<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[214994] releases/WebKitGTK/webkit-2.14</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/214994">214994</a></dd>
<dt>Author</dt> <dd>carlosgc@webkit.org</dd>
<dt>Date</dt> <dd>2017-04-05 23:37:16 -0700 (Wed, 05 Apr 2017)</dd>
</dl>
<h3>Log Message</h3>
<pre>Merge <a href="http://trac.webkit.org/projects/webkit/changeset/209608">r209608</a> - [CSP] Policy of window opener not applied to about:blank window
https://bugs.webkit.org/show_bug.cgi?id=165531
<rdar://problem/29426639>
Reviewed by Brent Fulgham.
Source/WebCore:
Fixes an issue where the content security policy of the opener document was not applied to
an about:blank window.
An about:blank window inherits its security origin from its opener document. It should also
copy (inherit) the ContentSecurityPolicy from its opener document. When copying the ContentSecurityPolicy
state from the opener document to the about:blank document we must take care to avoid copying
any upgrade-insecure-request directive because new windows should not inherit it by definition.
With respect to upgrade-insecure-requests, new windows should only inherit the insecure navigation set
from their opener document.
Test: http/tests/security/contentSecurityPolicy/image-blocked-in-about-blank-window.html
* dom/Document.cpp:
(WebCore::Document::initContentSecurityPolicy): Copy the ContentSecurityPolicy state from the
owner document to this document when it inherits its security origin from its owner. An about:blank
window is one example of a document that inherits its security origin from its owner.
* loader/WorkerThreadableLoader.cpp:
(WebCore::WorkerThreadableLoader::MainThreadBridge::MainThreadBridge): Call ContentSecurityPolicy::copyUpgradeInsecureRequestStateFrom()
to copy the upgrade insecure requests state from the owner document to the worker now that
ContentSecurityPolicy::copyStateFrom() no longer does this.
* page/csp/ContentSecurityPolicy.cpp:
(WebCore::ContentSecurityPolicy::copyStateFrom): Do not copy the upgrade insecure request state.
Callers are now responsible for calling ContentSecurityPolicy::copyUpgradeInsecureRequestStateFrom()
to copy this state.
* page/csp/ContentSecurityPolicyDirectiveList.cpp:
(WebCore::ContentSecurityPolicyDirectiveList::parse): Ignore directive upgrade-insecure-requests when
inheriting ContentSecurityPolicy state as this directive as the Upgrade Insecure Requests feature has
its own inheritance semantics that differ from the semantics of copying a ContentSecurityPolicy object.
* xml/XSLTProcessor.cpp:
(WebCore::XSLTProcessor::createDocumentFromSource): Call ContentSecurityPolicy::copyUpgradeInsecureRequestStateFrom()
to copy the upgrade insecure requests state from the original document to the transformed document now
that ContentSecurityPolicy::copyStateFrom() no longer does this.
LayoutTests:
Add a test to ensure that an about:blank window inherits the CSP policy of its
opener document.
