[webkit-changes] [WebKit/WebKit] 9bcb54: CSP 3: Update Content Security Policy when header ...

Ryan Reno noreply at github.com
Sun Jan 15 10:08:50 PST 2023


  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 9bcb547791aa90dfe8715b041f14e374c42f5199
      https://github.com/WebKit/WebKit/commit/9bcb547791aa90dfe8715b041f14e374c42f5199
  Author: Ryan Reno <rreno at apple.com>
  Date:   2023-01-15 (Sun, 15 Jan 2023)

  Changed paths:
    M LayoutTests/imported/w3c/web-platform-tests/content-security-policy/generic/304-response-should-update-csp.sub-expected.txt
    M Source/WebCore/platform/network/CacheValidation.cpp

  Log Message:
  -----------
  CSP 3: Update Content Security Policy when header sent as part of a 304 response
https://bugs.webkit.org/show_bug.cgi?id=244637
rdar://99405897

Reviewed by Brent Fulgham.

We ignore any headers with the "Content-" prefix in a 304 response. This change
special-cases the Content-Security-Policy and Content-Security-Policy-Report-Only
headers to be included in the cached response. This has the effect of updating the
cache entry's CSP if the server sends a new CSP in a 304 response.

* LayoutTests/imported/w3c/web-platform-tests/content-security-policy/generic/304-response-should-update-csp.sub-expected.txt:
* Source/WebCore/platform/network/CacheValidation.cpp:
(WebCore::shouldUpdateHeaderAfterRevalidation):

Canonical link: https://commits.webkit.org/258931@main




More information about the webkit-changes mailing list