Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1131)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 1142623002: Stop sending the 'CSP' header. (Closed)

Created:
5 years, 7 months ago by Mike West
Modified:
5 years, 7 months ago
Reviewers:
Peter Beverloo, mounouri, Michael van Ouwerkerk
CC:
blink-reviews, mkwst+watchlist-csp_chromium.org
Base URL:
https://chromium.googlesource.com/chromium/blink.git@master
Target Ref:
refs/heads/master
Project:
blink
Visibility:
Public.

Description

Stop sending the 'CSP' header. The 'CSP' header is causing CORS preflights when requesting cross-origin resources, which is going to break a certain number of CDN-hosted resources on sites that are using CSP. That's no good at all. Dropping the header for the moment while we work out a reasonable solution. Ideally, we'd just be reverting the whole implementation (https://codereview.chromium.org/1009583003/), but since we're almost certainly going to need to merge this back, this patch leaves most of the machinery in place, but just neuters the "shouldSendCSPHeader" check. See https://github.com/whatwg/fetch/issues/52 for discussion. BUG=452819 Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=195418

Patch Set 1 #

Total comments: 1

Patch Set 2 : Nit. #

Unified diffs Side-by-side diffs Delta from patch set Stats (+5 lines, -30 lines) Patch
M LayoutTests/http/tests/security/contentSecurityPolicy/resources/csp-header-is-sent.js View 1 1 chunk +2 lines, -2 lines 0 comments Download
M Source/core/frame/csp/CSPDirectiveList.cpp View 1 chunk +3 lines, -28 lines 0 comments Download

Messages

Total messages: 11 (5 generated)
commit-bot: I haz the power
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1142623002/1
5 years, 7 months ago (2015-05-15 11:41:01 UTC) #2
Mike West
Peter, Mounir, Michael, do any of you happen to be around today? Paris and Munich ...
5 years, 7 months ago (2015-05-15 11:58:41 UTC) #4
Michael van Ouwerkerk
lgtm with nit https://codereview.chromium.org/1142623002/diff/1/LayoutTests/http/tests/security/contentSecurityPolicy/resources/csp-header-is-sent.js File LayoutTests/http/tests/security/contentSecurityPolicy/resources/csp-header-is-sent.js (right): https://codereview.chromium.org/1142623002/diff/1/LayoutTests/http/tests/security/contentSecurityPolicy/resources/csp-header-is-sent.js#newcode17 LayoutTests/http/tests/security/contentSecurityPolicy/resources/csp-header-is-sent.js:17: }, 'CSP header is sent on ...
5 years, 7 months ago (2015-05-15 12:50:06 UTC) #5
commit-bot: I haz the power
Dry run: This issue passed the CQ dry run.
5 years, 7 months ago (2015-05-15 13:11:13 UTC) #7
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1142623002/20001
5 years, 7 months ago (2015-05-15 14:35:44 UTC) #10
commit-bot: I haz the power
5 years, 7 months ago (2015-05-15 19:03:51 UTC) #11
Message was sent while issue was closed. 
Committed patchset #2 (id:20001) as
https://src.chromium.org/viewvc/blink?view=rev&revision=195418

Powered by Google App Engine
This is Rietveld 408576698