third_party/WebKit/Source/core/xmlhttprequest/XMLHttpRequest.cpp - Issue 2456013002: CSP: 'connect-src' should not cause exceptions. - Code Review

Chromium Code Reviews

chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out

(99)

My Issues | Starred Open | Closed | All

Unified Diff: third_party/WebKit/Source/core/xmlhttprequest/XMLHttpRequest.cpp

Issue 2456013002: CSP: 'connect-src' should not cause exceptions. (Closed)

Patch Set: Created 4 years, 2 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

« third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/connect-src-websocket-blocked.html ('K') | « third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/connect-src-xmlhttprequest-redirect-to-blocked-expected.txt ('k') | third_party/WebKit/Source/modules/beacon/NavigatorBeacon.cpp » ('j') | third_party/WebKit/Source/modules/websockets/DOMWebSocket.cpp » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: third_party/WebKit/Source/core/xmlhttprequest/XMLHttpRequest.cpp

diff --git a/third_party/WebKit/Source/core/xmlhttprequest/XMLHttpRequest.cpp b/third_party/WebKit/Source/core/xmlhttprequest/XMLHttpRequest.cpp

index 9e6bb4c5f8a9b3dbd7f19301df7b6165b0252468..beeb6308c82ec5ce4755b195ce27d7a04a321115 100644

--- a/third_party/WebKit/Source/core/xmlhttprequest/XMLHttpRequest.cpp

+++ b/third_party/WebKit/Source/core/xmlhttprequest/XMLHttpRequest.cpp

@@ -627,17 +627,6 @@ void XMLHttpRequest::open(const AtomicString& method,

m_error = false;

m_uploadComplete = false;

- if (!ContentSecurityPolicy::shouldBypassMainWorld(getExecutionContext()) &&

- !getExecutionContext()->contentSecurityPolicy()->allowConnectToSource(

- url)) {

- // We can safely expose the URL to JavaScript, as these checks happen

- // synchronously before redirection. JavaScript receives no new information.

- exceptionState.throwSecurityError(

- "Refused to connect to '" + url.elidedString() +

- "' because it violates the document's Content Security Policy.");

- return;

- }

-

if (!async && getExecutionContext()->isDocument()) {

if (document()->settings() &&

!document()->settings()->syncXHRInDocumentsEnabled()) {

« third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/connect-src-websocket-blocked.html ('K') | « third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/connect-src-xmlhttprequest-redirect-to-blocked-expected.txt ('k') | third_party/WebKit/Source/modules/beacon/NavigatorBeacon.cpp » ('j') | third_party/WebKit/Source/modules/websockets/DOMWebSocket.cpp » ('J')

Powered by Google App Engine

This is Rietveld 408576698