|
|
Allow cross-origin cssRules access to CORS-fetched stylesheet.
When accessing the cssRules property on CSSStyleSheet an origin check is
performed for non-inline stylesheets. Should that stylesheet have been
loaded from another origin following CORS, the access ought to be
permitted, but wasn't.
Address by having the link element (LinkStyle) record if the stylesheet
it creates was successfully fetched using CORS. If it was, the stylesheet
access check will succeed.
R=mkwst
BUG= 467672
Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=192066
Total comments: 4
|
Unified diffs |
Side-by-side diffs |
Delta from patch set |
Stats (+124 lines, -47 lines) |
Patch |
 |
M |
LayoutTests/http/tests/security/link-crossorigin-stylesheet-anonymous.html
|
View
|
|
1 chunk |
+2 lines, -2 lines |
0 comments
|
Download
|
|
A + |
LayoutTests/http/tests/security/link-crossorigin-stylesheet-import-anonymous.html
|
View
|
1
2
|
2 chunks |
+7 lines, -6 lines |
0 comments
|
Download
|
|
A + |
LayoutTests/http/tests/security/link-crossorigin-stylesheet-import-anonymous-expected.txt
|
View
|
1
2
|
2 chunks |
+1 line, -2 lines |
0 comments
|
Download
|
|
A + |
LayoutTests/http/tests/security/link-crossorigin-stylesheet-import-credentials.html
|
View
|
1
2
3
|
2 chunks |
+8 lines, -8 lines |
0 comments
|
Download
|
|
A + |
LayoutTests/http/tests/security/link-crossorigin-stylesheet-import-credentials-expected.txt
|
View
|
1
2
3
|
2 chunks |
+1 line, -2 lines |
0 comments
|
Download
|
|
M |
LayoutTests/http/tests/security/link-crossorigin-stylesheet-no-cors.html
|
View
|
|
1 chunk |
+1 line, -1 line |
0 comments
|
Download
|
|
M |
LayoutTests/http/tests/security/link-crossorigin-stylesheet-use-credentials.html
|
View
|
|
3 chunks |
+4 lines, -4 lines |
0 comments
|
Download
|
|
A + |
LayoutTests/http/tests/security/resources/green-background-allow-credentials-import.php
|
View
|
1
2
3
|
1 chunk |
+1 line, -1 line |
0 comments
|
Download
|
|
A + |
LayoutTests/http/tests/security/resources/green-background-allow-star-import.php
|
View
|
1
2
3
|
1 chunk |
+1 line, -1 line |
0 comments
|
Download
|
|
A |
LayoutTests/http/tests/security/resources/green-background-import-anonymous.css
|
View
|
1
2
3
|
1 chunk |
+1 line, -0 lines |
0 comments
|
Download
|
|
A |
LayoutTests/http/tests/security/resources/green-background-import-credentials.css
|
View
|
1
2
3
|
1 chunk |
+1 line, -0 lines |
0 comments
|
Download
|
|
A |
LayoutTests/http/tests/security/resources/green-if-cors-anonymous.php
|
View
|
1
2
3
|
1 chunk |
+15 lines, -0 lines |
0 comments
|
Download
|
|
A + |
LayoutTests/http/tests/security/resources/green-if-cors-credentialed.php
|
View
|
1
2
3
|
1 chunk |
+5 lines, -7 lines |
0 comments
|
Download
|
|
M |
LayoutTests/http/tests/security/resources/link-crossorigin-common.js
|
View
|
1
2
3
|
2 chunks |
+39 lines, -10 lines |
0 comments
|
Download
|
|
A + |
LayoutTests/http/tests/security/resources/red-background.css
|
View
|
1
2
3
|
1 chunk |
+1 line, -2 lines |
0 comments
|
Download
|
|
M |
Source/core/css/CSSStyleSheet.h
|
View
|
1
2
|
3 chunks |
+5 lines, -0 lines |
0 comments
|
Download
|
|
M |
Source/core/css/CSSStyleSheet.cpp
|
View
|
1
2
|
2 chunks |
+7 lines, -0 lines |
0 comments
|
Download
|
|
M |
Source/core/html/HTMLLinkElement.h
|
View
|
1
2
3
4
|
1 chunk |
+8 lines, -0 lines |
0 comments
|
Download
|
|
M |
Source/core/html/HTMLLinkElement.cpp
|
View
|
1
2
3
4
5
|
5 chunks |
+16 lines, -1 line |
0 comments
|
Download
|
Total messages: 8 (3 generated)
|
Chromium Code Reviews
Issue
1011103002:
Allow cross-origin cssRules access to CORS-fetched stylesheet. (Closed)