* http/tests/security/contentSecurityPolicy/image-blocked-in-about-blank-window-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/image-blocked-in-about-blank-window-blocked.html: Added.</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#releasesWebKitGTKwebkit214LayoutTestsChangeLog">releases/WebKitGTK/webkit-2.14/LayoutTests/ChangeLog</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceWebCoreChangeLog">releases/WebKitGTK/webkit-2.14/Source/WebCore/ChangeLog</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceWebCoredomDocumentcpp">releases/WebKitGTK/webkit-2.14/Source/WebCore/dom/Document.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceWebCoreloaderWorkerThreadableLoadercpp">releases/WebKitGTK/webkit-2.14/Source/WebCore/loader/WorkerThreadableLoader.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceWebCorepagecspContentSecurityPolicycpp">releases/WebKitGTK/webkit-2.14/Source/WebCore/page/csp/ContentSecurityPolicy.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceWebCorepagecspContentSecurityPolicyDirectiveListcpp">releases/WebKitGTK/webkit-2.14/Source/WebCore/page/csp/ContentSecurityPolicyDirectiveList.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceWebCorexmlXSLTProcessorcpp">releases/WebKitGTK/webkit-2.14/Source/WebCore/xml/XSLTProcessor.cpp</a></li>
</ul>
<h3>Added Paths</h3>
<ul>
<li><a href="#releasesWebKitGTKwebkit214LayoutTestshttptestssecuritycontentSecurityPolicyimageblockedinaboutblankwindowexpectedtxt">releases/WebKitGTK/webkit-2.14/LayoutTests/http/tests/security/contentSecurityPolicy/image-blocked-in-about-blank-window-expected.txt</a></li>
<li><a href="#releasesWebKitGTKwebkit214LayoutTestshttptestssecuritycontentSecurityPolicyimageblockedinaboutblankwindowhtml">releases/WebKitGTK/webkit-2.14/LayoutTests/http/tests/security/contentSecurityPolicy/image-blocked-in-about-blank-window.html</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="releasesWebKitGTKwebkit214LayoutTestsChangeLog"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/LayoutTests/ChangeLog (214993 => 214994)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/LayoutTests/ChangeLog 2017-04-06 06:35:19 UTC (rev 214993)
+++ releases/WebKitGTK/webkit-2.14/LayoutTests/ChangeLog 2017-04-06 06:37:16 UTC (rev 214994)
</span><span class="lines">@@ -1,3 +1,17 @@
</span><ins>+2016-12-09 Daniel Bates <dabates@apple.com>
+
+ [CSP] Policy of window opener not applied to about:blank window
+ https://bugs.webkit.org/show_bug.cgi?id=165531
+ <rdar://problem/29426639>
+
+ Reviewed by Brent Fulgham.
+
+ Add a test to ensure that an about:blank window inherits the CSP policy of its
+ opener document.
+
+ * http/tests/security/contentSecurityPolicy/image-blocked-in-about-blank-window-expected.txt: Added.
+ * http/tests/security/contentSecurityPolicy/image-blocked-in-about-blank-window-blocked.html: Added.
+
</ins><span class="cx"> 2016-11-30 Brent Fulgham <bfulgham@apple.com>
</span><span class="cx">
</span><span class="cx"> Use 'childOfType' template when retrieving Shadow DOM elements
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214LayoutTestshttptestssecuritycontentSecurityPolicyimageblockedinaboutblankwindowexpectedtxt"></a>
<div class="addfile"><h4>Added: releases/WebKitGTK/webkit-2.14/LayoutTests/http/tests/security/contentSecurityPolicy/image-blocked-in-about-blank-window-expected.txt (0 => 214994)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/LayoutTests/http/tests/security/contentSecurityPolicy/image-blocked-in-about-blank-window-expected.txt (rev 0)
+++ releases/WebKitGTK/webkit-2.14/LayoutTests/http/tests/security/contentSecurityPolicy/image-blocked-in-about-blank-window-expected.txt 2017-04-06 06:37:16 UTC (rev 214994)
</span><span class="lines">@@ -0,0 +1,3 @@
</span><ins>+CONSOLE MESSAGE: Refused to load http://127.0.0.1:8000/security/resources/abe.png because it does not appear in the img-src directive of the Content Security Policy.
+PASS did not load image.
