Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(92)

Issue 1861663002: CREDENTIAL: Block API access from non-top-level Documents. (Closed)

Created:
4 years, 8 months ago by Mike West
Modified:
4 years, 8 months ago
Reviewers:
vabr (Chromium)
CC:
blink-reviews, chromium-reviews, haraken
Base URL:
https://chromium.googlesource.com/chromium/src.git@master
Target Ref:
refs/pending/heads/master
Project:
chromium
Visibility:
Public.

Description

CREDENTIAL: Block API access from non-top-level Documents. The APIs ought to throw a SecurityError if executed from non-top-level Documents. This patch ensures that they do (and SECURITY_CHECKs if they don't). BUG=600689 Committed: https://crrev.com/a8b5bd9b7caba19c80f65bd824a1cd9d0c2fecbe Cr-Commit-Position: refs/heads/master@{#385169}

Patch Set 1 #

Patch Set 2 : security_check #

Unified diffs Side-by-side diffs Delta from patch set Stats (+94 lines, -3 lines) Patch
A third_party/WebKit/LayoutTests/http/tests/credentialmanager/credentialscontainer-frame-errors.html View 1 chunk +29 lines, -0 lines 0 comments Download
A third_party/WebKit/LayoutTests/http/tests/credentialmanager/resources/iframed-credentialscontainer.html View 1 chunk +47 lines, -0 lines 0 comments Download
M third_party/WebKit/Source/modules/credentialmanager/CredentialsContainer.cpp View 1 5 chunks +18 lines, -3 lines 0 comments Download

Messages

Total messages: 9 (4 generated)
Mike West
Are you comfortable reviewing this, vabr@?
4 years, 8 months ago (2016-04-05 11:59:15 UTC) #3
vabr (Chromium)
Thanks, Mike, this LGTM. Cheers, Vaclav
4 years, 8 months ago (2016-04-05 12:52:34 UTC) #4
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1861663002/20001 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1861663002/20001
4 years, 8 months ago (2016-04-05 14:32:01 UTC) #6
commit-bot: I haz the power
Committed patchset #2 (id:20001)
4 years, 8 months ago (2016-04-05 14:36:29 UTC) #7
commit-bot: I haz the power
4 years, 8 months ago (2016-04-05 14:38:32 UTC) #9
Message was sent while issue was closed.
Patchset 2 (id:??) landed as
https://crrev.com/a8b5bd9b7caba19c80f65bd824a1cd9d0c2fecbe
Cr-Commit-Position: refs/heads/master@{#385169}

Powered by Google App Engine
This is Rietveld 408576698