mirrors/ladybird
0
0
Fork 0
mirror of https://github.com/LadybirdBrowser/ladybird.git synced 2025-07-29 12:19:54 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 9

LibWeb: Avoid accessing opaque origin port during CSP checks

Browse source
This commit is contained in:
Tim Ledbetter 2025-07-13 05:31:12 +01:00 committed by Jelle Raaijmakers
commit 941da11ece
Notes: github-actions[bot] 2025-07-13 12:34:40 +00:00
5 changed files with 111 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
Libraries/LibWeb/ContentSecurityPolicy/Directives/DirectiveOperations.cpp
View file

@ -541,7 +541,7 @@ MatchResult does_url_match_expression_in_origin_with_redirect_count(URL::URL con
origin_port = origin.port();
}
if (origin_host == url.host() && (origin.port() == url.port() || (origin_port == origin_default_port && url.port() == url_default_port))) {
if (origin_host == url.host() && (origin_port == url.port() || (origin_port == origin_default_port && url.port() == url_default_port))) {
// 1. urls scheme is "https" or "wss"
if (url.scheme() == "https"sv || url.scheme() == "wss"sv)
return MatchResult::Matches;