Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(191)

Issue 2754303002: Revert of PlzNavigate: Enforce 'frame-src' CSP on the browser. (Closed)

Created:
3 years, 9 months ago by nektarios
Modified:
3 years, 9 months ago
CC:
chromium-reviews, jam, nasko+codewatch_chromium.org, darin-cc_chromium.org, creis+watch_chromium.org, Mike West, clamy
Target Ref:
refs/pending/heads/master
Project:
chromium
Visibility:
Public.

Description

Revert of PlzNavigate: Enforce 'frame-src' CSP on the browser. (patchset #23 id:790001 of https://codereview.chromium.org/2655463006/ ) Reason for revert: Possibly broke browser_side_navigation_content_browsertests. https://luci-logdog.appspot.com/v/?s=chromium%2Fbb%2Fchromium.win%2FWin10_Tests_x64%2F9276%2F%2B%2Frecipes%2Fsteps%2Fbrowser_side_navigation_content_browsertests_on_Windows-10-10586%2F0%2Flogs%2FSitePerProcessBrowserTest.CrossSiteIframeBlockedByParentCSPFromHeaders%2F0 Original issue's description: > PlzNavigate: Enforce frame-src CSP on the browser. > > Use a NavigationThrottle to check infringement of the 'frame-src' on the > browser-side. Before this patch, a redirect during the navigation could > led to a child frame to be displayed inside its parent, even if it was > disallowed by its parent. > > BUG=685074 > CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_site_isolation;master.tryserver.chromium.linux:linux_site_isolation,linux_chromium_browser_side_navigation_rel > > Review-Url: https://codereview.chromium.org/2655463006 > Cr-Commit-Position: refs/heads/master@{#457757} > Committed: https://chromium.googlesource.com/chromium/src/+/1e3b610bfff1acd060ed8b3f595344402b833bad TBR=nasko@chromium.org,alexmos@chromium.org,clamy@chromium.org,creis@chromium.org,nick@chromium.org,dcheng@chromium.org,arthursonzogni@chromium.org # Skipping CQ checks because original CL landed less than 1 days ago. NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG=685074 Review-Url: https://codereview.chromium.org/2754303002 Cr-Commit-Position: refs/heads/master@{#457779} Committed: https://chromium.googlesource.com/chromium/src/+/7f16902912f645e4d87da2b4c90bf39b52bb9579

