mirror of
https://github.com/LadybirdBrowser/ladybird
synced 2026-05-05 22:52:22 +02:00
37130e7300
Top-level navigation requests use the document fetch destination. CSP's effective directive algorithm does not list document as a handled fetch request destination, but our fallback path treated it like an unknown fetch destination and applied connect-src. Return no effective fetch directive for document destinations. This lets top-level navigation use the CSP navigation checks instead. Keep nested navigation on the existing frame and iframe path, since HTML rewrites such requests to the container local name when a navigable has a container. This makes https://reddit.com/ load instead of redirecting to a blocked challenge reponse URL.