-
mkwst@chromium.org authored
https://bugs.webkit.org/show_bug.cgi?id=111254 Reviewed by Adam Barth. Source/WebCore: We'd like to ensure that early adopters don't get stuck on a prefixed header; when CSP 1.1 is baked enough to be supported in multiple browsers, everything should Just Work™. This patch changes WebKit's behavior regarding CSP_NEXT features. Currently, they're only exposed on the prefixed header ('X-WebKit-CSP'). This patch exposes those features on the canonical header, assuming that the runtime flag is set. This shouldn't have any effect at all on ports that haven't yet enabled CSP_NEXT, and will simply clear the way for a clean deployment to a wider audience once the specification process is further along. This change shouldn't have any effect on the existing tests: they should run just as they did before. The next step will be to adjust the LayoutTests for 1.1 to prefer the canonical header, but I'll do that in another patch to reduce churn. Related, the enum names no longer made sense: the difference between the canonical 'Content-Security-Policy' header and 'X-WebKit-CSP' is the prefix, not the functionality. This patch renames them for clarity. * dom/Document.cpp: (WebCore::Document::processHttpEquiv): * loader/FrameLoader.cpp: (WebCore::FrameLoader::didBeginDocument): Use the new enum names. * page/ContentSecurityPolicy.cpp: (CSPDirectiveList): (WebCore::CSPDirectiveList::CSPDirectiveList): (WebCore::CSPDirectiveList::addDirective): Drop the 'm_experimental' property from CSPDirectiveList; we'll control the behavior via the runtime flag from now on. Also, this fixes a small bug in 'addDirective()': we never threw unrecognized directive errors for users who were sending the prefixed header. Oops! (WebCore::ContentSecurityPolicy::deprecatedHeaderType): Use the new enum names. * page/ContentSecurityPolicy.h: Redefine the enum for clarity: 'PrefixedReport' and 'Report' rather than 'ReportAllDirectives' and 'ReportStableDirectives'. Source/WebKit/chromium: The enum names no longer made sense: the difference between the canonical 'Content-Security-Policy' header and 'X-WebKit-CSP' is the prefix, not the functionality. This patch renames them for clarity. * public/WebContentSecurityPolicy.h: * src/AssertMatchingEnums.cpp: Rename the Chromium side of the enums. git-svn-id: http://svn.webkit.org/repository/webkit/trunk@144571 268f45cc-cd09-0410-ab3c-d52691b4dbfc
0bd6dea0