[webkit-reviews] review granted: [Bug 113387] X-Frame-Options: Multiple headers are ignored completely. : [Attachment 195300] Patch
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Mar 27 10:40:50 PDT 2013
Nate Chapin <japhet at chromium.org> has granted Mike West <mkwst at chromium.org>'s
request for review:
Bug 113387: X-Frame-Options: Multiple headers are ignored completely.
https://bugs.webkit.org/show_bug.cgi?id=113387
Attachment 195300: Patch
https://bugs.webkit.org/attachment.cgi?id=195300&action=review
------- Additional Comments from Nate Chapin <japhet at chromium.org>
View in context: https://bugs.webkit.org/attachment.cgi?id=195300&action=review
One style nit...
> Source/WebCore/loader/FrameLoader.cpp:2984
> + default:
> + m_frame->document()->addConsoleMessage(JSMessageSource,
ErrorMessageLevel, "Invalid 'X-Frame-Options' header encountered when loading
'" + url.elidedString() + "': '" + content + "' is not a recognized directive.
The header will be ignored.", requestIdentifier);
> + return false;
I think it's more common in WebKit (or at least the parts I frequent) to
explicitly state all cases and have the default be ASSERT_NOT_REACHED().
More information about the webkit-reviews
mailing list