third_party/WebKit/Source/core/loader/FrameLoader.cpp - Issue 2372563002: Adding Embedding-CSP HTTP header

Unified Diff: third_party/WebKit/Source/core/loader/FrameLoader.cpp

Issue 2372563002: Adding Embedding-CSP HTTP header (Closed)

Patch Set: Check for ascii and add console error message Created 4 years, 3 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

Index: third_party/WebKit/Source/core/loader/FrameLoader.cpp

diff --git a/third_party/WebKit/Source/core/loader/FrameLoader.cpp b/third_party/WebKit/Source/core/loader/FrameLoader.cpp

index af4d71268aead1e1b8211453e5ba162035ffb0b9..8f4be80106c5a2eb8b12df0ddc1875110d912802 100644

--- a/third_party/WebKit/Source/core/loader/FrameLoader.cpp

+++ b/third_party/WebKit/Source/core/loader/FrameLoader.cpp

@@ -983,6 +983,13 @@ void FrameLoader::load(const FrameLoadRequest& passedRequest, FrameLoadType fram

setReferrerForFrameRequest(request);

+ AtomicString requiredCSP = m_frame->owner() ? m_frame->owner()->csp() : nullAtom;

+ if (RuntimeEnabledFeatures::embedderCSPEnforcementEnabled() && !requiredCSP.isNull()) {

+ // Record the latest requiredCSP value that was used when sending this request.

amalika 2016/09/29 13:01:14 This seems to be necessary to make sure we correct

Mike West 2016/09/29 13:33:13 I agree that we need to bind the required CSP so t

+ m_frame->localDOMWindow()->setRequiredCSP(requiredCSP);

+ request.resourceRequest().setHTTPHeaderField(HTTPNames::Embedding_CSP, requiredCSP);

Mike West 2016/09/29 13:33:13 I think I'd prefer to push this logic out to a sep

+ }

FrameLoadType newLoadType = (frameLoadType == FrameLoadTypeStandard) ?

determineFrameLoadType(request) : frameLoadType;

NavigationPolicy policy = navigationPolicyForRequest(request);