Chromium Code Reviews Chromium Code Reviews
Issue 2456013002:
CSP: 'connect-src' should not cause exceptions. (Closed)
| Index: third_party/WebKit/Source/modules/websockets/DOMWebSocket.cpp |
| diff --git a/third_party/WebKit/Source/modules/websockets/DOMWebSocket.cpp b/third_party/WebKit/Source/modules/websockets/DOMWebSocket.cpp |
| index 8610aa3bd54f4b75c8e546077a2afaae8f3e6a83..fb7d204b59257f71b8de9427e42a200b11110890 100644 |
| --- a/third_party/WebKit/Source/modules/websockets/DOMWebSocket.cpp |
| +++ b/third_party/WebKit/Source/modules/websockets/DOMWebSocket.cpp |
| @@ -331,17 +331,17 @@ void DOMWebSocket::connect(const String& url, |
| return; |
| } |
| - // FIXME: Convert this to check the isolated world's Content Security Policy |
| - // once webkit.org/b/104520 is solved. |
|
tyoshino (SeeGerritForStatus)
2016/10/27 14:16:35
is it fine to remove this? We still have the same
Mike West
2016/10/27 14:20:25
Since it seems like the extensions team has entire
tyoshino (SeeGerritForStatus)
2016/10/27 14:22:13
OK
|
| if (!ContentSecurityPolicy::shouldBypassMainWorld(getExecutionContext()) && |
| !getExecutionContext()->contentSecurityPolicy()->allowConnectToSource( |
| m_url)) { |
| m_state = kClosed; |
| - // The URL is safe to expose to JavaScript, as this check happens |
| - // synchronously before redirection. |
| - exceptionState.throwSecurityError( |
| - "Refused to connect to '" + m_url.elidedString() + |
| - "' because it violates the document's Content Security Policy."); |
| + |
| + // Delay the event dispatch until after the current task by suspending and |
| + // resuming the queue. If we don't do this, the event is fired synchronously |
| + // with the constructor, meaning that it's impossible to listen for. |
| + m_eventQueue->suspend(); |
| + m_eventQueue->dispatch(Event::create(EventTypeNames::error)); |
| + m_eventQueue->resume(); |
| return; |
| } |
