Index: third_party/WebKit/Source/core/dom/RemoteSecurityContext.cpp |
diff --git a/third_party/WebKit/Source/core/dom/RemoteSecurityContext.cpp b/third_party/WebKit/Source/core/dom/RemoteSecurityContext.cpp |
index dfc8610b5d16338674713bbee2e62aa45096c0f2..045fb89c3ffefc039d8a84831c673710f015f41b 100644 |
--- a/third_party/WebKit/Source/core/dom/RemoteSecurityContext.cpp |
+++ b/third_party/WebKit/Source/core/dom/RemoteSecurityContext.cpp |
@@ -4,34 +4,40 @@ |
#include "core/dom/RemoteSecurityContext.h" |
-#include "core/frame/csp/ContentSecurityPolicy.h" |
+#include "core/frame/RemoteFrameClient.h" |
+#include "core/frame/csp/RemoteContentSecurityPolicy.h" |
#include "platform/weborigin/SecurityOrigin.h" |
#include "wtf/Assertions.h" |
namespace blink { |
-RemoteSecurityContext::RemoteSecurityContext() |
+RemoteSecurityContext::RemoteSecurityContext(RemoteFrameClient* remoteFrameClient) |
: SecurityContext() |
+ , m_remoteFrameClient(remoteFrameClient) |
{ |
// RemoteSecurityContext's origin is expected to stay uninitialized until |
// we set it using replicated origin data from the browser process. |
DCHECK(!getSecurityOrigin()); |
+ // Caller needs to pass a non-null |remoteFrameClient|. |
+ DCHECK(remoteFrameClient); |
+ |
// Start with a clean slate. |
- setContentSecurityPolicy(ContentSecurityPolicy::create()); |
+ setContentSecurityPolicy(RemoteContentSecurityPolicy::create(m_remoteFrameClient)); |
// FIXME: Document::initSecurityContext has a few other things we may |
// eventually want here, such as enforcing a setting to |
// grantUniversalAccess(). |
} |
-RemoteSecurityContext* RemoteSecurityContext::create() |
+RemoteSecurityContext* RemoteSecurityContext::create(RemoteFrameClient* remoteFrameClient) |
{ |
- return new RemoteSecurityContext(); |
+ return new RemoteSecurityContext(remoteFrameClient); |
} |
DEFINE_TRACE(RemoteSecurityContext) |
{ |
+ visitor->trace(m_remoteFrameClient); |
SecurityContext::trace(visitor); |
} |
@@ -45,7 +51,7 @@ void RemoteSecurityContext::setReplicatedOrigin(PassRefPtr<SecurityOrigin> origi |
void RemoteSecurityContext::resetReplicatedContentSecurityPolicy() |
{ |
DCHECK(getSecurityOrigin()); |
- setContentSecurityPolicy(ContentSecurityPolicy::create()); |
+ setContentSecurityPolicy(RemoteContentSecurityPolicy::create(m_remoteFrameClient)); |
alexmos
2016/08/09 18:01:19
It's unfortunate that we need to store m_remoteFra
Łukasz Anforowicz
2016/08/09 22:23:20
Acknowledged.
|
contentSecurityPolicy()->setupSelf(*getSecurityOrigin()); |
} |