Fix CSP navigation request blocking

domenic · web-flow · commit 304782ca5746 · 2025-02-06T10:22:41.000+09:00
Closes whatwg#10796, by passing along the intended snapshotted source CSP instead of attempting to look up the policy container from the request (which will not work when it's left as "client"). w3c/webappsec-csp#692 is also necessary to fully get the intended behavior.
diff --git a/source b/source
@@ -100178,8 +100178,8 @@ location.href = '#foo';</code></pre>
    <dd><var>sourceDocument</var>'s <span>relevant settings object</span></dd>
 
    <dt><span data-x="source-snapshot-params-policy-container">source policy container</span></dt>
-   <dd><var>sourceDocument</var>'s <span data-x="concept-document-policy-container">policy
-   container</span></dd>
+   <dd>a <span data-x="clone a policy container">clone</span> of <var>sourceDocument</var>'s <span
+   data-x="concept-document-policy-container">policy container</span></dd>
   </dl>
 
   <hr>
@@ -100576,8 +100576,9 @@ location.href = '#foo';</code></pre>
      <li><p><span>Queue a global task</span> on the <span>navigation and traversal task
      source</span> given <var>navigable</var>'s <span data-x="nav-window">active window</span> to
      <span>navigate to a <code>javascript:</code> URL</span> given <var>navigable</var>,
-     <var>url</var>, <var>historyHandling</var>, <var>initiatorOriginSnapshot</var>,
-     <var>userInvolvement</var>, and <var>cspNavigationType</var>.</p></li>
+     <var>url</var>, <var>historyHandling</var>, <var>sourceSnapshotParams</var>,
+     <var>initiatorOriginSnapshot</var>, <var>userInvolvement</var>, and
+     <var>cspNavigationType</var>.</p></li>
 
      <li><p>Return.</p></li>
     </ol>
@@ -100951,8 +100952,9 @@ location.href = '#foo';</code></pre>
 
   <p>To <dfn>navigate to a <code>javascript:</code> URL</dfn>, given a <span>navigable</span>
   <var>targetNavigable</var>, a <span>URL</span> <var>url</var>, a <span>history handling
-  behavior</span> <var>historyHandling</var>, an <span>origin</span> <var>initiatorOrigin</var>, a
-  <span>user navigation involvement</span> <var>userInvolvement</var>, and a string
+  behavior</span> <var>historyHandling</var>, a <span>source snapshot params</span>
+  <var>sourceSnapshotParams</var>, an <span>origin</span> <var>initiatorOrigin</var>, a <span>user
+  navigation involvement</span> <var>userInvolvement</var>, and a string
   <var>cspNavigationType</var>:</p>
 
   <ol>
@@ -100967,7 +100969,10 @@ location.href = '#foo';</code></pre>
 
    <li>
     <p>Let <var>request</var> be a new <span data-x="concept-request">request</span> whose <span
-    data-x="concept-request-url">URL</span> is <var>url</var>.</p>
+    data-x="concept-request-url">URL</span> is <var>url</var> and whose <span
+    data-x="concept-request-policy-container">policy container</span> is
+    <var>sourceSnapshotParams</var>'s <span data-x="source-snapshot-params-policy-container">source
+    policy container</span>.</p>
 
     <p class="note">This is a synthetic <span data-x="concept-request">request</span> solely for
     plumbing into the next step. It will never hit the network.</p>
@@ -102640,6 +102645,10 @@ location.href = '#foo';</code></pre>
      <dt><span data-x="concept-request-referrer-policy">referrer policy</span></dt>
      <dd><var>entry</var>'s <span data-x="she-document-state">document state</span>'s <span
      data-x="document-state-request-referrer-policy">request referrer policy</span></dd>
+
+     <dt><span data-x="concept-request-policy-container">policy container</span></dt>
+     <dd><var>sourceSnapshotParams</var>'s <span
+     data-x="source-snapshot-params-policy-container">source policy container</span></dd>
     </dl>
    </li>
 
