| Index: third_party/WebKit/Source/core/loader/PingLoader.cpp
|
| diff --git a/third_party/WebKit/Source/core/loader/PingLoader.cpp b/third_party/WebKit/Source/core/loader/PingLoader.cpp
|
| index eed8f67f6693885017d45206ad8931252fdc8f22..3086e7e4131c20c8ea16995bcf5e54e7372617a5 100644
|
| --- a/third_party/WebKit/Source/core/loader/PingLoader.cpp
|
| +++ b/third_party/WebKit/Source/core/loader/PingLoader.cpp
|
| @@ -33,6 +33,7 @@
|
|
|
| #include "core/dom/DOMArrayBufferView.h"
|
| #include "core/dom/Document.h"
|
| +#include "core/dom/SecurityContext.h"
|
| #include "core/fetch/CrossOriginAccessControl.h"
|
| #include "core/fetch/FetchContext.h"
|
| #include "core/fetch/FetchInitiatorTypeNames.h"
|
| @@ -42,6 +43,7 @@
|
| #include "core/fileapi/File.h"
|
| #include "core/frame/FrameConsole.h"
|
| #include "core/frame/LocalFrame.h"
|
| +#include "core/frame/csp/ContentSecurityPolicy.h"
|
| #include "core/html/FormData.h"
|
| #include "core/inspector/ConsoleMessage.h"
|
| #include "core/inspector/InspectorInstrumentation.h"
|
| @@ -473,6 +475,12 @@ void PingLoader::sendLinkAuditPing(LocalFrame* frame,
|
| if (!pingURL.protocolIsInHTTPFamily())
|
| return;
|
|
|
| + if (ContentSecurityPolicy* policy =
|
| + frame->securityContext()->contentSecurityPolicy()) {
|
| + if (!policy->allowConnectToSource(pingURL))
|
| + return;
|
| + }
|
| +
|
| ResourceRequest request(pingURL);
|
| request.setHTTPMethod(HTTPNames::POST);
|
| request.setHTTPContentType("text/ping");
|
|
|
Chromium Code Reviews
Issue 2500023002:
<a ping="..."> should be covered by connect-src CSP directive. (Closed)
