[Webkit-unassigned] [Bug 129081] New: ASSERT in FrameLoader::shouldInterruptLoadForXFrameOptions
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Feb 19 21:39:47 PST 2014
https://bugs.webkit.org/show_bug.cgi?id=129081
Summary: ASSERT in
FrameLoader::shouldInterruptLoadForXFrameOptions
Product: WebKit
Version: 528+ (Nightly build)
Platform: Unspecified
OS/Version: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: WebCore Misc.
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: psolanki at apple.com
CC: ap at webkit.org, eric.carlson at apple.com,
beidson at apple.com
Malformed servers that don't pass a value in X-Frame-Options can trigger this assert. e.g. on <http://mweb.cbssports.com/ncaab/eye-on-college-basketball/24436548/night-court-marcus-foster-stars-xavier-and-iowa-get-key-wins> there's a load of <https://vine.co/v/MWmZ7L31emm/card> in an iframe. The headers for that URL are
$ curl -I https://vine.co/v/MWmZ7L31emm/card
HTTP/1.1 200 OK
Cache-Control: max-age=1800
Content-Type: text/html; charset=utf-8
Date: Thu, 20 Feb 2014 05:36:30 GMT
Strict-Transport-Security: max-age=631138519
X-Content-Type-Options: nosniff
X-Frame-Options:
X-XSS-Protection: 1; mode=block
Connection: keep-alive
The empty X-Frame-Options triggers the assert.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list