etc_portage

0007-Revert-Remove-support-for-PING-in-HTML-anchors-priva.patch (20979B)

From aa8f18d92cc4b753e1cdfe345b5bb0894bcdc2dc Mon Sep 17 00:00:00 2001
From: "Haelwenn (lanodan) Monnier" <contact@hacktivis.me>
Date: Wed, 13 Mar 2019 11:04:41 +0100
Subject: [PATCH 7/8] Revert "Remove support for PING in HTML anchors
 [privacy]"
This reverts commit 84921f7b5e96acf31472acd7752ca77158b4c657.
---
 Source/WebCore/Sources.txt                    |   1 +
 Source/WebCore/html/HTMLAnchorElement.cpp     |  16 ++
 .../html/parser/XSSAuditorDelegate.cpp        |   4 +
 Source/WebCore/loader/DocumentLoader.cpp      |   6 +
 Source/WebCore/loader/PingLoader.cpp          | 218 ++++++++++++++++++
 Source/WebCore/loader/PingLoader.h            |  62 +++++
 .../loader/cache/CachedResourceLoader.cpp     |   3 +
 .../page/csp/ContentSecurityPolicy.cpp        |   5 +
 Source/WebKit/WebProcess/WebPage/WebPage.cpp  |   3 +
 9 files changed, 318 insertions(+)
 create mode 100644 Source/WebCore/loader/PingLoader.cpp
 create mode 100644 Source/WebCore/loader/PingLoader.h
diff --git a/Source/WebCore/Sources.txt b/Source/WebCore/Sources.txt
index bbee4a0695..704e50c773 100644
--- a/Source/WebCore/Sources.txt
+++ b/Source/WebCore/Sources.txt
@@ -1276,6 +1276,7 @@ loader/NavigationAction.cpp
 loader/NavigationScheduler.cpp
 loader/NetscapePlugInStreamLoader.cpp
 loader/ServerTimingParser.cpp
+loader/PingLoader.cpp
 loader/PolicyChecker.cpp
 loader/ProgressTracker.cpp
 loader/ResourceCryptographicDigest.cpp
diff --git a/Source/WebCore/html/HTMLAnchorElement.cpp b/Source/WebCore/html/HTMLAnchorElement.cpp
index e53302748d..0155fc70a1 100644
--- a/Source/WebCore/html/HTMLAnchorElement.cpp
+++ b/Source/WebCore/html/HTMLAnchorElement.cpp
@@ -39,6 +39,7 @@
 #include "HTMLPictureElement.h"
 #include "KeyboardEvent.h"
 #include "MouseEvent.h"
+#include "PingLoader.h"
 #include "PlatformMouseEvent.h"
 #include "RenderImage.h"
 #include "ResourceRequest.h"
@@ -363,6 +364,19 @@ bool HTMLAnchorElement::isLiveLink() const
     return isLink() && treatLinkAsLiveForEventType(m_wasShiftKeyDownOnMouseDown ? MouseEventWithShiftKey : MouseEventWithoutShiftKey);
 }
 
+void HTMLAnchorElement::sendPings(const URL& destinationURL)
+{
+    if (!document().frame())
+        return;
+
+    if (!hasAttributeWithoutSynchronization(pingAttr) || !document().settings().hyperlinkAuditingEnabled())
+        return;
+
+    SpaceSplitString pingURLs(attributeWithoutSynchronization(pingAttr), false);
+    for (unsigned i = 0; i < pingURLs.size(); i++)
+        PingLoader::sendPing(*document().frame(), document().completeURL(pingURLs[i]), destinationURL);
+}
+
 #if USE(SYSTEM_PREVIEW)
 bool HTMLAnchorElement::isSystemPreviewLink() const
 {
@@ -428,6 +442,8 @@ void HTMLAnchorElement::handleClick(Event& event)
     ShouldSendReferrer shouldSendReferrer = hasRel(Relation::NoReferrer) ? NeverSendReferrer : MaybeSendReferrer;
     auto newFrameOpenerPolicy = hasRel(Relation::NoOpener) ? std::make_optional(NewFrameOpenerPolicy::Suppress) : std::nullopt;
     frame->loader().urlSelected(completedURL, target(), &event, LockHistory::No, LockBackForwardList::No, shouldSendReferrer, document().shouldOpenExternalURLsPolicyToPropagate(), newFrameOpenerPolicy, downloadAttribute, systemPreviewInfo);
+
+    sendPings(completedURL);
 }
 
