Issue 658073002: CSP: Fix protocolless 'frame-ancestor' source expressions.

Issue 658073002: CSP: Fix protocolless 'frame-ancestor' source expressions. (Closed)

Created:
6 years, 2 months ago by Mike West

Modified:
6 years, 2 months ago

Reviewers:
sof

CC:
blink-reviews, mkwst+watchlist_chromium.org

Base URL:
https://chromium.googlesource.com/chromium/blink.git@master

Project:
blink

Visibility:
Public.

More Reviews

Description

CSP: Fix protocolless 'frame-ancestor' source expressions. When checking 'frame-ancestor', we end up asking for the SecurityOrigin of the protected resource before we actually have a protected resource whose origin we could ask for. This, unsurprisingly, crashes. This patch adds a protocol property to the ContentSecurityPolicy object so that we can perform all the checks for source expressions that don't specify protocols without crashing the renderer. BUG=424074 R=jochen@chromium.org Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=183801

Patch Set 1 #

Created: 6 years, 2 months ago

Download [raw] [tar.bz2]

	Unified diffs	Side-by-side diffs	Stats (+13 lines, -11 lines)			Patch
A +	LayoutTests/http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/frame-ancestors-protocolless-allow.html	View	1 chunk	+2 lines, -2 lines	0 comments	Download
A +	LayoutTests/http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/frame-ancestors-protocolless-allow-expected.txt	View	3 chunks	+4 lines, -4 lines	0 comments	Download
M	Source/core/frame/csp/ContentSecurityPolicy.h	View	1 chunk	+1 line, -0 lines	0 comments	Download
M	Source/core/frame/csp/ContentSecurityPolicy.cpp	View	3 chunks	+6 lines, -5 lines	0 comments	Download