Index: third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.cpp |
diff --git a/third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.cpp b/third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.cpp |
index 6b7bbc7b4f277e446097753857aaaea1d56499ee..d3a63a2f37e0fb9940067aa4ac934e29f7825013 100644 |
--- a/third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.cpp |
+++ b/third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.cpp |
@@ -760,12 +760,20 @@ bool CSPDirectiveList::allowBaseURI( |
const KURL& url, |
ResourceRequest::RedirectStatus redirectStatus, |
ContentSecurityPolicy::ReportingStatus reportingStatus) const { |
- return reportingStatus == ContentSecurityPolicy::SendReport |
- ? checkSourceAndReportViolation( |
- m_baseURI.get(), url, |
- ContentSecurityPolicy::DirectiveType::BaseURI, |
- redirectStatus) |
- : checkSource(m_baseURI.get(), url, redirectStatus); |
+ bool result = |
+ reportingStatus == ContentSecurityPolicy::SendReport |
+ ? checkSourceAndReportViolation( |
+ m_baseURI.get(), url, |
+ ContentSecurityPolicy::DirectiveType::BaseURI, redirectStatus) |
+ : checkSource(m_baseURI.get(), url, redirectStatus); |
+ |
+ if (result && |
+ !checkSource(operativeDirective(m_baseURI.get()), url, redirectStatus)) { |
+ UseCounter::count(m_policy->document(), |
+ UseCounter::BaseWouldBeBlockedByDefaultSrc); |
+ } |
+ |
+ return result; |
} |
bool CSPDirectiveList::allowWorkerFromSource( |