Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(22)

Issue 143113003: CSP 1.1: Ignore report-only inside <meta>. (Closed)

Created:
6 years, 11 months ago by Mike West
Modified:
6 years, 11 months ago
CC:
blink-reviews, sof, eae+blinkwatch, dglazkov+blink, adamk+blink_chromium.org, kinuko+watch, Inactive
Visibility:
Public.

Description

CSP 1.1: Ignore report-only inside <meta>. This patch pipes the source of a policy through to the CSPDirectiveList, and uses that information to ignore report-only policies which were delivered via <meta>. A future CL will also ignore 'report-uri' inside <meta>, which is why we need to pipe this to the directive list, and not just to the policy object itself. Spec: http://w3c.github.io/webappsec/specs/content-security-policy/csp-specification.dev.html#html-meta-element BUG=335489 Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=165522

Patch Set 1 #

Patch Set 2 : Test. #

Patch Set 3 : Rebase. #

Patch Set 4 : Rebase. #

Total comments: 1

Patch Set 5 : Nit. #

Patch Set 6 : Nit. #

Unified diffs Side-by-side diffs Delta from patch set Stats (+57 lines, -17 lines) Patch
A LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reportonly-in-meta-ignored.html View 1 2 1 chunk +13 lines, -0 lines 0 comments Download
A LayoutTests/http/tests/security/contentSecurityPolicy/1.1/reportonly-in-meta-ignored-expected.txt View 1 1 chunk +2 lines, -0 lines 0 comments Download
M Source/core/dom/Document.cpp View 1 2 3 4 1 chunk +2 lines, -2 lines 0 comments Download
M Source/core/frame/ContentSecurityPolicy.h View 1 2 3 4 4 chunks +8 lines, -2 lines 0 comments Download
M Source/core/frame/ContentSecurityPolicy.cpp View 1 2 3 4 9 chunks +30 lines, -12 lines 0 comments Download
M Source/core/frame/UseCounter.h View 1 2 1 chunk +1 line, -0 lines 0 comments Download
M Source/core/workers/WorkerGlobalScope.cpp View 1 2 3 4 1 chunk +1 line, -1 line 0 comments Download

Messages

Total messages: 8 (0 generated)
Mike West
Jochen, Adam, WDYT? I'm not removing support entirely in this patch, as G+ uses report-only ...
6 years, 11 months ago (2014-01-20 09:30:34 UTC) #1
Mike West
On 2014/01/20 09:30:34, Mike West wrote: > Jochen, Adam, WDYT? > > I'm not removing ...
6 years, 11 months ago (2014-01-20 11:30:49 UTC) #2
jochen (gone - plz use gerrit)
On 2014/01/20 11:30:49, Mike West wrote: > On 2014/01/20 09:30:34, Mike West wrote: > > ...
6 years, 11 months ago (2014-01-21 08:18:12 UTC) #3
Mike West
On 2014/01/21 08:18:12, jochen wrote: > On 2014/01/20 11:30:49, Mike West wrote: > > On ...
6 years, 11 months ago (2014-01-21 09:10:40 UTC) #4
Mike West
Alright, rebased onto that other patch. WDYT? -mike
6 years, 11 months ago (2014-01-21 14:07:09 UTC) #5
jochen (gone - plz use gerrit)
lgtm with nit https://codereview.chromium.org/143113003/diff/140001/Source/core/frame/ContentSecurityPolicy.h File Source/core/frame/ContentSecurityPolicy.h (right): https://codereview.chromium.org/143113003/diff/140001/Source/core/frame/ContentSecurityPolicy.h#newcode73 Source/core/frame/ContentSecurityPolicy.h:73: HTTP, nit HeaderSourceHTTP, HeaderSourceMeta
6 years, 11 months ago (2014-01-21 14:23:21 UTC) #6
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/mkwst@chromium.org/143113003/240001
6 years, 11 months ago (2014-01-22 08:13:09 UTC) #7
commit-bot: I haz the power
6 years, 11 months ago (2014-01-22 11:52:41 UTC) #8
Message was sent while issue was closed.
Change committed as 165522

Powered by Google App Engine
This is Rietveld 408576698