Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(274)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 1128813003: Give shared workers their own content security policies (Closed)

Created:
5 years, 7 months ago by estark
Modified:
5 years, 7 months ago
Reviewers:
Mike West
CC:
blink-reviews, falken, horo+watch_chromium.org, kinuko+worker_chromium.org, mkwst+watchlist-csp_chromium.org
Base URL:
https://chromium.googlesource.com/chromium/blink.git@master
Target Ref:
refs/heads/master
Project:
blink
Visibility:
Public.

Description

Give shared workers their own content security policies This CL assigns shared workers the CSP that was served when the script was fetched. Code to handle the CSP when loading a worker is now on the WorkerScriptLoaderClient base class instead of just on InProcessWorkerBase (where it was previously located to handle CSP for dedicated workers). BUG=474872, 483458 Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=195470

Patch Set 1 #

Patch Set 2 : style fix #

Patch Set 3 : rebase #

Total comments: 2
Unified diffs Side-by-side diffs Delta from patch set Stats (+120 lines, -29 lines) Patch
D LayoutTests/http/tests/security/contentSecurityPolicy/resources/shared-worker-make-xhr.js View 1 chunk +0 lines, -10 lines 0 comments Download
M LayoutTests/http/tests/security/contentSecurityPolicy/resources/worker.php View 1 3 chunks +37 lines, -2 lines 0 comments Download
M LayoutTests/http/tests/security/contentSecurityPolicy/shared-worker-connect-src-allowed.html View 2 chunks +3 lines, -2 lines 0 comments Download
M LayoutTests/http/tests/security/contentSecurityPolicy/shared-worker-connect-src-blocked.html View 1 chunk +2 lines, -1 line 0 comments Download
M LayoutTests/http/tests/security/contentSecurityPolicy/worker-without-own-csp.html View 2 chunks +10 lines, -0 lines 0 comments Download
M LayoutTests/http/tests/security/referrer-policy-worker-has-referrer.html View 1 chunk +10 lines, -0 lines 0 comments Download
M Source/core/core.gypi View 1 2 1 chunk +1 line, -0 lines 0 comments Download
M Source/core/workers/InProcessWorkerBase.h View 1 chunk +0 lines, -1 line 0 comments Download
M Source/core/workers/InProcessWorkerBase.cpp View 1 chunk +2 lines, -6 lines 0 comments Download
M Source/core/workers/WorkerScriptLoaderClient.h View 2 chunks +11 lines, -1 line 0 comments Download
A Source/core/workers/WorkerScriptLoaderClient.cpp View 1 chunk +37 lines, -0 lines 2 comments Download
M Source/web/WebSharedWorkerImpl.h View 1 chunk +0 lines, -2 lines 0 comments Download
M Source/web/WebSharedWorkerImpl.cpp View 4 chunks +7 lines, -4 lines 0 comments Download

Messages

Total messages: 11 (4 generated)
estark
mkwst: can you please take a look (after you're back from your holiday)? Thanks!
5 years, 7 months ago (2015-05-14 18:12:54 UTC) #2
commit-bot: I haz the power
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1128813003/40001
5 years, 7 months ago (2015-05-15 11:49:36 UTC) #4
Mike West
LGTM, thanks for taking this on! https://codereview.chromium.org/1128813003/diff/40001/Source/core/workers/WorkerScriptLoaderClient.cpp File Source/core/workers/WorkerScriptLoaderClient.cpp (right): https://codereview.chromium.org/1128813003/diff/40001/Source/core/workers/WorkerScriptLoaderClient.cpp#newcode25 Source/core/workers/WorkerScriptLoaderClient.cpp:25: if (!response.url().protocolIs("blob") && ...
5 years, 7 months ago (2015-05-15 11:54:43 UTC) #5
commit-bot: I haz the power
Dry run: This issue passed the CQ dry run.
5 years, 7 months ago (2015-05-15 12:53:11 UTC) #7
estark
Thanks Mike! https://codereview.chromium.org/1128813003/diff/40001/Source/core/workers/WorkerScriptLoaderClient.cpp File Source/core/workers/WorkerScriptLoaderClient.cpp (right): https://codereview.chromium.org/1128813003/diff/40001/Source/core/workers/WorkerScriptLoaderClient.cpp#newcode25 Source/core/workers/WorkerScriptLoaderClient.cpp:25: if (!response.url().protocolIs("blob") && !response.url().protocolIs("file") && !response.url().protocolIs("filesystem")) { ...
5 years, 7 months ago (2015-05-18 16:24:15 UTC) #8
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1128813003/40001
5 years, 7 months ago (2015-05-18 16:24:35 UTC) #10
commit-bot: I haz the power
5 years, 7 months ago (2015-05-18 17:50:35 UTC) #11
Message was sent while issue was closed. 
Committed patchset #3 (id:40001) as
https://src.chromium.org/viewvc/blink?view=rev&revision=195470

Powered by Google App Engine
This is Rietveld 408576698