 HTMLAnchorElement::EventType HTMLAnchorElement::eventType(Event& event)
diff --git a/Source/WebCore/html/parser/XSSAuditorDelegate.cpp b/Source/WebCore/html/parser/XSSAuditorDelegate.cpp
index e8c69162aa..80b4213669 100644
--- a/Source/WebCore/html/parser/XSSAuditorDelegate.cpp
+++ b/Source/WebCore/html/parser/XSSAuditorDelegate.cpp
@@ -35,6 +35,7 @@
 #include "FrameLoaderClient.h"
 #include "HTMLParserIdioms.h"
 #include "NavigationScheduler.h"
+#include "PingLoader.h"
 #include <wtf/JSONValues.h>
 #include <wtf/text/StringBuilder.h>
 #include <wtf/text/CString.h>
@@ -103,6 +104,9 @@ void XSSAuditorDelegate::didBlockScript(const XSSInfo& xssInfo)
         m_didSendNotifications = true;
 
         frameLoader.client().didDetectXSS(m_document.url(), xssInfo.m_didBlockEntirePage);
+
+        if (!m_reportURL.isEmpty())
+            PingLoader::sendViolationReport(*m_document.frame(), m_reportURL, generateViolationReport(xssInfo), ViolationReportType::XSSAuditor);
     }
 
     if (xssInfo.m_didBlockEntirePage)
diff --git a/Source/WebCore/loader/DocumentLoader.cpp b/Source/WebCore/loader/DocumentLoader.cpp
index 37cf9602b2..b9fc289660 100644
--- a/Source/WebCore/loader/DocumentLoader.cpp
+++ b/Source/WebCore/loader/DocumentLoader.cpp
@@ -65,6 +65,7 @@
 #include "MemoryCache.h"
 #include "NetworkLoadMetrics.h"
 #include "Page.h"
+#include "PingLoader.h"
 #include "PlatformStrategies.h"
 #include "PolicyChecker.h"
 #include "ProgressTracker.h"
@@ -2057,6 +2058,11 @@ void DocumentLoader::addConsoleMessage(MessageSource messageSource, MessageLevel
     static_cast<ScriptExecutionContext*>(m_frame->document())->addConsoleMessage(messageSource, messageLevel, message, requestIdentifier);
 }
 
