116067 2013-05-13 16:03:47 -0700 CSP: Redirects in DocumentThreadableLoader should respect the active policy 2016-01-15 14:38:56 -0800 1 1 1 Unclassified WebKit Page Loading 528+ (Nightly build) Unspecified Unspecified RESOLVED DUPLICATE 69359 BlinkMergeCandidate P2 Normal --- 1 rniwa webkit-unassigned ap beidson bfulgham dbates oldest_to_newest 888554 0 rniwa 2013-05-13 16:03:47 -0700 We should probably merge https://chromium.googlesource.com/chromium/blink/+/2853f594838e8bf24813482ad02f87853cae4366 CSP: Redirects in DocumentThreadableLoader should respect the active policy. Canary currently fails test 150[1] and 156[2] of Erlend Oftedal's "CSP Testing" checks[3]. Both fail because we currently only check the URL to which an XHR connects during 'xhr.open()'. This patch adjusts the checks happening inside DocumentThreadableLoader::redirectReceived in order to verify that the URL to which we've been redirected passes through the page's Content Security Policy as well. [1]: http://csptesting.herokuapp.com/test/load/150 [2]: http://csptesting.herokuapp.com/test/load/156 [3]: http://csptesting.herokuapp.com/ 1155942 1 dbates 2016-01-15 14:38:56 -0800 *** This bug has been marked as a duplicate of bug 69359 ***