<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[207624] branches/safari-602-branch</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/207624">207624</a></dd>
<dt>Author</dt> <dd>dbates@webkit.org</dd>
<dt>Date</dt> <dd>2016-10-20 10:44:37 -0700 (Thu, 20 Oct 2016)</dd>
</dl>
<h3>Log Message</h3>
<pre>Merge <a href="http://trac.webkit.org/projects/webkit/changeset/206809">r206809</a>. rdar://problem/28718761</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#branchessafari602branchLayoutTestsChangeLog">branches/safari-602-branch/LayoutTests/ChangeLog</a></li>
<li><a href="#branchessafari602branchLayoutTestshttptestssecuritycontentSecurityPolicy11frameancestorsreportframeancestorscrossoriginexpectedtxt">branches/safari-602-branch/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/report-frame-ancestors-cross-origin-expected.txt</a></li>
<li><a href="#branchessafari602branchLayoutTestshttptestssecuritycontentSecurityPolicy11frameancestorsreportframeancestorscrossoriginhttpsexpectedtxt">branches/safari-602-branch/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/report-frame-ancestors-cross-origin-https-expected.txt</a></li>
<li><a href="#branchessafari602branchLayoutTestshttptestssecuritycontentSecurityPolicy11frameancestorsreportframeancestorssameoriginexpectedtxt">branches/safari-602-branch/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/report-frame-ancestors-same-origin-expected.txt</a></li>
<li><a href="#branchessafari602branchLayoutTestshttptestssecuritycontentSecurityPolicy11frameancestorsreportframeancestorssameoriginhttpsexpectedtxt">branches/safari-602-branch/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/report-frame-ancestors-same-origin-https-expected.txt</a></li>
<li><a href="#branchessafari602branchLayoutTestshttptestssecuritycontentSecurityPolicy11reporturieffectivedirectiveexpectedtxt">branches/safari-602-branch/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/report-uri-effective-directive-expected.txt</a></li>
<li><a href="#branchessafari602branchLayoutTestshttptestssecuritycontentSecurityPolicyreportandenforceexpectedtxt">branches/safari-602-branch/LayoutTests/http/tests/security/contentSecurityPolicy/report-and-enforce-expected.txt</a></li>
<li><a href="#branchessafari602branchLayoutTestshttptestssecuritycontentSecurityPolicyreportblockeddatauriexpectedtxt">branches/safari-602-branch/LayoutTests/http/tests/security/contentSecurityPolicy/report-blocked-data-uri-expected.txt</a></li>
<li><a href="#branchessafari602branchLayoutTestshttptestssecuritycontentSecurityPolicyreportblockedfileuriexpectedtxt">branches/safari-602-branch/LayoutTests/http/tests/security/contentSecurityPolicy/report-blocked-file-uri-expected.txt</a></li>
<li><a href="#branchessafari602branchLayoutTestshttptestssecuritycontentSecurityPolicyreportblockeduricrossoriginexpectedtxt">branches/safari-602-branch/LayoutTests/http/tests/security/contentSecurityPolicy/report-blocked-uri-cross-origin-expected.txt</a></li>
<li><a href="#branchessafari602branchLayoutTestshttptestssecuritycontentSecurityPolicyreportblockeduriexpectedtxt">branches/safari-602-branch/LayoutTests/http/tests/security/contentSecurityPolicy/report-blocked-uri-expected.txt</a></li>
<li><a href="#branchessafari602branchLayoutTestshttptestssecuritycontentSecurityPolicyreportcrossoriginnocookiesexpectedtxt">branches/safari-602-branch/LayoutTests/http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies-expected.txt</a></li>
<li><a href="#branchessafari602branchLayoutTestshttptestssecuritycontentSecurityPolicyreportcrossoriginnocookieswhenprivatebrowsingenabledexpectedtxt">branches/safari-602-branch/LayoutTests/http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies-when-private-browsing-enabled-expected.txt</a></li>
<li><a href="#branchessafari602branchLayoutTestshttptestssecuritycontentSecurityPolicyreportcrossoriginnocookieswhenprivatebrowsingtoggledexpectedtxt">branches/safari-602-branch/LayoutTests/http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies-when-private-browsing-toggled-expected.txt</a></li>
<li><a href="#branchessafari602branchLayoutTestshttptestssecuritycontentSecurityPolicyreportonlyexpectedtxt">branches/safari-602-branch/LayoutTests/http/tests/security/contentSecurityPolicy/report-only-expected.txt</a></li>
<li><a href="#branchessafari602branchLayoutTestshttptestssecuritycontentSecurityPolicyreportonlyfromheaderexpectedtxt">branches/safari-602-branch/LayoutTests/http/tests/security/contentSecurityPolicy/report-only-from-header-expected.txt</a></li>
<li><a href="#branchessafari602branchLayoutTestshttptestssecuritycontentSecurityPolicyreportonlyupgradeinsecureexpectedtxt">branches/safari-602-branch/LayoutTests/http/tests/security/contentSecurityPolicy/report-only-upgrade-insecure-expected.txt</a></li>
<li><a href="#branchessafari602branchLayoutTestshttptestssecuritycontentSecurityPolicyreportsameoriginnocookieswhenprivatebrowsingtoggledexpectedtxt">branches/safari-602-branch/LayoutTests/http/tests/security/contentSecurityPolicy/report-same-origin-no-cookies-when-private-browsing-toggled-expected.txt</a></li>
<li><a href="#branchessafari602branchLayoutTestshttptestssecuritycontentSecurityPolicyreportsameoriginwithcookiesexpectedtxt">branches/safari-602-branch/LayoutTests/http/tests/security/contentSecurityPolicy/report-same-origin-with-cookies-expected.txt</a></li>
<li><a href="#branchessafari602branchLayoutTestshttptestssecuritycontentSecurityPolicyreportsameoriginwithcookieswhenprivatebrowsingenabledexpectedtxt">branches/safari-602-branch/LayoutTests/http/tests/security/contentSecurityPolicy/report-same-origin-with-cookies-when-private-browsing-enabled-expected.txt</a></li>
<li><a href="#branchessafari602branchLayoutTestshttptestssecuritycontentSecurityPolicyreportstatuscodezerowhenusinghttpsexpectedtxt">branches/safari-602-branch/LayoutTests/http/tests/security/contentSecurityPolicy/report-status-code-zero-when-using-https-expected.txt</a></li>
<li><a href="#branchessafari602branchLayoutTestshttptestssecuritycontentSecurityPolicyreporturiexpectedtxt">branches/safari-602-branch/LayoutTests/http/tests/security/contentSecurityPolicy/report-uri-expected.txt</a></li>
<li><a href="#branchessafari602branchLayoutTestshttptestssecuritycontentSecurityPolicyreporturifromchildframeexpectedtxt">branches/safari-602-branch/LayoutTests/http/tests/security/contentSecurityPolicy/report-uri-from-child-frame-expected.txt</a></li>
<li><a href="#branchessafari602branchLayoutTestshttptestssecuritycontentSecurityPolicyreporturifrominlinejavascriptexpectedtxt">branches/safari-602-branch/LayoutTests/http/tests/security/contentSecurityPolicy/report-uri-from-inline-javascript-expected.txt</a></li>
<li><a href="#branchessafari602branchLayoutTestshttptestssecuritycontentSecurityPolicyreporturifromjavascriptexpectedtxt">branches/safari-602-branch/LayoutTests/http/tests/security/contentSecurityPolicy/report-uri-from-javascript-expected.txt</a></li>
<li><a href="#branchessafari602branchLayoutTestshttptestssecuritycontentSecurityPolicyreporturischemerelativeexpectedtxt">branches/safari-602-branch/LayoutTests/http/tests/security/contentSecurityPolicy/report-uri-scheme-relative-expected.txt</a></li>
<li><a href="#branchessafari602branchLayoutTestshttptestssecuritycontentSecurityPolicyresourcessavereportphp">branches/safari-602-branch/LayoutTests/http/tests/security/contentSecurityPolicy/resources/save-report.php</a></li>
<li><a href="#branchessafari602branchLayoutTestshttptestssecurityxssAuditorreportscripttagexpectedtxt">branches/safari-602-branch/LayoutTests/http/tests/security/xssAuditor/report-script-tag-expected.txt</a></li>
<li><a href="#branchessafari602branchLayoutTestshttptestssecurityxssAuditorreportscripttagfullblockexpectedtxt">branches/safari-602-branch/LayoutTests/http/tests/security/xssAuditor/report-script-tag-full-block-expected.txt</a></li>
<li><a href="#branchessafari602branchLayoutTestshttptestssecurityxssAuditorreportscripttagreplacestateexpectedtxt">branches/safari-602-branch/LayoutTests/http/tests/security/xssAuditor/report-script-tag-replace-state-expected.txt</a></li>
<li><a href="#branchessafari602branchLayoutTestshttptestssecurityxssAuditorresourcesechointertagpl">branches/safari-602-branch/LayoutTests/http/tests/security/xssAuditor/resources/echo-intertag.pl</a></li>
<li><a href="#branchessafari602branchSourceWebCoreChangeLog">branches/safari-602-branch/Source/WebCore/ChangeLog</a></li>
<li><a href="#branchessafari602branchSourceWebCoreloaderLoaderStrategyh">branches/safari-602-branch/Source/WebCore/loader/LoaderStrategy.h</a></li>
<li><a href="#branchessafari602branchSourceWebCoreloaderPingLoadercpp">branches/safari-602-branch/Source/WebCore/loader/PingLoader.cpp</a></li>
<li><a href="#branchessafari602branchSourceWebCoreloaderPingLoaderh">branches/safari-602-branch/Source/WebCore/loader/PingLoader.h</a></li>
<li><a href="#branchessafari602branchSourceWebCoreplatformnetworkPingHandleh">branches/safari-602-branch/Source/WebCore/platform/network/PingHandle.h</a></li>
<li><a href="#branchessafari602branchSourceWebKitChangeLog">branches/safari-602-branch/Source/WebKit/ChangeLog</a></li>
<li><a href="#branchessafari602branchSourceWebKitWebCoreSupportWebResourceLoadSchedulercpp">branches/safari-602-branch/Source/WebKit/WebCoreSupport/WebResourceLoadScheduler.cpp</a></li>
<li><a href="#branchessafari602branchSourceWebKitWebCoreSupportWebResourceLoadSchedulerh">branches/safari-602-branch/Source/WebKit/WebCoreSupport/WebResourceLoadScheduler.h</a></li>
<li><a href="#branchessafari602branchSourceWebKit2ChangeLog">branches/safari-602-branch/Source/WebKit2/ChangeLog</a></li>
<li><a href="#branchessafari602branchSourceWebKit2NetworkProcessNetworkConnectionToWebProcesscpp">branches/safari-602-branch/Source/WebKit2/NetworkProcess/NetworkConnectionToWebProcess.cpp</a></li>
<li><a href="#branchessafari602branchSourceWebKit2NetworkProcessNetworkLoadParametersh">branches/safari-602-branch/Source/WebKit2/NetworkProcess/NetworkLoadParameters.h</a></li>
<li><a href="#branchessafari602branchSourceWebKit2NetworkProcessNetworkResourceLoadParameterscpp">branches/safari-602-branch/Source/WebKit2/NetworkProcess/NetworkResourceLoadParameters.cpp</a></li>
<li><a href="#branchessafari602branchSourceWebKit2NetworkProcessPingLoadh">branches/safari-602-branch/Source/WebKit2/NetworkProcess/PingLoad.h</a></li>
<li><a href="#branchessafari602branchSourceWebKit2WebProcessNetworkWebLoaderStrategycpp">branches/safari-602-branch/Source/WebKit2/WebProcess/Network/WebLoaderStrategy.cpp</a></li>
<li><a href="#branchessafari602branchSourceWebKit2WebProcessNetworkWebLoaderStrategyh">branches/safari-602-branch/Source/WebKit2/WebProcess/Network/WebLoaderStrategy.h</a></li>
</ul>
<h3>Added Paths</h3>
<ul>
<li><a href="#branchessafari602branchLayoutTestshttptestssecuritycontentSecurityPolicyreportblockedurianddonotfollowredirectwhensendingreportexpectedtxt">branches/safari-602-branch/LayoutTests/http/tests/security/contentSecurityPolicy/report-blocked-uri-and-do-not-follow-redirect-when-sending-report-expected.txt</a></li>
<li><a href="#branchessafari602branchLayoutTestshttptestssecuritycontentSecurityPolicyreportblockedurianddonotfollowredirectwhensendingreportphp">branches/safari-602-branch/LayoutTests/http/tests/security/contentSecurityPolicy/report-blocked-uri-and-do-not-follow-redirect-when-sending-report.php</a></li>
<li><a href="#branchessafari602branchLayoutTestshttptestssecuritycontentSecurityPolicyresourcessavereportandredirecttosavereportphp">branches/safari-602-branch/LayoutTests/http/tests/security/contentSecurityPolicy/resources/save-report-and-redirect-to-save-report.php</a></li>
<li><a href="#branchessafari602branchLayoutTestshttptestssecurityxssAuditorreportscripttaganddonotfollowredirectwhensendingreportexpectedtxt">branches/safari-602-branch/LayoutTests/http/tests/security/xssAuditor/report-script-tag-and-do-not-follow-redirect-when-sending-report-expected.txt</a></li>
<li><a href="#branchessafari602branchLayoutTestshttptestssecurityxssAuditorreportscripttaganddonotfollowredirectwhensendingreporthtml">branches/safari-602-branch/LayoutTests/http/tests/security/xssAuditor/report-script-tag-and-do-not-follow-redirect-when-sending-report.html</a></li>
<li><a href="#branchessafari602branchLayoutTestshttptestssecurityxssAuditorreportscripttagfullblockanddonotfollowredirectwhensendingreportexpectedtxt">branches/safari-602-branch/LayoutTests/http/tests/security/xssAuditor/report-script-tag-full-block-and-do-not-follow-redirect-when-sending-report-expected.txt</a></li>
<li><a href="#branchessafari602branchLayoutTestshttptestssecurityxssAuditorreportscripttagfullblockanddonotfollowredirectwhensendingreporthtml">branches/safari-602-branch/LayoutTests/http/tests/security/xssAuditor/report-script-tag-full-block-and-do-not-follow-redirect-when-sending-report.html</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="branchessafari602branchLayoutTestsChangeLog"></a>
<div class="modfile"><h4>Modified: branches/safari-602-branch/LayoutTests/ChangeLog (207623 => 207624)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-602-branch/LayoutTests/ChangeLog 2016-10-20 17:40:19 UTC (rev 207623)
+++ branches/safari-602-branch/LayoutTests/ChangeLog 2016-10-20 17:44:37 UTC (rev 207624)
</span><span class="lines">@@ -1,3 +1,75 @@
</span><ins>+2016-10-20 Daniel Bates <dabates@apple.com>
+
+ Merge r206809. rdar://problem/28718761
+
+ 2016-10-05 Daniel Bates <dabates@apple.com>
+
+ Do not follow redirects when sending violation report
+ https://bugs.webkit.org/show_bug.cgi?id=162520
+ <rdar://problem/27957639>
+
+ Reviewed by Alex Christensen.
