[webkit-changes] [WebKit/WebKit] d89d47: Images are not loaded in element application
Carlos Garcia Campos
noreply at github.com
Tue Dec 20 05:21:10 PST 2022
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: d89d47f7fd454c799ae34539434109f3e422bede
https://github.com/WebKit/WebKit/commit/d89d47f7fd454c799ae34539434109f3e422bede
Author: Carlos Garcia Campos <cgarcia at igalia.com>
Date: 2022-12-20 (Tue, 20 Dec 2022)
Changed paths:
A LayoutTests/http/tests/security/contentSecurityPolicy/blob-url-invalid-http-header-expected.txt
A LayoutTests/http/tests/security/contentSecurityPolicy/blob-url-invalid-http-header.html
M Source/WebCore/page/csp/ContentSecurityPolicy.cpp
Log Message:
-----------
Images are not loaded in element application
https://bugs.webkit.org/show_bug.cgi?id=249213
Reviewed by Xabier Rodriguez-Calvar.
Element application uses the fetch api to download images and convert
them to a blob that is then requested. The problem is that the blob
request is failing due to invalid HTTP header in response. The invalid
header is Content-Security-Policy that is generated by the blob loader
using the security context policy. The document policy comes from
http-equiv meta and contains newlines, which are allowed there, but
invalid for an HTTP header value.
Test: http/tests/security/contentSecurityPolicy/blob-url-invalid-http-header.html
* LayoutTests/http/tests/security/contentSecurityPolicy/blob-url-invalid-http-header-expected.txt: Added.
* LayoutTests/http/tests/security/contentSecurityPolicy/blob-url-invalid-http-header.html: Added.
* Source/WebCore/page/csp/ContentSecurityPolicy.cpp:
(WebCore::ContentSecurityPolicy::responseHeaders const): Make the http header value valid if needed.
Canonical link: https://commits.webkit.org/258130@main
More information about the webkit-changes
mailing list