Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(190)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/WebKit/Source/modules/websockets/DOMWebSocket.cpp

Issue 2456013002: CSP: 'connect-src' should not cause exceptions. (Closed)
Patch Set: Ugh. Created 3 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« third_party/WebKit/LayoutTests/external/wpt/content-security-policy/inside-worker/dedicated-inheritance.html ('K') | « third_party/WebKit/Source/modules/eventsource/EventSource.cpp ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 2011 Google Inc. All rights reserved. 2 * Copyright (C) 2011 Google Inc. All rights reserved.
3 * 3 *
4 * Redistribution and use in source and binary forms, with or without 4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions are 5 * modification, are permitted provided that the following conditions are
6 * met: 6 * met:
7 * 7 *
8 * * Redistributions of source code must retain the above copyright 8 * * Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer. 9 * notice, this list of conditions and the following disclaimer.
10 * * Redistributions in binary form must reproduce the above 10 * * Redistributions in binary form must reproduce the above
(...skipping 317 matching lines...) Expand 10 before | Expand all | Expand 10 after
328 return; 328 return;
329 } 329 }
330 330
331 if (!isPortAllowedForScheme(m_url)) { 331 if (!isPortAllowedForScheme(m_url)) {
332 m_state = kClosed; 332 m_state = kClosed;
333 exceptionState.throwSecurityError( 333 exceptionState.throwSecurityError(
334 "The port " + String::number(m_url.port()) + " is not allowed."); 334 "The port " + String::number(m_url.port()) + " is not allowed.");
335 return; 335 return;
336 } 336 }
337 337
338 // FIXME: Convert this to check the isolated world's Content Security Policy
339 // once webkit.org/b/104520 is solved.
340 if (!ContentSecurityPolicy::shouldBypassMainWorld(getExecutionContext()) && 338 if (!ContentSecurityPolicy::shouldBypassMainWorld(getExecutionContext()) &&
341 !getExecutionContext()->contentSecurityPolicy()->allowConnectToSource( 339 !getExecutionContext()->contentSecurityPolicy()->allowConnectToSource(
342 m_url)) { 340 m_url)) {
343 m_state = kClosed; 341 m_state = kClosed;
344 // The URL is safe to expose to JavaScript, as this check happens 342
345 // synchronously before redirection. 343 // Delay the event dispatch until after the current task by suspending and
346 exceptionState.throwSecurityError( 344 // resuming the queue. If we don't do this, the event is fired synchronously
347 "Refused to connect to '" + m_url.elidedString() + 345 // with the constructor, meaning that it's impossible to listen for.
348 "' because it violates the document's Content Security Policy."); 346 m_eventQueue->suspend();
347 m_eventQueue->dispatch(Event::create(EventTypeNames::error));
348 m_eventQueue->resume();
349 return; 349 return;
350 } 350 }
351 351
352 // Fail if not all elements in |protocols| are valid. 352 // Fail if not all elements in |protocols| are valid.
353 for (size_t i = 0; i < protocols.size(); ++i) { 353 for (size_t i = 0; i < protocols.size(); ++i) {
354 if (!isValidSubprotocolString(protocols[i])) { 354 if (!isValidSubprotocolString(protocols[i])) {
355 m_state = kClosed; 355 m_state = kClosed;
356 exceptionState.throwDOMException( 356 exceptionState.throwDOMException(
357 SyntaxError, "The subprotocol '" + 357 SyntaxError, "The subprotocol '" +
358 encodeSubprotocolString(protocols[i]) + 358 encodeSubprotocolString(protocols[i]) +
(...skipping 505 matching lines...) Expand 10 before | Expand all | Expand 10 after
864 864
865 DEFINE_TRACE(DOMWebSocket) { 865 DEFINE_TRACE(DOMWebSocket) {
866 visitor->trace(m_channel); 866 visitor->trace(m_channel);
867 visitor->trace(m_eventQueue); 867 visitor->trace(m_eventQueue);
868 WebSocketChannelClient::trace(visitor); 868 WebSocketChannelClient::trace(visitor);
869 EventTargetWithInlineData::trace(visitor); 869 EventTargetWithInlineData::trace(visitor);
870 SuspendableObject::trace(visitor); 870 SuspendableObject::trace(visitor);
871 } 871 }
872 872
873 } // namespace blink 873 } // namespace blink
OLDNEW
« third_party/WebKit/LayoutTests/external/wpt/content-security-policy/inside-worker/dedicated-inheritance.html ('K') | « third_party/WebKit/Source/modules/eventsource/EventSource.cpp ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698