CSP: ws: and wss: blocked with connect-src *
authordbates@webkit.org <dbates@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 14 Dec 2016 04:18:11 +0000 (04:18 +0000)
committerdbates@webkit.org <dbates@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 14 Dec 2016 04:18:11 +0000 (04:18 +0000)
commit6aaf3d0b68922d277db84dad75c10b1a08510e59
treed2c1f6ba978e9459e693fe9c4ea2a80188227f3e
parent0d9b32fb7a5897047c555dac44a2b3e290385bc1
CSP: ws: and wss: blocked with connect-src *
https://bugs.webkit.org/show_bug.cgi?id=165804
<rdar://problem/28563643>

Reviewed by David Kilzer.

Source/WebCore:

Allow * to match ws: and wss:. This will make our behavior of * more closely conform
the behavior of * in the Content Security Policy Level 3 spec.,
<https://w3c.github.io/webappsec-csp/#match-url-to-source-expression> (Editor's Draft, 2 December 2016).

Tests: http/tests/security/contentSecurityPolicy/connect-src-star-secure-websocket-allowed.html
       http/tests/security/contentSecurityPolicy/connect-src-star-websocket-allowed.html
       http/tests/security/contentSecurityPolicy/default-src-star-secure-websocket-allowed.html
       http/tests/security/contentSecurityPolicy/default-src-star-websocket-allowed.html

* page/csp/ContentSecurityPolicySourceList.cpp:
(WebCore::ContentSecurityPolicySourceList::isProtocolAllowedByStar):

LayoutTests:

Add tests to ensure that * matches ws: and wss:.

* http/tests/security/contentSecurityPolicy/connect-src-star-secure-websocket-allowed-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/connect-src-star-secure-websocket-allowed.html: Added.
* http/tests/security/contentSecurityPolicy/connect-src-star-websocket-allowed-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/connect-src-star-websocket-allowed.html: Added.
* http/tests/security/contentSecurityPolicy/default-src-star-secure-websocket-allowed-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/default-src-star-secure-websocket-allowed.html: Added.
* http/tests/security/contentSecurityPolicy/default-src-star-websocket-allowed-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/default-src-star-websocket-allowed.html: Added.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@209789 268f45cc-cd09-0410-ab3c-d52691b4dbfc
LayoutTests/ChangeLog
LayoutTests/http/tests/security/contentSecurityPolicy/connect-src-star-secure-websocket-allowed-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/connect-src-star-secure-websocket-allowed.html [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/connect-src-star-websocket-allowed-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/connect-src-star-websocket-allowed.html [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/default-src-star-secure-websocket-allowed-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/default-src-star-secure-websocket-allowed.html [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/default-src-star-websocket-allowed-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/contentSecurityPolicy/default-src-star-websocket-allowed.html [new file with mode: 0644]
Source/WebCore/ChangeLog
Source/WebCore/page/csp/ContentSecurityPolicySourceList.cpp