+
</ins></span></pre></div>
<a id="releasesWebKitGTKwebkit214LayoutTestshttptestssecuritycontentSecurityPolicyimageblockedinaboutblankwindowhtml"></a>
<div class="addfile"><h4>Added: releases/WebKitGTK/webkit-2.14/LayoutTests/http/tests/security/contentSecurityPolicy/image-blocked-in-about-blank-window.html (0 => 214994)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/LayoutTests/http/tests/security/contentSecurityPolicy/image-blocked-in-about-blank-window.html (rev 0)
+++ releases/WebKitGTK/webkit-2.14/LayoutTests/http/tests/security/contentSecurityPolicy/image-blocked-in-about-blank-window.html 2017-04-06 06:37:16 UTC (rev 214994)
</span><span class="lines">@@ -0,0 +1,27 @@
</span><ins>+<!DOCTYPE html>
+<html>
+<head>
+<meta http-equiv="Content-Security-Policy" content="script-src 'self' 'unsafe-inline'; img-src 'none'">
+<script>
+if (window.testRunner) {
+ testRunner.dumpAsText();
+ testRunner.setCanOpenWindows();
+ testRunner.setCloseRemainingWindowsWhenComplete(true);
+ testRunner.waitUntilDone();
+}
+
+window.addEventListener("message", function (messageEvent) {
+ document.getElementById("console").textContent = messageEvent.data + "\n";
+ if (window.testRunner)
+ testRunner.notifyDone();
+}, false);
+</script>
+</head>
+<body>
+<pre id="console"></pre>
+<script>
+let childWindow = window.open("about:blank");
+childWindow.document.write(`<img src="../resources/abe.png" onerror="window.opener.postMessage('PASS did not load image.', '*')" onload="window.opener.postMessage('FAIL did load image.', '*')">`);
+</script>
+</body>
+</html>
</ins></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceWebCoreChangeLog"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/WebCore/ChangeLog (214993 => 214994)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/WebCore/ChangeLog 2017-04-06 06:35:19 UTC (rev 214993)
+++ releases/WebKitGTK/webkit-2.14/Source/WebCore/ChangeLog 2017-04-06 06:37:16 UTC (rev 214994)
</span><span class="lines">@@ -1,3 +1,44 @@
</span><ins>+2016-12-09 Daniel Bates <dabates@apple.com>
+
+ [CSP] Policy of window opener not applied to about:blank window
+ https://bugs.webkit.org/show_bug.cgi?id=165531
+ <rdar://problem/29426639>
+
+ Reviewed by Brent Fulgham.
+
+ Fixes an issue where the content security policy of the opener document was not applied to
+ an about:blank window.
+
+ An about:blank window inherits its security origin from its opener document. It should also
+ copy (inherit) the ContentSecurityPolicy from its opener document. When copying the ContentSecurityPolicy
+ state from the opener document to the about:blank document we must take care to avoid copying
+ any upgrade-insecure-request directive because new windows should not inherit it by definition.
+ With respect to upgrade-insecure-requests, new windows should only inherit the insecure navigation set
+ from their opener document.
+
+ Test: http/tests/security/contentSecurityPolicy/image-blocked-in-about-blank-window.html
+
+ * dom/Document.cpp:
+ (WebCore::Document::initContentSecurityPolicy): Copy the ContentSecurityPolicy state from the
+ owner document to this document when it inherits its security origin from its owner. An about:blank
+ window is one example of a document that inherits its security origin from its owner.
+ * loader/WorkerThreadableLoader.cpp:
+ (WebCore::WorkerThreadableLoader::MainThreadBridge::MainThreadBridge): Call ContentSecurityPolicy::copyUpgradeInsecureRequestStateFrom()
+ to copy the upgrade insecure requests state from the owner document to the worker now that
+ ContentSecurityPolicy::copyStateFrom() no longer does this.
+ * page/csp/ContentSecurityPolicy.cpp:
+ (WebCore::ContentSecurityPolicy::copyStateFrom): Do not copy the upgrade insecure request state.
+ Callers are now responsible for calling ContentSecurityPolicy::copyUpgradeInsecureRequestStateFrom()
+ to copy this state.
+ * page/csp/ContentSecurityPolicyDirectiveList.cpp:
+ (WebCore::ContentSecurityPolicyDirectiveList::parse): Ignore directive upgrade-insecure-requests when
+ inheriting ContentSecurityPolicy state as this directive as the Upgrade Insecure Requests feature has
+ its own inheritance semantics that differ from the semantics of copying a ContentSecurityPolicy object.
+ * xml/XSLTProcessor.cpp:
+ (WebCore::XSLTProcessor::createDocumentFromSource): Call ContentSecurityPolicy::copyUpgradeInsecureRequestStateFrom()
+ to copy the upgrade insecure requests state from the original document to the transformed document now
+ that ContentSecurityPolicy::copyStateFrom() no longer does this.
