Index: third_party/WebKit/Source/core/frame/csp/CSPSource.cpp |
diff --git a/third_party/WebKit/Source/core/frame/csp/CSPSource.cpp b/third_party/WebKit/Source/core/frame/csp/CSPSource.cpp |
index 81f66964e4db03816d773a155880f1434aa993bd..048ffcf414678e30ab747058100aef57f3019ed6 100644 |
--- a/third_party/WebKit/Source/core/frame/csp/CSPSource.cpp |
+++ b/third_party/WebKit/Source/core/frame/csp/CSPSource.cpp |
@@ -74,7 +74,7 @@ bool CSPSource::hostMatches(const String& host) const { |
} |
bool CSPSource::pathMatches(const String& urlPath) const { |
- if (m_path.isEmpty()) |
+ if (m_path.isEmpty() || (m_path == "/" && urlPath.isEmpty())) |
return true; |
String path = decodeURLEscapeSequences(urlPath); |
@@ -154,7 +154,9 @@ CSPSource* CSPSource::intersect(CSPSource* other) const { |
} |
String host = m_hostWildcard == NoWildcard ? m_host : other->m_host; |
- String path = other->pathMatches(m_path) ? m_path : other->m_path; |
+ // Since sources are similar and paths match, pick the longer one. |
+ String path = |
+ m_path.length() > other->m_path.length() ? m_path : other->m_path; |
amalika
2016/12/08 19:30:59
Simplified the logic instead of adding another che
|
// Choose this port if the other port is empty, has wildcard or is a port for |
// a less secure scheme such as "http" whereas scheme of this is "https", in |
// which case the lengths would differ. |