+
+ Add tests for Content Security Policy and XSS Auditor to ensure that we do not follow redirects
+ when sending a violation report. Modified http/tests/security/contentSecurityPolicy/resources/save-report.php
+ to save the URL of the original ping request and conditionally clear cookies. Modified
+ http/tests/security/xssAuditor/resources/echo-intertag.pl to support testing for the XSS Auditor.
+ These changes together with the existing HTTP Host information that is saved with the report we can detect
+ if a redirect occurred when saving a report.
+
+ Updated expected results of existing tests now that we emit the URL of the ping request in the saved report.
+
+ * http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/report-frame-ancestors-cross-origin-expected.txt:
+ * http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/report-frame-ancestors-cross-origin-https-expected.txt:
+ * http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/report-frame-ancestors-same-origin-expected.txt:
+ * http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/report-frame-ancestors-same-origin-https-expected.txt:
+ * http/tests/security/contentSecurityPolicy/1.1/report-uri-effective-directive-expected.txt:
+ * http/tests/security/contentSecurityPolicy/1.1/script-blocked-sends-multiple-reports-expected.txt:
+ * http/tests/security/contentSecurityPolicy/1.1/scripthash-allowed-by-enforced-policy-and-blocked-by-report-policy-expected.txt:
+ * http/tests/security/contentSecurityPolicy/1.1/scripthash-allowed-by-enforced-policy-and-blocked-by-report-policy2-expected.txt:
+ * http/tests/security/contentSecurityPolicy/1.1/scripthash-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy-expected.txt:
+ * http/tests/security/contentSecurityPolicy/1.1/scripthash-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy2-expected.txt:
+ * http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-enforced-policy-and-allowed-by-report-policy-expected.txt:
+ * http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-allowed-by-report-policy-expected.txt:
+ * http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy-expected.txt:
+ * http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy2-expected.txt:
+ * http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-enforced-policy-and-allowed-by-report-policy-expected.txt:
+ * http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-legacy-enforced-policy-and-allowed-by-report-policy-expected.txt:
+ * http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy-expected.txt:
+ * http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy2-expected.txt:
+ * http/tests/security/contentSecurityPolicy/report-and-enforce-expected.txt:
+ * http/tests/security/contentSecurityPolicy/report-blocked-data-uri-expected.txt:
+ * http/tests/security/contentSecurityPolicy/report-blocked-file-uri-expected.txt:
+ * http/tests/security/contentSecurityPolicy/report-blocked-uri-and-do-not-follow-redirect-when-sending-report-expected.txt: Added.
+ * http/tests/security/contentSecurityPolicy/report-blocked-uri-and-do-not-follow-redirect-when-sending-report.php: Added.
+ * http/tests/security/contentSecurityPolicy/report-blocked-uri-cross-origin-expected.txt:
+ * http/tests/security/contentSecurityPolicy/report-blocked-uri-expected.txt:
+ * http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies-expected.txt:
+ * http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies-when-private-browsing-enabled-expected.txt:
+ * http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies-when-private-browsing-toggled-expected.txt:
+ * http/tests/security/contentSecurityPolicy/report-only-expected.txt:
+ * http/tests/security/contentSecurityPolicy/report-only-from-header-expected.txt:
+ * http/tests/security/contentSecurityPolicy/report-only-upgrade-insecure-expected.txt:
+ * http/tests/security/contentSecurityPolicy/report-same-origin-no-cookies-when-private-browsing-toggled-expected.txt:
+ * http/tests/security/contentSecurityPolicy/report-same-origin-with-cookies-expected.txt:
+ * http/tests/security/contentSecurityPolicy/report-same-origin-with-cookies-when-private-browsing-enabled-expected.txt:
+ * http/tests/security/contentSecurityPolicy/report-status-code-zero-when-using-https-expected.txt:
+ * http/tests/security/contentSecurityPolicy/report-uri-expected.txt:
+ * http/tests/security/contentSecurityPolicy/report-uri-from-child-frame-expected.txt:
+ * http/tests/security/contentSecurityPolicy/report-uri-from-inline-javascript-expected.txt:
+ * http/tests/security/contentSecurityPolicy/report-uri-from-javascript-expected.txt:
+ * http/tests/security/contentSecurityPolicy/report-uri-scheme-relative-expected.txt:
+ * http/tests/security/contentSecurityPolicy/resources/save-report-and-redirect-to-save-report.php: Added.
+ * http/tests/security/contentSecurityPolicy/resources/save-report.php:
+ * http/tests/security/xssAuditor/report-script-tag-and-do-not-follow-redirect-when-sending-report-expected.txt: Added.
+ * http/tests/security/xssAuditor/report-script-tag-and-do-not-follow-redirect-when-sending-report.html: Added.
+ * http/tests/security/xssAuditor/report-script-tag-expected.txt:
+ * http/tests/security/xssAuditor/report-script-tag-full-block-and-do-not-follow-redirect-when-sending-report-expected.txt: Added.
+ * http/tests/security/xssAuditor/report-script-tag-full-block-and-do-not-follow-redirect-when-sending-report.html: Added.
+ * http/tests/security/xssAuditor/report-script-tag-full-block-expected.txt:
+ * http/tests/security/xssAuditor/report-script-tag-replace-state-expected.txt:
+ * http/tests/security/xssAuditor/resources/echo-intertag.pl:
+
</ins><span class="cx"> 2016-10-20 Matthew Hanson <matthew_hanson>
</span><span class="cx">
</span><span class="cx"> Merge r206217. rdar://problem/28811877
</span></span></pre></div>
<a id="branchessafari602branchLayoutTestshttptestssecuritycontentSecurityPolicy11frameancestorsreportframeancestorscrossoriginexpectedtxt"></a>
<div class="modfile"><h4>Modified: branches/safari-602-branch/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/report-frame-ancestors-cross-origin-expected.txt (207623 => 207624)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-602-branch/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/report-frame-ancestors-cross-origin-expected.txt 2016-10-20 17:40:19 UTC (rev 207623)
+++ branches/safari-602-branch/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/report-frame-ancestors-cross-origin-expected.txt 2016-10-20 17:44:37 UTC (rev 207624)
</span><span class="lines">@@ -2,5 +2,6 @@
</span><span class="cx"> CSP report received:
</span><span class="cx"> CONTENT_TYPE: application/csp-report
</span><span class="cx"> REQUEST_METHOD: POST
</span><ins>+REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.php?test=/security/contentSecurityPolicy/1.1/report-frame-ancestors-cross-origin.html
</ins><span class="cx"> === POST DATA ===
</span><span class="cx"> {"csp-report":{"document-uri":"http://localhost:8000/security/contentSecurityPolicy/resources/echo-intertag.pl?header=Content-Security-Policy%3A+frame-ancestors+%27none%27%3B+report-uri+../../resources/save-report.php%3Ftest%3D/security/contentSecurityPolicy/1.1/report-frame-ancestors-cross-origin.html&q=FAIL","referrer":"","violated-directive":"frame-ancestors 'none'","effective-directive":"frame-ancestors","original-policy":"frame-ancestors 'none'; report-uri ../../resources/save-report.php?test=/security/contentSecurityPolicy/1.1/report-frame-ancestors-cross-origin.html","blocked-uri":"http://localhost:8000/security/contentSecurityPolicy/resources/echo-intertag.pl?header=Content-Security-Policy%3A+frame-ancestors+%27none%27%3B+report-uri+../../resources/save-report.php%3Ftest%3D/security/contentSecurityPolicy/1.1/report-f
rame-ancestors-cross-origin.html&q=FAIL","status-code":0}}
</span></span></pre></div>
<a id="branchessafari602branchLayoutTestshttptestssecuritycontentSecurityPolicy11frameancestorsreportframeancestorscrossoriginhttpsexpectedtxt"></a>
<div class="modfile"><h4>Modified: branches/safari-602-branch/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/report-frame-ancestors-cross-origin-https-expected.txt (207623 => 207624)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-602-branch/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/report-frame-ancestors-cross-origin-https-expected.txt 2016-10-20 17:40:19 UTC (rev 207623)
+++ branches/safari-602-branch/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/report-frame-ancestors-cross-origin-https-expected.txt 2016-10-20 17:44:37 UTC (rev 207624)
</span><span class="lines">@@ -2,5 +2,6 @@
</span><span class="cx"> CSP report received:
</span><span class="cx"> CONTENT_TYPE: application/csp-report
</span><span class="cx"> REQUEST_METHOD: POST
</span><ins>+REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.php?test=/security/contentSecurityPolicy/1.1/report-frame-ancestors-cross-origin.html
</ins><span class="cx"> === POST DATA ===
</span><span class="cx"> {"csp-report":{"document-uri":"https://localhost:8443/security/contentSecurityPolicy/resources/echo-intertag.pl?header=Content-Security-Policy%3A+frame-ancestors+%27none%27%3B+report-uri+../../resources/save-report.php%3Ftest%3D/security/contentSecurityPolicy/1.1/report-frame-ancestors-cross-origin.html&q=FAIL","referrer":"","violated-directive":"frame-ancestors 'none'","effective-directive":"frame-ancestors","original-policy":"frame-ancestors 'none'; report-uri ../../resources/save-report.php?test=/security/contentSecurityPolicy/1.1/report-frame-ancestors-cross-origin.html","blocked-uri":"https://localhost:8443/security/contentSecurityPolicy/resources/echo-intertag.pl?header=Content-Security-Policy%3A+frame-ancestors+%27none%27%3B+report-uri+../../resources/save-report.php%3Ftest%3D/security/contentSecurityPolicy/1.1/report
-frame-ancestors-cross-origin.html&q=FAIL","status-code":0}}
</span></span></pre></div>
<a id="branchessafari602branchLayoutTestshttptestssecuritycontentSecurityPolicy11frameancestorsreportframeancestorssameoriginexpectedtxt"></a>
<div class="modfile"><h4>Modified: branches/safari-602-branch/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/report-frame-ancestors-same-origin-expected.txt (207623 => 207624)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-602-branch/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/report-frame-ancestors-same-origin-expected.txt 2016-10-20 17:40:19 UTC (rev 207623)
+++ branches/safari-602-branch/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/report-frame-ancestors-same-origin-expected.txt 2016-10-20 17:44:37 UTC (rev 207624)
</span><span class="lines">@@ -2,5 +2,6 @@
</span><span class="cx"> CSP report received:
</span><span class="cx"> CONTENT_TYPE: application/csp-report
</span><span class="cx"> REQUEST_METHOD: POST
</span><ins>+REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.php?test=/security/contentSecurityPolicy/1.1/report-frame-ancestors-same-origin.html
</ins><span class="cx"> === POST DATA ===
</span><span class="cx"> {"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/resources/echo-intertag.pl?header=Content-Security-Policy%3A+frame-ancestors+%27none%27%3B+report-uri+../../resources/save-report.php%3Ftest%3D/security/contentSecurityPolicy/1.1/report-frame-ancestors-same-origin.html&q=FAIL","referrer":"","violated-directive":"frame-ancestors 'none'","effective-directive":"frame-ancestors","original-policy":"frame-ancestors 'none'; report-uri ../../resources/save-report.php?test=/security/contentSecurityPolicy/1.1/report-frame-ancestors-same-origin.html","blocked-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/resources/echo-intertag.pl?header=Content-Security-Policy%3A+frame-ancestors+%27none%27%3B+report-uri+../../resources/save-report.php%3Ftest%3D/security/contentSecurityPolicy/1.1/report-fra
me-ancestors-same-origin.html&q=FAIL","status-code":0}}
</span></span></pre></div>
<a id="branchessafari602branchLayoutTestshttptestssecuritycontentSecurityPolicy11frameancestorsreportframeancestorssameoriginhttpsexpectedtxt"></a>
<div class="modfile"><h4>Modified: branches/safari-602-branch/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/report-frame-ancestors-same-origin-https-expected.txt (207623 => 207624)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-602-branch/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/report-frame-ancestors-same-origin-https-expected.txt 2016-10-20 17:40:19 UTC (rev 207623)
+++ branches/safari-602-branch/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/report-frame-ancestors-same-origin-https-expected.txt 2016-10-20 17:44:37 UTC (rev 207624)
</span><span class="lines">@@ -2,5 +2,6 @@
</span><span class="cx"> CSP report received:
</span><span class="cx"> CONTENT_TYPE: application/csp-report
</span><span class="cx"> REQUEST_METHOD: POST
</span><ins>+REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.php?test=/security/contentSecurityPolicy/1.1/report-frame-ancestors-same-origin.html
</ins><span class="cx"> === POST DATA ===
</span><span class="cx"> {"csp-report":{"document-uri":"https://127.0.0.1:8443/security/contentSecurityPolicy/resources/echo-intertag.pl?header=Content-Security-Policy%3A+frame-ancestors+%27none%27%3B+report-uri+../../resources/save-report.php%3Ftest%3D/security/contentSecurityPolicy/1.1/report-frame-ancestors-same-origin.html&q=FAIL","referrer":"","violated-directive":"frame-ancestors 'none'","effective-directive":"frame-ancestors","original-policy":"frame-ancestors 'none'; report-uri ../../resources/save-report.php?test=/security/contentSecurityPolicy/1.1/report-frame-ancestors-same-origin.html","blocked-uri":"https://127.0.0.1:8443/security/contentSecurityPolicy/resources/echo-intertag.pl?header=Content-Security-Policy%3A+frame-ancestors+%27none%27%3B+report-uri+../../resources/save-report.php%3Ftest%3D/security/contentSecurityPolicy/1.1/report-f