+void DocumentLoader::sendCSPViolationReport(URL&& reportURL, Ref<FormData>&& report)
+{
+    PingLoader::sendViolationReport(*m_frame, WTFMove(reportURL), WTFMove(report), ViolationReportType::ContentSecurityPolicy);
+}
+
 void DocumentLoader::enqueueSecurityPolicyViolationEvent(SecurityPolicyViolationEvent::Init&& eventInit)
 {
     m_frame->document()->enqueueSecurityPolicyViolationEvent(WTFMove(eventInit));
diff --git a/Source/WebCore/loader/PingLoader.cpp b/Source/WebCore/loader/PingLoader.cpp
new file mode 100644
index 0000000000..134e5560e6
--- /dev/null
+++ b/Source/WebCore/loader/PingLoader.cpp
@@ -0,0 +1,218 @@
+/*
+ * Copyright (C) 2010 Google Inc. All rights reserved.
+ * Copyright (C) 2015 Roopesh Chander (roop@roopc.net)
+ * Copyright (C) 2015-2017 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
+ * met:
+ *
+ *     * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *     * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following disclaimer
+ * in the documentation and/or other materials provided with the
+ * distribution.
+ *     * Neither the name of Google Inc. nor the names of its
+ * contributors may be used to endorse or promote products derived from
+ * this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#include "config.h"
+#include "PingLoader.h"
+
+#include "ContentSecurityPolicy.h"
+#include "Document.h"
+#include "Frame.h"
+#include "FrameLoader.h"
+#include "FrameLoaderClient.h"
+#include "InspectorInstrumentation.h"
+#include "LoaderStrategy.h"
+#include "NetworkLoadMetrics.h"
+#include "Page.h"
+#include "PlatformStrategies.h"
+#include "ProgressTracker.h"
+#include "ResourceHandle.h"
+#include "ResourceLoadInfo.h"
+#include "ResourceRequest.h"
+#include "ResourceResponse.h"
+#include "SecurityOrigin.h"
+#include "SecurityPolicy.h"
+#include "UserContentController.h"
+#include <wtf/text/CString.h>
+
+namespace WebCore {
+
+#if !ENABLE(CONTENT_EXTENSIONS)
+
+// Returns true if we should block the load.
+static inline bool processContentExtensionRulesForLoad(const Frame&, ResourceRequest&, ResourceType)
+{
+    return false;
+}
+
+#else
+
+// Returns true if we should block the load.
+static bool processContentExtensionRulesForLoad(const Frame& frame, ResourceRequest& request, ResourceType resourceType)
+{
+    auto* documentLoader = frame.loader().documentLoader();
+    if (!documentLoader)
+        return false;
+    auto* page = frame.page();
+    if (!page)
+        return false;
+    auto status = page->userContentProvider().processContentExtensionRulesForLoad(request.url(), resourceType, *documentLoader);
+    applyBlockedStatusToRequest(status, page, request);
+    return status.blockedLoad;
+}
+
+#endif
+
+void PingLoader::loadImage(Frame& frame, const URL& url)
+{
+    ASSERT(frame.document());
+    auto& document = *frame.document();
+
+    if (!document.securityOrigin().canDisplay(url)) {
+        FrameLoader::reportLocalLoadFailed(&frame, url);
+        return;
+    }
+
+    ResourceRequest request(url);
+    if (processContentExtensionRulesForLoad(frame, request, ResourceType::Image))
+        return;
+
+    document.contentSecurityPolicy()->upgradeInsecureRequestIfNeeded(request, ContentSecurityPolicy::InsecureRequestType::Load);
+
+    request.setHTTPHeaderField(HTTPHeaderName::CacheControl, "max-age=0");
+
+    HTTPHeaderMap originalRequestHeader = request.httpHeaderFields();
+
+    String referrer = SecurityPolicy::generateReferrerHeader(document.referrerPolicy(), request.url(), frame.loader().outgoingReferrer());
+    if (!referrer.isEmpty())
+        request.setHTTPReferrer(referrer);
+    frame.loader().addExtraFieldsToSubresourceRequest(request);
+
+    startPingLoad(frame, request, WTFMove(originalRequestHeader), ShouldFollowRedirects::Yes);
+}
+
+// http://www.whatwg.org/specs/web-apps/current-work/multipage/links.html#hyperlink-auditing
+void PingLoader::sendPing(Frame& frame, const URL& pingURL, const URL& destinationURL)
+{
+    ASSERT(frame.document());
+
+    if (!pingURL.protocolIsInHTTPFamily())
+        return;
+
+    ResourceRequest request(pingURL);
+    if (processContentExtensionRulesForLoad(frame, request, ResourceType::Raw))
+        return;
+
+    auto& document = *frame.document();
+    document.contentSecurityPolicy()->upgradeInsecureRequestIfNeeded(request, ContentSecurityPolicy::InsecureRequestType::Load);
+
+    request.setHTTPMethod("POST");
+    request.setHTTPContentType("text/ping");
+    request.setHTTPBody(FormData::create("PING"));
+    request.setHTTPHeaderField(HTTPHeaderName::CacheControl, "max-age=0");
+
+    HTTPHeaderMap originalRequestHeader = request.httpHeaderFields();
+
+    frame.loader().addExtraFieldsToSubresourceRequest(request);
+
+    auto& sourceOrigin = document.securityOrigin();
+    FrameLoader::addHTTPOriginIfNeeded(request, sourceOrigin.toString());
+    request.setHTTPHeaderField(HTTPHeaderName::PingTo, destinationURL);
+    if (!SecurityPolicy::shouldHideReferrer(pingURL, frame.loader().outgoingReferrer())) {
+        request.setHTTPHeaderField(HTTPHeaderName::PingFrom, document.url());
+        if (!sourceOrigin.isSameSchemeHostPort(SecurityOrigin::create(pingURL).get())) {
+            String referrer = SecurityPolicy::generateReferrerHeader(document.referrerPolicy(), pingURL, frame.loader().outgoingReferrer());
+            if (!referrer.isEmpty())
+                request.setHTTPReferrer(referrer);
+        }
+    }
+
+    startPingLoad(frame, request, WTFMove(originalRequestHeader), ShouldFollowRedirects::Yes);
+}
+
+void PingLoader::sendViolationReport(Frame& frame, const URL& reportURL, Ref<FormData>&& report, ViolationReportType reportType)
+{
+    ASSERT(frame.document());
+
+    ResourceRequest request(reportURL);
+    if (processContentExtensionRulesForLoad(frame, request, ResourceType::Raw))
+        return;
+
+    auto& document = *frame.document();
+    document.contentSecurityPolicy()->upgradeInsecureRequestIfNeeded(request, ContentSecurityPolicy::InsecureRequestType::Load);
+
+    request.setHTTPMethod("POST"_s);
+    request.setHTTPBody(WTFMove(report));
+    switch (reportType) {
+    case ViolationReportType::ContentSecurityPolicy:
+        request.setHTTPContentType("application/csp-report"_s);
+        break;
+    case ViolationReportType::XSSAuditor:
+        request.setHTTPContentType("application/json"_s);
+        break;
+    }
+
+    bool removeCookies = true;
