CSP: Don't override the location set in reportViolationWithLocation.
When a CSP violation is reported through reportViolationWithLocation,
the |contextLine| provided was always replaced in
gatherSecurityPolicyViolationEventData by the current context's line
number.
What does this CL?
* Transmit the full source location in ReportViolation instead of only
the line number.
* When a source location is provided, it is always used, never replaced.
Review-Url: https://codereview.chromium.org/2785463002
Cr-Commit-Position: refs/heads/master@{#460334}
Committed: https://chromium.googlesource.com/chromium/src/+/a9b00b963270f09b359251568257001734442383
Dry run: Try jobs failed on following builders: chromeos_daisy_chromium_compile_only_ng on master.tryserver.chromium.linux (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.linux/builders/chromeos_daisy_chromium_compile_only_ng/builds/307368)
3 years, 8 months ago
(2017-03-28 12:36:43 UTC)
#7
Dry run: Try jobs failed on following builders: chromeos_daisy_chromium_compile_only_ng on master.tryserver.chromium.linux (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.linux/builders/chromeos_daisy_chromium_compile_only_ng/builds/307389)
3 years, 8 months ago
(2017-03-28 13:17:37 UTC)
#12
Hi Mike, Please take a look! I did this CL to add the |sourceLocation| parameter ...
3 years, 8 months ago
(2017-03-28 15:32:38 UTC)
#16
Hi Mike,
Please take a look!
I did this CL to add the |sourceLocation| parameter to the reportViolation
method in ContentSecurityPolicy. Only the line number of the source location was
transmitted before.
I make use of it in the latest patchset in:
https://codereview.chromium.org/2761153003/
I think I have found a problem in the code. Even if the |contextLine| is
provided to the function, the context's line number is used instead. It looks
weird. I fixed it. Some layout test expectations have changed because of that.
Let me know if you think it is a bug or something done on purpose ;-)
commit-bot: I haz the power
The CQ bit was unchecked by commit-bot@chromium.org
3 years, 8 months ago
(2017-03-28 16:26:22 UTC)
#17
CQ is committing da patch. Bot data: {"patchset_id": 60001, "attempt_start_ts": 1490779858918530, "parent_rev": "d392fbe7235460ea17422fa98af5084698867afe", "commit_rev": "a9b00b963270f09b359251568257001734442383"}
3 years, 8 months ago
(2017-03-29 09:37:15 UTC)
#22
CQ is committing da patch.
Bot data: {"patchset_id": 60001, "attempt_start_ts": 1490779858918530,
"parent_rev": "d392fbe7235460ea17422fa98af5084698867afe", "commit_rev":
"a9b00b963270f09b359251568257001734442383"}
commit-bot: I haz the power
Description was changed from ========== CSP: Don't override the location set in reportViolationWithLocation. When a ...
3 years, 8 months ago
(2017-03-29 09:38:11 UTC)
#23
Message was sent while issue was closed.
Description was changed from
==========
CSP: Don't override the location set in reportViolationWithLocation.
When a CSP violation is reported through reportViolationWithLocation,
the |contextLine| provided was always replaced in
gatherSecurityPolicyViolationEventData by the current context's line
number.
What does this CL?
* Transmit the full source location in ReportViolation instead of only
the line number.
* When a source location is provided, it is always used, never replaced.
==========
to
==========
CSP: Don't override the location set in reportViolationWithLocation.
When a CSP violation is reported through reportViolationWithLocation,
the |contextLine| provided was always replaced in
gatherSecurityPolicyViolationEventData by the current context's line
number.
What does this CL?
* Transmit the full source location in ReportViolation instead of only
the line number.
* When a source location is provided, it is always used, never replaced.
Review-Url: https://codereview.chromium.org/2785463002
Cr-Commit-Position: refs/heads/master@{#460334}
Committed:
https://chromium.googlesource.com/chromium/src/+/a9b00b963270f09b359251568257...
==========
commit-bot: I haz the power
Committed patchset #2 (id:60001) as https://chromium.googlesource.com/chromium/src/+/a9b00b963270f09b359251568257001734442383
3 years, 8 months ago
(2017-03-29 09:38:12 UTC)
#24
Issue 2785463002: CSP: Don't override the location set in reportViolationWithLocation.
(Closed)
Created 3 years, 8 months ago by arthursonzogni
Modified 3 years, 8 months ago
Reviewers: Mike West
Base URL:
Comments: 0