rame-ancestors-same-origin.html&q=FAIL","status-code":0}}
</span></span></pre></div>
<a id="branchessafari602branchLayoutTestshttptestssecuritycontentSecurityPolicy11reporturieffectivedirectiveexpectedtxt"></a>
<div class="modfile"><h4>Modified: branches/safari-602-branch/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/report-uri-effective-directive-expected.txt (207623 => 207624)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-602-branch/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/report-uri-effective-directive-expected.txt 2016-10-20 17:40:19 UTC (rev 207623)
+++ branches/safari-602-branch/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/report-uri-effective-directive-expected.txt 2016-10-20 17:44:37 UTC (rev 207624)
</span><span class="lines">@@ -3,5 +3,6 @@
</span><span class="cx"> CONTENT_TYPE: application/csp-report
</span><span class="cx"> HTTP_REFERER: http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/report-uri-effective-directive.php
</span><span class="cx"> REQUEST_METHOD: POST
</span><ins>+REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.php
</ins><span class="cx"> === POST DATA ===
</span><span class="cx"> {"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/report-uri-effective-directive.php","referrer":"","violated-directive":"default-src 'self'","effective-directive":"script-src","original-policy":"default-src 'self'; report-uri ../resources/save-report.php","blocked-uri":"","status-code":200}}
</span></span></pre></div>
<a id="branchessafari602branchLayoutTestshttptestssecuritycontentSecurityPolicyreportandenforceexpectedtxt"></a>
<div class="modfile"><h4>Modified: branches/safari-602-branch/LayoutTests/http/tests/security/contentSecurityPolicy/report-and-enforce-expected.txt (207623 => 207624)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-602-branch/LayoutTests/http/tests/security/contentSecurityPolicy/report-and-enforce-expected.txt 2016-10-20 17:40:19 UTC (rev 207623)
+++ branches/safari-602-branch/LayoutTests/http/tests/security/contentSecurityPolicy/report-and-enforce-expected.txt 2016-10-20 17:44:37 UTC (rev 207624)
</span><span class="lines">@@ -5,5 +5,6 @@
</span><span class="cx"> CONTENT_TYPE: application/csp-report
</span><span class="cx"> HTTP_REFERER: http://127.0.0.1:8000/security/contentSecurityPolicy/report-and-enforce.php
</span><span class="cx"> REQUEST_METHOD: POST
</span><ins>+REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.php
</ins><span class="cx"> === POST DATA ===
</span><span class="cx"> {"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-and-enforce.php","referrer":"","violated-directive":"script-src 'self'","effective-directive":"script-src","original-policy":"script-src 'self'; report-uri resources/save-report.php","blocked-uri":"","status-code":200}}
</span></span></pre></div>
<a id="branchessafari602branchLayoutTestshttptestssecuritycontentSecurityPolicyreportblockeddatauriexpectedtxt"></a>
<div class="modfile"><h4>Modified: branches/safari-602-branch/LayoutTests/http/tests/security/contentSecurityPolicy/report-blocked-data-uri-expected.txt (207623 => 207624)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-602-branch/LayoutTests/http/tests/security/contentSecurityPolicy/report-blocked-data-uri-expected.txt 2016-10-20 17:40:19 UTC (rev 207623)
+++ branches/safari-602-branch/LayoutTests/http/tests/security/contentSecurityPolicy/report-blocked-data-uri-expected.txt 2016-10-20 17:44:37 UTC (rev 207624)
</span><span class="lines">@@ -3,5 +3,6 @@
</span><span class="cx"> CONTENT_TYPE: application/csp-report
</span><span class="cx"> HTTP_REFERER: http://127.0.0.1:8000/security/contentSecurityPolicy/report-blocked-data-uri.php
</span><span class="cx"> REQUEST_METHOD: POST
</span><ins>+REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.php
</ins><span class="cx"> === POST DATA ===
</span><span class="cx"> {"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-blocked-data-uri.php","referrer":"","violated-directive":"img-src 'none'","effective-directive":"img-src","original-policy":"img-src 'none'; report-uri resources/save-report.php","blocked-uri":"data","status-code":200}}
</span></span></pre></div>
<a id="branchessafari602branchLayoutTestshttptestssecuritycontentSecurityPolicyreportblockedfileuriexpectedtxt"></a>
<div class="modfile"><h4>Modified: branches/safari-602-branch/LayoutTests/http/tests/security/contentSecurityPolicy/report-blocked-file-uri-expected.txt (207623 => 207624)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-602-branch/LayoutTests/http/tests/security/contentSecurityPolicy/report-blocked-file-uri-expected.txt 2016-10-20 17:40:19 UTC (rev 207623)
+++ branches/safari-602-branch/LayoutTests/http/tests/security/contentSecurityPolicy/report-blocked-file-uri-expected.txt 2016-10-20 17:44:37 UTC (rev 207624)
</span><span class="lines">@@ -3,5 +3,6 @@
</span><span class="cx"> CONTENT_TYPE: application/csp-report
</span><span class="cx"> HTTP_REFERER: http://127.0.0.1:8000/security/contentSecurityPolicy/report-blocked-file-uri.php
</span><span class="cx"> REQUEST_METHOD: POST
</span><ins>+REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.php
</ins><span class="cx"> === POST DATA ===
</span><span class="cx"> {"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-blocked-file-uri.php","referrer":"","violated-directive":"img-src 'none'","effective-directive":"img-src","original-policy":"img-src 'none'; report-uri resources/save-report.php","blocked-uri":"file","status-code":200,"source-file":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-blocked-file-uri.php","line-number":9,"column-number":26}}
</span></span></pre></div>
<a id="branchessafari602branchLayoutTestshttptestssecuritycontentSecurityPolicyreportblockedurianddonotfollowredirectwhensendingreportexpectedtxt"></a>
<div class="addfile"><h4>Added: branches/safari-602-branch/LayoutTests/http/tests/security/contentSecurityPolicy/report-blocked-uri-and-do-not-follow-redirect-when-sending-report-expected.txt (0 => 207624)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-602-branch/LayoutTests/http/tests/security/contentSecurityPolicy/report-blocked-uri-and-do-not-follow-redirect-when-sending-report-expected.txt (rev 0)
+++ branches/safari-602-branch/LayoutTests/http/tests/security/contentSecurityPolicy/report-blocked-uri-and-do-not-follow-redirect-when-sending-report-expected.txt 2016-10-20 17:44:37 UTC (rev 207624)
</span><span class="lines">@@ -0,0 +1,8 @@
</span><ins>+CONSOLE MESSAGE: [Report Only] Refused to load http://127.0.0.1:8000/security/resources/abe.png because it does not appear in the img-src directive of the Content Security Policy.
+CSP report received:
+CONTENT_TYPE: application/csp-report
+HTTP_REFERER: http://127.0.0.1:8000/security/contentSecurityPolicy/report-blocked-uri-and-do-not-follow-redirect-when-sending-report.php
+REQUEST_METHOD: POST
+REQUEST_URI: /security/contentSecurityPolicy/resources/save-report-and-redirect-to-save-report.php
+=== POST DATA ===
+{"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-blocked-uri-and-do-not-follow-redirect-when-sending-report.php","referrer":"","violated-directive":"img-src 'none'","effective-directive":"img-src","original-policy":"img-src 'none'; report-uri resources/save-report-and-redirect-to-save-report.php","blocked-uri":"http://127.0.0.1:8000/security/resources/abe.png","status-code":200}}
</ins></span></pre></div>
<a id="branchessafari602branchLayoutTestshttptestssecuritycontentSecurityPolicyreportblockedurianddonotfollowredirectwhensendingreportphp"></a>
<div class="addfile"><h4>Added: branches/safari-602-branch/LayoutTests/http/tests/security/contentSecurityPolicy/report-blocked-uri-and-do-not-follow-redirect-when-sending-report.php (0 => 207624)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-602-branch/LayoutTests/http/tests/security/contentSecurityPolicy/report-blocked-uri-and-do-not-follow-redirect-when-sending-report.php (rev 0)
+++ branches/safari-602-branch/LayoutTests/http/tests/security/contentSecurityPolicy/report-blocked-uri-and-do-not-follow-redirect-when-sending-report.php 2016-10-20 17:44:37 UTC (rev 207624)
</span><span class="lines">@@ -0,0 +1,25 @@
</span><ins>+<?php
+header("Content-Security-Policy-Report-Only: img-src 'none'; report-uri resources/save-report-and-redirect-to-save-report.php");
+?>
+<!DOCTYPE html>
+<html>
+<body>
+<p>This test PASSED if the filename of the REQUEST_URI in the dumped report is save-report-and-redirect-to-save-report.php. Otherwise, it FAILED.</p>
+<img src="../resources/abe.png"> <!-- Trigger CSP violation -->
+<script>
+if (window.testRunner) {
+ testRunner.dumpAsText();
+ testRunner.waitUntilDone();
+}
+
+function navigateToReport()
+{
+ window.location = "/security/contentSecurityPolicy/resources/echo-report.php";
+}
+
+// We assume that if redirects were followed when saving the report that they will complete within one second.
+// FIXME: Is there are better way to test that a redirect did not occur?
+window.setTimeout(navigateToReport, 1000);
+</script>
+</body>
+</html>
</ins></span></pre></div>
<a id="branchessafari602branchLayoutTestshttptestssecuritycontentSecurityPolicyreportblockeduricrossoriginexpectedtxt"></a>
<div class="modfile"><h4>Modified: branches/safari-602-branch/LayoutTests/http/tests/security/contentSecurityPolicy/report-blocked-uri-cross-origin-expected.txt (207623 => 207624)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-602-branch/LayoutTests/http/tests/security/contentSecurityPolicy/report-blocked-uri-cross-origin-expected.txt 2016-10-20 17:40:19 UTC (rev 207623)
+++ branches/safari-602-branch/LayoutTests/http/tests/security/contentSecurityPolicy/report-blocked-uri-cross-origin-expected.txt 2016-10-20 17:44:37 UTC (rev 207624)
</span><span class="lines">@@ -3,5 +3,6 @@
</span><span class="cx"> CONTENT_TYPE: application/csp-report
</span><span class="cx"> HTTP_REFERER: http://127.0.0.1:8000/security/contentSecurityPolicy/report-blocked-uri-cross-origin.php
</span><span class="cx"> REQUEST_METHOD: POST
</span><ins>+REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.php
</ins><span class="cx"> === POST DATA ===
</span><span class="cx"> {"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-blocked-uri-cross-origin.php","referrer":"","violated-directive":"img-src 'none'","effective-directive":"img-src","original-policy":"img-src 'none'; report-uri resources/save-report.php","blocked-uri":"http://localhost:8080","status-code":200}}
</span></span></pre></div>
<a id="branchessafari602branchLayoutTestshttptestssecuritycontentSecurityPolicyreportblockeduriexpectedtxt"></a>
<div class="modfile"><h4>Modified: branches/safari-602-branch/LayoutTests/http/tests/security/contentSecurityPolicy/report-blocked-uri-expected.txt (207623 => 207624)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-602-branch/LayoutTests/http/tests/security/contentSecurityPolicy/report-blocked-uri-expected.txt 2016-10-20 17:40:19 UTC (rev 207623)
+++ branches/safari-602-branch/LayoutTests/http/tests/security/contentSecurityPolicy/report-blocked-uri-expected.txt 2016-10-20 17:44:37 UTC (rev 207624)
</span><span class="lines">@@ -3,5 +3,6 @@
</span><span class="cx"> CONTENT_TYPE: application/csp-report
</span><span class="cx"> HTTP_REFERER: http://127.0.0.1:8000/security/contentSecurityPolicy/report-blocked-uri.php
</span><span class="cx"> REQUEST_METHOD: POST
</span><ins>+REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.php
</ins><span class="cx"> === POST DATA ===
</span><span class="cx"> {"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-blocked-uri.php","referrer":"","violated-directive":"img-src 'none'","effective-directive":"img-src","original-policy":"img-src 'none'; report-uri resources/save-report.php","blocked-uri":"http://127.0.0.1:8000/security/resources/abe.png","status-code":200}}
</span></span></pre></div>
<a id="branchessafari602branchLayoutTestshttptestssecuritycontentSecurityPolicyreportcrossoriginnocookiesexpectedtxt"></a>
<div class="modfile"><h4>Modified: branches/safari-602-branch/LayoutTests/http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies-expected.txt (207623 => 207624)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-602-branch/LayoutTests/http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies-expected.txt 2016-10-20 17:40:19 UTC (rev 207623)
+++ branches/safari-602-branch/LayoutTests/http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies-expected.txt 2016-10-20 17:44:37 UTC (rev 207624)
</span><span class="lines">@@ -3,5 +3,6 @@
</span><span class="cx"> CONTENT_TYPE: application/csp-report
</span><span class="cx"> HTTP_REFERER: http://127.0.0.1:8000/security/contentSecurityPolicy/report-cross-origin-no-cookies.php
</span><span class="cx"> REQUEST_METHOD: POST
</span><ins>+REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.php
</ins><span class="cx"> === POST DATA ===
</span><span class="cx"> {"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-cross-origin-no-cookies.php","referrer":"","violated-directive":"img-src 'none'","effective-directive":"img-src","original-policy":"img-src 'none'; report-uri http://localhost:8080/security/contentSecurityPolicy/resources/save-report.php","blocked-uri":"http://127.0.0.1:8000/security/resources/abe.png","status-code":200}}
</span></span></pre></div>
<a id="branchessafari602branchLayoutTestshttptestssecuritycontentSecurityPolicyreportcrossoriginnocookieswhenprivatebrowsingenabledexpectedtxt"></a>
<div class="modfile"><h4>Modified: branches/safari-602-branch/LayoutTests/http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies-when-private-browsing-enabled-expected.txt (207623 => 207624)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-602-branch/LayoutTests/http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies-when-private-browsing-enabled-expected.txt 2016-10-20 17:40:19 UTC (rev 207623)
