Issue 2147853003: Teach 'LinkRequestBuilder' about the 'nonce' attribute.

Issue 2147853003: Teach 'LinkRequestBuilder' about the 'nonce' attribute. (Closed)

Created:
4 years, 5 months ago by Mike West

Modified:
4 years, 5 months ago

Reviewers:
jochen (gone - plz use gerrit)

CC:
aaj, blink-reviews, blink-reviews-html_chromium.org, chromium-reviews, dglazkov+blink, gavinp+prerender_chromium.org, tfarina, Yoav Weiss

Base URL:
https://chromium.googlesource.com/chromium/src.git@preload

Target Ref:
refs/pending/heads/master

Project:
chromium

Visibility:
Public.

More Reviews

Description

Teach 'LinkRequestBuilder' about the 'nonce' attribute. Rather than special-casing stylesheet loading, this patch teaches 'LinkRequestBuilder' to grab the nonce when creating requests associated with '<link>' elements. This ensures that we deal correctly with stylesheet and HTML imports. The import tests added in 'http/tests/security/contentSecurityPolicy/nonces/' verify the expected behavior: a CSP containing "script-src 'nonce-abc'" should allow '<link rel="import" nonce="abc" href="...">'. BUG=627762 R=jochen@chromium.org Committed: https://crrev.com/dd6fbccfc7457596f386d41b822d9e93a22b4cac Cr-Commit-Position: refs/heads/master@{#405454}

Patch Set 1 #

Created: 4 years, 5 months ago

Download [raw] [tar.bz2]

	Unified diffs	Side-by-side diffs	Stats (+144 lines, -2 lines)			Patch
A	third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/nonces/import-enforce-allowed.php	View	1 chunk	+24 lines, -0 lines	0 comments	Download
A	third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/nonces/import-enforce-blocked.php	View	1 chunk	+27 lines, -0 lines	0 comments	Download
A	third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/nonces/import-multiple-allowed.php	View	1 chunk	+25 lines, -0 lines	0 comments	Download
A	third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/nonces/import-multiple-blocked.php	View	1 chunk	+33 lines, -0 lines	0 comments	Download
A	third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/nonces/import-reportonly-allowed.php	View	1 chunk	+32 lines, -0 lines	0 comments	Download
M	third_party/WebKit/Source/core/html/HTMLLinkElement.cpp	View	1 chunk	+0 lines, -1 line	0 comments	Download
M	third_party/WebKit/Source/core/html/LinkResource.cpp	View	1 chunk	+3 lines, -1 line	0 comments	Download

Depends on Patchset:

Issue 2148723002 Patch 1

Messages

Total messages: 10 (5 generated)

Expand Messages | Collapse Messages | Show Generated Messages | Hide Generated Messages

commit-bot: I haz the power

CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.org/2147853003/1

4 years, 5 months ago (2016-07-14 07:48:55 UTC) #7

commit-bot: I haz the power

Description was changed from ========== Teach 'LinkRequestBuilder' about the 'nonce' attribute. Rather than special-casing stylesheet ...

4 years, 5 months ago (2016-07-14 09:22:30 UTC) #9

commit-bot: I haz the power

4 years, 5 months ago (2016-07-14 09:22:31 UTC) #10

Message was sent while issue was closed.

Patchset 1 (id:??) landed as
https://crrev.com/dd6fbccfc7457596f386d41b822d9e93a22b4cac
Cr-Commit-Position: refs/heads/master@{#405454}

Expand Messages | Collapse Messages | Show Generated Messages | Hide Generated Messages