Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(219)

Issue 1486993002: Report "inline" or "eval" for non-fetch CSP violations (Closed)

Created:
5 years ago by Mike West
Modified:
5 years ago
CC:
blink-reviews, chromium-reviews, mkwst+watchlist-csp_chromium.org
Base URL:
https://chromium.googlesource.com/chromium/src.git@master
Target Ref:
refs/pending/heads/master
Project:
chromium
Visibility:
Public.

Description

Report "inline" or "eval" for non-fetch CSP violations https://w3c.github.io/webappsec-csp/#violation-resource BUG=563976 Committed: https://crrev.com/7a12e3c357ae7c3f173e5917c482e9cd5c866e2c Cr-Commit-Position: refs/heads/master@{#363189}

Patch Set 1 #

Total comments: 2

Patch Set 2 : rebaseline #

Total comments: 2

Patch Set 3 : feedback #

Patch Set 4 : Clarity. #

Unified diffs Side-by-side diffs Delta from patch set Stats (+37 lines, -16 lines) Patch
M third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/report-uri-effective-directive-expected.txt View 1 chunk +1 line, -1 line 0 comments Download
M third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/eval-allowed-in-report-only-mode-and-sends-report-expected.txt View 1 1 chunk +1 line, -1 line 0 comments Download
M third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/eval-blocked-and-sends-report-expected.txt View 1 1 chunk +1 line, -1 line 0 comments Download
M third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/report-and-enforce-expected.txt View 1 chunk +1 line, -1 line 0 comments Download
M third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/report-only-expected.txt View 1 chunk +1 line, -1 line 0 comments Download
M third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/report-only-from-header-expected.txt View 1 chunk +1 line, -1 line 0 comments Download
M third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/report-uri-expected.txt View 1 chunk +1 line, -1 line 0 comments Download
M third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/report-uri-from-child-frame-expected.txt View 1 chunk +1 line, -1 line 0 comments Download
M third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/report-uri-scheme-relative-expected.txt View 1 chunk +1 line, -1 line 0 comments Download
M third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.cpp View 1 2 3 2 chunks +4 lines, -4 lines 0 comments Download
M third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.h View 1 2 3 2 chunks +11 lines, -1 line 0 comments Download
M third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp View 1 2 3 2 chunks +13 lines, -2 lines 0 comments Download

Messages

Total messages: 20 (7 generated)
Mike West
Jochen, Philip, WDYT? Worth sending an I2S or not? -mike
5 years ago (2015-12-01 12:46:29 UTC) #2
philipj_slow
Too small for the whole process I think. https://codereview.chromium.org/1486993002/diff/1/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp File third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp (right): https://codereview.chromium.org/1486993002/diff/1/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp#newcode774 third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp:774: cspReport->setString("blocked-uri", ...
5 years ago (2015-12-01 13:11:55 UTC) #3
Mike West
On 2015/12/01 at 13:11:55, philipj wrote: > https://codereview.chromium.org/1486993002/diff/1/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp#newcode774 > third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp:774: cspReport->setString("blocked-uri", "eval"); > The string ...
5 years ago (2015-12-01 14:59:04 UTC) #4
Mike West
On 2015/12/01 at 14:59:04, Mike West wrote: > On 2015/12/01 at 13:11:55, philipj wrote: > ...
5 years ago (2015-12-01 15:02:44 UTC) #5
philipj_slow
On 2015/12/01 14:59:04, Mike West wrote: > On 2015/12/01 at 13:11:55, philipj wrote: > > ...
5 years ago (2015-12-01 19:13:55 UTC) #6
philipj_slow
lgtm with nits, but I'm not much of a CSP guru so rather superficial... https://codereview.chromium.org/1486993002/diff/20001/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp ...
5 years ago (2015-12-01 19:20:51 UTC) #7
Mike West
On 2015/12/01 at 19:20:51, philipj wrote: > lgtm with nits, but I'm not much of ...
5 years ago (2015-12-04 11:01:58 UTC) #10
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1486993002/40001 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1486993002/40001
5 years ago (2015-12-04 11:02:33 UTC) #11
Mike West
On 2015/12/01 at 19:13:55, philipj wrote: > On 2015/12/01 14:59:04, Mike West wrote: > > ...
5 years ago (2015-12-04 11:08:58 UTC) #13
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1486993002/60001 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1486993002/60001
5 years ago (2015-12-04 11:09:32 UTC) #16
philipj_slow
On 2015/12/04 11:08:58, Mike West wrote: > On 2015/12/01 at 19:13:55, philipj wrote: > > ...
5 years ago (2015-12-04 11:57:05 UTC) #17
commit-bot: I haz the power
Committed patchset #4 (id:60001)
5 years ago (2015-12-04 12:18:28 UTC) #18
commit-bot: I haz the power
5 years ago (2015-12-04 12:19:26 UTC) #20
Message was sent while issue was closed.
Patchset 4 (id:??) landed as
https://crrev.com/7a12e3c357ae7c3f173e5917c482e9cd5c866e2c
Cr-Commit-Position: refs/heads/master@{#363189}

Powered by Google App Engine
This is Rietveld 408576698