+++ branches/safari-602-branch/LayoutTests/http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies-when-private-browsing-enabled-expected.txt 2016-10-20 17:44:37 UTC (rev 207624)
</span><span class="lines">@@ -2,5 +2,6 @@
</span><span class="cx"> CONTENT_TYPE: application/csp-report
</span><span class="cx"> HTTP_REFERER: http://127.0.0.1:8000/security/contentSecurityPolicy/report-cross-origin-no-cookies-when-private-browsing-enabled.php
</span><span class="cx"> REQUEST_METHOD: POST
</span><ins>+REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.php
</ins><span class="cx"> === POST DATA ===
</span><span class="cx"> {"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-cross-origin-no-cookies-when-private-browsing-enabled.php","referrer":"","violated-directive":"img-src 'none'","effective-directive":"img-src","original-policy":"img-src 'none'; report-uri http://localhost:8080/security/contentSecurityPolicy/resources/save-report.php","blocked-uri":"http://127.0.0.1:8000/security/resources/abe.png","status-code":200}}
</span></span></pre></div>
<a id="branchessafari602branchLayoutTestshttptestssecuritycontentSecurityPolicyreportcrossoriginnocookieswhenprivatebrowsingtoggledexpectedtxt"></a>
<div class="modfile"><h4>Modified: branches/safari-602-branch/LayoutTests/http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies-when-private-browsing-toggled-expected.txt (207623 => 207624)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-602-branch/LayoutTests/http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies-when-private-browsing-toggled-expected.txt 2016-10-20 17:40:19 UTC (rev 207623)
+++ branches/safari-602-branch/LayoutTests/http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies-when-private-browsing-toggled-expected.txt 2016-10-20 17:44:37 UTC (rev 207624)
</span><span class="lines">@@ -2,5 +2,6 @@
</span><span class="cx"> CONTENT_TYPE: application/csp-report
</span><span class="cx"> HTTP_REFERER: http://127.0.0.1:8000/security/contentSecurityPolicy/report-cross-origin-no-cookies-when-private-browsing-toggled.php
</span><span class="cx"> REQUEST_METHOD: POST
</span><ins>+REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.php
</ins><span class="cx"> === POST DATA ===
</span><span class="cx"> {"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-cross-origin-no-cookies-when-private-browsing-toggled.php","referrer":"","violated-directive":"img-src 'none'","effective-directive":"img-src","original-policy":"img-src 'none'; report-uri http://localhost:8080/security/contentSecurityPolicy/resources/save-report.php","blocked-uri":"http://127.0.0.1:8000/security/resources/abe.png","status-code":200}}
</span></span></pre></div>
<a id="branchessafari602branchLayoutTestshttptestssecuritycontentSecurityPolicyreportonlyexpectedtxt"></a>
<div class="modfile"><h4>Modified: branches/safari-602-branch/LayoutTests/http/tests/security/contentSecurityPolicy/report-only-expected.txt (207623 => 207624)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-602-branch/LayoutTests/http/tests/security/contentSecurityPolicy/report-only-expected.txt 2016-10-20 17:40:19 UTC (rev 207623)
+++ branches/safari-602-branch/LayoutTests/http/tests/security/contentSecurityPolicy/report-only-expected.txt 2016-10-20 17:44:37 UTC (rev 207624)
</span><span class="lines">@@ -4,5 +4,6 @@
</span><span class="cx"> CONTENT_TYPE: application/csp-report
</span><span class="cx"> HTTP_REFERER: http://127.0.0.1:8000/security/contentSecurityPolicy/report-only.php
</span><span class="cx"> REQUEST_METHOD: POST
</span><ins>+REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.php
</ins><span class="cx"> === POST DATA ===
</span><span class="cx"> {"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-only.php","referrer":"","violated-directive":"script-src 'self'","effective-directive":"script-src","original-policy":"script-src 'self'; report-uri resources/save-report.php","blocked-uri":"","status-code":200}}
</span></span></pre></div>
<a id="branchessafari602branchLayoutTestshttptestssecuritycontentSecurityPolicyreportonlyfromheaderexpectedtxt"></a>
<div class="modfile"><h4>Modified: branches/safari-602-branch/LayoutTests/http/tests/security/contentSecurityPolicy/report-only-from-header-expected.txt (207623 => 207624)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-602-branch/LayoutTests/http/tests/security/contentSecurityPolicy/report-only-from-header-expected.txt 2016-10-20 17:40:19 UTC (rev 207623)
+++ branches/safari-602-branch/LayoutTests/http/tests/security/contentSecurityPolicy/report-only-from-header-expected.txt 2016-10-20 17:44:37 UTC (rev 207624)
</span><span class="lines">@@ -4,5 +4,6 @@
</span><span class="cx"> CONTENT_TYPE: application/csp-report
</span><span class="cx"> HTTP_REFERER: http://127.0.0.1:8000/security/contentSecurityPolicy/report-only-from-header.php
</span><span class="cx"> REQUEST_METHOD: POST
</span><ins>+REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.php
</ins><span class="cx"> === POST DATA ===
</span><span class="cx"> {"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-only-from-header.php","referrer":"","violated-directive":"script-src 'self'","effective-directive":"script-src","original-policy":"script-src 'self'; report-uri resources/save-report.php","blocked-uri":"","status-code":200}}
</span></span></pre></div>
<a id="branchessafari602branchLayoutTestshttptestssecuritycontentSecurityPolicyreportonlyupgradeinsecureexpectedtxt"></a>
<div class="modfile"><h4>Modified: branches/safari-602-branch/LayoutTests/http/tests/security/contentSecurityPolicy/report-only-upgrade-insecure-expected.txt (207623 => 207624)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-602-branch/LayoutTests/http/tests/security/contentSecurityPolicy/report-only-upgrade-insecure-expected.txt 2016-10-20 17:40:19 UTC (rev 207623)
+++ branches/safari-602-branch/LayoutTests/http/tests/security/contentSecurityPolicy/report-only-upgrade-insecure-expected.txt 2016-10-20 17:44:37 UTC (rev 207624)
</span><span class="lines">@@ -5,5 +5,6 @@
</span><span class="cx"> CONTENT_TYPE: application/csp-report
</span><span class="cx"> HTTP_REFERER: http://127.0.0.1:8000/security/contentSecurityPolicy/report-only-upgrade-insecure.php
</span><span class="cx"> REQUEST_METHOD: POST
</span><ins>+REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.php
</ins><span class="cx"> === POST DATA ===
</span><span class="cx"> {"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-only-upgrade-insecure.php","referrer":"","violated-directive":"script-src 'self'","effective-directive":"script-src","original-policy":"script-src 'self'; upgrade-insecure-requests; report-uri resources/save-report.php","blocked-uri":"","status-code":200}}
</span></span></pre></div>
<a id="branchessafari602branchLayoutTestshttptestssecuritycontentSecurityPolicyreportsameoriginnocookieswhenprivatebrowsingtoggledexpectedtxt"></a>
<div class="modfile"><h4>Modified: branches/safari-602-branch/LayoutTests/http/tests/security/contentSecurityPolicy/report-same-origin-no-cookies-when-private-browsing-toggled-expected.txt (207623 => 207624)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-602-branch/LayoutTests/http/tests/security/contentSecurityPolicy/report-same-origin-no-cookies-when-private-browsing-toggled-expected.txt 2016-10-20 17:40:19 UTC (rev 207623)
+++ branches/safari-602-branch/LayoutTests/http/tests/security/contentSecurityPolicy/report-same-origin-no-cookies-when-private-browsing-toggled-expected.txt 2016-10-20 17:44:37 UTC (rev 207624)
</span><span class="lines">@@ -2,5 +2,6 @@
</span><span class="cx"> CONTENT_TYPE: application/csp-report
</span><span class="cx"> HTTP_REFERER: http://127.0.0.1:8000/security/contentSecurityPolicy/report-same-origin-no-cookies-when-private-browsing-toggled.php
</span><span class="cx"> REQUEST_METHOD: POST
</span><ins>+REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.php
</ins><span class="cx"> === POST DATA ===
</span><span class="cx"> {"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-same-origin-no-cookies-when-private-browsing-toggled.php","referrer":"","violated-directive":"img-src 'none'","effective-directive":"img-src","original-policy":"img-src 'none'; report-uri /security/contentSecurityPolicy/resources/save-report.php","blocked-uri":"http://127.0.0.1:8000/security/resources/abe.png","status-code":200}}
</span></span></pre></div>
<a id="branchessafari602branchLayoutTestshttptestssecuritycontentSecurityPolicyreportsameoriginwithcookiesexpectedtxt"></a>
<div class="modfile"><h4>Modified: branches/safari-602-branch/LayoutTests/http/tests/security/contentSecurityPolicy/report-same-origin-with-cookies-expected.txt (207623 => 207624)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-602-branch/LayoutTests/http/tests/security/contentSecurityPolicy/report-same-origin-with-cookies-expected.txt 2016-10-20 17:40:19 UTC (rev 207623)
+++ branches/safari-602-branch/LayoutTests/http/tests/security/contentSecurityPolicy/report-same-origin-with-cookies-expected.txt 2016-10-20 17:44:37 UTC (rev 207624)
</span><span class="lines">@@ -4,5 +4,6 @@
</span><span class="cx"> HTTP_COOKIE: hello=world
</span><span class="cx"> HTTP_REFERER: http://127.0.0.1:8000/security/contentSecurityPolicy/report-same-origin-with-cookies.php
</span><span class="cx"> REQUEST_METHOD: POST
</span><ins>+REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.php
</ins><span class="cx"> === POST DATA ===
</span><span class="cx"> {"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-same-origin-with-cookies.php","referrer":"","violated-directive":"img-src 'none'","effective-directive":"img-src","original-policy":"img-src 'none'; report-uri /security/contentSecurityPolicy/resources/save-report.php","blocked-uri":"http://127.0.0.1:8000/security/resources/abe.png","status-code":200}}
</span></span></pre></div>
<a id="branchessafari602branchLayoutTestshttptestssecuritycontentSecurityPolicyreportsameoriginwithcookieswhenprivatebrowsingenabledexpectedtxt"></a>
<div class="modfile"><h4>Modified: branches/safari-602-branch/LayoutTests/http/tests/security/contentSecurityPolicy/report-same-origin-with-cookies-when-private-browsing-enabled-expected.txt (207623 => 207624)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-602-branch/LayoutTests/http/tests/security/contentSecurityPolicy/report-same-origin-with-cookies-when-private-browsing-enabled-expected.txt 2016-10-20 17:40:19 UTC (rev 207623)
+++ branches/safari-602-branch/LayoutTests/http/tests/security/contentSecurityPolicy/report-same-origin-with-cookies-when-private-browsing-enabled-expected.txt 2016-10-20 17:44:37 UTC (rev 207624)
</span><span class="lines">@@ -3,5 +3,6 @@
</span><span class="cx"> HTTP_COOKIE: hello=world
</span><span class="cx"> HTTP_REFERER: http://127.0.0.1:8000/security/contentSecurityPolicy/report-same-origin-with-cookies-when-private-browsing-enabled.php
</span><span class="cx"> REQUEST_METHOD: POST
</span><ins>+REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.php
</ins><span class="cx"> === POST DATA ===
</span><span class="cx"> {"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-same-origin-with-cookies-when-private-browsing-enabled.php","referrer":"","violated-directive":"img-src 'none'","effective-directive":"img-src","original-policy":"img-src 'none'; report-uri /security/contentSecurityPolicy/resources/save-report.php","blocked-uri":"http://127.0.0.1:8000/security/resources/abe.png","status-code":200}}
</span></span></pre></div>
<a id="branchessafari602branchLayoutTestshttptestssecuritycontentSecurityPolicyreportstatuscodezerowhenusinghttpsexpectedtxt"></a>
<div class="modfile"><h4>Modified: branches/safari-602-branch/LayoutTests/http/tests/security/contentSecurityPolicy/report-status-code-zero-when-using-https-expected.txt (207623 => 207624)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-602-branch/LayoutTests/http/tests/security/contentSecurityPolicy/report-status-code-zero-when-using-https-expected.txt 2016-10-20 17:40:19 UTC (rev 207623)
+++ branches/safari-602-branch/LayoutTests/http/tests/security/contentSecurityPolicy/report-status-code-zero-when-using-https-expected.txt 2016-10-20 17:44:37 UTC (rev 207624)
</span><span class="lines">@@ -10,5 +10,6 @@
</span><span class="cx"> CONTENT_TYPE: application/csp-report
</span><span class="cx"> HTTP_REFERER: https://127.0.0.1:8443/security/contentSecurityPolicy/resources/generate-csp-report.php?test=/security/contentSecurityPolicy/report-status-code-zero-when-using-https.html
</span><span class="cx"> REQUEST_METHOD: POST
</span><ins>+REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.php?test=/security/contentSecurityPolicy/report-status-code-zero-when-using-https.html
</ins><span class="cx"> === POST DATA ===
</span><span class="cx"> {"csp-report":{"document-uri":"https://127.0.0.1:8443/security/contentSecurityPolicy/resources/generate-csp-report.php?test=/security/contentSecurityPolicy/report-status-code-zero-when-using-https.html","referrer":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-status-code-zero-when-using-https.html","violated-directive":"script-src 'self'","effective-directive":"script-src","original-policy":"script-src 'self'; report-uri save-report.php?test=/security/contentSecurityPolicy/report-status-code-zero-when-using-https.html","blocked-uri":"","status-code":0}}
</span></span></pre></div>
<a id="branchessafari602branchLayoutTestshttptestssecuritycontentSecurityPolicyreporturiexpectedtxt"></a>
<div class="modfile"><h4>Modified: branches/safari-602-branch/LayoutTests/http/tests/security/contentSecurityPolicy/report-uri-expected.txt (207623 => 207624)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-602-branch/LayoutTests/http/tests/security/contentSecurityPolicy/report-uri-expected.txt 2016-10-20 17:40:19 UTC (rev 207623)
