Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(144)

Issue 2267653003: CSP: Strip reported URLs for 'frame-src' and 'object-src'. (Closed)

Created:
4 years, 4 months ago by Mike West
Modified:
4 years, 4 months ago
Reviewers:
CC:
chromium-reviews
Base URL:
https://chromium.googlesource.com/chromium/src.git@2785
Target Ref:
refs/pending/branch-heads/2785
Project:
chromium
Visibility:
Public.

Description

CSP: Strip reported URLs for 'frame-src' and 'object-src'. The relaxation that landed in https://codereview.chromium.org/2002943002 was a bit too relaxed, and leaks navigation targets cross-origin for 'frame-src' and 'object-src' violations. This patch reverts to the old behavior for those two directives. BUG=633306 Review-Url: https://codereview.chromium.org/2255103002 Cr-Commit-Position: refs/heads/master@{#412809} (cherry picked from commit 94a6ff53682eac87184c1682b63faf6110325174)

Patch Set 1 #

Messages

Total messages: 1 (0 generated)
Mike West
4 years, 4 months ago (2016-08-22 07:50:40 UTC) #1
Message was sent while issue was closed.
Committed patchset #1 (id:1) to pending queue manually as
221bd49400935b9042af51a9d729c0b17e1f98a2.

Powered by Google App Engine
This is Rietveld 408576698