-
abarth@webkit.org authored
Reviewed by Eric Seidel. Fix script-src redirect handling https://bugs.webkit.org/show_bug.cgi?id=57196 Test both allow => disallow and disallow => allow redirect cases. Previously, we had incorrect expectations for one of the redirect cases. Also, I've updated the policy syntax to match the default-src syntax. * http/tests/security/contentSecurityPolicy/script-src-redirect-expected.txt: * http/tests/security/contentSecurityPolicy/script-src-redirect.html: 2011-03-27 Adam Barth <abarth@webkit.org> Reviewed by Eric Seidel. Fix script-src redirect handling https://bugs.webkit.org/show_bug.cgi?id=57196 Resource-loading requirements in CSP apply to each hop in the redirect chain. To make that work properly, we need to move enforcement into the loader. Fortunately, we already have a choke-point in the loader for enforcing this kind of policy. * dom/ScriptElement.cpp: (WebCore::ScriptElement::requestScript): * html/parser/HTMLDocumentParser.cpp: * html/parser/HTMLDocumentParser.h: * html/parser/HTMLScriptRunnerHost.h: * loader/cache/CachedResourceLoader.cpp: (WebCore::CachedResourceLoader::canRequest): * page/ContentSecurityPolicy.cpp: (WebCore::ContentSecurityPolicy::allowScriptFromSource): * page/ContentSecurityPolicy.h: git-svn-id: svn://svn.chromium.org/blink/trunk@82085 bbb929c8-8fbe-4397-9dbb-9b2b202185381dd689c0
