Chromium Code Reviews Chromium Code Reviews
Issue 2483903003:
<a ping="..."> should be covered by connect-src CSP directive. (Closed)
| Index: third_party/WebKit/Source/core/loader/PingLoader.cpp |
| diff --git a/third_party/WebKit/Source/core/loader/PingLoader.cpp b/third_party/WebKit/Source/core/loader/PingLoader.cpp |
| index 2a1ab60b91b51ee25d2d484f1dae7b85b077c446..ac167d69f52b9954afb77ace82c7ee158b1e553a 100644 |
| --- a/third_party/WebKit/Source/core/loader/PingLoader.cpp |
| +++ b/third_party/WebKit/Source/core/loader/PingLoader.cpp |
| @@ -33,6 +33,7 @@ |
| #include "core/dom/DOMArrayBufferView.h" |
| #include "core/dom/Document.h" |
| +#include "core/dom/SecurityContext.h" |
| #include "core/fetch/CrossOriginAccessControl.h" |
| #include "core/fetch/FetchContext.h" |
| #include "core/fetch/FetchInitiatorTypeNames.h" |
| @@ -42,6 +43,7 @@ |
| #include "core/fileapi/File.h" |
| #include "core/frame/FrameConsole.h" |
| #include "core/frame/LocalFrame.h" |
| +#include "core/frame/csp/ContentSecurityPolicy.h" |
| #include "core/html/FormData.h" |
| #include "core/inspector/ConsoleMessage.h" |
| #include "core/inspector/InspectorInstrumentation.h" |
| @@ -414,6 +416,12 @@ bool sendPingCommon(LocalFrame* frame, |
| if (MixedContentChecker::shouldBlockFetch(frame, request, request.url())) |
| return false; |
| + if (ContentSecurityPolicy* policy = |
| + frame->securityContext()->contentSecurityPolicy()) { |
| + if (!policy->allowConnectToSource(request.url())) |
| + return false; |
| + } |
|
Mike West
2016/11/08 14:24:59
This does too much, as it also ends up applying CS
Łukasz Anforowicz
2016/11/08 14:38:59
Thanks for catching this. I should have checked w
|
| + |
| // The loader keeps itself alive until it receives a response and disposes |
| // itself. |
| PingLoaderImpl* loader = |
