Issue 2873223003: CSP: Measure the frequency of `postMessage` violating `connect-src` - Code Review

Chromium Code Reviews

chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out

(147)

My Issues | Starred Open | Closed | All

Issue 2873223003: CSP: Measure the frequency of `postMessage` violating `connect-src` (Closed)

Created:
3 years, 7 months ago by Mike West

Modified:
3 years, 7 months ago

Reviewers:
jochen (gone - plz use gerrit)

CC:
asvitkine+watch_chromium.org, blink-reviews, blink-reviews-frames_chromium.org, chromium-reviews

Target Ref:
refs/heads/master

Project:
chromium

Visibility:
Public.

More Reviews

Description

CSP: Measure the frequency of `postMessage` violating `connect-src` If we'd like to govern `postMessage` targeting via CSP, `connect-src` seems like the obvious route (perhaps with a `postmessage-src` hanging off of it, a la `script-src`/`worker-src`?). Let's see whether or not we have that option by evaluating the existing usage of both. Discussion in https://github.com/w3c/webappsec-csp/issues/117 R=jochen@chromium.org Review-Url: https://codereview.chromium.org/2873223003 Cr-Commit-Position: refs/heads/master@{#471300} Committed: https://chromium.googlesource.com/chromium/src/+/81f48952b66a6e79eb286297462381e08eda47ab

Patch Set 1 #

Patch Set 2 : Rebase. #

Created: 3 years, 7 months ago

Download [raw] [tar.bz2]

		Unified diffs	Side-by-side diffs	Delta from patch set	Stats (+21 lines, -0 lines)			Patch
	M	third_party/WebKit/Source/core/frame/DOMWindow.cpp	View		2 chunks	+8 lines, -0 lines	0 comments	Download
	M	third_party/WebKit/Source/core/frame/LocalDOMWindow.cpp	View		2 chunks	+9 lines, -0 lines	0 comments	Download
	M	third_party/WebKit/Source/core/frame/UseCounter.h	View	1	1 chunk	+2 lines, -0 lines	0 comments	Download
	M	tools/metrics/histograms/enums.xml	View	1	1 chunk	+2 lines, -0 lines	0 comments	Download

Messages

Total messages: 31 (17 generated)

Expand Messages | Collapse Messages | Show Generated Messages | Hide Generated Messages

commit-bot: I haz the power

CQ is trying da patch. Follow status at: https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.org/2873223003/1

3 years, 7 months ago (2017-05-10 08:55:54 UTC) #7

commit-bot: I haz the power

Try jobs failed on following builders: linux_chromium_rel_ng on master.tryserver.chromium.linux (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_rel_ng/builds/449822)

3 years, 7 months ago (2017-05-10 12:37:10 UTC) #9

commit-bot: I haz the power

CQ is trying da patch. Follow status at: https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.org/2873223003/1

3 years, 7 months ago (2017-05-10 13:16:55 UTC) #11

commit-bot: I haz the power

Try jobs failed on following builders: linux_chromium_rel_ng on master.tryserver.chromium.linux (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_rel_ng/builds/450001)

3 years, 7 months ago (2017-05-10 15:38:59 UTC) #13

commit-bot: I haz the power

CQ is trying da patch. Follow status at: https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.org/2873223003/1

3 years, 7 months ago (2017-05-11 10:56:41 UTC) #15

commit-bot: I haz the power

Try jobs failed on following builders: win_chromium_rel_ng on master.tryserver.chromium.win (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.win/builders/win_chromium_rel_ng/builds/441828)

3 years, 7 months ago (2017-05-11 12:58:12 UTC) #17

commit-bot: I haz the power

CQ is trying da patch. Follow status at: https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.org/2873223003/1

3 years, 7 months ago (2017-05-12 08:20:05 UTC) #19

commit-bot: I haz the power

Try jobs failed on following builders: win_chromium_rel_ng on master.tryserver.chromium.win (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.win/builders/win_chromium_rel_ng/builds/442868)

3 years, 7 months ago (2017-05-12 08:29:49 UTC) #21

commit-bot: I haz the power

CQ is trying da patch. Follow status at: https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.org/2873223003/20001

3 years, 7 months ago (2017-05-12 10:09:45 UTC) #24

commit-bot: I haz the power

Try jobs failed on following builders: mac_chromium_rel_ng on master.tryserver.chromium.mac (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.mac/builders/mac_chromium_rel_ng/builds/452004)

3 years, 7 months ago (2017-05-12 11:24:48 UTC) #26

commit-bot: I haz the power

CQ is trying da patch. Follow status at: https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.org/2873223003/20001

3 years, 7 months ago (2017-05-12 13:24:29 UTC) #28

commit-bot: I haz the power

3 years, 7 months ago (2017-05-12 15:30:26 UTC) #31

Message was sent while issue was closed.

Committed patchset #2 (id:20001) as
https://chromium.googlesource.com/chromium/src/+/81f48952b66a6e79eb2862974623...

Expand Messages | Collapse Messages | Show Generated Messages | Hide Generated Messages

Powered by Google App Engine

This is Rietveld 408576698