Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(211)

Issue 2679383003: Share schemes needed for CSP between the browser and the renderer. (Closed)

Created:
3 years, 10 months ago by arthursonzogni
Modified:
3 years, 10 months ago
Reviewers:
Mike West, esprehn, jam, nasko, brettw
CC:
blink-reviews, blink-reviews-api_chromium.org, chromium-apps-reviews_chromium.org, chromium-reviews, clamy, darin-cc_chromium.org, dglazkov+blink, extensions-reviews_chromium.org, jam, kinuko+watch
Target Ref:
refs/pending/heads/master
Project:
chromium
Visibility:
Public.

Description

Share schemes needed for CSP between the browser and the renderer. This CL is similar to this one: crrev.com/2623353002/ There is a list of scheme that bypasses the Content-Security-Policy. With this CL, this list is provided by content embedders instead of blink embedders. It will be used for checking CSP in the browser process. BUG=685074 Review-Url: https://codereview.chromium.org/2679383003 Cr-Commit-Position: refs/heads/master@{#449261} Committed: https://chromium.googlesource.com/chromium/src/+/eb73e4330ecb59905157b11ce20ca29345d9635e

Patch Set 1 #

Total comments: 5

Patch Set 2 : Nit #1 @nasko. #

Patch Set 3 : Rebase and fix conflict. #

Unified diffs Side-by-side diffs Delta from patch set Stats (+30 lines, -49 lines) Patch
M chrome/common/chrome_content_client.cc View 1 1 chunk +2 lines, -0 lines 0 comments Download
M content/common/url_schemes.cc View 1 1 chunk +3 lines, -0 lines 0 comments Download
M content/public/common/content_client.h View 1 1 chunk +1 line, -0 lines 0 comments Download
M extensions/renderer/dispatcher.cc View 1 chunk +0 lines, -5 lines 0 comments Download
M extensions/shell/common/shell_content_client.cc View 1 1 chunk +1 line, -0 lines 0 comments Download
M third_party/WebKit/Source/platform/weborigin/SchemeRegistry.h View 1 chunk +0 lines, -2 lines 0 comments Download
M third_party/WebKit/Source/platform/weborigin/SchemeRegistry.cpp View 1 1 chunk +4 lines, -0 lines 0 comments Download
M third_party/WebKit/Source/web/AssertMatchingEnums.cpp View 1 chunk +0 lines, -9 lines 0 comments Download
M third_party/WebKit/Source/web/WebSecurityPolicy.cpp View 1 chunk +0 lines, -12 lines 0 comments Download
M third_party/WebKit/public/web/WebSecurityPolicy.h View 1 chunk +0 lines, -21 lines 0 comments Download
M url/url_util.h View 1 2 1 chunk +5 lines, -0 lines 0 comments Download
M url/url_util.cc View 1 2 4 chunks +14 lines, -0 lines 0 comments Download

Messages

Total messages: 32 (20 generated)
arthursonzogni
This change will allow us to know which scheme should be bypassed for CSP on ...
3 years, 10 months ago (2017-02-08 13:59:22 UTC) #11
Mike West
I think the general idea of moving this registry out of Blink is a good ...
3 years, 10 months ago (2017-02-08 14:59:53 UTC) #13
nasko
> I also wonder whether it makes sense for //content to be blind to extensions ...
3 years, 10 months ago (2017-02-09 00:13:15 UTC) #15
jam1
On 2017/02/08 14:59:53, Mike West (sloooooow) wrote: > I think the general idea of moving ...
3 years, 10 months ago (2017-02-09 00:39:22 UTC) #16
brettw
lgtm
3 years, 10 months ago (2017-02-09 01:02:57 UTC) #17
Mike West
Ok, then. LGTM if y'all are happy. :)
3 years, 10 months ago (2017-02-09 06:31:25 UTC) #18
jam
lgtm for content/chrome/extensions
3 years, 10 months ago (2017-02-09 06:41:36 UTC) #20
arthursonzogni
All right, thanks for the review! https://codereview.chromium.org/2679383003/diff/1/content/public/common/content_client.h File content/public/common/content_client.h (right): https://codereview.chromium.org/2679383003/diff/1/content/public/common/content_client.h#newcode114 content/public/common/content_client.h:114: std::vector<std::string> bypassing_csp_schemes; On ...
3 years, 10 months ago (2017-02-09 09:15:53 UTC) #21
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.org/2679383003/40001
3 years, 10 months ago (2017-02-09 09:17:55 UTC) #24
commit-bot: I haz the power
Try jobs failed on following builders: ios-device-xcode-clang on master.tryserver.chromium.mac (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.mac/builders/ios-device-xcode-clang/builds/35710) ios-simulator on master.tryserver.chromium.mac (JOB_FAILED, ...
3 years, 10 months ago (2017-02-09 09:20:27 UTC) #26
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.org/2679383003/60001
3 years, 10 months ago (2017-02-09 09:48:04 UTC) #29
commit-bot: I haz the power
3 years, 10 months ago (2017-02-09 11:55:27 UTC) #32
Message was sent while issue was closed.
Committed patchset #3 (id:60001) as
https://chromium.googlesource.com/chromium/src/+/eb73e4330ecb59905157b11ce20c...

Powered by Google App Engine
This is Rietveld 408576698