Revision 42726335c0afd7f2a9408914c52072d3a85393bd authored by Andy Paicu on 16 May 2018, 10:12:30 UTC, committed by Chromium WPT Sync on 16 May 2018, 10:12:30 UTC
This feature is getting to big for a single code review so I'm splitting it up.
This is all behind the experimental CSP features flag.
What is covered:
The 'navigate-to' directive is now parsed and understood
The navigation relevant directives are passed as part of common params
A navigation csp context is created out of the navigation relevant directives
This navigation csp context is used to perform the 'navigate-to' checks
What is not covered but I will cover in future CRs:
securitypolicyviolation events are raised on the wrong host because we don't know
what the initiator is
CSP reports are sent using the current frame host as an intermediary which has
negative security implications
There are no WPT tests for the 'unsafe-allow-redirects' flag, only unit tests
I2S: https://groups.google.com/a/chromium.org/forum/#!topic/blink-dev/EJ4xF_DwZyk
Spec: https://w3c.github.io/webappsec-csp/#directive-navigate-to
Bug: 805886
Change-Id: Iaab324163dbe7389dcd440afa1ee51c0de215401
TBR=jochen@chromium.org
Change-Id: Iaab324163dbe7389dcd440afa1ee51c0de215401
Reviewed-on: https://chromium-review.googlesource.com/957726
Commit-Queue: Andy Paicu <andypaicu@chromium.org>
Reviewed-by: Jochen Eisinger <jochen@chromium.org>
Reviewed-by: Alex Moshchuk <alexmos@chromium.org>
Cr-Commit-Position: refs/heads/master@{#559026}
1 parent ad84337
.codecov.yml
comment:
require_changes: yes
ignore:
- "**"
- "!tools/.*"
Computing file changes ...
