We should merge <https://src.chromium.org/viewvc/blink?view=rev&revision=155362>. Make dynamically-added favicons (via link rel="icon") obey Content-Security-Policy. This is the spec'd behaviour.
<rdar://problem/24383176>
Created attachment 276532 [details] Dan Bates Patch
Comment on attachment 276532 [details] Dan Bates Patch Note that this patch is actually Dan Bates' work, not mine :-)
Comment on attachment 276532 [details] Dan Bates Patch r=me. Will land if the tests all pass.
Comment on attachment 276532 [details] Dan Bates Patch Rejecting attachment 276532 [details] from commit-queue. Failed to run "['/Volumes/Data/EWS/WebKit/Tools/Scripts/webkit-patch', '--status-host=webkit-queues.webkit.org', '--bot-id=webkit-cq-01', 'validate-changelog', '--check-oops', '--non-interactive', 276532, '--port=mac']" exit_code: 1 cwd: /Volumes/Data/EWS/WebKit ChangeLog entry in LayoutTests/ChangeLog contains OOPS!. Full output: http://webkit-queues.webkit.org/results/1165865
Created attachment 276533 [details] Patch
Created attachment 276535 [details] Patch
Comment on attachment 276535 [details] Patch Attachment 276535 [details] did not pass mac-ews (mac): Output: http://webkit-queues.webkit.org/results/1166029 New failing tests: webarchive/test-link-rel-icon-beforeload.html
Created attachment 276536 [details] Archive of layout-test-results from ews102 for mac-yosemite The attached test failures were seen while running run-webkit-tests on the mac-ews. Bot: ews102 Port: mac-yosemite Platform: Mac OS X 10.10.5
Comment on attachment 276535 [details] Patch Attachment 276535 [details] did not pass mac-debug-ews (mac): Output: http://webkit-queues.webkit.org/results/1166093 New failing tests: webarchive/test-link-rel-icon-beforeload.html
Created attachment 276539 [details] Archive of layout-test-results from ews115 for mac-yosemite The attached test failures were seen while running run-webkit-tests on the mac-debug-ews. Bot: ews115 Port: mac-yosemite Platform: Mac OS X 10.10.5
Created attachment 276571 [details] Patch
Updated patch to continue to emit the onbeforeload event for icon loads.
Comment on attachment 276571 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=276571&action=review > Source/WebCore/ChangeLog:3 > + CSP: Make dynamically-added favicons (via link rel="icon") obey Content-Security-Policy This no longer seems like an appropriate bug title for this code change. > Source/WebCore/loader/LinkLoader.cpp:41 > +#include "ContentSecurityPolicy.h" Please don’t add this include.
Committed r199673: <http://trac.webkit.org/changeset/199673>