Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1101)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/WebKit/Source/core/workers/AbstractWorker.cpp

Issue 2056183002: Implement the `require-sri-for` CSP directive (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Updated tests Created 4 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « third_party/WebKit/Source/core/workers/AbstractWorker.h ('k') | third_party/WebKit/Source/core/workers/InProcessWorkerBase.cpp » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 2010 Google Inc. All rights reserved. 2 * Copyright (C) 2010 Google Inc. All rights reserved.
3 * 3 *
4 * Redistribution and use in source and binary forms, with or without 4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions are 5 * modification, are permitted provided that the following conditions are
6 * met: 6 * met:
7 * 7 *
8 * * Redistributions of source code must retain the above copyright 8 * * Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer. 9 * notice, this list of conditions and the following disclaimer.
10 * * Redistributions in binary form must reproduce the above 10 * * Redistributions in binary form must reproduce the above
(...skipping 29 matching lines...) Expand all
40 40
41 AbstractWorker::AbstractWorker(ExecutionContext* context) 41 AbstractWorker::AbstractWorker(ExecutionContext* context)
42 : ActiveDOMObject(context) 42 : ActiveDOMObject(context)
43 { 43 {
44 } 44 }
45 45
46 AbstractWorker::~AbstractWorker() 46 AbstractWorker::~AbstractWorker()
47 { 47 {
48 } 48 }
49 49
50 KURL AbstractWorker::resolveURL(const String& url, ExceptionState& exceptionStat e) 50 KURL AbstractWorker::resolveURL(const String& url, ExceptionState& exceptionStat e, WebURLRequest::RequestContext requestContext)
51 { 51 {
52 // FIXME: This should use the dynamic global scope (bug #27887) 52 // FIXME: This should use the dynamic global scope (bug #27887)
53 KURL scriptURL = getExecutionContext()->completeURL(url); 53 KURL scriptURL = getExecutionContext()->completeURL(url);
54 if (!scriptURL.isValid()) { 54 if (!scriptURL.isValid()) {
55 exceptionState.throwDOMException(SyntaxError, "'" + url + "' is not a va lid URL."); 55 exceptionState.throwDOMException(SyntaxError, "'" + url + "' is not a va lid URL.");
56 return KURL(); 56 return KURL();
57 } 57 }
58 58
59 // We can safely expose the URL in the following exceptions, as these checks happen synchronously before redirection. JavaScript receives no new information . 59 // We can safely expose the URL in the following exceptions, as these checks happen synchronously before redirection. JavaScript receives no new information .
60 if (!getExecutionContext()->getSecurityOrigin()->canRequestNoSuborigin(scrip tURL)) { 60 if (!getExecutionContext()->getSecurityOrigin()->canRequestNoSuborigin(scrip tURL)) {
61 exceptionState.throwSecurityError("Script at '" + scriptURL.elidedString () + "' cannot be accessed from origin '" + getExecutionContext()->getSecurityOr igin()->toString() + "'."); 61 exceptionState.throwSecurityError("Script at '" + scriptURL.elidedString () + "' cannot be accessed from origin '" + getExecutionContext()->getSecurityOr igin()->toString() + "'.");
62 return KURL(); 62 return KURL();
63 } 63 }
64 64
65 if (getExecutionContext()->contentSecurityPolicy() && !getExecutionContext() ->contentSecurityPolicy()->allowWorkerContextFromSource(scriptURL)) { 65 if (getExecutionContext()->contentSecurityPolicy()
66 && !(getExecutionContext()->contentSecurityPolicy()->allowRequestWithout Integrity(requestContext, scriptURL)
67 && getExecutionContext()->contentSecurityPolicy()->allowWorkerContex tFromSource(scriptURL))) {
66 exceptionState.throwSecurityError("Access to the script at '" + scriptUR L.elidedString() + "' is denied by the document's Content Security Policy."); 68 exceptionState.throwSecurityError("Access to the script at '" + scriptUR L.elidedString() + "' is denied by the document's Content Security Policy.");
67 return KURL(); 69 return KURL();
68 } 70 }
69 71
70 return scriptURL; 72 return scriptURL;
71 } 73 }
72 74
73 DEFINE_TRACE(AbstractWorker) 75 DEFINE_TRACE(AbstractWorker)
74 { 76 {
75 EventTargetWithInlineData::trace(visitor); 77 EventTargetWithInlineData::trace(visitor);
76 ActiveDOMObject::trace(visitor); 78 ActiveDOMObject::trace(visitor);
77 } 79 }
78 80
79 } // namespace blink 81 } // namespace blink
OLDNEW
« no previous file with comments | « third_party/WebKit/Source/core/workers/AbstractWorker.h ('k') | third_party/WebKit/Source/core/workers/InProcessWorkerBase.cpp » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698