-
weinig@apple.com authored
https://bugs.webkit.org/show_bug.cgi?id=69353 Reviewed by Adam Barth. Add CSP support for XMLHttpRequest, WebSockets and EventSource. Source/WebCore: Tests: http/tests/security/contentSecurityPolicy/connect-src-eventsource-allowed.html http/tests/security/contentSecurityPolicy/connect-src-eventsource-blocked.html http/tests/security/contentSecurityPolicy/connect-src-websocket-allowed.html http/tests/security/contentSecurityPolicy/connect-src-websocket-blocked.html http/tests/security/contentSecurityPolicy/connect-src-xmlhttprequest-allowed.html http/tests/security/contentSecurityPolicy/connect-src-xmlhttprequest-blocked.html * page/ContentSecurityPolicy.cpp: (WebCore::ContentSecurityPolicy::allowConnectFromSource): (WebCore::ContentSecurityPolicy::addDirective): * page/ContentSecurityPolicy.h: Add connect-src directive parsing and predicate. * page/EventSource.cpp: (WebCore::EventSource::create): * websockets/WebSocket.cpp: (WebCore::WebSocket::connect): * xml/XMLHttpRequest.cpp: (WebCore::XMLHttpRequest::open): Test allowConnectFromSource when establishing a connection. LayoutTests: * http/tests/security/contentSecurityPolicy/connect-src-eventsource-allowed-expected.txt: Added. * http/tests/security/contentSecurityPolicy/connect-src-eventsource-allowed.html: Added. * http/tests/security/contentSecurityPolicy/connect-src-eventsource-blocked-expected.txt: Added. * http/tests/security/contentSecurityPolicy/connect-src-eventsource-blocked.html: Added. * http/tests/security/contentSecurityPolicy/connect-src-websocket-allowed-expected.txt: Added. * http/tests/security/contentSecurityPolicy/connect-src-websocket-allowed.html: Added. * http/tests/security/contentSecurityPolicy/connect-src-websocket-blocked-expected.txt: Added. * http/tests/security/contentSecurityPolicy/connect-src-websocket-blocked.html: Added. * http/tests/security/contentSecurityPolicy/connect-src-xmlhttprequest-allowed-expected.txt: Added. * http/tests/security/contentSecurityPolicy/connect-src-xmlhttprequest-allowed.html: Added. * http/tests/security/contentSecurityPolicy/connect-src-xmlhttprequest-blocked-expected.txt: Added. * http/tests/security/contentSecurityPolicy/connect-src-xmlhttprequest-blocked.html: Added. git-svn-id: http://svn.webkit.org/repository/webkit/trunk@96621 268f45cc-cd09-0410-ab3c-d52691b4dbfc
5f414e1d