Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(135)

Issue 131103010: CSP 1.1: Introduce the 'child-src' directive. (Closed)

Created:
6 years, 11 months ago by Mike West
Modified:
6 years, 11 months ago
CC:
blink-reviews, mkwst+watchlist_chromium.org
Visibility:
Public.

Description

CSP 1.1: Introduce the 'child-src' directive. The 'child-src' directive deprecates 'frame-src', and will take over governance of nested and auxiliary browsing contexts, as well as Workers. This patch introduces the new directive, and sets things up such that frame checks properly hit first 'frame-src', then 'child-src', then 'default-src' (if the CSP flag is set). Future patches will address Workers, `window.open`, and etc. BUG=336788 Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=165762

Patch Set 1 #

Patch Set 2 : Tests. #

Patch Set 3 : Tests. #

Patch Set 4 : Tests. #

Unified diffs Side-by-side diffs Delta from patch set Stats (+173 lines, -14 lines) Patch
A LayoutTests/http/tests/security/contentSecurityPolicy/1.1/child-src/frame-about-blank-allowed.html View 1 chunk +14 lines, -0 lines 0 comments Download
A LayoutTests/http/tests/security/contentSecurityPolicy/1.1/child-src/frame-about-blank-allowed-expected.txt View 1 2 3 1 chunk +11 lines, -0 lines 0 comments Download
A LayoutTests/http/tests/security/contentSecurityPolicy/1.1/child-src/frame-allowed.html View 1 chunk +15 lines, -0 lines 0 comments Download
A LayoutTests/http/tests/security/contentSecurityPolicy/1.1/child-src/frame-allowed-expected.txt View 1 2 3 1 chunk +12 lines, -0 lines 0 comments Download
A LayoutTests/http/tests/security/contentSecurityPolicy/1.1/child-src/frame-blocked.html View 1 chunk +14 lines, -0 lines 0 comments Download
A + LayoutTests/http/tests/security/contentSecurityPolicy/1.1/child-src/frame-blocked-expected.txt View 1 2 3 2 chunks +3 lines, -6 lines 0 comments Download
A LayoutTests/http/tests/security/contentSecurityPolicy/1.1/child-src/frame-redirect-blocked.html View 1 chunk +14 lines, -0 lines 0 comments Download
A + LayoutTests/http/tests/security/contentSecurityPolicy/1.1/child-src/frame-redirect-blocked-expected.txt View 1 2 3 2 chunks +3 lines, -6 lines 0 comments Download
A LayoutTests/http/tests/security/contentSecurityPolicy/resources/child-src-test.js View 1 2 3 1 chunk +45 lines, -0 lines 0 comments Download
M Source/core/frame/ContentSecurityPolicy.h View 1 2 3 1 chunk +1 line, -0 lines 0 comments Download
M Source/core/frame/ContentSecurityPolicy.cpp View 1 2 3 11 chunks +40 lines, -2 lines 0 comments Download
M Source/core/loader/DocumentLoader.cpp View 1 2 3 1 chunk +1 line, -0 lines 0 comments Download

Messages

Total messages: 4 (0 generated)
Mike West
Hey Jochen, Adam, Mind taking a look at this CL? -mike
6 years, 11 months ago (2014-01-23 09:36:06 UTC) #1
abarth-chromium
lgtm
6 years, 11 months ago (2014-01-23 20:53:05 UTC) #2
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/mkwst@chromium.org/131103010/100001
6 years, 11 months ago (2014-01-24 15:51:13 UTC) #3
commit-bot: I haz the power
6 years, 11 months ago (2014-01-24 18:00:57 UTC) #4
Message was sent while issue was closed.
Change committed as 165762

Powered by Google App Engine
This is Rietveld 408576698