Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1354)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 2711363004: Revert of CSP: 'self' should work inside sandboxes. (Closed)

Created:
3 years, 10 months ago by Mike West
Modified:
3 years, 9 months ago
CC:
andypaicu, blink-reviews, chromium-reviews, mikispag
Target Ref:
refs/pending/heads/master
Project:
chromium
Visibility:
Public.

Description

Revert of CSP: 'self' should work inside sandboxes. (patchset #2 id:20001 of https://codereview.chromium.org/2699663002/ ) Reason for revert: I suspect that this breaks Synology's UI, which submits a form through an `about:blank` frame. Perhaps we're not persisting the fallback base URL correctly? BUG=695058 Original issue's description: > CSP: 'self' should work inside sandboxes. > > We ought to be looking at the URL of a sandboxed resource when resolving > the CSP source expression 'self'. Currently, we're looking at the origin > of the resource, which is generally correct, but fails if the resource > has been pushed into an opaque origin. > > This patch uses the fallback base URL of a document rather than its > origin to do the comparison. > > BUG=692475 > R=jochen@chromium.org > CC=andypaicu@chromium.org > > Review-Url: https://codereview.chromium.org/2699663002 > Cr-Commit-Position: refs/heads/master@{#451626} > Committed: https://chromium.googlesource.com/chromium/src/+/9d3329c4a3d3dd0ab85869b7de4d62a8e2797520 TBR=jochen@chromium.org # Not skipping CQ checks because original CL landed more than 1 days ago. BUG=692475 Review-Url: https://codereview.chromium.org/2711363004 Cr-Commit-Position: refs/heads/master@{#453091} Committed: https://chromium.googlesource.com/chromium/src/+/3a1bb4d2c8bd64fdf57558d2ff39a5f356597af4

Patch Set 1 #

Unified diffs Side-by-side diffs Delta from patch set Stats (+1 line, -59 lines) Patch
D third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/base-uri-self.html View 1 chunk +0 lines, -49 lines 0 comments Download
M third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp View 2 chunks +1 line, -8 lines 0 comments Download
M third_party/WebKit/Source/core/frame/csp/SourceListDirectiveTest.cpp View 2 chunks +0 lines, -2 lines 0 comments Download

Messages

Total messages: 6 (3 generated)
Mike West
Created Revert of CSP: 'self' should work inside sandboxes.
3 years, 10 months ago (2017-02-25 13:18:05 UTC) #2
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.org/2711363004/1
3 years, 10 months ago (2017-02-25 13:18:19 UTC) #3
commit-bot: I haz the power
3 years, 9 months ago (2017-02-25 14:46:02 UTC) #6
Message was sent while issue was closed. 
Committed patchset #1 (id:1) as
https://chromium.googlesource.com/chromium/src/+/3a1bb4d2c8bd64fdf57558d2ff39...

Powered by Google App Engine
This is Rietveld 408576698