Chromium Code Reviews (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out

Unified Diff: Source/core/page/EventSource.cpp

Issue 785933005: Check that ExecutionContext and LocalFrame pointers are not null before getting shouldBypassMainWor… (Closed) Base URL:
Patch Set: Fixed expectation file. Was empty Created 6 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
Index: Source/core/page/EventSource.cpp
diff --git a/Source/core/page/EventSource.cpp b/Source/core/page/EventSource.cpp
index f60aa0124e07284a3ead5d743b2124d399366025..feca3979f1c04da7dcd3b7e863a5001df12f6274 100644
--- a/Source/core/page/EventSource.cpp
+++ b/Source/core/page/EventSource.cpp
@@ -87,12 +87,7 @@ PassRefPtrWillBeRawPtr<EventSource> EventSource::create(ExecutionContext* contex
// FIXME: Convert this to check the isolated world's Content Security Policy once is solved.
- bool shouldBypassMainWorldCSP = false;
- if (context->isDocument()) {
- Document* document = toDocument(context);
- shouldBypassMainWorldCSP = document->frame()->script().shouldBypassMainWorldCSP();
- }
- if (!shouldBypassMainWorldCSP && !context->contentSecurityPolicy()->allowConnectToSource(fullURL)) {
+ if (!ContentSecurityPolicy::shouldBypassMainWorld(context) && !context->contentSecurityPolicy()->allowConnectToSource(fullURL)) {
// We can safely expose the URL to JavaScript, as this exception is generate synchronously before any redirects take place.
exceptionState.throwSecurityError("Refused to connect to '" + fullURL.elidedString() + "' because it violates the document's Content Security Policy.");
return nullptr;

Powered by Google App Engine
This is Rietveld 408576698