| Index: Source/modules/websockets/DOMWebSocket.cpp
|
| diff --git a/Source/modules/websockets/DOMWebSocket.cpp b/Source/modules/websockets/DOMWebSocket.cpp
|
| index f0e838f89b5a47017d009e12986a6e7712d9c05b..3a0dc2d0c6114fd7306c493c12c72ed15146db4b 100644
|
| --- a/Source/modules/websockets/DOMWebSocket.cpp
|
| +++ b/Source/modules/websockets/DOMWebSocket.cpp
|
| @@ -297,12 +297,7 @@ void DOMWebSocket::connect(const String& url, const Vector<String>& protocols, E
|
| }
|
|
|
| // FIXME: Convert this to check the isolated world's Content Security Policy once webkit.org/b/104520 is solved.
|
| - bool shouldBypassMainWorldCSP = false;
|
| - if (executionContext()->isDocument()) {
|
| - Document* document = toDocument(executionContext());
|
| - shouldBypassMainWorldCSP = document->frame()->script().shouldBypassMainWorldCSP();
|
| - }
|
| - if (!shouldBypassMainWorldCSP && !executionContext()->contentSecurityPolicy()->allowConnectToSource(m_url)) {
|
| + if (!ContentSecurityPolicy::shouldBypassMainWorld(executionContext()) && !executionContext()->contentSecurityPolicy()->allowConnectToSource(m_url)) {
|
| m_state = CLOSED;
|
| // The URL is safe to expose to JavaScript, as this check happens synchronously before redirection.
|
| exceptionState.throwSecurityError("Refused to connect to '" + m_url.elidedString() + "' because it violates the document's Content Security Policy.");
|
|
|
Chromium Code Reviews
Issue 785933005:
Check that ExecutionContext and LocalFrame pointers are not null before getting shouldBypassMainWor… (Closed)
Base URL: https://chromium.googlesource.com/chromium/blink.git@master