+    if (document.securityOrigin().isSameSchemeHostPort(SecurityOrigin::create(reportURL).get()))
+        removeCookies = false;
+    if (removeCookies)
+        request.setAllowCookies(false);
+
+    HTTPHeaderMap originalRequestHeader = request.httpHeaderFields();
+
+    frame.loader().addExtraFieldsToSubresourceRequest(request);
+
+    String referrer = SecurityPolicy::generateReferrerHeader(document.referrerPolicy(), reportURL, frame.loader().outgoingReferrer());
+    if (!referrer.isEmpty())
+        request.setHTTPReferrer(referrer);
+
+    startPingLoad(frame, request, WTFMove(originalRequestHeader), ShouldFollowRedirects::No);
+}
+
+void PingLoader::startPingLoad(Frame& frame, ResourceRequest& request, HTTPHeaderMap&& originalRequestHeaders, ShouldFollowRedirects shouldFollowRedirects)
+{
+    unsigned long identifier = frame.page()->progress().createUniqueIdentifier();
+    // FIXME: Why activeDocumentLoader? I would have expected documentLoader().
+    // It seems like the PingLoader should be associated with the current
+    // Document in the Frame, but the activeDocumentLoader will be associated
+    // with the provisional DocumentLoader if there is a provisional
+    // DocumentLoader.
+    bool shouldUseCredentialStorage = frame.loader().client().shouldUseCredentialStorage(frame.loader().activeDocumentLoader(), identifier);
+    FetchOptions options;
+    options.credentials = shouldUseCredentialStorage ? FetchOptions::Credentials::Include : FetchOptions::Credentials::Omit;
+    options.redirect = shouldFollowRedirects == ShouldFollowRedirects::Yes ? FetchOptions::Redirect::Follow : FetchOptions::Redirect::Error;
+
+    // FIXME: Move ping loads to normal subresource loading to get normal inspector request instrumentation hooks.
+    InspectorInstrumentation::willSendRequestOfType(&frame, identifier, frame.loader().activeDocumentLoader(), request, InspectorInstrumentation::LoadType::Ping);
+
+    platformStrategies()->loaderStrategy()->startPingLoad(frame, request, WTFMove(originalRequestHeaders), options, [protectedFrame = makeRef(frame), identifier] (const ResourceError& error, const ResourceResponse& response) {
+        if (!response.isNull())
+            InspectorInstrumentation::didReceiveResourceResponse(protectedFrame, identifier, protectedFrame->loader().activeDocumentLoader(), response, nullptr);
+        if (error.isNull()) {
+            NetworkLoadMetrics emptyMetrics;
+            InspectorInstrumentation::didFinishLoading(protectedFrame.ptr(), protectedFrame->loader().activeDocumentLoader(), identifier, emptyMetrics, nullptr);
+        } else
+            InspectorInstrumentation::didFailLoading(protectedFrame.ptr(), protectedFrame->loader().activeDocumentLoader(), identifier, error);
+    });
+}
+
+}
diff --git a/Source/WebCore/loader/PingLoader.h b/Source/WebCore/loader/PingLoader.h
new file mode 100644
index 0000000000..15489dcf04
--- /dev/null
+++ b/Source/WebCore/loader/PingLoader.h
@@ -0,0 +1,62 @@
+/*
+ * Copyright (C) 2010 Google Inc. All rights reserved.
+ * Copyright (C) 2017 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
+ * met:
+ *
+ *     * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *     * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following disclaimer
+ * in the documentation and/or other materials provided with the
+ * distribution.
+ *     * Neither the name of Google Inc. nor the names of its
+ * contributors may be used to endorse or promote products derived from
+ * this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#pragma once
+
+#include <wtf/Forward.h>
+#include <wtf/Ref.h>
+
+namespace WebCore {
+
+class FormData;
+class Frame;
+class HTTPHeaderMap;
+class URL;
+class ResourceRequest;
+
+enum class ViolationReportType {
+    ContentSecurityPolicy,
+    XSSAuditor,
+};
+
+class PingLoader {
+public:
+    static void loadImage(Frame&, const URL&);
+    static void sendPing(Frame&, const URL& pingURL, const URL& destinationURL);
+    WEBCORE_EXPORT static void sendViolationReport(Frame&, const URL& reportURL, Ref<FormData>&& report, ViolationReportType);
+
+private:
+    enum class ShouldFollowRedirects { No, Yes };
+    static void startPingLoad(Frame&, ResourceRequest&, HTTPHeaderMap&& originalRequestHeaders, ShouldFollowRedirects);
+};
+
+} // namespace WebCore
diff --git a/Source/WebCore/loader/cache/CachedResourceLoader.cpp b/Source/WebCore/loader/cache/CachedResourceLoader.cpp
index 614cfee9b5..9d3d108113 100644
--- a/Source/WebCore/loader/cache/CachedResourceLoader.cpp
+++ b/Source/WebCore/loader/cache/CachedResourceLoader.cpp
@@ -57,6 +57,7 @@
 #include "Logging.h"
 #include "MemoryCache.h"
 #include "Page.h"
+#include "PingLoader.h"
 #include "PlatformStrategies.h"
 #include "RenderElement.h"
 #include "ResourceLoadInfo.h"
@@ -201,6 +202,8 @@ ResourceErrorOr<CachedResourceHandle<CachedImage>> CachedResourceLoader::request
             if (Document* document = frame->document())
                 request.upgradeInsecureRequestIfNeeded(*document);
             URL requestURL = request.resourceRequest().url();
+            if (requestURL.isValid() && canRequest(CachedResource::Type::ImageResource, requestURL, request, ForPreload::No))
+                PingLoader::loadImage(*frame, requestURL);
             return CachedResourceHandle<CachedImage> { };
         }
     }
diff --git a/Source/WebCore/page/csp/ContentSecurityPolicy.cpp b/Source/WebCore/page/csp/ContentSecurityPolicy.cpp
index f1b1b51da1..9b966fa02b 100644
--- a/Source/WebCore/page/csp/ContentSecurityPolicy.cpp
+++ b/Source/WebCore/page/csp/ContentSecurityPolicy.cpp
@@ -45,6 +45,7 @@
 #include "JSExecState.h"
 #include "JSWindowProxy.h"
 #include "ParsingUtilities.h"
+#include "PingLoader.h"
 #include "ResourceRequest.h"
 #include "RuntimeEnabledFeatures.h"
 #include "SchemeRegistry.h"
@@ -758,6 +759,10 @@ void ContentSecurityPolicy::reportViolation(const String& effectiveViolatedDirec
     if (m_client) {
         for (const auto& url : reportURIs)
             m_client->sendCSPViolationReport(URL { m_protectedURL, url }, report.copyRef());
+    } else {
+        auto& document = downcast<Document>(*m_scriptExecutionContext);
+        for (const auto& url : reportURIs)
+            PingLoader::sendViolationReport(*document.frame(), URL { m_protectedURL, url }, report.copyRef(), ViolationReportType::ContentSecurityPolicy);
     }
 }
 