+++ branches/safari-602-branch/LayoutTests/http/tests/security/contentSecurityPolicy/report-uri-expected.txt 2016-10-20 17:44:37 UTC (rev 207624)
</span><span class="lines">@@ -3,5 +3,6 @@
</span><span class="cx"> CONTENT_TYPE: application/csp-report
</span><span class="cx"> HTTP_REFERER: http://127.0.0.1:8000/security/contentSecurityPolicy/report-uri.php
</span><span class="cx"> REQUEST_METHOD: POST
</span><ins>+REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.php
</ins><span class="cx"> === POST DATA ===
</span><span class="cx"> {"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-uri.php","referrer":"","violated-directive":"script-src 'self'","effective-directive":"script-src","original-policy":"script-src 'self'; report-uri resources/save-report.php","blocked-uri":"","status-code":200}}
</span></span></pre></div>
<a id="branchessafari602branchLayoutTestshttptestssecuritycontentSecurityPolicyreporturifromchildframeexpectedtxt"></a>
<div class="modfile"><h4>Modified: branches/safari-602-branch/LayoutTests/http/tests/security/contentSecurityPolicy/report-uri-from-child-frame-expected.txt (207623 => 207624)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-602-branch/LayoutTests/http/tests/security/contentSecurityPolicy/report-uri-from-child-frame-expected.txt 2016-10-20 17:40:19 UTC (rev 207623)
+++ branches/safari-602-branch/LayoutTests/http/tests/security/contentSecurityPolicy/report-uri-from-child-frame-expected.txt 2016-10-20 17:44:37 UTC (rev 207624)
</span><span class="lines">@@ -8,5 +8,6 @@
</span><span class="cx"> CONTENT_TYPE: application/csp-report
</span><span class="cx"> HTTP_REFERER: http://127.0.0.1:8000/security/contentSecurityPolicy/resources/generate-csp-report.php?test=/security/contentSecurityPolicy/report-uri-from-child-frame.html
</span><span class="cx"> REQUEST_METHOD: POST
</span><ins>+REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.php?test=/security/contentSecurityPolicy/report-uri-from-child-frame.html
</ins><span class="cx"> === POST DATA ===
</span><span class="cx"> {"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/resources/generate-csp-report.php?test=/security/contentSecurityPolicy/report-uri-from-child-frame.html","referrer":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-uri-from-child-frame.html","violated-directive":"script-src 'self'","effective-directive":"script-src","original-policy":"script-src 'self'; report-uri save-report.php?test=/security/contentSecurityPolicy/report-uri-from-child-frame.html","blocked-uri":"","status-code":200}}
</span></span></pre></div>
<a id="branchessafari602branchLayoutTestshttptestssecuritycontentSecurityPolicyreporturifrominlinejavascriptexpectedtxt"></a>
<div class="modfile"><h4>Modified: branches/safari-602-branch/LayoutTests/http/tests/security/contentSecurityPolicy/report-uri-from-inline-javascript-expected.txt (207623 => 207624)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-602-branch/LayoutTests/http/tests/security/contentSecurityPolicy/report-uri-from-inline-javascript-expected.txt 2016-10-20 17:40:19 UTC (rev 207623)
+++ branches/safari-602-branch/LayoutTests/http/tests/security/contentSecurityPolicy/report-uri-from-inline-javascript-expected.txt 2016-10-20 17:44:37 UTC (rev 207624)
</span><span class="lines">@@ -3,5 +3,6 @@
</span><span class="cx"> CONTENT_TYPE: application/csp-report
</span><span class="cx"> HTTP_REFERER: http://127.0.0.1:8000/security/contentSecurityPolicy/report-uri-from-inline-javascript.php
</span><span class="cx"> REQUEST_METHOD: POST
</span><ins>+REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.php
</ins><span class="cx"> === POST DATA ===
</span><span class="cx"> {"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-uri-from-inline-javascript.php","referrer":"","violated-directive":"img-src 'none'","effective-directive":"img-src","original-policy":"img-src 'none'; report-uri resources/save-report.php","blocked-uri":"http://127.0.0.1:8000/security/resources/abe.png","status-code":200,"source-file":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-uri-from-inline-javascript.php","line-number":7,"column-number":10}}
</span></span></pre></div>
<a id="branchessafari602branchLayoutTestshttptestssecuritycontentSecurityPolicyreporturifromjavascriptexpectedtxt"></a>
<div class="modfile"><h4>Modified: branches/safari-602-branch/LayoutTests/http/tests/security/contentSecurityPolicy/report-uri-from-javascript-expected.txt (207623 => 207624)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-602-branch/LayoutTests/http/tests/security/contentSecurityPolicy/report-uri-from-javascript-expected.txt 2016-10-20 17:40:19 UTC (rev 207623)
+++ branches/safari-602-branch/LayoutTests/http/tests/security/contentSecurityPolicy/report-uri-from-javascript-expected.txt 2016-10-20 17:44:37 UTC (rev 207624)
</span><span class="lines">@@ -3,5 +3,6 @@
</span><span class="cx"> CONTENT_TYPE: application/csp-report
</span><span class="cx"> HTTP_REFERER: http://127.0.0.1:8000/security/contentSecurityPolicy/report-uri-from-javascript.php
</span><span class="cx"> REQUEST_METHOD: POST
</span><ins>+REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.php
</ins><span class="cx"> === POST DATA ===
</span><span class="cx"> {"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-uri-from-javascript.php","referrer":"","violated-directive":"img-src 'none'","effective-directive":"img-src","original-policy":"img-src 'none'; report-uri resources/save-report.php","blocked-uri":"http://127.0.0.1:8000/security/resources/abe.png","status-code":200,"source-file":"http://127.0.0.1:8000/security/contentSecurityPolicy/resources/inject-image.js","line-number":3,"column-number":2}}
</span></span></pre></div>
<a id="branchessafari602branchLayoutTestshttptestssecuritycontentSecurityPolicyreporturischemerelativeexpectedtxt"></a>
<div class="modfile"><h4>Modified: branches/safari-602-branch/LayoutTests/http/tests/security/contentSecurityPolicy/report-uri-scheme-relative-expected.txt (207623 => 207624)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-602-branch/LayoutTests/http/tests/security/contentSecurityPolicy/report-uri-scheme-relative-expected.txt 2016-10-20 17:40:19 UTC (rev 207623)
+++ branches/safari-602-branch/LayoutTests/http/tests/security/contentSecurityPolicy/report-uri-scheme-relative-expected.txt 2016-10-20 17:44:37 UTC (rev 207624)
</span><span class="lines">@@ -3,5 +3,6 @@
</span><span class="cx"> CONTENT_TYPE: application/csp-report
</span><span class="cx"> HTTP_REFERER: http://127.0.0.1:8000/security/contentSecurityPolicy/report-uri-scheme-relative.php
</span><span class="cx"> REQUEST_METHOD: POST
</span><ins>+REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.php
</ins><span class="cx"> === POST DATA ===
</span><span class="cx"> {"csp-report":{"document-uri":"http://127.0.0.1:8000/security/contentSecurityPolicy/report-uri-scheme-relative.php","referrer":"","violated-directive":"script-src 'self'","effective-directive":"script-src","original-policy":"script-src 'self'; report-uri //127.0.0.1:8080/security/contentSecurityPolicy/resources/save-report.php","blocked-uri":"","status-code":200}}
</span></span></pre></div>
<a id="branchessafari602branchLayoutTestshttptestssecuritycontentSecurityPolicyresourcessavereportandredirecttosavereportphp"></a>
<div class="addfile"><h4>Added: branches/safari-602-branch/LayoutTests/http/tests/security/contentSecurityPolicy/resources/save-report-and-redirect-to-save-report.php (0 => 207624)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-602-branch/LayoutTests/http/tests/security/contentSecurityPolicy/resources/save-report-and-redirect-to-save-report.php (rev 0)
+++ branches/safari-602-branch/LayoutTests/http/tests/security/contentSecurityPolicy/resources/save-report-and-redirect-to-save-report.php 2016-10-20 17:44:37 UTC (rev 207624)
</span><span class="lines">@@ -0,0 +1,9 @@
</span><ins>+<?php
+require_once "report-file-path.php";
+
+$DO_NOT_CLEAR_COOKIES = true; // Used by save-report.php
+require_once "save-report.php";
+
+header("HTTP/1.1 307");
+header("Location: save-report.php" . (isset($_SERVER["QUERY_STRING"]) ? "?" . $_SERVER["QUERY_STRING"] : ""));
+?>
</ins></span></pre></div>
<a id="branchessafari602branchLayoutTestshttptestssecuritycontentSecurityPolicyresourcessavereportphp"></a>
<div class="modfile"><h4>Modified: branches/safari-602-branch/LayoutTests/http/tests/security/contentSecurityPolicy/resources/save-report.php (207623 => 207624)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-602-branch/LayoutTests/http/tests/security/contentSecurityPolicy/resources/save-report.php 2016-10-20 17:40:19 UTC (rev 207623)
+++ branches/safari-602-branch/LayoutTests/http/tests/security/contentSecurityPolicy/resources/save-report.php 2016-10-20 17:44:37 UTC (rev 207624)
</span><span class="lines">@@ -11,17 +11,19 @@
</span><span class="cx"> $httpHeaders = $_SERVER;
</span><span class="cx"> ksort($httpHeaders, SORT_STRING);
</span><span class="cx"> foreach ($httpHeaders as $name => $value) {
</span><del>- if ($name === "CONTENT_TYPE" || $name === "HTTP_REFERER" || $name === "REQUEST_METHOD" || $name === "HTTP_COOKIE") {
</del><ins>+ if ($name === "CONTENT_TYPE" || $name === "HTTP_REFERER" || $name === "REQUEST_METHOD" || $name === "HTTP_COOKIE" || $name === "REQUEST_URI") {
</ins><span class="cx"> $value = undoMagicQuotes($value);
</span><span class="cx"> fwrite($reportFile, "$name: $value\n");
</span><span class="cx"> }
</span><span class="cx"> }
</span><span class="cx">
</span><del>-foreach ($_COOKIE as $name => $value)
- setcookie($name, "deleted", time() - 60, "/");
-
</del><span class="cx"> fwrite($reportFile, "=== POST DATA ===\n");
</span><span class="cx"> fwrite($reportFile, file_get_contents("php://input"));
</span><span class="cx"> fclose($reportFile);
</span><span class="cx"> rename($reportFilePath . ".tmp", $reportFilePath);
</span><ins>+
+if (!isset($DO_NOT_CLEAR_COOKIES) || !$DO_NOT_CLEAR_COOKIES) {
+ foreach ($_COOKIE as $name => $value)
+ setcookie($name, "deleted", time() - 60, "/");
+}
</ins><span class="cx"> ?>
</span></span></pre></div>
<a id="branchessafari602branchLayoutTestshttptestssecurityxssAuditorreportscripttaganddonotfollowredirectwhensendingreportexpectedtxt"></a>
<div class="addfile"><h4>Added: branches/safari-602-branch/LayoutTests/http/tests/security/xssAuditor/report-script-tag-and-do-not-follow-redirect-when-sending-report-expected.txt (0 => 207624)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-602-branch/LayoutTests/http/tests/security/xssAuditor/report-script-tag-and-do-not-follow-redirect-when-sending-report-expected.txt (rev 0)
+++ branches/safari-602-branch/LayoutTests/http/tests/security/xssAuditor/report-script-tag-and-do-not-follow-redirect-when-sending-report-expected.txt 2016-10-20 17:44:37 UTC (rev 207624)
</span><span class="lines">@@ -0,0 +1,8 @@
</span><ins>+CONSOLE MESSAGE: line 4: The XSS Auditor refused to execute a script in 'http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/report-script-tag-and-do-not-follow-redirect-when-sending-report.html&enable-report-with-redirect=1&q=%3Cscript%3Ealert(String.fromCharCode(0x58,0x53,0x53))%3C/script%3E%3Cp%3EIf%20you%20see%20this%20message,%20no%20JavaScript%20alert(),%20and%20a%20dump%20of%20the%20report%20below,%20then%20the%20test%20PASSED.%3C/p%3E' because its source code was found within the request. The server sent an 'X-XSS-Protection' header requesting this behavior.
+CSP report received:
+CONTENT_TYPE: application/json
+HTTP_REFERER: http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/report-script-tag-and-do-not-follow-redirect-when-sending-report.html&enable-report-with-redirect=1&q=%3Cscript%3Ealert(String.fromCharCode(0x58,0x53,0x53))%3C/script%3E%3Cp%3EIf%20you%20see%20this%20message,%20no%20JavaScript%20alert(),%20and%20a%20dump%20of%20the%20report%20below,%20then%20the%20test%20PASSED.%3C/p%3E
+REQUEST_METHOD: POST
+REQUEST_URI: /security/contentSecurityPolicy/resources/save-report-and-redirect-to-save-report.php?test=/security/xssAuditor/report-script-tag-and-do-not-follow-redirect-when-sending-report.html
+=== POST DATA ===
+{"xss-report":{"request-url":"http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/report-script-tag-and-do-not-follow-redirect-when-sending-report.html&enable-report-with-redirect=1&q=%3Cscript%3Ealert(String.fromCharCode(0x58,0x53,0x53))%3C/script%3E%3Cp%3EIf%20you%20see%20this%20message,%20no%20JavaScript%20alert(),%20and%20a%20dump%20of%20the%20report%20below,%20then%20the%20test%20PASSED.%3C/p%3E","request-body":""}}
</ins></span></pre></div>
<a id="branchessafari602branchLayoutTestshttptestssecurityxssAuditorreportscripttaganddonotfollowredirectwhensendingreporthtml"></a>
<div class="addfile"><h4>Added: branches/safari-602-branch/LayoutTests/http/tests/security/xssAuditor/report-script-tag-and-do-not-follow-redirect-when-sending-report.html (0 => 207624)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-602-branch/LayoutTests/http/tests/security/xssAuditor/report-script-tag-and-do-not-follow-redirect-when-sending-report.html (rev 0)
+++ branches/safari-602-branch/LayoutTests/http/tests/security/xssAuditor/report-script-tag-and-do-not-follow-redirect-when-sending-report.html 2016-10-20 17:44:37 UTC (rev 207624)
</span><span class="lines">@@ -0,0 +1,28 @@
</span><ins>+<!DOCTYPE html>
+<html>
+<head>
+<script src="resources/utilities.js"></script>
+<script>
+if (window.testRunner) {
+ testRunner.dumpAsText();
+ testRunner.waitUntilDone();
+ testRunner.setXSSAuditorEnabled(true);
+}
+
+function done()
+{
+ function navigateToReport() {
+ window.location = "/security/contentSecurityPolicy/resources/echo-report.php";
+ }
+ // We assume that if redirects were followed when saving the report that they will complete within one second.
