[Webkit-unassigned] [Bug 129081] New: ASSERT in FrameLoader::shouldInterruptLoadForXFrameOptions

[bugzilla-daemon at webkit.org]

https://bugs.webkit.org/show_bug.cgi?id=129081

           Summary: ASSERT in
                    FrameLoader::shouldInterruptLoadForXFrameOptions
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: Unspecified
        OS/Version: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebCore Misc.
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: psolanki at apple.com
                CC: ap at webkit.org, eric.carlson at apple.com,
                    beidson at apple.com


Malformed servers that don't pass a value in X-Frame-Options can trigger this assert. e.g. on <http://mweb.cbssports.com/ncaab/eye-on-college-basketball/24436548/night-court-marcus-foster-stars-xavier-and-iowa-get-key-wins> there's a load of <https://vine.co/v/MWmZ7L31emm/card> in an iframe. The headers for that URL are

$ curl -I https://vine.co/v/MWmZ7L31emm/card
HTTP/1.1 200 OK
Cache-Control: max-age=1800
Content-Type: text/html; charset=utf-8
Date: Thu, 20 Feb 2014 05:36:30 GMT
Strict-Transport-Security: max-age=631138519
X-Content-Type-Options: nosniff
X-Frame-Options: 
X-XSS-Protection: 1; mode=block
Connection: keep-alive

The empty X-Frame-Options triggers the assert.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.