Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(181)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: third_party/WebKit/Source/core/dom/RemoteSecurityContext.cpp

Issue 1957783002: Replicate Content-Security-Policy into remote frame proxies. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: s/title.html/title1.html/ Created 4 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « third_party/WebKit/Source/core/dom/RemoteSecurityContext.h ('k') | third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.h » ('j') | third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.h » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: third_party/WebKit/Source/core/dom/RemoteSecurityContext.cpp
diff --git a/third_party/WebKit/Source/core/dom/RemoteSecurityContext.cpp b/third_party/WebKit/Source/core/dom/RemoteSecurityContext.cpp
index cd753ba59bfd33737090b6fd8a951f39dd70633c..d8472f58c16d540716c2a96f128c60cf5163af9e 100644
--- a/third_party/WebKit/Source/core/dom/RemoteSecurityContext.cpp
+++ b/third_party/WebKit/Source/core/dom/RemoteSecurityContext.cpp
@@ -6,6 +6,7 @@
#include "core/frame/csp/ContentSecurityPolicy.h"
#include "platform/weborigin/SecurityOrigin.h"
+#include "wtf/Assertions.h"
namespace blink {
@@ -16,10 +17,8 @@ RemoteSecurityContext::RemoteSecurityContext()
// we set it using replicated origin data from the browser process.
DCHECK(!getSecurityOrigin());
- // CSP will not be replicated for RemoteSecurityContexts, as it is moving
- // to the browser process. For now, initialize CSP to a default
- // locked-down policy.
- setContentSecurityPolicy(ContentSecurityPolicy::create());
+ // Start with a clean slate.
+ resetReplicatedContentSecurityPolicy();
// FIXME: Document::initSecurityContext has a few other things we may
// eventually want here, such as enforcing a setting to
@@ -38,8 +37,16 @@ DEFINE_TRACE(RemoteSecurityContext)
void RemoteSecurityContext::setReplicatedOrigin(PassRefPtr<SecurityOrigin> origin)
{
+ DCHECK(origin);
setSecurityOrigin(origin);
+ contentSecurityPolicy()->setupSelf(*getSecurityOrigin());
}
+void RemoteSecurityContext::resetReplicatedContentSecurityPolicy()
+{
+ setContentSecurityPolicy(ContentSecurityPolicy::create());
+ if (getSecurityOrigin())
dcheng 2016/05/17 05:57:15 Is it possible to call this when the security orig
Łukasz Anforowicz 2016/05/17 17:01:23 When this is called from the constructor, then the
+ contentSecurityPolicy()->setupSelf(*getSecurityOrigin());
+}
} // namespace blink
« no previous file with comments | « third_party/WebKit/Source/core/dom/RemoteSecurityContext.h ('k') | third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.h » ('j') | third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698