-with-file-url-blocked-by-media-src-star-expected.html: Removed.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@202155 268f45cc-cd09-0410-ab3c-d52691b4dbfc
17 files changed:
LayoutTests/ChangeLog
LayoutTests/security/contentSecurityPolicy/image-with-file-url-allowed-by-img-src-star-expected.html [new file with mode: 0644]
LayoutTests/security/contentSecurityPolicy/image-with-file-url-allowed-by-img-src-star.html [new file with mode: 0644]
LayoutTests/security/contentSecurityPolicy/image-with-file-url-blocked-by-img-src-star-expected.html [deleted file]
LayoutTests/security/contentSecurityPolicy/image-with-file-url-blocked-by-img-src-star.html [deleted file]
LayoutTests/security/contentSecurityPolicy/link-with-file-url-allowed-by-style-src-star-expected.html [new file with mode: 0644]
LayoutTests/security/contentSecurityPolicy/link-with-file-url-allowed-by-style-src-star.html [new file with mode: 0644]
LayoutTests/security/contentSecurityPolicy/link-with-file-url-blocked-by-style-src-star-expected.html [deleted file]
LayoutTests/security/contentSecurityPolicy/link-with-file-url-blocked-by-style-src-star.html [deleted file]
LayoutTests/security/contentSecurityPolicy/resources/alert-pass.js [new file with mode: 0644]
LayoutTests/security/contentSecurityPolicy/script-with-file-url-allowed-by-script-src-star-expected.txt [new file with mode: 0644]
LayoutTests/security/contentSecurityPolicy/script-with-file-url-allowed-by-script-src-star.html [new file with mode: 0644]
LayoutTests/security/contentSecurityPolicy/video-with-file-url-allowed-by-media-src-star-expected.html [new file with mode: 0644]
LayoutTests/security/contentSecurityPolicy/video-with-file-url-allowed-by-media-src-star.html [moved from LayoutTests/security/contentSecurityPolicy/video-with-file-url-blocked-by-media-src-star.html with 69% similarity]
LayoutTests/security/contentSecurityPolicy/video-with-file-url-blocked-by-media-src-star-expected.html [deleted file]
Source/WebCore/ChangeLog
Source/WebCore/page/csp/ContentSecurityPolicySourceList.cpp