Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(803)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: Source/core/dom/Document.cpp

Issue 19940002: [HTML Import] Respect Content Security Policy Model (Closed) Base URL: svn://svn.chromium.org/blink/trunk
Patch Set: Fix Mac build Created 7 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« LayoutTests/http/tests/htmlimports/csp-ignored-in-import-expected.txt ('K') | « LayoutTests/http/tests/htmlimports/resources/importing-cors.html ('k') | Source/core/dom/DocumentInit.h » ('j') | Source/core/dom/DocumentInit.h » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: Source/core/dom/Document.cpp
diff --git a/Source/core/dom/Document.cpp b/Source/core/dom/Document.cpp
index ad49fd17acff8856e429cef6b3965816e5469a35..3e43417d7d8bc0f644c487cd5b454decf723a055 100644
--- a/Source/core/dom/Document.cpp
+++ b/Source/core/dom/Document.cpp
@@ -2637,6 +2637,9 @@ void Document::processHttpEquiv(const String& equiv, const String& content)
void Document::processHttpEquivContentSecurityPolicy(const String& equiv, const String& content)
{
+ if (!this->frame())
+ return;
+
if (equalIgnoringCase(equiv, "content-security-policy"))
contentSecurityPolicy()->didReceiveHeader(content, ContentSecurityPolicy::Enforce);
else if (equalIgnoringCase(equiv, "content-security-policy-report-only"))
@@ -4207,7 +4210,7 @@ void Document::initSecurityContext(const DocumentInit& initializer)
return;
}
- if (!initializer.frame()) {
+ if (!initializer.hasSecurityContext()) {
// No source for a security context.
// This can occur via document.implementation.createDocument().
abarth-chromium 2013/07/24 18:39:19 Does this occur for HTML import too? If so, it wo
m_cookieURL = KURL(ParsedURLString, emptyString());
@@ -4281,10 +4284,10 @@ void Document::initSecurityContext(const DocumentInit& initializer)
void Document::initContentSecurityPolicy()
{
- if (!m_frame->tree()->parent() || (!shouldInheritSecurityOriginFromOwner(m_url) && !isPluginDocument()))
- return;
-
- contentSecurityPolicy()->copyStateFrom(m_frame->tree()->parent()->document()->contentSecurityPolicy());
+ if (m_frame && m_frame->tree()->parent() && (shouldInheritSecurityOriginFromOwner(m_url) || isPluginDocument()))
+ contentSecurityPolicy()->copyStateFrom(m_frame->tree()->parent()->document()->contentSecurityPolicy());
+ if (HTMLImport* import = this->import())
+ contentSecurityPolicy()->copyStateFrom(import->master()->contentSecurityPolicy());
abarth-chromium 2013/07/24 18:39:19 This looks great. My only question is about this
}
void Document::didUpdateSecurityOrigin()
« LayoutTests/http/tests/htmlimports/csp-ignored-in-import-expected.txt ('K') | « LayoutTests/http/tests/htmlimports/resources/importing-cors.html ('k') | Source/core/dom/DocumentInit.h » ('j') | Source/core/dom/DocumentInit.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698