Index: third_party/WebKit/Source/core/dom/RemoteSecurityContext.cpp |
diff --git a/third_party/WebKit/Source/core/dom/RemoteSecurityContext.cpp b/third_party/WebKit/Source/core/dom/RemoteSecurityContext.cpp |
index cd753ba59bfd33737090b6fd8a951f39dd70633c..97cbf5dd6ff88bddcf9ca74cc657c22c5c4e31e2 100644 |
--- a/third_party/WebKit/Source/core/dom/RemoteSecurityContext.cpp |
+++ b/third_party/WebKit/Source/core/dom/RemoteSecurityContext.cpp |
@@ -16,10 +16,8 @@ RemoteSecurityContext::RemoteSecurityContext() |
// we set it using replicated origin data from the browser process. |
DCHECK(!getSecurityOrigin()); |
- // CSP will not be replicated for RemoteSecurityContexts, as it is moving |
- // to the browser process. For now, initialize CSP to a default |
- // locked-down policy. |
- setContentSecurityPolicy(ContentSecurityPolicy::create()); |
+ // Start with a clean slate. |
+ resetReplicatedContentSecurityPolicy(); |
// FIXME: Document::initSecurityContext has a few other things we may |
// eventually want here, such as enforcing a setting to |
@@ -39,7 +37,15 @@ DEFINE_TRACE(RemoteSecurityContext) |
void RemoteSecurityContext::setReplicatedOrigin(PassRefPtr<SecurityOrigin> origin) |
{ |
setSecurityOrigin(origin); |
+ if (getSecurityOrigin()) |
dcheng
2016/05/11 20:15:07
Is this ever actually null? it seems broken if it
Łukasz Anforowicz
2016/05/11 23:14:48
Done.
|
+ contentSecurityPolicy()->bindToSecurityOrigin(*getSecurityOrigin()); |
} |
+void RemoteSecurityContext::resetReplicatedContentSecurityPolicy() |
+{ |
+ setContentSecurityPolicy(ContentSecurityPolicy::create()); |
+ if (getSecurityOrigin()) |
+ contentSecurityPolicy()->bindToSecurityOrigin(*getSecurityOrigin()); |
+} |
} // namespace blink |