Index: third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp |
diff --git a/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp b/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp |
index 2df252450035ef6b9a2f5743622acb5fed441688..c36b95b8b11a44b1f06f88ca660803e9a5f14916 100644 |
--- a/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp |
+++ b/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp |
@@ -541,8 +541,9 @@ bool ContentSecurityPolicy::allowPluginTypeForDocument(const Document& document, |
// FIXME: The plugin-types directive should be pushed down into the |
// current document instead of reaching up to the parent for it here. |
LocalFrame* frame = document.frame(); |
- if (frame && frame->tree().parent() && frame->tree().parent()->isLocalFrame() && document.isPluginDocument()) { |
- ContentSecurityPolicy* parentCSP = toLocalFrame(frame->tree().parent())->document()->contentSecurityPolicy(); |
+ if (frame && frame->tree().parent() && document.isPluginDocument()) { |
+ ContentSecurityPolicy* parentCSP = |
+ frame->tree().parent()->securityContext()->contentSecurityPolicy(); |
if (parentCSP && !parentCSP->allowPluginType(type, typeAttribute, url)) |
return false; |
} |
@@ -847,7 +848,8 @@ void ContentSecurityPolicy::reportViolation(const String& directiveText, const S |
// https://crbug.com/376522). |
if (!m_executionContext && !contextFrame) { |
DCHECK(equalIgnoringCase(effectiveDirective, ContentSecurityPolicy::ChildSrc) |
- || equalIgnoringCase(effectiveDirective, ContentSecurityPolicy::FrameSrc)); |
+ || equalIgnoringCase(effectiveDirective, ContentSecurityPolicy::FrameSrc) |
+ || equalIgnoringCase(effectiveDirective, ContentSecurityPolicy::PluginTypes)); |
return; |
} |