+ // FIXME: Is there are better way to test that a redirect did not occur?
+ window.setTimeout(navigateToReport, 1000);
+}
+</script>
+</head>
+<body>
+<p>This tests that a redirect is not followed when sending an X-XSS-Protection report. This test PASSED if the filename of the REQUEST_URI in the dumped report is save-report-and-redirect-to-save-report.php. Otherwise, it FAILED.</p>
+<iframe id="frame" name="frame" src="http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/report-script-tag-and-do-not-follow-redirect-when-sending-report.html&enable-report-with-redirect=1&q=<script>alert(String.fromCharCode(0x58,0x53,0x53))</script><p>If you see this message, no JavaScript alert(), and a dump of the report below, then the test PASSED.</p>" onload="done()">
+</iframe>
+</body>
+</html>
</ins></span></pre></div>
<a id="branchessafari602branchLayoutTestshttptestssecurityxssAuditorreportscripttagexpectedtxt"></a>
<div class="modfile"><h4>Modified: branches/safari-602-branch/LayoutTests/http/tests/security/xssAuditor/report-script-tag-expected.txt (207623 => 207624)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-602-branch/LayoutTests/http/tests/security/xssAuditor/report-script-tag-expected.txt 2016-10-20 17:40:19 UTC (rev 207623)
+++ branches/safari-602-branch/LayoutTests/http/tests/security/xssAuditor/report-script-tag-expected.txt 2016-10-20 17:44:37 UTC (rev 207624)
</span><span class="lines">@@ -10,5 +10,6 @@
</span><span class="cx"> CONTENT_TYPE: application/json
</span><span class="cx"> HTTP_REFERER: http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/report-script-tag.html&echo-report=1&enable-report=1&q=%3Cscript%3Ealert(String.fromCharCode(0x58,0x53,0x53))%3C/script%3E%3Cp%3EIf%20you%20see%20this%20message,%20no%20JavaScript%20alert(),%20and%20a%20dump%20of%20the%20report%20below,%20then%20the%20test%20PASSED.%3C/p%3E
</span><span class="cx"> REQUEST_METHOD: POST
</span><ins>+REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.php?test=/security/xssAuditor/report-script-tag.html
</ins><span class="cx"> === POST DATA ===
</span><span class="cx"> {"xss-report":{"request-url":"http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/report-script-tag.html&echo-report=1&enable-report=1&q=%3Cscript%3Ealert(String.fromCharCode(0x58,0x53,0x53))%3C/script%3E%3Cp%3EIf%20you%20see%20this%20message,%20no%20JavaScript%20alert(),%20and%20a%20dump%20of%20the%20report%20below,%20then%20the%20test%20PASSED.%3C/p%3E","request-body":""}}
</span></span></pre></div>
<a id="branchessafari602branchLayoutTestshttptestssecurityxssAuditorreportscripttagfullblockanddonotfollowredirectwhensendingreportexpectedtxt"></a>
<div class="addfile"><h4>Added: branches/safari-602-branch/LayoutTests/http/tests/security/xssAuditor/report-script-tag-full-block-and-do-not-follow-redirect-when-sending-report-expected.txt (0 => 207624)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-602-branch/LayoutTests/http/tests/security/xssAuditor/report-script-tag-full-block-and-do-not-follow-redirect-when-sending-report-expected.txt (rev 0)
+++ branches/safari-602-branch/LayoutTests/http/tests/security/xssAuditor/report-script-tag-full-block-and-do-not-follow-redirect-when-sending-report-expected.txt 2016-10-20 17:44:37 UTC (rev 207624)
</span><span class="lines">@@ -0,0 +1,8 @@
</span><ins>+CONSOLE MESSAGE: line 4: The XSS Auditor blocked access to 'http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/report-script-tag-full-block-and-do-not-follow-redirect-when-sending-report.html&enable-full-block-report-with-redirect=1&q=%3Cscript%3Ealert(String.fromCharCode(0x58,0x53,0x53))%3C/script%3E%3Cp%3EIf%20you%20see%20this%20message,%20no%20JavaScript%20alert(),%20and%20a%20dump%20of%20the%20report%20below,%20then%20the%20test%20PASSED.%3C/p%3E' because the source code of a script was found within the request. The server sent an 'X-XSS-Protection' header requesting this behavior.
+CSP report received:
+CONTENT_TYPE: application/json
+HTTP_REFERER: http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/report-script-tag-full-block-and-do-not-follow-redirect-when-sending-report.html&enable-full-block-report-with-redirect=1&q=%3Cscript%3Ealert(String.fromCharCode(0x58,0x53,0x53))%3C/script%3E%3Cp%3EIf%20you%20see%20this%20message,%20no%20JavaScript%20alert(),%20and%20a%20dump%20of%20the%20report%20below,%20then%20the%20test%20PASSED.%3C/p%3E
+REQUEST_METHOD: POST
+REQUEST_URI: /security/contentSecurityPolicy/resources/save-report-and-redirect-to-save-report.php?test=/security/xssAuditor/report-script-tag-full-block-and-do-not-follow-redirect-when-sending-report.html
+=== POST DATA ===
+{"xss-report":{"request-url":"http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/report-script-tag-full-block-and-do-not-follow-redirect-when-sending-report.html&enable-full-block-report-with-redirect=1&q=%3Cscript%3Ealert(String.fromCharCode(0x58,0x53,0x53))%3C/script%3E%3Cp%3EIf%20you%20see%20this%20message,%20no%20JavaScript%20alert(),%20and%20a%20dump%20of%20the%20report%20below,%20then%20the%20test%20PASSED.%3C/p%3E","request-body":""}}
</ins></span></pre></div>
<a id="branchessafari602branchLayoutTestshttptestssecurityxssAuditorreportscripttagfullblockanddonotfollowredirectwhensendingreporthtml"></a>
<div class="addfile"><h4>Added: branches/safari-602-branch/LayoutTests/http/tests/security/xssAuditor/report-script-tag-full-block-and-do-not-follow-redirect-when-sending-report.html (0 => 207624)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-602-branch/LayoutTests/http/tests/security/xssAuditor/report-script-tag-full-block-and-do-not-follow-redirect-when-sending-report.html (rev 0)
+++ branches/safari-602-branch/LayoutTests/http/tests/security/xssAuditor/report-script-tag-full-block-and-do-not-follow-redirect-when-sending-report.html 2016-10-20 17:44:37 UTC (rev 207624)
</span><span class="lines">@@ -0,0 +1,28 @@
</span><ins>+<!DOCTYPE html>
+<html>
+<head>
+<script src="resources/utilities.js"></script>
+<script>
+if (window.testRunner) {
+ testRunner.dumpAsText();
+ testRunner.waitUntilDone();
+ testRunner.setXSSAuditorEnabled(true);
+}
+
+function done()
+{
+ function navigateToReport() {
+ window.location = "/security/contentSecurityPolicy/resources/echo-report.php";
+ }
+ // We assume that if redirects were followed when saving the report that they will complete within one second.
+ // FIXME: Is there are better way to test that a redirect did not occur?
+ window.setTimeout(navigateToReport, 1000);
+}
+</script>
+</head>
+<body>
+<p>This tests that a redirect is not followed when sending an X-XSS-Protection report. This test PASSED if the filename of the REQUEST_URI in the dumped report is save-report-and-redirect-to-save-report.php. Otherwise, it FAILED.</p>
+<iframe id="frame" src="http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/report-script-tag-full-block-and-do-not-follow-redirect-when-sending-report.html&enable-full-block-report-with-redirect=1&q=<script>alert(String.fromCharCode(0x58,0x53,0x53))</script><p>If you see this message, no JavaScript alert(), and a dump of the report below, then the test PASSED.</p>" onload="done()">
+</iframe>
+</body>
+</html>
</ins></span></pre></div>
<a id="branchessafari602branchLayoutTestshttptestssecurityxssAuditorreportscripttagfullblockexpectedtxt"></a>
<div class="modfile"><h4>Modified: branches/safari-602-branch/LayoutTests/http/tests/security/xssAuditor/report-script-tag-full-block-expected.txt (207623 => 207624)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-602-branch/LayoutTests/http/tests/security/xssAuditor/report-script-tag-full-block-expected.txt 2016-10-20 17:40:19 UTC (rev 207623)
+++ branches/safari-602-branch/LayoutTests/http/tests/security/xssAuditor/report-script-tag-full-block-expected.txt 2016-10-20 17:44:37 UTC (rev 207624)
</span><span class="lines">@@ -3,5 +3,6 @@
</span><span class="cx"> CONTENT_TYPE: application/json
</span><span class="cx"> HTTP_REFERER: http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/report-script-tag-full-block.html&enable-full-block-report=1&q=%3Cscript%3Ealert(String.fromCharCode(0x58,0x53,0x53))%3C/script%3E%3Cp%3EIf%20you%20see%20this%20message,%20no%20JavaScript%20alert(),%20and%20a%20dump%20of%20the%20report%20below,%20then%20the%20test%20PASSED.%3C/p%3E
</span><span class="cx"> REQUEST_METHOD: POST
</span><ins>+REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.php?test=/security/xssAuditor/report-script-tag-full-block.html
</ins><span class="cx"> === POST DATA ===
</span><span class="cx"> {"xss-report":{"request-url":"http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/report-script-tag-full-block.html&enable-full-block-report=1&q=%3Cscript%3Ealert(String.fromCharCode(0x58,0x53,0x53))%3C/script%3E%3Cp%3EIf%20you%20see%20this%20message,%20no%20JavaScript%20alert(),%20and%20a%20dump%20of%20the%20report%20below,%20then%20the%20test%20PASSED.%3C/p%3E","request-body":""}}
</span></span></pre></div>
<a id="branchessafari602branchLayoutTestshttptestssecurityxssAuditorreportscripttagreplacestateexpectedtxt"></a>
<div class="modfile"><h4>Modified: branches/safari-602-branch/LayoutTests/http/tests/security/xssAuditor/report-script-tag-replace-state-expected.txt (207623 => 207624)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-602-branch/LayoutTests/http/tests/security/xssAuditor/report-script-tag-replace-state-expected.txt 2016-10-20 17:40:19 UTC (rev 207623)
+++ branches/safari-602-branch/LayoutTests/http/tests/security/xssAuditor/report-script-tag-replace-state-expected.txt 2016-10-20 17:44:37 UTC (rev 207624)
</span><span class="lines">@@ -10,5 +10,6 @@
</span><span class="cx"> CONTENT_TYPE: application/json
</span><span class="cx"> HTTP_REFERER: http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/report-script-tag-replace-state.html&test=report-script-tag.html&echo-report=1&enable-report=1&replaceState=1&q=%3Cscript%3Ealert(String.fromCharCode(0x58,0x53,0x53))%3C/script%3E%3Cp%3EIf%20you%20see%20this%20message,%20no%20JavaScript%20alert(),%20and%20a%20dump%20of%20the%20report%20below,%20then%20the%20test%20PASSED.%3C/p%3E
</span><span class="cx"> REQUEST_METHOD: POST
</span><ins>+REQUEST_URI: /security/contentSecurityPolicy/resources/save-report.php?test=/security/xssAuditor/report-script-tag-replace-state.html
</ins><span class="cx"> === POST DATA ===
</span><span class="cx"> {"xss-report":{"request-url":"http://127.0.0.1:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/report-script-tag-replace-state.html&test=report-script-tag.html&echo-report=1&enable-report=1&replaceState=1&q=%3Cscript%3Ealert(String.fromCharCode(0x58,0x53,0x53))%3C/script%3E%3Cp%3EIf%20you%20see%20this%20message,%20no%20JavaScript%20alert(),%20and%20a%20dump%20of%20the%20report%20below,%20then%20the%20test%20PASSED.%3C/p%3E","request-body":""}}
</span></span></pre></div>
<a id="branchessafari602branchLayoutTestshttptestssecurityxssAuditorresourcesechointertagpl"></a>
<div class="modfile"><h4>Modified: branches/safari-602-branch/LayoutTests/http/tests/security/xssAuditor/resources/echo-intertag.pl (207623 => 207624)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-602-branch/LayoutTests/http/tests/security/xssAuditor/resources/echo-intertag.pl 2016-10-20 17:40:19 UTC (rev 207623)
+++ branches/safari-602-branch/LayoutTests/http/tests/security/xssAuditor/resources/echo-intertag.pl 2016-10-20 17:44:37 UTC (rev 207624)
</span><span class="lines">@@ -19,7 +19,14 @@
</span><span class="cx"> if ($cgi->param('enable-full-block-report')) {
</span><span class="cx"> print "X-XSS-Protection: 1; mode=block; report=/security/contentSecurityPolicy/resources/save-report.php?test=" . $cgi->param('test') . "\n";
</span><span class="cx"> }
</span><ins>+if ($cgi->param('enable-report-with-redirect')) {
+ print "X-XSS-Protection: 1; report=/security/contentSecurityPolicy/resources/save-report-and-redirect-to-save-report.php?test=" . $cgi->param('test') . "\n";
+}
+if ($cgi->param('enable-full-block-report-with-redirect')) {
+ print "X-XSS-Protection: 1; mode=block; report=/security/contentSecurityPolicy/resources/save-report-and-redirect-to-save-report.php?test=" . $cgi->param('test') . "\n";
+}
</ins><span class="cx">
</span><ins>+
</ins><span class="cx"> if ($cgi->param('valid-header')) {
</span><span class="cx"> if ($cgi->param('valid-header') == 1) {
</span><span class="cx"> print "X-XSS-Protection: 1 ;MoDe = bLocK \n";
</span><span class="lines">@@ -128,7 +135,7 @@
</span><span class="cx"> print " testRunner.notifyDone();\n";
</span><span class="cx"> print "</script>\n";
</span><span class="cx"> }
</span><del>-if ($cgi->param('enable-full-block') || $cgi->param('enable-full-block-report')) {
</del><ins>+if ($cgi->param('enable-full-block') || $cgi->param('enable-full-block-report') || $cgi->param('enable-full-block-report-with-redirect')) {
</ins><span class="cx"> print "<p>If you see this message then the test FAILED.</p>\n";
</span><span class="cx"> }
</span><span class="cx"> if ($cgi->param('alert-cookie')) {
</span></span></pre></div>
<a id="branchessafari602branchSourceWebCoreChangeLog"></a>
<div class="modfile"><h4>Modified: branches/safari-602-branch/Source/WebCore/ChangeLog (207623 => 207624)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-602-branch/Source/WebCore/ChangeLog 2016-10-20 17:40:19 UTC (rev 207623)
+++ branches/safari-602-branch/Source/WebCore/ChangeLog 2016-10-20 17:44:37 UTC (rev 207624)
</span><span class="lines">@@ -1,3 +1,45 @@
</span><ins>+2016-10-20 Daniel Bates <dabates@apple.com>
+
+ Merge r206809. rdar://problem/28718761
+
+ 2016-10-05 Daniel Bates <dabates@apple.com>
+
+ Do not follow redirects when sending violation report
+ https://bugs.webkit.org/show_bug.cgi?id=162520
+ <rdar://problem/27957639>
+
+ Reviewed by Alex Christensen.
