third_party/WebKit/Source/core/xmlhttprequest/XMLHttpRequest.cpp - Issue 2456013002: CSP: 'connect-src' should not cause exceptions. - Code Review

Chromium Code Reviews

chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out

(570)

My Issues | Starred Open | Closed | All

Unified Diff: third_party/WebKit/Source/core/xmlhttprequest/XMLHttpRequest.cpp

Issue 2456013002: CSP: 'connect-src' should not cause exceptions. (Closed)

Patch Set: Ugh. Created 3 years, 9 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

« third_party/WebKit/LayoutTests/external/wpt/content-security-policy/inside-worker/dedicated-inheritance.html ('K') | « third_party/WebKit/Source/core/loader/PingLoader.cpp ('k') | third_party/WebKit/Source/modules/beacon/NavigatorBeacon.cpp » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: third_party/WebKit/Source/core/xmlhttprequest/XMLHttpRequest.cpp

diff --git a/third_party/WebKit/Source/core/xmlhttprequest/XMLHttpRequest.cpp b/third_party/WebKit/Source/core/xmlhttprequest/XMLHttpRequest.cpp

index de095344db1d56bdaa02ef95f2162afbef6beadd..d1c2274bc4007a3aa10cd7544f458cef853ee9b8 100644

--- a/third_party/WebKit/Source/core/xmlhttprequest/XMLHttpRequest.cpp

+++ b/third_party/WebKit/Source/core/xmlhttprequest/XMLHttpRequest.cpp

@@ -617,17 +617,6 @@ void XMLHttpRequest::open(const AtomicString& method,

m_error = false;

m_uploadComplete = false;

- if (!ContentSecurityPolicy::shouldBypassMainWorld(getExecutionContext()) &&

- !getExecutionContext()->contentSecurityPolicy()->allowConnectToSource(

- url)) {

- // We can safely expose the URL to JavaScript, as these checks happen

- // synchronously before redirection. JavaScript receives no new information.

- exceptionState.throwSecurityError(

- "Refused to connect to '" + url.elidedString() +

- "' because it violates the document's Content Security Policy.");

- return;

- }

-

if (!async && getExecutionContext()->isDocument()) {

if (document()->settings() &&

!document()->settings()->getSyncXHRInDocumentsEnabled()) {

« third_party/WebKit/LayoutTests/external/wpt/content-security-policy/inside-worker/dedicated-inheritance.html ('K') | « third_party/WebKit/Source/core/loader/PingLoader.cpp ('k') | third_party/WebKit/Source/modules/beacon/NavigatorBeacon.cpp » ('j') | no next file with comments »

Powered by Google App Engine

This is Rietveld 408576698