Chromium Code Reviews
Help | Chromium Project | Gerrit Changes | Sign in
(37)

Issue 2937503002: CSP, PlzNavigate: make clear what happens with unique origins. (Closed)

Can't Edit
Can't Publish+Mail
Start Review
Created:
4 months, 1 week ago by arthursonzogni
Modified:
4 months ago
Reviewers:
Mike West
CC:
andypaicu, chromium-reviews, darin-cc_chromium.org, jam
Target Ref:
refs/heads/master
Project:
chromium
Visibility:
Public.

Description

CSP, PlzNavigate: make clear what happens with unique origins. This CL makes the decision that when the current origin is unique, no url can match 'self'. That was already the case before this CL, but now it is explicitly stated. It removes several methods and merges several attributes of CSPContext. The goal is to make it less easy to shoot ourself in the foot. A few tests are added too. BUG=692449, 694959 Review-Url: https://codereview.chromium.org/2937503002 Cr-Commit-Position: refs/heads/master@{#480427} Committed: https://chromium.googlesource.com/chromium/src/+/6f31c861309594a5b9c2b1b92c74bfc26abe24fd

Patch Set 1 #

Patch Set 2 : Add web platform tests. #

Unified diffs Side-by-side diffs Delta from patch set Stats (+166 lines, -65 lines) Patch
M content/common/content_security_policy/csp_context.h View 3 chunks +10 lines, -9 lines 0 comments Download
M content/common/content_security_policy/csp_context.cc View 3 chunks +8 lines, -31 lines 0 comments Download
M content/common/content_security_policy/csp_source.cc View 1 chunk +15 lines, -14 lines 0 comments Download
M content/common/content_security_policy/csp_source_list.cc View 2 chunks +13 lines, -6 lines 0 comments Download
M content/common/content_security_policy/csp_source_list_unittest.cc View 1 chunk +16 lines, -0 lines 0 comments Download
M content/common/content_security_policy/csp_source_unittest.cc View 1 chunk +6 lines, -5 lines 0 comments Download
A third_party/WebKit/LayoutTests/external/wpt/content-security-policy/frame-src/frame-src-self-unique-origin.html View 1 1 chunk +49 lines, -0 lines 0 comments Download
A third_party/WebKit/LayoutTests/external/wpt/content-security-policy/img-src/img-src-self-unique-origin.html View 1 1 chunk +49 lines, -0 lines 0 comments Download
Trybot results:  linux_chromium_chromeos_ozone_rel_ng   ios-device   chromeos_amd64-generic_chromium_compile_only_ng   linux_chromium_tsan_rel_ng   ios-simulator   chromium_presubmit   cast_shell_linux   win_chromium_rel_ng   mac_chromium_rel_ng   android_n5x_swarming_rel   android_clang_dbg_recipe   linux_chromium_compile_dbg_ng   win_clang   mac_chromium_compile_dbg_ng   linux_chromium_rel_ng   android_arm64_dbg_recipe   linux_android_rel_ng   cast_shell_android   win_chromium_compile_dbg_ng   linux_chromium_chromeos_rel_ng   linux_chromium_headless_rel   ios-simulator-xcode-clang   android_compile_dbg   ios-device-xcode-clang   chromeos_daisy_chromium_compile_only_ng   linux_chromium_asan_rel_ng   android_cronet   win_chromium_x64_rel_ng   linux_chromium_rel_ng   chromeos_amd64-generic_chromium_compile_only_ng   linux_chromium_chromeos_ozone_rel_ng   ios-simulator   linux_chromium_tsan_rel_ng   ios-device   cast_shell_linux   win_chromium_rel_ng   chromium_presubmit   android_clang_dbg_recipe   android_n5x_swarming_rel   mac_chromium_rel_ng   mac_chromium_compile_dbg_ng   win_clang   linux_chromium_compile_dbg_ng   cast_shell_android   android_arm64_dbg_recipe   linux_chromium_rel_ng   win_chromium_compile_dbg_ng   linux_chromium_headless_rel   linux_android_rel_ng   linux_chromium_chromeos_rel_ng   ios-device-xcode-clang   android_compile_dbg   ios-simulator-xcode-clang   linux_chromium_asan_rel_ng   chromeos_daisy_chromium_compile_only_ng   win_chromium_x64_rel_ng   android_cronet 
Commit queue not available (can’t edit this change).

Messages

Total messages: 27 (20 generated)
arthursonzogni
Hi Mike, Could you please review this? +CC andypaicu@ FYI
4 months, 1 week ago (2017-06-13 10:02:03 UTC) #11
Mike West
LGTM, if you add some layout tests in //third_party/WebKit/LayoutTests/external/wpt/content-security-policy/ to ensure that we're helping other ...
4 months, 1 week ago (2017-06-14 06:58:07 UTC) #12
arthursonzogni
On 2017/06/14 06:58:07, Mike West wrote: > LGTM, if you add some layout tests in ...
4 months, 1 week ago (2017-06-14 08:29:26 UTC) #13
arthursonzogni
Hi Mike, I added two new tests. Is it what you had in mind? Note: ...
4 months, 1 week ago (2017-06-14 15:38:02 UTC) #21
Mike West
lgtm
4 months ago (2017-06-19 12:21:35 UTC) #23
commit-bot: I haz the power
CQ is trying da patch. Follow status at: https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.org/2937503002/100001
4 months ago (2017-06-19 12:21:49 UTC) #24
commit-bot: I haz the power
4 months ago (2017-06-19 14:01:59 UTC) #27
Message was sent while issue was closed.
Committed patchset #2 (id:100001) as
https://chromium.googlesource.com/chromium/src/+/6f31c861309594a5b9c2b1b92c74...
Sign in to reply to this message.

Powered by Google App Engine
RSS Feeds Recent Issues | This issue
This is Rietveld 81bcdb8aa