+
+ Do not follow redirects when sending a Content Security Policy or XSS Auditor violation report
+ as redirects can be used to forward report details to a third-party.
+
+ This changes makes WebKit more closely conform to the reporting requirements in section Reporting
+ of the Content Security Level 2 standard: <https://w3c.github.io/webappsec-csp/2/#violation-reports>
+ (Editor's Draft, 25 April 2016).
+
+ Tests: http/tests/security/contentSecurityPolicy/report-blocked-uri-and-do-not-follow-redirect-when-sending-report.php
+ http/tests/security/xssAuditor/report-script-tag-and-do-not-follow-redirect-when-sending-report.html
+ http/tests/security/xssAuditor/report-script-tag-full-block-and-do-not-follow-redirect-when-sending-report.html
+
+ * loader/LoaderStrategy.h: Modified createPingHandle() to take a boolean, shouldFollowRedirects,
+ whether to follow redirect responses for a ping request.
+ * loader/PingLoader.cpp:
+ (WebCore::PingLoader::loadImage): Pass ShouldFollowRedirects::Yes to PingLoader::startPingLoad to
+ keep our current behavior.
+ (WebCore::PingLoader::sendPing): Ditto. Note our current behavior of following redirects matches
+ the behavior described in the section "Hyperlink auditing" of the HTML standard:
+ <https://html.spec.whatwg.org/multipage/semantics.html#hyperlink-auditing> (23 September 2016).
+ (WebCore::PingLoader::sendViolationReport): Pass ShouldFollowRedirects::No to PingLoader::startPingLoad
+ so that we do not follow redirects when sending a violation report.
+ (WebCore::PingLoader::startPingLoad): Modified to take argument shouldFollowRedirects whether to
+ follow redirect responses for a ping request.
+ * loader/PingLoader.h:
+ * platform/network/PingHandle.h: Add boolean m_shouldFollowRedirects. I grouped this boolean with
+ the existing boolean, m_shouldUseCredentialStorage, as opposed to appending to the end of the class
+ definition to avoid increasing object size as clang will coalesces the two bools into a single
+ machine word. Override ResourceHandleClient::willSendRequest() and ResourceHandleClient::willSendRequestAsync()
+ to follow a redirect, if applicable.
+
</ins><span class="cx"> 2016-10-20 Matthew Hanson <matthew_hanson>
</span><span class="cx">
</span><span class="cx"> Merge r206217. rdar://problem/28811877
</span></span></pre></div>
<a id="branchessafari602branchSourceWebCoreloaderLoaderStrategyh"></a>
<div class="modfile"><h4>Modified: branches/safari-602-branch/Source/WebCore/loader/LoaderStrategy.h (207623 => 207624)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-602-branch/Source/WebCore/loader/LoaderStrategy.h 2016-10-20 17:40:19 UTC (rev 207623)
+++ branches/safari-602-branch/Source/WebCore/loader/LoaderStrategy.h 2016-10-20 17:44:37 UTC (rev 207624)
</span><span class="lines">@@ -59,7 +59,7 @@
</span><span class="cx"> virtual void suspendPendingRequests() = 0;
</span><span class="cx"> virtual void resumePendingRequests() = 0;
</span><span class="cx">
</span><del>- virtual void createPingHandle(NetworkingContext*, ResourceRequest&, bool shouldUseCredentialStorage) = 0;
</del><ins>+ virtual void createPingHandle(NetworkingContext*, ResourceRequest&, bool shouldUseCredentialStorage, bool shouldFollowRedirects) = 0;
</ins><span class="cx">
</span><span class="cx"> protected:
</span><span class="cx"> virtual ~LoaderStrategy();
</span></span></pre></div>
<a id="branchessafari602branchSourceWebCoreloaderPingLoadercpp"></a>
<div class="modfile"><h4>Modified: branches/safari-602-branch/Source/WebCore/loader/PingLoader.cpp (207623 => 207624)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-602-branch/Source/WebCore/loader/PingLoader.cpp 2016-10-20 17:40:19 UTC (rev 207623)
+++ branches/safari-602-branch/Source/WebCore/loader/PingLoader.cpp 2016-10-20 17:44:37 UTC (rev 207624)
</span><span class="lines">@@ -91,7 +91,7 @@
</span><span class="cx"> request.setHTTPReferrer(referrer);
</span><span class="cx"> frame.loader().addExtraFieldsToSubresourceRequest(request);
</span><span class="cx">
</span><del>- startPingLoad(frame, request);
</del><ins>+ startPingLoad(frame, request, ShouldFollowRedirects::Yes);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> // http://www.whatwg.org/specs/web-apps/current-work/multipage/links.html#hyperlink-auditing
</span><span class="lines">@@ -128,7 +128,7 @@
</span><span class="cx"> }
</span><span class="cx"> }
</span><span class="cx">
</span><del>- startPingLoad(frame, request);
</del><ins>+ startPingLoad(frame, request, ShouldFollowRedirects::Yes);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> void PingLoader::sendViolationReport(Frame& frame, const URL& reportURL, RefPtr<FormData>&& report, ViolationReportType reportType)
</span><span class="lines">@@ -170,10 +170,10 @@
</span><span class="cx"> if (!referrer.isEmpty())
</span><span class="cx"> request.setHTTPReferrer(referrer);
</span><span class="cx">
</span><del>- startPingLoad(frame, request);
</del><ins>+ startPingLoad(frame, request, ShouldFollowRedirects::No);
</ins><span class="cx"> }
</span><span class="cx">
</span><del>-void PingLoader::startPingLoad(Frame& frame, ResourceRequest& request)
</del><ins>+void PingLoader::startPingLoad(Frame& frame, ResourceRequest& request, ShouldFollowRedirects shouldFollowRedirects)
</ins><span class="cx"> {
</span><span class="cx"> unsigned long identifier = frame.page()->progress().createUniqueIdentifier();
</span><span class="cx"> // FIXME: Why activeDocumentLoader? I would have expected documentLoader().
</span><span class="lines">@@ -185,7 +185,7 @@
</span><span class="cx">
</span><span class="cx"> InspectorInstrumentation::continueAfterPingLoader(frame, identifier, frame.loader().activeDocumentLoader(), request, ResourceResponse());
</span><span class="cx">
</span><del>- platformStrategies()->loaderStrategy()->createPingHandle(frame.loader().networkingContext(), request, shouldUseCredentialStorage);
</del><ins>+ platformStrategies()->loaderStrategy()->createPingHandle(frame.loader().networkingContext(), request, shouldUseCredentialStorage, shouldFollowRedirects == ShouldFollowRedirects::Yes);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> }
</span></span></pre></div>
<a id="branchessafari602branchSourceWebCoreloaderPingLoaderh"></a>
<div class="modfile"><h4>Modified: branches/safari-602-branch/Source/WebCore/loader/PingLoader.h (207623 => 207624)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-602-branch/Source/WebCore/loader/PingLoader.h 2016-10-20 17:40:19 UTC (rev 207623)
+++ branches/safari-602-branch/Source/WebCore/loader/PingLoader.h 2016-10-20 17:44:37 UTC (rev 207624)
</span><span class="lines">@@ -53,7 +53,8 @@
</span><span class="cx"> static void sendViolationReport(Frame&, const URL& reportURL, RefPtr<FormData>&& report, ViolationReportType);
</span><span class="cx">
</span><span class="cx"> private:
</span><del>- static void startPingLoad(Frame&, ResourceRequest&);
</del><ins>+ enum class ShouldFollowRedirects { No, Yes };
+ static void startPingLoad(Frame&, ResourceRequest&, ShouldFollowRedirects);
</ins><span class="cx"> };
</span><span class="cx">
</span><span class="cx"> }
</span></span></pre></div>
<a id="branchessafari602branchSourceWebCoreplatformnetworkPingHandleh"></a>
<div class="modfile"><h4>Modified: branches/safari-602-branch/Source/WebCore/platform/network/PingHandle.h (207623 => 207624)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-602-branch/Source/WebCore/platform/network/PingHandle.h 2016-10-20 17:40:19 UTC (rev 207623)
+++ branches/safari-602-branch/Source/WebCore/platform/network/PingHandle.h 2016-10-20 17:44:37 UTC (rev 207624)
</span><span class="lines">@@ -43,9 +43,10 @@
</span><span class="cx"> No,
</span><span class="cx"> };
</span><span class="cx">
</span><del>- PingHandle(NetworkingContext* networkingContext, const ResourceRequest& request, bool shouldUseCredentialStorage, UsesAsyncCallbacks useAsyncCallbacks)
</del><ins>+ PingHandle(NetworkingContext* networkingContext, const ResourceRequest& request, bool shouldUseCredentialStorage, UsesAsyncCallbacks useAsyncCallbacks, bool shouldFollowRedirects)
</ins><span class="cx"> : m_timeoutTimer(*this, &PingHandle::timeoutTimerFired)
</span><span class="cx"> , m_shouldUseCredentialStorage(shouldUseCredentialStorage)
</span><ins>+ , m_shouldFollowRedirects(shouldFollowRedirects)
</ins><span class="cx"> , m_usesAsyncCallbacks(useAsyncCallbacks)
</span><span class="cx"> {
</span><span class="cx"> m_handle = ResourceHandle::create(networkingContext, request, this, false, false);
</span><span class="lines">@@ -56,6 +57,18 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> private:
</span><ins>+ ResourceRequest willSendRequest(ResourceHandle*, ResourceRequest&& request, ResourceResponse&&) final
+ {
+ return m_shouldFollowRedirects ? request : ResourceRequest();
+ }
+ void willSendRequestAsync(ResourceHandle* handle, ResourceRequest&& request, ResourceResponse&&) final
+ {
+ if (m_shouldFollowRedirects) {
+ handle->continueWillSendRequest(WTFMove(request));
+ return;
+ }
+ delete this;
+ }
</ins><span class="cx"> void didReceiveResponse(ResourceHandle*, ResourceResponse&&) override { delete this; }
</span><span class="cx"> void didReceiveBuffer(ResourceHandle*, Ref<SharedBuffer>&&, int) override { delete this; };
</span><span class="cx"> void didFinishLoading(ResourceHandle*, double) override { delete this; }
</span><span class="lines">@@ -76,6 +89,7 @@
</span><span class="cx"> RefPtr<ResourceHandle> m_handle;
</span><span class="cx"> Timer m_timeoutTimer;
</span><span class="cx"> bool m_shouldUseCredentialStorage;
</span><ins>+ bool m_shouldFollowRedirects;
</ins><span class="cx"> UsesAsyncCallbacks m_usesAsyncCallbacks;
</span><span class="cx"> };
</span><span class="cx">
</span></span></pre></div>
<a id="branchessafari602branchSourceWebKitChangeLog"></a>
<div class="modfile"><h4>Modified: branches/safari-602-branch/Source/WebKit/ChangeLog (207623 => 207624)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-602-branch/Source/WebKit/ChangeLog 2016-10-20 17:40:19 UTC (rev 207623)
+++ branches/safari-602-branch/Source/WebKit/ChangeLog 2016-10-20 17:44:37 UTC (rev 207624)
</span><span class="lines">@@ -1,3 +1,23 @@
</span><ins>+2016-10-20 Daniel Bates <dabates@apple.com>
+
+ Merge r206809. rdar://problem/28718761
+
+ 2016-10-05 Daniel Bates <dabates@apple.com>
+
+ Do not follow redirects when sending violation report
+ https://bugs.webkit.org/show_bug.cgi?id=162520
+ <rdar://problem/27957639>
+
+ Reviewed by Alex Christensen.
+
+ Update implementation of legacy WebKit loader strategy to pass through a boolean,
+ shouldFollowRedirects, to PingHandle as to whether to follow redirect responses
+ for a ping request.
+
+ * WebCoreSupport/WebResourceLoadScheduler.cpp:
+ (WebResourceLoadScheduler::createPingHandle):
+ * WebCoreSupport/WebResourceLoadScheduler.h:
+
</ins><span class="cx"> 2016-07-14 Alex Christensen <achristensen@webkit.org>
</span><span class="cx">
</span><span class="cx"> Use SocketProvider to create SocketStreamHandles
</span></span></pre></div>
<a id="branchessafari602branchSourceWebKitWebCoreSupportWebResourceLoadSchedulercpp"></a>
<div class="modfile"><h4>Modified: branches/safari-602-branch/Source/WebKit/WebCoreSupport/WebResourceLoadScheduler.cpp (207623 => 207624)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-602-branch/Source/WebKit/WebCoreSupport/WebResourceLoadScheduler.cpp 2016-10-20 17:40:19 UTC (rev 207623)
+++ branches/safari-602-branch/Source/WebKit/WebCoreSupport/WebResourceLoadScheduler.cpp 2016-10-20 17:44:37 UTC (rev 207624)
</span><span class="lines">@@ -375,9 +375,9 @@
</span><span class="cx"> return m_requestsLoading.size() >= (webResourceLoadScheduler().isSerialLoadingEnabled() ? 1 : m_maxRequestsInFlight);
</span><span class="cx"> }
</span><span class="cx">
</span><del>-void WebResourceLoadScheduler::createPingHandle(NetworkingContext* networkingContext, ResourceRequest& request, bool shouldUseCredentialStorage)
</del><ins>+void WebResourceLoadScheduler::createPingHandle(NetworkingContext* networkingContext, ResourceRequest& request, bool shouldUseCredentialStorage, bool shouldFollowRedirects)
</ins><span class="cx"> {
</span><span class="cx"> // PingHandle manages its own lifetime, deleting itself when its purpose has been fulfilled.
