Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(373)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 730203007: CSP: Permit exempting schemes only for certain policy areas. (Closed)

Created:
6 years, 1 month ago by jbroman
Modified:
6 years, 1 month ago
Reviewers:
Tom Sepez, *Mike West
CC:
blink-reviews, mkwst+watchlist-csp_chromium.org, dglazkov+blink, arv+blink, Inactive
Project:
blink
Visibility:
Public.

Description

CSP: Permit exempting schemes only for certain policy areas. Only the image and style policy areas are included in this CL, but the approach can be easily extended to other policy areas if desired. BUG=414849 TEST=http/tests/security/contentSecurityPolicy, blink_platform_unittests:SchemeRegistryTest.* Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=185554

Patch Set 1 #

Patch Set 2 : #

Patch Set 3 : #

Total comments: 5

Patch Set 4 : deflake expectStyleLoad #

Patch Set 5 : add ASSERT(policyAreas != PolicyAreaNone) #

Total comments: 1

Patch Set 6 : AssertMatchingEnums #

Unified diffs Side-by-side diffs Delta from patch set Stats (+260 lines, -34 lines) Patch
A LayoutTests/http/tests/security/contentSecurityPolicy/register-bypassing-scheme-partial.html View 1 2 3 1 chunk +84 lines, -0 lines 0 comments Download
A LayoutTests/http/tests/security/contentSecurityPolicy/register-bypassing-scheme-partial-expected.txt View 1 2 3 1 chunk +29 lines, -0 lines 0 comments Download
M Source/core/frame/csp/ContentSecurityPolicy.cpp View 1 chunk +4 lines, -0 lines 0 comments Download
M Source/core/testing/Internals.h View 1 chunk +1 line, -0 lines 0 comments Download
M Source/core/testing/Internals.cpp View 1 chunk +13 lines, -0 lines 0 comments Download
M Source/core/testing/Internals.idl View 1 chunk +1 line, -0 lines 0 comments Download
M Source/platform/blink_platform.gypi View 1 chunk +1 line, -0 lines 0 comments Download
M Source/platform/weborigin/SchemeRegistry.h View 1 2 3 4 5 2 chunks +17 lines, -4 lines 0 comments Download
M Source/platform/weborigin/SchemeRegistry.cpp View 1 2 3 4 12 chunks +32 lines, -30 lines 0 comments Download
A Source/platform/weborigin/SchemeRegistryTest.cpp View 1 chunk +54 lines, -0 lines 0 comments Download
M Source/web/AssertMatchingEnums.cpp View 1 2 3 4 5 3 chunks +7 lines, -0 lines 0 comments Download
M Source/web/WebSecurityPolicy.cpp View 1 chunk +5 lines, -0 lines 0 comments Download
M public/web/WebSecurityPolicy.h View 1 2 3 4 5 1 chunk +12 lines, -0 lines 0 comments Download

Messages

Total messages: 18 (5 generated)
jbroman
As discussed on https://codereview.chromium.org/647853002/. If this LGTY, I can modify that CL to only whitelist ...
6 years, 1 month ago (2014-11-18 19:11:32 UTC) #3
Tom Sepez
https://codereview.chromium.org/730203007/diff/40001/LayoutTests/http/tests/security/contentSecurityPolicy/register-bypassing-scheme-partial.html File LayoutTests/http/tests/security/contentSecurityPolicy/register-bypassing-scheme-partial.html (right): https://codereview.chromium.org/730203007/diff/40001/LayoutTests/http/tests/security/contentSecurityPolicy/register-bypassing-scheme-partial.html#newcode40 LayoutTests/http/tests/security/contentSecurityPolicy/register-bypassing-scheme-partial.html:40: setTimeout(function() { We may have to leave <link> uncovered ...
6 years, 1 month ago (2014-11-18 19:35:54 UTC) #4
Tom Sepez
> (~ContentSecurityPolicyBypassingSchemes().get(scheme) & policyAreas) == 0; > nit: I thought this would be: > > ...
6 years, 1 month ago (2014-11-18 19:46:35 UTC) #5
Tom Sepez
https://codereview.chromium.org/730203007/diff/40001/Source/platform/weborigin/SchemeRegistry.cpp File Source/platform/weborigin/SchemeRegistry.cpp (right): https://codereview.chromium.org/730203007/diff/40001/Source/platform/weborigin/SchemeRegistry.cpp#newcode311 Source/platform/weborigin/SchemeRegistry.cpp:311: if (scheme.isEmpty()) Should we assert policyAreas != 0?
6 years, 1 month ago (2014-11-18 19:49:35 UTC) #6
Tom Sepez
On 2014/11/18 19:46:35, Tom Sepez wrote: > > (~ContentSecurityPolicyBypassingSchemes().get(scheme) & policyAreas) == 0; > > ...
6 years, 1 month ago (2014-11-18 19:49:45 UTC) #7
Tom Sepez
On 2014/11/18 19:46:35, Tom Sepez wrote: > > (~ContentSecurityPolicyBypassingSchemes().get(scheme) & policyAreas) == 0; > > ...
6 years, 1 month ago (2014-11-18 19:49:45 UTC) #8
jbroman
On 2014/11/18 19:49:45, Tom Sepez wrote: > On 2014/11/18 19:46:35, Tom Sepez wrote: > > ...
6 years, 1 month ago (2014-11-18 20:02:04 UTC) #9
Tom Sepez
LGTM. Nice.
6 years, 1 month ago (2014-11-18 20:21:24 UTC) #10
Mike West
I like it. LGTM % comment. https://codereview.chromium.org/730203007/diff/80001/public/web/WebSecurityPolicy.h File public/web/WebSecurityPolicy.h (right): https://codereview.chromium.org/730203007/diff/80001/public/web/WebSecurityPolicy.h#newcode71 public/web/WebSecurityPolicy.h:71: // This enum ...
6 years, 1 month ago (2014-11-18 20:35:46 UTC) #11
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/730203007/100001
6 years, 1 month ago (2014-11-18 20:53:40 UTC) #13
commit-bot: I haz the power
Try jobs failed on following builders: linux_blink_rel on tryserver.blink (http://build.chromium.org/p/tryserver.blink/builders/linux_blink_rel/builds/34261)
6 years, 1 month ago (2014-11-18 21:11:49 UTC) #15
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/730203007/100001
6 years, 1 month ago (2014-11-18 22:09:21 UTC) #17
commit-bot: I haz the power
6 years, 1 month ago (2014-11-18 23:29:48 UTC) #18
Message was sent while issue was closed. 
Committed patchset #6 (id:100001) as
https://src.chromium.org/viewvc/blink?view=rev&revision=185554

Powered by Google App Engine
This is Rietveld 408576698