commit bd0c7751aa61021dc735572521b62efa4ea39bfc
author abarth@webkit.org <abarth@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc> Sat May 07 02:13:06 2011 +0000
committer abarth@webkit.org <abarth@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc> Sat May 07 02:13:06 2011 +0000
tree 4541355cbe92a67075f925a92f9e9543d6482e4f
parent 588a3d4855ae191acea504a1744c4e593a9cffc3

2011-05-06  Adam Barth  <abarth@webkit.org>

        Reviewed by Eric Seidel.

        Implement "Report-Only" mode for CSP
        https://bugs.webkit.org/show_bug.cgi?id=60402

        * http/tests/security/contentSecurityPolicy/report-only-expected.txt: Added.
        * http/tests/security/contentSecurityPolicy/report-only.html: Added.
2011-05-06  Adam Barth  <abarth@webkit.org>

        Reviewed by Eric Seidel.

        Implement "Report-Only" mode for CSP
        https://bugs.webkit.org/show_bug.cgi?id=60402

        This mode lets web sites try out CSP by getting violation reports (and
        console spam) without actually changing the behavior of their web sites.

        Test: http/tests/security/contentSecurityPolicy/report-only.html

        * dom/Document.cpp:
        (WebCore::Document::processHttpEquiv):
        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::didBeginDocument):
        * page/ContentSecurityPolicy.cpp:
        (WebCore::ContentSecurityPolicy::ContentSecurityPolicy):
        (WebCore::ContentSecurityPolicy::didReceiveHeader):
        (WebCore::ContentSecurityPolicy::reportViolation):
        (WebCore::ContentSecurityPolicy::checkInlineAndReportViolation):
        (WebCore::ContentSecurityPolicy::checkEvalAndReportViolation):
        (WebCore::ContentSecurityPolicy::checkSourceAndReportViolation):
        (WebCore::ContentSecurityPolicy::allowJavaScriptURLs):
        * page/ContentSecurityPolicy.h:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@85993 268f45cc-cd09-0410-ab3c-d52691b4dbfc