</span><del>- new PingHandle(networkingContext, request, shouldUseCredentialStorage, PingHandle::UsesAsyncCallbacks::No);
</del><ins>+ new PingHandle(networkingContext, request, shouldUseCredentialStorage, PingHandle::UsesAsyncCallbacks::No, shouldFollowRedirects);
</ins><span class="cx"> }
</span><span class="cx">
</span></span></pre></div>
<a id="branchessafari602branchSourceWebKitWebCoreSupportWebResourceLoadSchedulerh"></a>
<div class="modfile"><h4>Modified: branches/safari-602-branch/Source/WebKit/WebCoreSupport/WebResourceLoadScheduler.h (207623 => 207624)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-602-branch/Source/WebKit/WebCoreSupport/WebResourceLoadScheduler.h 2016-10-20 17:40:19 UTC (rev 207623)
+++ branches/safari-602-branch/Source/WebKit/WebCoreSupport/WebResourceLoadScheduler.h 2016-10-20 17:44:37 UTC (rev 207624)
</span><span class="lines">@@ -55,7 +55,7 @@
</span><span class="cx"> void suspendPendingRequests() override;
</span><span class="cx"> void resumePendingRequests() override;
</span><span class="cx">
</span><del>- void createPingHandle(WebCore::NetworkingContext*, WebCore::ResourceRequest&, bool shouldUseCredentialStorage) override;
</del><ins>+ void createPingHandle(WebCore::NetworkingContext*, WebCore::ResourceRequest&, bool shouldUseCredentialStorage, bool shouldFollowRedirects) override;
</ins><span class="cx">
</span><span class="cx"> bool isSerialLoadingEnabled() const { return m_isSerialLoadingEnabled; }
</span><span class="cx"> void setSerialLoadingEnabled(bool b) { m_isSerialLoadingEnabled = b; }
</span></span></pre></div>
<a id="branchessafari602branchSourceWebKit2ChangeLog"></a>
<div class="modfile"><h4>Modified: branches/safari-602-branch/Source/WebKit2/ChangeLog (207623 => 207624)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-602-branch/Source/WebKit2/ChangeLog 2016-10-20 17:40:19 UTC (rev 207623)
+++ branches/safari-602-branch/Source/WebKit2/ChangeLog 2016-10-20 17:44:37 UTC (rev 207624)
</span><span class="lines">@@ -1,3 +1,33 @@
</span><ins>+2016-10-20 Daniel Bates <dabates@apple.com>
+
+ Merge r206809. rdar://problem/28718761
+
+ 2016-10-05 Daniel Bates <dabates@apple.com>
+
+ Do not follow redirects when sending violation report
+ https://bugs.webkit.org/show_bug.cgi?id=162520
+ <rdar://problem/27957639>
+
+ Reviewed by Alex Christensen.
+
+ Update the non-Network Session WebKit2 implementation to follow redirect responses for a ping
+ request, if applicable. I did not update the Network Session implementation at this time. I
+ will fix it in <https://bugs.webkit.org/show_bug.cgi?id=162580>.
+
+ * NetworkProcess/NetworkConnectionToWebProcess.cpp:
+ (WebKit::NetworkConnectionToWebProcess::loadPing): Tell PingHandle whether to follow redirects.
+ * NetworkProcess/NetworkLoadParameters.h:
+ * NetworkProcess/NetworkResourceLoadParameters.cpp:
+ (WebKit::NetworkResourceLoadParameters::encode): Encode NetworkResourceLoadParameters::shouldFollowRedirects.
+ (WebKit::NetworkResourceLoadParameters::decode): Decode NetworkResourceLoadParameters::shouldFollowRedirects.
+ * NetworkProcess/PingLoad.h: Added FIXME comment to implement support for following redirects,
+ if applicable (for hyperlink auditing). See <https://bugs.webkit.org/show_bug.cgi?id=162580>
+ for more details.
+ * WebProcess/Network/WebLoaderStrategy.cpp:
+ (WebKit::WebLoaderStrategy::createPingHandle): Modified to take a boolean whether to follow
+ redirects responses and set NetworkResourceLoadParameters::shouldFollowRedirects as appropriate.
+ * WebProcess/Network/WebLoaderStrategy.h:
+
</ins><span class="cx"> 2016-10-20 Matthew Hanson <matthew_hanson>
</span><span class="cx">
</span><span class="cx"> Merge r206413. rdar://problem/28744171
</span></span></pre></div>
<a id="branchessafari602branchSourceWebKit2NetworkProcessNetworkConnectionToWebProcesscpp"></a>
<div class="modfile"><h4>Modified: branches/safari-602-branch/Source/WebKit2/NetworkProcess/NetworkConnectionToWebProcess.cpp (207623 => 207624)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-602-branch/Source/WebKit2/NetworkProcess/NetworkConnectionToWebProcess.cpp 2016-10-20 17:40:19 UTC (rev 207623)
+++ branches/safari-602-branch/Source/WebKit2/NetworkProcess/NetworkConnectionToWebProcess.cpp 2016-10-20 17:44:37 UTC (rev 207624)
</span><span class="lines">@@ -144,7 +144,7 @@
</span><span class="cx"> RefPtr<NetworkingContext> context = RemoteNetworkingContext::create(loadParameters.sessionID, loadParameters.shouldClearReferrerOnHTTPSToHTTPRedirect);
</span><span class="cx">
</span><span class="cx"> // PingHandle manages its own lifetime, deleting itself when its purpose has been fulfilled.
</span><del>- new PingHandle(context.get(), loadParameters.request, loadParameters.allowStoredCredentials == AllowStoredCredentials, PingHandle::UsesAsyncCallbacks::Yes);
</del><ins>+ new PingHandle(context.get(), loadParameters.request, loadParameters.allowStoredCredentials == AllowStoredCredentials, PingHandle::UsesAsyncCallbacks::Yes, loadParameters.shouldFollowRedirects);
</ins><span class="cx"> #endif
</span><span class="cx"> }
</span><span class="cx">
</span></span></pre></div>
<a id="branchessafari602branchSourceWebKit2NetworkProcessNetworkLoadParametersh"></a>
<div class="modfile"><h4>Modified: branches/safari-602-branch/Source/WebKit2/NetworkProcess/NetworkLoadParameters.h (207623 => 207624)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-602-branch/Source/WebKit2/NetworkProcess/NetworkLoadParameters.h 2016-10-20 17:40:19 UTC (rev 207623)
+++ branches/safari-602-branch/Source/WebKit2/NetworkProcess/NetworkLoadParameters.h 2016-10-20 17:44:37 UTC (rev 207624)
</span><span class="lines">@@ -41,6 +41,7 @@
</span><span class="cx"> WebCore::ContentSniffingPolicy contentSniffingPolicy { WebCore::SniffContent };
</span><span class="cx"> WebCore::StoredCredentials allowStoredCredentials { WebCore::DoNotAllowStoredCredentials };
</span><span class="cx"> WebCore::ClientCredentialPolicy clientCredentialPolicy { WebCore::DoNotAskClientForAnyCredentials };
</span><ins>+ bool shouldFollowRedirects { true };
</ins><span class="cx"> bool shouldClearReferrerOnHTTPSToHTTPRedirect { true };
</span><span class="cx"> bool defersLoading { false };
</span><span class="cx"> bool needsCertificateInfo { false };
</span></span></pre></div>
<a id="branchessafari602branchSourceWebKit2NetworkProcessNetworkResourceLoadParameterscpp"></a>
<div class="modfile"><h4>Modified: branches/safari-602-branch/Source/WebKit2/NetworkProcess/NetworkResourceLoadParameters.cpp (207623 => 207624)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-602-branch/Source/WebKit2/NetworkProcess/NetworkResourceLoadParameters.cpp 2016-10-20 17:40:19 UTC (rev 207623)
+++ branches/safari-602-branch/Source/WebKit2/NetworkProcess/NetworkResourceLoadParameters.cpp 2016-10-20 17:44:37 UTC (rev 207624)
</span><span class="lines">@@ -75,6 +75,7 @@
</span><span class="cx"> encoder.encodeEnum(contentSniffingPolicy);
</span><span class="cx"> encoder.encodeEnum(allowStoredCredentials);
</span><span class="cx"> encoder.encodeEnum(clientCredentialPolicy);
</span><ins>+ encoder << shouldFollowRedirects;
</ins><span class="cx"> encoder << shouldClearReferrerOnHTTPSToHTTPRedirect;
</span><span class="cx"> encoder << defersLoading;
</span><span class="cx"> encoder << needsCertificateInfo;
</span><span class="lines">@@ -130,6 +131,8 @@
</span><span class="cx"> return false;
</span><span class="cx"> if (!decoder.decodeEnum(result.clientCredentialPolicy))
</span><span class="cx"> return false;
</span><ins>+ if (!decoder.decode(result.shouldFollowRedirects))
+ return false;
</ins><span class="cx"> if (!decoder.decode(result.shouldClearReferrerOnHTTPSToHTTPRedirect))
</span><span class="cx"> return false;
</span><span class="cx"> if (!decoder.decode(result.defersLoading))
</span></span></pre></div>
<a id="branchessafari602branchSourceWebKit2NetworkProcessPingLoadh"></a>
<div class="modfile"><h4>Modified: branches/safari-602-branch/Source/WebKit2/NetworkProcess/PingLoad.h (207623 => 207624)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-602-branch/Source/WebKit2/NetworkProcess/PingLoad.h 2016-10-20 17:40:19 UTC (rev 207623)
+++ branches/safari-602-branch/Source/WebKit2/NetworkProcess/PingLoad.h 2016-10-20 17:44:37 UTC (rev 207624)
</span><span class="lines">@@ -50,6 +50,7 @@
</span><span class="cx"> private:
</span><span class="cx"> void willPerformHTTPRedirection(WebCore::ResourceResponse&&, WebCore::ResourceRequest&&, RedirectCompletionHandler&& completionHandler) override
</span><span class="cx"> {
</span><ins>+ // FIXME: Follow redirects for hyperlink auditing. See <https://bugs.webkit.org/show_bug.cgi?id=162580>.
</ins><span class="cx"> completionHandler({ });
</span><span class="cx"> delete this;
</span><span class="cx"> }
</span></span></pre></div>
<a id="branchessafari602branchSourceWebKit2WebProcessNetworkWebLoaderStrategycpp"></a>
<div class="modfile"><h4>Modified: branches/safari-602-branch/Source/WebKit2/WebProcess/Network/WebLoaderStrategy.cpp (207623 => 207624)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-602-branch/Source/WebKit2/WebProcess/Network/WebLoaderStrategy.cpp 2016-10-20 17:40:19 UTC (rev 207623)
+++ branches/safari-602-branch/Source/WebKit2/WebProcess/Network/WebLoaderStrategy.cpp 2016-10-20 17:44:37 UTC (rev 207624)
</span><span class="lines">@@ -331,7 +331,7 @@
</span><span class="cx"> }
</span><span class="cx"> }
</span><span class="cx">
</span><del>-void WebLoaderStrategy::createPingHandle(NetworkingContext* networkingContext, ResourceRequest& request, bool shouldUseCredentialStorage)
</del><ins>+void WebLoaderStrategy::createPingHandle(NetworkingContext* networkingContext, ResourceRequest& request, bool shouldUseCredentialStorage, bool shouldFollowRedirects)
</ins><span class="cx"> {
</span><span class="cx"> // It's possible that call to createPingHandle might be made during initial empty Document creation before a NetworkingContext exists.
</span><span class="cx"> // It is not clear that we should send ping loads during that process anyways.
</span><span class="lines">@@ -347,6 +347,7 @@
</span><span class="cx"> loadParameters.request = request;
</span><span class="cx"> loadParameters.sessionID = webPage ? webPage->sessionID() : SessionID::defaultSessionID();
</span><span class="cx"> loadParameters.allowStoredCredentials = shouldUseCredentialStorage ? AllowStoredCredentials : DoNotAllowStoredCredentials;
</span><ins>+ loadParameters.shouldFollowRedirects = shouldFollowRedirects;
</ins><span class="cx"> loadParameters.shouldClearReferrerOnHTTPSToHTTPRedirect = networkingContext->shouldClearReferrerOnHTTPSToHTTPRedirect();
</span><span class="cx">
</span><span class="cx"> WebProcess::singleton().networkConnection().connection().send(Messages::NetworkConnectionToWebProcess::LoadPing(loadParameters), 0);
</span></span></pre></div>
<a id="branchessafari602branchSourceWebKit2WebProcessNetworkWebLoaderStrategyh"></a>
<div class="modfile"><h4>Modified: branches/safari-602-branch/Source/WebKit2/WebProcess/Network/WebLoaderStrategy.h (207623 => 207624)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-602-branch/Source/WebKit2/WebProcess/Network/WebLoaderStrategy.h 2016-10-20 17:40:19 UTC (rev 207623)
+++ branches/safari-602-branch/Source/WebKit2/WebProcess/Network/WebLoaderStrategy.h 2016-10-20 17:44:37 UTC (rev 207624)
</span><span class="lines">@@ -55,7 +55,7 @@
</span><span class="cx"> void suspendPendingRequests() override;
</span><span class="cx"> void resumePendingRequests() override;
</span><span class="cx">
</span><del>- void createPingHandle(WebCore::NetworkingContext*, WebCore::ResourceRequest&, bool shouldUseCredentialStorage) override;
</del><ins>+ void createPingHandle(WebCore::NetworkingContext*, WebCore::ResourceRequest&, bool shouldUseCredentialStorage, bool shouldFollowRedirects) override;
</ins><span class="cx">
</span><span class="cx"> WebResourceLoader* webResourceLoaderForIdentifier(ResourceLoadIdentifier identifier) const { return m_webResourceLoaders.get(identifier); }
</span><span class="cx"> RefPtr<WebCore::NetscapePlugInStreamLoader> schedulePluginStreamLoad(WebCore::Frame&, WebCore::NetscapePlugInStreamLoaderClient&, const WebCore::ResourceRequest&);
</span></span></pre>
</div>
</div>
</body>
</html>