Chromium Code Reviews
Help | Chromium Project | Gerrit Changes | Sign in
(48)

Issue 2533313002: CSP: Move 'worker-src' onto 'script-src' (Closed)

Created:
2 years, 5 months ago by Mike West
Modified:
1 year, 11 months ago
CC:
blink-reviews, chromium-reviews
Target Ref:
refs/pending/heads/master
Project:
chromium
Visibility:
Public.

Description

CSP: Move 'worker-src' onto 'script-src' Based on the discussion in https://github.com/w3c/webappsec-csp/issues/146, we're deprecating 'child-src' and moving 'worker-src' onto 'script-src'. Intent to Ship: https://groups.google.com/a/chromium.org/d/msg/blink-dev/npKDoKVOUAs/ogtlIFmLBAAJ BUG=662930, 694525 Review-Url: https://codereview.chromium.org/2533313002 Cr-Commit-Position: refs/heads/master@{#458026} Committed: https://chromium.googlesource.com/chromium/src/+/d8cc69507968d87cea7eeefc39c0dae78f960879

Patch Set 1 #

Total comments: 16

Patch Set 2 : Feedback. #

Patch Set 3 : Test. #

Total comments: 2

Patch Set 4 : Rebase #

Patch Set 5 : Rebase. #

Patch Set 6 : WPT. #

Total comments: 1
Unified diffs Side-by-side diffs Delta from patch set Stats (+135 lines, -391 lines) Patch
M chrome/test/data/extensions/api_test/webrequest/test_types.js View 1 2 3 1 chunk +1 line, -1 line 0 comments Download
M third_party/WebKit/LayoutTests/TestExpectations View 1 2 3 4 5 1 chunk +1 line, -0 lines 0 comments Download
M third_party/WebKit/LayoutTests/external/wpt/content-security-policy/worker-src/service-child.https.sub.html View 1 2 3 4 5 1 chunk +1 line, -1 line 0 comments Download
M third_party/WebKit/LayoutTests/external/wpt/content-security-policy/worker-src/service-fallback.https.sub.html View 1 2 3 4 5 1 chunk +1 line, -1 line 0 comments Download
M third_party/WebKit/LayoutTests/external/wpt/content-security-policy/worker-src/service-list.https.sub.html View 1 2 3 4 5 1 chunk +1 line, -1 line 0 comments Download
D third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/child-src/worker-allowed.html View 1 1 chunk +0 lines, -14 lines 0 comments Download
D third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/child-src/worker-allowed-expected.txt View 1 1 chunk +0 lines, -10 lines 0 comments Download
D third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/child-src/worker-blocked.html View 1 1 chunk +0 lines, -14 lines 0 comments Download
D third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/child-src/worker-blocked-expected.txt View 1 2 3 1 chunk +0 lines, -12 lines 0 comments Download
D third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/child-src/worker-shared-allowed.html View 1 1 chunk +0 lines, -14 lines 0 comments Download
D third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/child-src/worker-shared-allowed-expected.txt View 1 1 chunk +0 lines, -10 lines 0 comments Download
D third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/child-src/worker-shared-blocked.html View 1 1 chunk +0 lines, -14 lines 0 comments Download
D third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/child-src/worker-shared-blocked-expected.txt View 1 2 3 1 chunk +0 lines, -12 lines 0 comments Download
D third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/service-worker-allowed.html View 1 chunk +0 lines, -14 lines 0 comments Download
D third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/service-worker-blocked.html View 1 chunk +0 lines, -15 lines 0 comments Download
D third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/service-worker-blocked-expected.txt View 1 2 3 1 chunk +0 lines, -6 lines 0 comments Download
D third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/worker-blob-inherits-csp.html View 1 1 chunk +0 lines, -24 lines 0 comments Download
D third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/worker-blob-inherits-csp-expected.txt View 1 1 chunk +0 lines, -6 lines 0 comments Download
D third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/worker-script-src.html View 1 1 chunk +0 lines, -22 lines 0 comments Download
D third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/worker-script-src-expected.txt View 1 1 chunk +0 lines, -2 lines 0 comments Download
D third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/worker-src/dedicated-child.html View 1 chunk +0 lines, -13 lines 0 comments Download
M third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/worker-src/dedicated-fallback.html View 1 2 3 4 5 1 chunk +0 lines, -13 lines 0 comments Download
D third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/worker-src/dedicated-list.html View 1 2 3 4 5 1 chunk +0 lines, -13 lines 0 comments Download
D third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/worker-src/dedicated-none.html View 1 2 3 4 5 1 chunk +0 lines, -13 lines 0 comments Download
D third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/worker-src/dedicated-self.html View 1 2 3 4 5 1 chunk +0 lines, -9 lines 0 comments Download
D third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/worker-src/service-child.html View 1 chunk +0 lines, -10 lines 0 comments Download
M third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/worker-src/service-fallback.html View 1 2 3 4 5 1 chunk +0 lines, -9 lines 0 comments Download
D third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/worker-src/service-list.html View 1 2 3 4 5 1 chunk +0 lines, -9 lines 0 comments Download
D third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/worker-src/service-none.html View 1 2 3 4 5 1 chunk +0 lines, -9 lines 0 comments Download
D third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/worker-src/service-self.html View 1 2 3 4 5 1 chunk +0 lines, -9 lines 0 comments Download
D third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/worker-src/shared-child.html View 1 chunk +0 lines, -13 lines 0 comments Download
M third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/worker-src/shared-fallback.html View 1 2 3 4 5 1 chunk +0 lines, -13 lines 0 comments Download
D third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/worker-src/shared-list.html View 1 2 3 4 5 1 chunk +0 lines, -13 lines 0 comments Download
D third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/worker-src/shared-none.html View 1 2 3 4 5 1 chunk +0 lines, -13 lines 0 comments Download
D third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/worker-src/shared-self.html View 1 2 3 4 5 1 chunk +0 lines, -10 lines 0 comments Download
M third_party/WebKit/Source/core/frame/Deprecation.cpp View 1 2 3 4 5 1 chunk +5 lines, -0 lines 1 comment Download
M third_party/WebKit/Source/core/frame/UseCounter.h View 1 2 3 4 5 1 chunk +1 line, -0 lines 0 comments Download
M third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.cpp View 1 2 3 4 5 4 chunks +36 lines, -12 lines 0 comments Download
M third_party/WebKit/Source/core/frame/csp/CSPDirectiveListTest.cpp View 1 2 3 4 8 chunks +87 lines, -17 lines 0 comments Download
M tools/metrics/histograms/histograms.xml View 1 2 3 4 5 1 chunk +1 line, -0 lines 0 comments Download