+
</ins><span class="cx"> 2016-11-30 Brent Fulgham <bfulgham@apple.com>
</span><span class="cx">
</span><span class="cx"> Use 'childOfType' template when retrieving Shadow DOM elements
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceWebCoredomDocumentcpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/WebCore/dom/Document.cpp (214993 => 214994)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/WebCore/dom/Document.cpp 2017-04-06 06:35:19 UTC (rev 214993)
+++ releases/WebKitGTK/webkit-2.14/Source/WebCore/dom/Document.cpp 2017-04-06 06:37:16 UTC (rev 214994)
</span><span class="lines">@@ -5416,19 +5416,19 @@
</span><span class="cx">
</span><span class="cx"> void Document::initContentSecurityPolicy()
</span><span class="cx"> {
</span><del>- if (!m_frame->tree().parent())
</del><ins>+ Frame* parentFrame = m_frame->tree().parent();
+ if (parentFrame)
+ contentSecurityPolicy()->copyUpgradeInsecureRequestStateFrom(*parentFrame->document()->contentSecurityPolicy());
+
+ if (!shouldInheritSecurityOriginFromOwner(m_url) && !isPluginDocument())
</ins><span class="cx"> return;
</span><span class="cx">
</span><del>- if (!shouldInheritSecurityOriginFromOwner(m_url) && !isPluginDocument()) {
- // Per <http://www.w3.org/TR/upgrade-insecure-requests/>, we need to retain an ongoing set of upgraded
- // requests in new navigation contexts. Although this information is present when we construct the
- // Document object, it is discard in the subsequent 'clear' statements below. So, we must capture it
- ASSERT(m_frame->tree().parent()->document());
- contentSecurityPolicy()->copyUpgradeInsecureRequestStateFrom(*m_frame->tree().parent()->document()->contentSecurityPolicy());
</del><ins>+ Frame* ownerFrame = parentFrame;
+ if (!ownerFrame)
+ ownerFrame = m_frame->loader().opener();
+ if (!ownerFrame)
</ins><span class="cx"> return;
</span><del>- }
-
- contentSecurityPolicy()->copyStateFrom(m_frame->tree().parent()->document()->contentSecurityPolicy());
</del><ins>+ contentSecurityPolicy()->copyStateFrom(ownerFrame->document()->contentSecurityPolicy()); // Does not copy Upgrade Insecure Requests state.
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> bool Document::isContextThread() const
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceWebCoreloaderWorkerThreadableLoadercpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/WebCore/loader/WorkerThreadableLoader.cpp (214993 => 214994)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/WebCore/loader/WorkerThreadableLoader.cpp 2017-04-06 06:35:19 UTC (rev 214993)
+++ releases/WebKitGTK/webkit-2.14/Source/WebCore/loader/WorkerThreadableLoader.cpp 2017-04-06 06:37:16 UTC (rev 214994)
</span><span class="lines">@@ -111,6 +111,7 @@
</span><span class="cx"> auto securityOriginCopy = securityOrigin->isolatedCopy();
</span><span class="cx"> auto contentSecurityPolicyCopy = std::make_unique<ContentSecurityPolicy>(securityOriginCopy);
</span><span class="cx"> contentSecurityPolicyCopy->copyStateFrom(contentSecurityPolicy);
</span><ins>+ contentSecurityPolicyCopy->copyUpgradeInsecureRequestStateFrom(*contentSecurityPolicy);
</ins><span class="cx">
</span><span class="cx"> auto optionsCopy = std::make_unique<LoaderTaskOptions>(options, request.httpReferrer().isNull() ? outgoingReferrer : request.httpReferrer(), WTFMove(securityOriginCopy));
</span><span class="cx">
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceWebCorepagecspContentSecurityPolicycpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/WebCore/page/csp/ContentSecurityPolicy.cpp (214993 => 214994)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/WebCore/page/csp/ContentSecurityPolicy.cpp 2017-04-06 06:35:19 UTC (rev 214993)
