Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 2068443002: Revert of Move 'frame-src' CSP checks into FrameFetchContext. (Closed)

Created:
4 years, 6 months ago by tommycli
Modified:
4 years, 6 months ago
CC:
blink-reviews, chromium-reviews, gavinp+loader_chromium.org, Nate Chapin, loading-reviews_chromium.org, mkwst+watchlist-csp_chromium.org, Nathan Parker, site-isolation-reviews_chromium.org, tyoshino+watch_chromium.org, Yoav Weiss
Base URL:
https://chromium.googlesource.com/chromium/src.git@master
Target Ref:
refs/pending/heads/master
Project:
chromium
Visibility:
Public.

Description

Revert of Move 'frame-src' CSP checks into FrameFetchContext. (patchset #5 id:100001 of https://codereview.chromium.org/2022083002/ ) Reason for revert: Speculative revert for breaking Dr. Memory: https://build.chromium.org/p/chromium.memory.fyi/builders/Windows%20Content%20Browser%20%28DrMemory%20full%29%20%284%29?numbuilds=200 First breaking build: https://build.chromium.org/p/chromium.memory.fyi/builders/Windows%20Content%20Browser%20%28DrMemory%20full%29%20%284%29/builds/8028 Original issue's description: > Move 'frame-src' CSP checks into FrameFetchContext. > > Currently, we're doing 'frame-src' checks inside 'FrameLoader', which > ends up being too early in the navigation cycle to handle the results > of 'upgrade-insecure-requests'. Happily, we've refactored enough of the > loading code in the last ~3 years that we can pretty easily move this > check into 'FrameFetchContext::canRequest' alongside the rest of CSP. > > BUG=615910 > > Committed: https://crrev.com/3f3e725e6479c711e5e13e59e8d011ee89992119 > Cr-Commit-Position: refs/heads/master@{#398685} TBR=jialiul@chromium.org,alexmos@chromium.org,creis@chromium.org,dcheng@chromium.org,japhet@chromium.org,jochen@chromium.org,lukasza@chromium.org,nasko@chromium.org,nparker@chromium.org,yoav@yoav.ws,mkwst@chromium.org # Not skipping CQ checks because original CL landed more than 1 days ago. BUG=615910 Committed: https://crrev.com/13632cf2d8145ab0785011bc4e1c7254914395fc Cr-Commit-Position: refs/heads/master@{#399561}

Patch Set 1 #

Patch Set 2 : run revert on local machine to resolve conflicts #

Unified diffs Side-by-side diffs Delta from patch set Stats (+57 lines, -159 lines) Patch
M content/browser/site_per_process_browsertest.cc View 1 5 chunks +16 lines, -15 lines 0 comments Download
M third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/frame-src-child-frame-navigates-to-blocked-origin-expected.txt View 1 1 chunk +1 line, -1 line 0 comments Download
D third_party/WebKit/LayoutTests/http/tests/security/upgrade-insecure-requests/iframe-upgrade-csp.https.html View 1 chunk +0 lines, -46 lines 0 comments Download
M third_party/WebKit/Source/core/loader/DocumentLoader.h View 1 2 chunks +1 line, -2 lines 0 comments Download
M third_party/WebKit/Source/core/loader/DocumentLoader.cpp View 1 3 chunks +4 lines, -16 lines 0 comments Download
M third_party/WebKit/Source/core/loader/FrameFetchContext.h View 1 1 chunk +0 lines, -1 line 0 comments Download
M third_party/WebKit/Source/core/loader/FrameFetchContext.cpp View 1 2 chunks +12 lines, -33 lines 0 comments Download
M third_party/WebKit/Source/core/loader/FrameLoader.h View 1 1 chunk +1 line, -1 line 0 comments Download
M third_party/WebKit/Source/core/loader/FrameLoader.cpp View 1 4 chunks +22 lines, -6 lines 0 comments Download
M third_party/WebKit/Source/web/tests/WebFrameTest.cpp View 1 1 chunk +0 lines, -25 lines 0 comments Download
D third_party/WebKit/Source/web/tests/data/iframe_redirect_blocked.html View 1 chunk +0 lines, -13 lines 0 comments Download

Messages

Total messages: 11 (5 generated)
tommycli
Created Revert of Move 'frame-src' CSP checks into FrameFetchContext.
4 years, 6 months ago (2016-06-13 18:13:04 UTC) #2
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/2068443002/1
4 years, 6 months ago (2016-06-13 18:13:31 UTC) #3
commit-bot: I haz the power
Try jobs failed on following builders: ios-simulator on tryserver.chromium.mac (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.mac/builders/ios-simulator/builds/20297) ios-simulator-gn on tryserver.chromium.mac (JOB_FAILED, ...
4 years, 6 months ago (2016-06-13 18:16:30 UTC) #5
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/2068443002/190001
4 years, 6 months ago (2016-06-13 19:33:14 UTC) #7
commit-bot: I haz the power
Committed patchset #2 (id:190001)
4 years, 6 months ago (2016-06-13 21:54:32 UTC) #9
commit-bot: I haz the power
4 years, 6 months ago (2016-06-13 21:56:07 UTC) #11
Message was sent while issue was closed. 
Patchset 2 (id:??) landed as
https://crrev.com/13632cf2d8145ab0785011bc4e1c7254914395fc
Cr-Commit-Position: refs/heads/master@{#399561}

Powered by Google App Engine
This is Rietveld 408576698