Bug 153151 - CSP: Remove stubs for dynamically-added favicons (via link rel="icon")
Summary: CSP: Remove stubs for dynamically-added favicons (via link rel="icon")
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebCore Misc. (show other bugs)
Version: WebKit Local Build
Hardware: All All
: P2 Normal
Assignee: Brent Fulgham
URL:
Keywords: BlinkMergeCandidate, InRadar
Depends on:
Blocks:
 
Reported: 2016-01-15 14:57 PST by Daniel Bates
Modified: 2016-04-19 20:55 PDT (History)
9 users (show)

See Also:

Attachments
Dan Bates Patch (9.02 KB, patch)
2016-04-15 17:43 PDT, Brent Fulgham 		no flags Details | Formatted Diff | Diff
Patch (8.99 KB, patch)
2016-04-15 17:57 PDT, Brent Fulgham 		no flags Details | Formatted Diff | Diff
Patch (17.13 KB, patch)
2016-04-15 18:26 PDT, Brent Fulgham 		no flags Details | Formatted Diff | Diff
Archive of layout-test-results from ews102 for mac-yosemite (1.06 MB, application/zip)
2016-04-15 18:53 PDT, Build Bot 		no flags Details
Archive of layout-test-results from ews115 for mac-yosemite (956.60 KB, application/zip)
2016-04-15 19:32 PDT, Build Bot 		no flags Details
Patch (16.75 KB, patch)
2016-04-16 21:07 PDT, Brent Fulgham 		darin: review+
Details | Formatted Diff | Diff
Show Obsolete (5) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Daniel Bates 2016-01-15 14:57:01 PST 
We should merge <https://src.chromium.org/viewvc/blink?view=rev&revision=155362>.

Make dynamically-added favicons (via link rel="icon") obey Content-Security-Policy.  This is the spec'd behaviour.
Comment 1 Radar WebKit Bug Importer 2016-01-27 20:33:58 PST 
<rdar://problem/24383176>
Comment 2 Brent Fulgham 2016-04-15 17:43:13 PDT 
Created attachment 276532 [details]
Dan Bates Patch
Comment 3 Brent Fulgham 2016-04-15 17:49:52 PDT 
Comment on attachment 276532 [details]
Dan Bates Patch

Note that this patch is actually Dan Bates' work, not mine :-)
Comment 4 Brent Fulgham 2016-04-15 17:50:29 PDT 
Comment on attachment 276532 [details]
Dan Bates Patch

r=me. Will land if the tests all pass.
Comment 5 WebKit Commit Bot 2016-04-15 17:51:52 PDT 
Comment on attachment 276532 [details]
Dan Bates Patch

Rejecting attachment 276532 [details] from commit-queue.

Failed to run "['/Volumes/Data/EWS/WebKit/Tools/Scripts/webkit-patch', '--status-host=webkit-queues.webkit.org', '--bot-id=webkit-cq-01', 'validate-changelog', '--check-oops', '--non-interactive', 276532, '--port=mac']" exit_code: 1 cwd: /Volumes/Data/EWS/WebKit

ChangeLog entry in LayoutTests/ChangeLog contains OOPS!.

Full output: http://webkit-queues.webkit.org/results/1165865
Comment 6 Brent Fulgham 2016-04-15 17:57:32 PDT 
Created attachment 276533 [details]
Patch
Comment 7 Brent Fulgham 2016-04-15 18:26:15 PDT 
Created attachment 276535 [details]
Patch
Comment 8 Build Bot 2016-04-15 18:53:23 PDT 
Comment on attachment 276535 [details]
Patch

Attachment 276535 [details] did not pass mac-ews (mac):
Output: http://webkit-queues.webkit.org/results/1166029

New failing tests:
webarchive/test-link-rel-icon-beforeload.html
Comment 9 Build Bot 2016-04-15 18:53:27 PDT 
Created attachment 276536 [details]
Archive of layout-test-results from ews102 for mac-yosemite

The attached test failures were seen while running run-webkit-tests on the mac-ews.
Bot: ews102  Port: mac-yosemite  Platform: Mac OS X 10.10.5
Comment 10 Build Bot 2016-04-15 19:32:06 PDT 
Comment on attachment 276535 [details]
Patch

Attachment 276535 [details] did not pass mac-debug-ews (mac):
Output: http://webkit-queues.webkit.org/results/1166093

New failing tests:
webarchive/test-link-rel-icon-beforeload.html
Comment 11 Build Bot 2016-04-15 19:32:10 PDT 
Created attachment 276539 [details]
Archive of layout-test-results from ews115 for mac-yosemite

The attached test failures were seen while running run-webkit-tests on the mac-debug-ews.
Bot: ews115  Port: mac-yosemite  Platform: Mac OS X 10.10.5
Comment 12 Brent Fulgham 2016-04-16 21:07:45 PDT 
Created attachment 276571 [details]
Patch
Comment 13 Brent Fulgham 2016-04-16 21:08:57 PDT 
Updated patch to continue to emit the onbeforeload event for icon loads.
Comment 14 Darin Adler 2016-04-17 09:19:53 PDT 
Comment on attachment 276571 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=276571&action=review

> Source/WebCore/ChangeLog:3
> +        CSP: Make dynamically-added favicons (via link rel="icon") obey Content-Security-Policy

This no longer seems like an appropriate bug title for this code change.

> Source/WebCore/loader/LinkLoader.cpp:41
> +#include "ContentSecurityPolicy.h"

Please don’t add this include.
Comment 15 Brent Fulgham 2016-04-18 09:45:18 PDT 
Committed r199673: <http://trac.webkit.org/changeset/199673>