third_party/WebKit/Source/core/loader/PingLoader.cpp - Issue 2456013002: CSP: 'connect-src' should not cause exceptions. - Code Review

Chromium Code Reviews

chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out

(729)

My Issues | Starred Open | Closed | All

Unified Diff: third_party/WebKit/Source/core/loader/PingLoader.cpp

Issue 2456013002: CSP: 'connect-src' should not cause exceptions. (Closed)

Patch Set: Ugh. Created 3 years, 9 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

« third_party/WebKit/LayoutTests/external/wpt/content-security-policy/inside-worker/dedicated-inheritance.html ('K') | « third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/source-list-parsing-malformed-meta-expected.txt ('k') | third_party/WebKit/Source/core/xmlhttprequest/XMLHttpRequest.cpp » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: third_party/WebKit/Source/core/loader/PingLoader.cpp

diff --git a/third_party/WebKit/Source/core/loader/PingLoader.cpp b/third_party/WebKit/Source/core/loader/PingLoader.cpp

index 7ba64a6a5d11eebbb11b6348040d3a7ec6c886f4..2221d291c077636a125dead3b242ede7a8ff29e5 100644

--- a/third_party/WebKit/Source/core/loader/PingLoader.cpp

+++ b/third_party/WebKit/Source/core/loader/PingLoader.cpp

@@ -425,6 +425,13 @@ bool sendBeaconCommon(LocalFrame* frame,

if (!frame->document())

return false;

+ // TODO(mkwst): CSP is not enforced on redirects, crbug.com/372197

+ if (!ContentSecurityPolicy::shouldBypassMainWorld(frame->document()) &&

+ !frame->document()->contentSecurityPolicy()->allowConnectToSource(url)) {

+ // We're simulating a network failure here, so we return 'true'.

+ return true;

+ }

+

unsigned long long entitySize = beacon.size();

if (allowance < 0 || static_cast<unsigned long long>(allowance) < entitySize)

return false;

« third_party/WebKit/LayoutTests/external/wpt/content-security-policy/inside-worker/dedicated-inheritance.html ('K') | « third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/source-list-parsing-malformed-meta-expected.txt ('k') | third_party/WebKit/Source/core/xmlhttprequest/XMLHttpRequest.cpp » ('j') | no next file with comments »

Powered by Google App Engine

This is Rietveld 408576698