Issue 1136843011: Revert of Add CSP header for resources with an active policy

Issue 1136843011: Revert of Add CSP header for resources with an active policy (Closed)

Created:
5 years, 7 months ago by Mike West

Modified:
5 years, 7 months ago

Reviewers:
jochen (gone - plz use gerrit), estark

CC:
blink-reviews, gavinp+loader_chromium.org, Nate Chapin, mkwst+watchlist-csp_chromium.org, tyoshino+watch_chromium.org

Base URL:
https://chromium.googlesource.com/chromium/blink.git@master

Target Ref:
refs/heads/master

Project:
blink

Visibility:
Public.

More Reviews

Description

Revert of Add CSP header for resources with an active policy (patchset #7 id:120001 of https://codereview.chromium.org/1009583003/) Reason for revert: This header is not a "simple" header, and is causing issues with CORS preflights. Reverting until we can work out a better way to do it. Original issue's description: > Add CSP header for resources with an active policy > > This change sends a `CSP: active` header as specified in > https://w3c.github.io/webappsec/specs/content-security-policy/#csp-request-header. > > The header is sent on resource requests which the policy would effect > (e.g. not sent on images if there is no img-src or default-src in the > policy). > > Also fixed misspelling in the name of |addClientHintsIfNecessary|. > > BUG=452819 > > Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=192293 TBR=jochen@chromium.org,estark@chromium.org NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG=452819

Patch Set 1 #

Created: 5 years, 7 months ago

(Patch set is too large to download)

	Unified diffs	Side-by-side diffs	Stats (+0 lines, -108 lines)			Patch
D	LayoutTests/http/tests/security/contentSecurityPolicy/csp-header-is-sent.html	View	1 chunk	+0 lines, -13 lines	0 comments	Download
D	LayoutTests/http/tests/security/contentSecurityPolicy/resources/csp-header-is-sent.js	View	1 chunk	+0 lines, -17 lines	0 comments	Download
D	LayoutTests/http/tests/security/contentSecurityPolicy/resources/test-csp-header.pl	View	1 chunk	+0 lines, -13 lines	0 comments	Download
M	Source/core/fetch/FetchContext.h	View	1 chunk	+0 lines, -1 line	0 comments	Download
M	Source/core/fetch/FetchContext.cpp	View	1 chunk	+0 lines, -4 lines	0 comments	Download
M	Source/core/fetch/ResourceFetcher.cpp	View	1 chunk	+0 lines, -1 line	0 comments	Download
M	Source/core/frame/csp/CSPDirectiveList.h	View	2 chunks	+0 lines, -3 lines	0 comments	Download
M	Source/core/frame/csp/CSPDirectiveList.cpp	View	1 chunk	+0 lines, -33 lines	0 comments	Download
M	Source/core/frame/csp/ContentSecurityPolicy.h	View	2 chunks	+0 lines, -3 lines	0 comments	Download
M	Source/core/frame/csp/ContentSecurityPolicy.cpp	View	1 chunk	+0 lines, -9 lines	0 comments	Download
M	Source/core/loader/FrameFetchContext.h	View	1 chunk	+0 lines, -1 line	0 comments	Download
M	Source/core/loader/FrameFetchContext.cpp	View	1 chunk	+0 lines, -10 lines	0 comments	Download

Messages

Total messages: 6 (2 generated)

Expand Messages | Collapse Messages | Show Generated Messages | Hide Generated Messages

Mike West

Created Revert of Add CSP header for resources with an active policy

5 years, 7 months ago (2015-05-15 09:10:21 UTC) #1

commit-bot: I haz the power

CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1136843011/1

5 years, 7 months ago (2015-05-15 09:10:28 UTC) #2

commit-bot: I haz the power

Failed to apply patch for Source/core/loader/FrameFetchContext.cpp: While running patch -p1 --forward --force --no-backup-if-mismatch; patching file ...

5 years, 7 months ago (2015-05-15 09:10:56 UTC) #4

Mike West

5 years, 7 months ago (2015-05-15 11:30:21 UTC) #6

On 2015/05/15 at 09:10:56, commit-bot wrote:
> Failed to apply patch for Source/core/loader/FrameFetchContext.cpp:
> While running patch -p1 --forward --force --no-backup-if-mismatch;
>   patching file Source/core/loader/FrameFetchContext.cpp
>   Hunk #1 FAILED at 662.
>   1 out of 1 hunk FAILED -- saving rejects to file
Source/core/loader/FrameFetchContext.cpp.rej
> 
> Patch:       Source/core/loader/FrameFetchContext.cpp
> Index: Source/core/loader/FrameFetchContext.cpp
> diff --git a/Source/core/loader/FrameFetchContext.cpp
b/Source/core/loader/FrameFetchContext.cpp
> index
49461f8c58f31fd5eae9fe16ae7d03a4a4bb77d2..2ff4516d9dd31350df7f2432cb91f7a2a676147a
100644
> --- a/Source/core/loader/FrameFetchContext.cpp
> +++ b/Source/core/loader/FrameFetchContext.cpp
> @@ -662,16 +662,6 @@
>          fetchRequest.mutableResourceRequest().addHTTPHeaderField("RW",
AtomicString(String::number(frame()->view()->viewportWidth())));
>  }
>  
> -void FrameFetchContext::addCSPHeaderIfNecessary(Resource::Type type,
FetchRequest& fetchRequest)
> -{
> -    if (!document() || !frame())
> -        return;
> -
> -    const ContentSecurityPolicy* csp = document()->contentSecurityPolicy();
> -    if (csp->shouldSendCSPHeader(type))
> -        fetchRequest.mutableResourceRequest().addHTTPHeaderField("CSP",
"active");
> -}
> -
>  DEFINE_TRACE(FrameFetchContext)
>  {
>      visitor->trace(m_document);

Closing this. Will create a simpler patch, since we'll likely have to merge it
places.

Expand Messages | Collapse Messages | Show Generated Messages | Hide Generated Messages