Index: third_party/WebKit/Source/modules/websockets/DOMWebSocket.cpp |
diff --git a/third_party/WebKit/Source/modules/websockets/DOMWebSocket.cpp b/third_party/WebKit/Source/modules/websockets/DOMWebSocket.cpp |
index 8610aa3bd54f4b75c8e546077a2afaae8f3e6a83..fb7d204b59257f71b8de9427e42a200b11110890 100644 |
--- a/third_party/WebKit/Source/modules/websockets/DOMWebSocket.cpp |
+++ b/third_party/WebKit/Source/modules/websockets/DOMWebSocket.cpp |
@@ -331,17 +331,17 @@ void DOMWebSocket::connect(const String& url, |
return; |
} |
- // FIXME: Convert this to check the isolated world's Content Security Policy |
- // once webkit.org/b/104520 is solved. |
tyoshino (SeeGerritForStatus)
2016/10/27 14:16:35
is it fine to remove this? We still have the same
Mike West
2016/10/27 14:20:25
Since it seems like the extensions team has entire
tyoshino (SeeGerritForStatus)
2016/10/27 14:22:13
OK
|
if (!ContentSecurityPolicy::shouldBypassMainWorld(getExecutionContext()) && |
!getExecutionContext()->contentSecurityPolicy()->allowConnectToSource( |
m_url)) { |
m_state = kClosed; |
- // The URL is safe to expose to JavaScript, as this check happens |
- // synchronously before redirection. |
- exceptionState.throwSecurityError( |
- "Refused to connect to '" + m_url.elidedString() + |
- "' because it violates the document's Content Security Policy."); |
+ |
+ // Delay the event dispatch until after the current task by suspending and |
+ // resuming the queue. If we don't do this, the event is fired synchronously |
+ // with the constructor, meaning that it's impossible to listen for. |
+ m_eventQueue->suspend(); |
+ m_eventQueue->dispatch(Event::create(EventTypeNames::error)); |
+ m_eventQueue->resume(); |
return; |
} |