third_party/WebKit/Source/core/loader/FrameFetchContext.cpp - Issue 2022083002: Move 'frame-src' CSP checks into FrameFetchContext.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: third_party/WebKit/Source/core/loader/FrameFetchContext.cpp

Issue 2022083002: Move 'frame-src' CSP checks into FrameFetchContext. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Rebase+Content+Sandbox Created 4 years, 7 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

« no previous file with comments | « third_party/WebKit/Source/core/loader/DocumentLoader.cpp ('k') | third_party/WebKit/Source/core/loader/FrameLoader.cpp » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: third_party/WebKit/Source/core/loader/FrameFetchContext.cpp

diff --git a/third_party/WebKit/Source/core/loader/FrameFetchContext.cpp b/third_party/WebKit/Source/core/loader/FrameFetchContext.cpp

index 57f5d624403456f6e2518b595e38f9a6ed975c5a..f72bd679a2d4b412db0f3b233bec133682640911 100644

--- a/third_party/WebKit/Source/core/loader/FrameFetchContext.cpp

+++ b/third_party/WebKit/Source/core/loader/FrameFetchContext.cpp

@@ -526,6 +526,23 @@ ResourceRequestBlockedReason FrameFetchContext::canRequestInternal(Resource::Typ

// I believe it's the Resource::Raw case.

const ContentSecurityPolicy* csp = m_document ? m_document->contentSecurityPolicy() : nullptr;

+ // If we're loading a frame, grab it's parent's policy for 'frame-src' checks:

+ if (!csp && type == Resource::MainResource) {

Yoav Weiss 2016/06/02 09:15:14 I understand that the assumption here is that csp

+ if (Frame* parentFrame = frame()->tree().parent()) {

+ csp = parentFrame->securityContext()->contentSecurityPolicy();

+ if (!csp->allowChildFrameFromSource(url, redirectStatus, cspReporting)) {

+ // TODO(mkwst): If we cancel the request after a redirect, we never instantiate

+ // a document, and therefore don't inherit the loader's sandbox flags, or trigger

+ // a load event. This is strange.

+ if (redirectStatus == ResourceRequest::RedirectStatus::FollowedRedirect) {

+ frame()->document()->enforceSandboxFlags(SandboxOrigin);

+ frame()->owner()->dispatchLoad();

+ }

+ return ResourceRequestBlockedReasonCSP;

+ }

Yoav Weiss 2016/06/02 09:15:14 should we return here? Or nullify csp? Otherwise,

+ }

if (csp) {

if (!shouldBypassMainWorldCSP && !csp->allowRequest(resourceRequest.requestContext(), url, redirectStatus, cspReporting))

return ResourceRequestBlockedReasonCSP;

« no previous file with comments | « third_party/WebKit/Source/core/loader/DocumentLoader.cpp ('k') | third_party/WebKit/Source/core/loader/FrameLoader.cpp » ('j') | no next file with comments »