| Index: third_party/WebKit/Source/core/frame/LocalDOMWindow.cpp
|
| diff --git a/third_party/WebKit/Source/core/frame/LocalDOMWindow.cpp b/third_party/WebKit/Source/core/frame/LocalDOMWindow.cpp
|
| index 9007394cea928f54107e772671fd1fdf9d5ceaae..d9996e754ec66e953b6d43bf7771b41b4fd16245 100644
|
| --- a/third_party/WebKit/Source/core/frame/LocalDOMWindow.cpp
|
| +++ b/third_party/WebKit/Source/core/frame/LocalDOMWindow.cpp
|
| @@ -65,6 +65,7 @@
|
| #include "core/frame/Settings.h"
|
| #include "core/frame/SuspendableTimer.h"
|
| #include "core/frame/VisualViewport.h"
|
| +#include "core/frame/csp/ContentSecurityPolicy.h"
|
| #include "core/html/HTMLFrameOwnerElement.h"
|
| #include "core/input/EventHandler.h"
|
| #include "core/inspector/ConsoleMessage.h"
|
| @@ -703,6 +704,14 @@ void LocalDOMWindow::DispatchMessageEventWithOriginCheck(
|
| }
|
| }
|
|
|
| + KURL sender(kParsedURLString, static_cast<MessageEvent*>(event)->origin());
|
| + if (!document()->GetContentSecurityPolicy()->AllowConnectToSource(
|
| + sender, RedirectStatus::kNoRedirect,
|
| + SecurityViolationReportingPolicy::kSuppressReporting)) {
|
| + UseCounter::Count(
|
| + GetFrame(), UseCounter::kPostMessageIncomingWouldBeBlockedByConnectSrc);
|
| + }
|
| +
|
| DispatchEvent(event);
|
| }
|
|
|
|
|
Chromium Code Reviews
Issue 2873223003:
CSP: Measure the frequency of `postMessage` violating `connect-src` (Closed)