Dependent Patchsets:

Messages

Total messages: 47 (35 generated)
Mike West
Jochen, Emily, would you mind reviewing this patch? I'll send out an update to the ...
2 years, 5 months ago (2016-11-29 15:44:41 UTC) #4
Mike West
https://codereview.chromium.org/2533313002/diff/1/third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.cpp File third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.cpp (right): https://codereview.chromium.org/2533313002/diff/1/third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.cpp#newcode790 third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.cpp:790: if (!checkSource(workerSrc, url, redirectStatus) && !m_workerSrc) { Bah. This ...
2 years, 5 months ago (2016-11-29 17:05:14 UTC) #7
estark
https://codereview.chromium.org/2533313002/diff/1/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/worker-src/dedicated-fallback.html File third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/worker-src/dedicated-fallback.html (right): https://codereview.chromium.org/2533313002/diff/1/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/worker-src/dedicated-fallback.html#newcode5 third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/worker-src/dedicated-fallback.html:5: <meta http-equiv="Content-Security-Policy" content="worker-src http://127.0.0.1:8000 blob:; script-src 'unsafe-inline' 'http://example.test:8000'"> No ...
2 years, 5 months ago (2016-11-29 22:01:17 UTC) #8
Mike West
Thanks, Emily! https://codereview.chromium.org/2533313002/diff/1/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/worker-src/dedicated-fallback.html File third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/worker-src/dedicated-fallback.html (right): https://codereview.chromium.org/2533313002/diff/1/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/worker-src/dedicated-fallback.html#newcode5 third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/worker-src/dedicated-fallback.html:5: <meta http-equiv="Content-Security-Policy" content="worker-src http://127.0.0.1:8000 blob:; script-src 'unsafe-inline' ...
2 years, 5 months ago (2016-11-30 12:34:31 UTC) #15
jochen (gone - plz use gerrit)
i'll stamp once Emily is happy and the intent is approved
2 years, 5 months ago (2016-11-30 15:30:04 UTC) #18
estark
lgtm assuming 1.) the I2S gets approved, 2.) the discussion with Brian Smith resolves in ...
2 years, 5 months ago (2016-12-01 05:16:56 UTC) #19
Mike West
I've rebased this onto ToT, and killed off our layout tests in favor of relying ...
2 years, 2 months ago (2017-03-17 12:11:45 UTC) #29
Mike West
+Andy
2 years, 2 months ago (2017-03-17 12:26:55 UTC) #33
jochen (gone - plz use gerrit)
lgtm
2 years, 2 months ago (2017-03-20 07:11:51 UTC) #38
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.org/2533313002/100001
2 years, 2 months ago (2017-03-20 08:42:53 UTC) #42
commit-bot: I haz the power
Committed patchset #6 (id:100001) as https://chromium.googlesource.com/chromium/src/+/d8cc69507968d87cea7eeefc39c0dae78f960879
2 years, 2 months ago (2017-03-20 08:56:24 UTC) #45
foolip
1 year, 11 months ago (2017-06-16 08:00:46 UTC) #47
Message was sent while issue was closed.
https://codereview.chromium.org/2533313002/diff/100001/third_party/WebKit/Sou...
File third_party/WebKit/Source/core/frame/Deprecation.cpp (right):

https://codereview.chromium.org/2533313002/diff/100001/third_party/WebKit/Sou...
third_party/WebKit/Source/core/frame/Deprecation.cpp:435: M60,
"5922594955984896");
We're now at M61, can this be removed and merged back?

Powered by Google App Engine
This is Rietveld 408576698