CSP, PlzNavigate: make clear what happens with unique origins

Desktop / Chromium - arthursonzogni [chromium.org] - 19 June 2017 10:01 EDT

This CL makes the decision that when the current origin is unique, no url can match 'self'. That was already the case before this CL, but now it is explicitly stated.

It removes several methods and merges several attributes of CSPContext. The goal is to make it less easy to shoot ourself in the foot.

A few tests are added too.

BUG=692449, 694959

Review-Url: https://codereview.chromium.org/2937503002 Cr-Commit-Position: refs/heads/master@{#480427}

6f31c86 CSP, PlzNavigate: make clear what happens with unique origins.
.../common/content_security_policy/csp_context.cc | 39 ++++-------------
.../common/content_security_policy/csp_context.h | 19 +++++----
.../common/content_security_policy/csp_source.cc | 29 ++++++-------
.../content_security_policy/csp_source_list.cc | 19 ++++++---
.../csp_source_list_unittest.cc | 16 +++++++
.../content_security_policy/csp_source_unittest.cc | 11 ++---
.../frame-src/frame-src-self-unique-origin.html | 49 ++++++++++++++++++++++
.../img-src/img-src-self-unique-origin.html | 49 ++++++++++++++++++++++
8 files changed, 166 insertions(+), 65 deletions(-)

Upstream: git.chromium.org


  • Share