Index: third_party/WebKit/Source/core/frame/csp/SourceListDirective.cpp |
diff --git a/third_party/WebKit/Source/core/frame/csp/SourceListDirective.cpp b/third_party/WebKit/Source/core/frame/csp/SourceListDirective.cpp |
index ef1173ec484a40c2ddcbbae85883cd3c2fd0a46b..223967d5bc2ee35e167789bfed7d86c1825245a3 100644 |
--- a/third_party/WebKit/Source/core/frame/csp/SourceListDirective.cpp |
+++ b/third_party/WebKit/Source/core/frame/csp/SourceListDirective.cpp |
@@ -585,12 +585,17 @@ bool SourceListDirective::subsumes( |
if (!m_list.size() || !other.size()) |
return !m_list.size(); |
- HeapVector<Member<CSPSource>> normalizedA = other[0]->m_list; |
- for (size_t i = 1; i < other.size(); i++) { |
- normalizedA = other[i]->getIntersectCSPSources(normalizedA); |
- } |
+ HeapVector<Member<CSPSource>> normalizedA = m_list; |
+ if (m_allowSelf && other[0]->m_policy->getSelfSource()) |
+ normalizedA.append(other[0]->m_policy->getSelfSource()); |
+ |
+ HeapVector<Member<CSPSource>> normalizedB = other[0]->m_list; |
+ if (other[0]->m_allowSelf && other[0]->m_policy->getSelfSource()) |
+ normalizedB.append(other[0]->m_policy->getSelfSource()); |
+ for (size_t i = 1; i < other.size(); i++) |
+ normalizedB = other[i]->getIntersectCSPSources(normalizedB); |
- return CSPSource::firstSubsumesSecond(m_list, normalizedA); |
+ return CSPSource::firstSubsumesSecond(normalizedA, normalizedB); |
} |
HashMap<String, CSPSource*> SourceListDirective::getIntersectSchemesOnly( |
@@ -630,7 +635,10 @@ HeapVector<Member<CSPSource>> SourceListDirective::getIntersectCSPSources( |
} |
} |
- for (const auto& sourceA : m_list) { |
+ HeapVector<Member<CSPSource>> thisVector = m_list; |
+ if (m_allowSelf) |
+ thisVector.append(m_policy->getSelfSource()); |
+ for (const auto& sourceA : thisVector) { |
if (schemesMap.contains(sourceA->getScheme())) |
continue; |