diff --git a/Source/WebKit/WebProcess/WebPage/WebPage.cpp b/Source/WebKit/WebProcess/WebPage/WebPage.cpp
index e161de3599..5de12b10cc 100644
--- a/Source/WebKit/WebProcess/WebPage/WebPage.cpp
+++ b/Source/WebKit/WebProcess/WebPage/WebPage.cpp
@@ -181,6 +181,7 @@
 #include <WebCore/NotImplemented.h>
 #include <WebCore/Page.h>
 #include <WebCore/PageConfiguration.h>
+#include <WebCore/PingLoader.h>
 #include <WebCore/PlatformKeyboardEvent.h>
 #include <WebCore/PluginDocument.h>
 #include <WebCore/PrintContext.h>
@@ -3358,6 +3359,8 @@ void WebPage::sendCSPViolationReport(uint64_t frameID, const WebCore::URL& repor
     auto report = reportData.takeData();
     if (!report)
         return;
+    if (auto* frame = WebProcess::singleton().webFrame(frameID))
+        PingLoader::sendViolationReport(*frame->coreFrame(), reportURL, report.releaseNonNull(), ViolationReportType::ContentSecurityPolicy);
 }
 
 void WebPage::enqueueSecurityPolicyViolationEvent(uint64_t frameID, SecurityPolicyViolationEvent::Init&& eventInit)
-- 
2.19.2