Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(15)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 563473002: CSP: Move parsing a document's CSP to DocumentLoader::responseReceived. (Closed)

Created:
6 years, 3 months ago by Mike West
Modified:
6 years, 3 months ago
CC:
blink-reviews, gavinp+loader_chromium.org, Nate Chapin, mkwst+watchlist_chromium.org
Project:
blink
Visibility:
Public.

Description

CSP: Move parsing a document's CSP to DocumentLoader::responseReceived. This patch moves CSP generation out of FrameLoader and into DocumentLoader in order to ensure that the 'frame-ancestors' directive can properly block loading a document. The current implementation checks too late in the loading process. The new implementation works, with the caveat that it breaks both console messages and violation reports. Since we have no ExecutionContext, we have nothing to dump console messages into. This work will be covered in https://crbug.com/412725 BUG=411889, 411600, 357462 Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=181814

Patch Set 1 #

Patch Set 2 : Rebase. #

Total comments: 1
Unified diffs Side-by-side diffs Delta from patch set Stats (+103 lines, -70 lines) Patch
M LayoutTests/TestExpectations View 1 1 chunk +0 lines, -14 lines 0 comments Download
M LayoutTests/http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/frame-ancestors-nested-cross-in-cross-none-block-expected.txt View 2 chunks +4 lines, -1 line 0 comments Download
M LayoutTests/http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/frame-ancestors-nested-cross-in-cross-self-block-expected.txt View 2 chunks +4 lines, -1 line 0 comments Download
M LayoutTests/http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/frame-ancestors-nested-cross-in-cross-url-block-expected.txt View 2 chunks +4 lines, -1 line 0 comments Download
M LayoutTests/http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/frame-ancestors-nested-cross-in-same-none-block-expected.txt View 2 chunks +4 lines, -1 line 0 comments Download
M LayoutTests/http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/frame-ancestors-nested-cross-in-same-self-block-expected.txt View 2 chunks +4 lines, -1 line 0 comments Download
M LayoutTests/http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/frame-ancestors-nested-cross-in-same-url-block-expected.txt View 2 chunks +4 lines, -1 line 0 comments Download
M LayoutTests/http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/frame-ancestors-nested-same-in-cross-none-block-expected.txt View 2 chunks +4 lines, -1 line 0 comments Download
M LayoutTests/http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/frame-ancestors-nested-same-in-cross-self-block-expected.txt View 2 chunks +4 lines, -1 line 0 comments Download
M LayoutTests/http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/frame-ancestors-nested-same-in-cross-url-block-expected.txt View 2 chunks +4 lines, -1 line 0 comments Download
M LayoutTests/http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/frame-ancestors-nested-same-in-same-none-block-expected.txt View 2 chunks +4 lines, -1 line 0 comments Download
M LayoutTests/http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/frame-ancestors-nested-same-in-same-url-block-expected.txt View 2 chunks +4 lines, -1 line 0 comments Download
M LayoutTests/http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/frame-ancestors-none-block-expected.txt View 2 chunks +4 lines, -1 line 0 comments Download
M LayoutTests/http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/frame-ancestors-self-block-expected.txt View 2 chunks +4 lines, -1 line 0 comments Download
M LayoutTests/http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/frame-ancestors-url-block.html View 1 chunk +2 lines, -2 lines 0 comments Download
M LayoutTests/http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/frame-ancestors-url-block-expected.txt View 2 chunks +2 lines, -2 lines 0 comments Download
M Source/core/frame/csp/ContentSecurityPolicy.h View 1 1 chunk +1 line, -0 lines 0 comments Download
M Source/core/frame/csp/ContentSecurityPolicy.cpp View 1 2 chunks +13 lines, -0 lines 1 comment Download
M Source/core/loader/DocumentLoader.h View 1 4 chunks +6 lines, -0 lines 0 comments Download
M Source/core/loader/DocumentLoader.cpp View 1 3 chunks +26 lines, -12 lines 0 comments Download
M Source/core/loader/FrameLoader.cpp View 1 3 chunks +1 line, -27 lines 0 comments Download

Messages

Total messages: 9 (3 generated)
Mike West
Would one of you fine folks mind taking a look? This patch depends on https://codereview.chromium.org/561693002/ ...
6 years, 3 months ago (2014-09-10 11:04:02 UTC) #3
Mike West
Required patches landed, bots are mostly happy. Would one of you mind taking a look? ...
6 years, 3 months ago (2014-09-11 12:21:59 UTC) #4
jochen (gone - plz use gerrit)
lgtm, but please consider updating the CSPSource ctor :) https://codereview.chromium.org/563473002/diff/20001/Source/core/frame/csp/ContentSecurityPolicy.cpp File Source/core/frame/csp/ContentSecurityPolicy.cpp (right): https://codereview.chromium.org/563473002/diff/20001/Source/core/frame/csp/ContentSecurityPolicy.cpp#newcode265 Source/core/frame/csp/ContentSecurityPolicy.cpp:265: ...
6 years, 3 months ago (2014-09-11 12:49:44 UTC) #5
Mike West
On 2014/09/11 12:49:44, jochen wrote: > lgtm, but please consider updating the CSPSource ctor :) ...
6 years, 3 months ago (2014-09-11 12:51:17 UTC) #6
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patchset/563473002/20001
6 years, 3 months ago (2014-09-11 12:52:35 UTC) #8
commit-bot: I haz the power
6 years, 3 months ago (2014-09-11 12:57:32 UTC) #9
Message was sent while issue was closed. 
Committed patchset #2 (id:20001) as 181814

Powered by Google App Engine
This is Rietveld 408576698