Index: third_party/WebKit/Source/core/workers/AbstractWorker.cpp |
diff --git a/third_party/WebKit/Source/core/workers/AbstractWorker.cpp b/third_party/WebKit/Source/core/workers/AbstractWorker.cpp |
index 3f669f800776697f26113c94755b53054a328273..0632b186d039ea2a5116b0bb2c7e7d84f511c322 100644 |
--- a/third_party/WebKit/Source/core/workers/AbstractWorker.cpp |
+++ b/third_party/WebKit/Source/core/workers/AbstractWorker.cpp |
@@ -47,7 +47,7 @@ AbstractWorker::~AbstractWorker() |
{ |
} |
-KURL AbstractWorker::resolveURL(const String& url, ExceptionState& exceptionState) |
+KURL AbstractWorker::resolveURL(const String& url, ExceptionState& exceptionState, WebURLRequest::RequestContext requestContext) |
{ |
// FIXME: This should use the dynamic global scope (bug #27887) |
KURL scriptURL = getExecutionContext()->completeURL(url); |
@@ -62,7 +62,9 @@ KURL AbstractWorker::resolveURL(const String& url, ExceptionState& exceptionStat |
return KURL(); |
} |
- if (getExecutionContext()->contentSecurityPolicy() && !getExecutionContext()->contentSecurityPolicy()->allowWorkerContextFromSource(scriptURL)) { |
+ if (getExecutionContext()->contentSecurityPolicy() |
+ && !(getExecutionContext()->contentSecurityPolicy()->allowRequestWithoutIntegrity(requestContext, scriptURL) |
+ && getExecutionContext()->contentSecurityPolicy()->allowWorkerContextFromSource(scriptURL))) { |
exceptionState.throwSecurityError("Access to the script at '" + scriptURL.elidedString() + "' is denied by the document's Content Security Policy."); |
return KURL(); |
} |