+++ releases/WebKitGTK/webkit-2.14/Source/WebCore/page/csp/ContentSecurityPolicy.cpp 2017-04-06 06:37:16 UTC (rev 214994)
</span><span class="lines">@@ -113,8 +113,6 @@
</span><span class="cx"> ASSERT(m_policies.isEmpty());
</span><span class="cx"> for (auto& policy : other->m_policies)
</span><span class="cx"> didReceiveHeader(policy->header(), policy->headerType(), ContentSecurityPolicy::PolicyFrom::Inherited);
</span><del>-
- copyUpgradeInsecureRequestStateFrom(*other);
</del><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> void ContentSecurityPolicy::copyUpgradeInsecureRequestStateFrom(const ContentSecurityPolicy& other)
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceWebCorepagecspContentSecurityPolicyDirectiveListcpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/WebCore/page/csp/ContentSecurityPolicyDirectiveList.cpp (214993 => 214994)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/WebCore/page/csp/ContentSecurityPolicyDirectiveList.cpp 2017-04-06 06:35:19 UTC (rev 214993)
+++ releases/WebKitGTK/webkit-2.14/Source/WebCore/page/csp/ContentSecurityPolicyDirectiveList.cpp 2017-04-06 06:37:16 UTC (rev 214994)
</span><span class="lines">@@ -307,19 +307,18 @@
</span><span class="cx"> String name, value;
</span><span class="cx"> if (parseDirective(directiveBegin, position, name, value)) {
</span><span class="cx"> ASSERT(!name.isEmpty());
</span><del>- switch (policyFrom) {
- case ContentSecurityPolicy::PolicyFrom::HTTPEquivMeta:
</del><ins>+ if (policyFrom == ContentSecurityPolicy::PolicyFrom::Inherited) {
+ if (equalIgnoringASCIICase(name, ContentSecurityPolicyDirectiveNames::upgradeInsecureRequests))
+ continue;
+ } else if (policyFrom == ContentSecurityPolicy::PolicyFrom::HTTPEquivMeta) {
</ins><span class="cx"> if (equalIgnoringASCIICase(name, ContentSecurityPolicyDirectiveNames::sandbox)
</span><span class="cx"> || equalIgnoringASCIICase(name, ContentSecurityPolicyDirectiveNames::reportURI)
</span><span class="cx"> || equalIgnoringASCIICase(name, ContentSecurityPolicyDirectiveNames::frameAncestors)) {
</span><span class="cx"> m_policy.reportInvalidDirectiveInHTTPEquivMeta(name);
</span><del>- break;
</del><ins>+ continue;
</ins><span class="cx"> }
</span><del>- FALLTHROUGH;
- default:
- addDirective(name, value);
- break;
</del><span class="cx"> }
</span><ins>+ addDirective(name, value);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> ASSERT(position == end || *position == ';');
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceWebCorexmlXSLTProcessorcpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/WebCore/xml/XSLTProcessor.cpp (214993 => 214994)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/WebCore/xml/XSLTProcessor.cpp 2017-04-06 06:35:19 UTC (rev 214993)
+++ releases/WebKitGTK/webkit-2.14/Source/WebCore/xml/XSLTProcessor.cpp 2017-04-06 06:37:16 UTC (rev 214994)
</span><span class="lines">@@ -94,6 +94,7 @@
</span><span class="cx"> result->setCookieURL(oldDocument->cookieURL());
</span><span class="cx"> result->setFirstPartyForCookies(oldDocument->firstPartyForCookies());
</span><span class="cx"> result->contentSecurityPolicy()->copyStateFrom(oldDocument->contentSecurityPolicy());
</span><ins>+ result->contentSecurityPolicy()->copyUpgradeInsecureRequestStateFrom(*oldDocument->contentSecurityPolicy());
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> frame->setDocument(result.copyRef());
</span></span></pre>
</div>
</div>
</body>
</html>