Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(255)

Issue 2447003002: CSP: 'violated-directive' should match 'effective-directive'. (Closed)

Created:
4 years, 1 month ago by Mike West
Modified:
4 years, 1 month ago
CC:
blink-reviews, chromium-reviews
Target Ref:
refs/pending/heads/master
Project:
chromium
Visibility:
Public.

Description

CSP: 'violated-directive' should match 'effective-directive'. In [1], mikispag@ noted that we're currently returning the entire text of the violated directive, including its source list, etc. This information is replicated in the report via the 'original-policy' property, and CSP3 defines both 'violated-directive' and 'effective-directive' to contain the same data. This patch changes our implementation in line with the spec. [1]: https://github.com/w3c/web-platform-tests/pull/4020 R=jochen@chromium.org Committed: https://crrev.com/0e64be9cf335ee3bea7c989702c5a9a0934af037 Cr-Commit-Position: refs/heads/master@{#427634}

Patch Set 1 #

Unified diffs Side-by-side diffs Delta from patch set Stats (+30 lines, -30 lines) Patch
M third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/base-uri-deny.html View 1 chunk +1 line, -1 line 0 comments Download
M third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/base-uri-deny-expected.txt View 1 chunk +1 line, -1 line 0 comments Download
M third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/report-uri-effective-directive-expected.txt View 1 chunk +1 line, -1 line 0 comments Download
M third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/eval-allowed-in-report-only-mode-and-sends-report-expected.txt View 1 chunk +1 line, -1 line 0 comments Download
M third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/eval-blocked-and-sends-report-expected.txt View 1 chunk +1 line, -1 line 0 comments Download
M third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/report-and-enforce-expected.txt View 1 chunk +1 line, -1 line 0 comments Download
M third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/report-blocked-data-uri-expected.txt View 1 chunk +1 line, -1 line 0 comments Download
M third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/report-blocked-file-uri-expected.txt View 1 chunk +1 line, -1 line 0 comments Download
M third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/report-blocked-uri-cross-origin-expected.txt View 1 chunk +1 line, -1 line 0 comments Download
M third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/report-blocked-uri-expected.txt View 1 chunk +1 line, -1 line 0 comments Download
M third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies-expected.txt View 1 chunk +1 line, -1 line 0 comments Download
M third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/report-only-expected.txt View 1 chunk +1 line, -1 line 0 comments Download
M third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/report-only-from-header-expected.txt View 1 chunk +1 line, -1 line 0 comments Download
M third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/report-same-origin-with-cookies-expected.txt View 1 chunk +1 line, -1 line 0 comments Download
M third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/report-uri-expected.txt View 1 chunk +1 line, -1 line 0 comments Download
M third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/report-uri-from-child-frame-expected.txt View 1 chunk +1 line, -1 line 0 comments Download
M third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/report-uri-from-inline-javascript-expected.txt View 1 chunk +1 line, -1 line 0 comments Download
M third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/report-uri-from-javascript-expected.txt View 1 chunk +1 line, -1 line 0 comments Download
M third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/report-uri-multiple-expected.txt View 1 chunk +1 line, -1 line 0 comments Download
M third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/report-uri-multiple-reversed-expected.txt View 1 chunk +1 line, -1 line 0 comments Download
M third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/report-uri-scheme-relative-expected.txt View 1 chunk +1 line, -1 line 0 comments Download
M third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/securitypolicyviolation/securitypolicyviolation-block-cross-origin-image.html View 1 chunk +1 line, -1 line 0 comments Download
M third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/securitypolicyviolation/securitypolicyviolation-block-cross-origin-image-expected.txt View 1 chunk +1 line, -1 line 0 comments Download
M third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/securitypolicyviolation/securitypolicyviolation-block-cross-origin-image-from-script.html View 1 chunk +1 line, -1 line 0 comments Download
M third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/securitypolicyviolation/securitypolicyviolation-block-cross-origin-image-from-script-expected.txt View 1 chunk +1 line, -1 line 0 comments Download
M third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/securitypolicyviolation/securitypolicyviolation-block-image.html View 1 chunk +1 line, -1 line 0 comments Download
M third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/securitypolicyviolation/securitypolicyviolation-block-image-expected.txt View 1 chunk +1 line, -1 line 0 comments Download
M third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/securitypolicyviolation/securitypolicyviolation-block-image-from-script.html View 1 chunk +1 line, -1 line 0 comments Download
M third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/securitypolicyviolation/securitypolicyviolation-block-image-from-script-expected.txt View 1 chunk +1 line, -1 line 0 comments Download
M third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp View 1 chunk +1 line, -1 line 0 comments Download

Messages

Total messages: 12 (7 generated)
Mike West
WDYT, Jochen?
4 years, 1 month ago (2016-10-25 19:34:43 UTC) #2
jochen (gone - plz use gerrit)
lgtm
4 years, 1 month ago (2016-10-26 08:14:38 UTC) #7
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.org/2447003002/1
4 years, 1 month ago (2016-10-26 08:18:15 UTC) #9
commit-bot: I haz the power
Committed patchset #1 (id:1)
4 years, 1 month ago (2016-10-26 08:23:33 UTC) #10
commit-bot: I haz the power
4 years, 1 month ago (2016-10-26 08:25:32 UTC) #12
Message was sent while issue was closed.
Patchset 1 (id:??) landed as
https://crrev.com/0e64be9cf335ee3bea7c989702c5a9a0934af037
Cr-Commit-Position: refs/heads/master@{#427634}

Powered by Google App Engine
This is Rietveld 408576698