Patch Set 1 #

Unified diffs Side-by-side diffs Delta from patch set Stats (+196 lines, -628 lines) Patch
M chrome/test/data/extensions/api_test/sandboxed_pages_csp/sandboxed.html View 2 chunks +13 lines, -19 lines 0 comments Download
M content/browser/frame_host/ancestor_throttle.h View 2 chunks +0 lines, -5 lines 0 comments Download
M content/browser/frame_host/ancestor_throttle.cc View 2 chunks +0 lines, -39 lines 0 comments Download
M content/browser/frame_host/frame_tree_node.h View 3 chunks +8 lines, -2 lines 0 comments Download
M content/browser/frame_host/frame_tree_node.cc View 1 chunk +7 lines, -4 lines 0 comments Download
M content/browser/frame_host/interstitial_page_navigator_impl.cc View 1 chunk +9 lines, -9 lines 0 comments Download
M content/browser/frame_host/navigation_entry_impl.cc View 1 chunk +1 line, -2 lines 0 comments Download
M content/browser/frame_host/navigation_handle_impl.h View 4 chunks +2 lines, -13 lines 0 comments Download
M content/browser/frame_host/navigation_handle_impl.cc View 3 chunks +4 lines, -7 lines 0 comments Download
M content/browser/frame_host/navigation_handle_impl_unittest.cc View 1 chunk +1 line, -2 lines 0 comments Download
M content/browser/frame_host/navigation_request.cc View 1 chunk +6 lines, -8 lines 0 comments Download
M content/browser/frame_host/navigator_impl.cc View 3 chunks +3 lines, -5 lines 0 comments Download
M content/browser/frame_host/render_frame_host_impl.h View 6 chunks +8 lines, -19 lines 0 comments Download
M content/browser/frame_host/render_frame_host_impl.cc View 6 chunks +4 lines, -40 lines 0 comments Download
M content/browser/site_per_process_browsertest.cc View 4 chunks +28 lines, -82 lines 0 comments Download
M content/common/content_security_policy/content_security_policy.cc View 3 chunks +6 lines, -8 lines 0 comments Download
M content/common/content_security_policy/csp_context.h View 2 chunks +15 lines, -59 lines 0 comments Download
M content/common/content_security_policy/csp_context.cc View 2 chunks +14 lines, -32 lines 0 comments Download
M content/common/content_security_policy/csp_context_unittest.cc View 2 chunks +17 lines, -18 lines 0 comments Download
D content/common/content_security_policy/csp_disposition_enum.h View 1 chunk +0 lines, -19 lines 0 comments Download
M content/common/content_security_policy/csp_source_list.cc View 1 chunk +1 line, -1 line 0 comments Download
M content/common/frame_messages.h View 5 chunks +1 line, -21 lines 0 comments Download
M content/common/navigation_params.h View 3 chunks +3 lines, -13 lines 0 comments Download
M content/common/navigation_params.cc View 3 chunks +3 lines, -6 lines 0 comments Download
M content/public/browser/navigation_handle.cc View 1 chunk +4 lines, -4 lines 0 comments Download
M content/public/test/render_view_test.cc View 2 chunks +2 lines, -4 lines 0 comments Download
M content/renderer/content_security_policy_util.h View 1 chunk +6 lines, -11 lines 0 comments Download
M content/renderer/content_security_policy_util.cc View 2 chunks +1 line, -21 lines 0 comments Download
M content/renderer/render_frame_impl.h View 2 chunks +0 lines, -3 lines 0 comments Download
M content/renderer/render_frame_impl.cc View 4 chunks +1 line, -16 lines 0 comments Download
M third_party/WebKit/LayoutTests/FlagExpectations/enable-browser-side-navigation View 1 chunk +6 lines, -13 lines 0 comments Download
M third_party/WebKit/Source/core/frame/LocalFrameClient.h View 1 chunk +1 line, -3 lines 0 comments Download
M third_party/WebKit/Source/core/loader/EmptyClients.h View 1 chunk +7 lines, -9 lines 0 comments Download
M third_party/WebKit/Source/core/loader/EmptyClients.cpp View 1 chunk +1 line, -2 lines 0 comments Download
M third_party/WebKit/Source/core/loader/FrameLoader.cpp View 2 chunks +4 lines, -13 lines 0 comments Download
M third_party/WebKit/Source/web/LocalFrameClientImpl.h View 1 chunk +7 lines, -9 lines 0 comments Download
M third_party/WebKit/Source/web/LocalFrameClientImpl.cpp View 2 chunks +1 line, -7 lines 0 comments Download
M third_party/WebKit/Source/web/WebLocalFrameImpl.h View 2 chunks +0 lines, -3 lines 0 comments Download
M third_party/WebKit/Source/web/WebLocalFrameImpl.cpp View 1 chunk +0 lines, -28 lines 0 comments Download
M third_party/WebKit/public/platform/WebContentSecurityPolicy.h View 1 chunk +0 lines, -7 lines 0 comments Download
M third_party/WebKit/public/platform/WebContentSecurityPolicyStruct.h View 2 chunks +0 lines, -30 lines 0 comments Download
M third_party/WebKit/public/web/WebFrameClient.h View 3 chunks +1 line, -6 lines 0 comments Download
M third_party/WebKit/public/web/WebLocalFrame.h View 2 chunks +0 lines, -6 lines 0 comments Download

Messages

Total messages: 6 (3 generated)
nektarios
Created Revert of PlzNavigate: Enforce 'frame-src' CSP on the browser.
3 years, 9 months ago (2017-03-17 15:46:56 UTC) #2
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.org/2754303002/1
3 years, 9 months ago (2017-03-17 15:47:22 UTC) #3
commit-bot: I haz the power
3 years, 9 months ago (2017-03-17 15:50:14 UTC) #6
Message was sent while issue was closed.
Committed patchset #1 (id:1) as
https://chromium.googlesource.com/chromium/src/+/7f16902912f645e4d87da2b4c90b...

Powered by Google App Engine
This is Rietveld 408576698