Revision 42726335c0afd7f2a9408914c52072d3a85393bd authored by Andy Paicu on 16 May 2018, 10:12:30 UTC, committed by Chromium WPT Sync on 16 May 2018, 10:12:30 UTC
This feature is getting to big for a single code review so I'm splitting it up. This is all behind the experimental CSP features flag. What is covered: The 'navigate-to' directive is now parsed and understood The navigation relevant directives are passed as part of common params A navigation csp context is created out of the navigation relevant directives This navigation csp context is used to perform the 'navigate-to' checks What is not covered but I will cover in future CRs: securitypolicyviolation events are raised on the wrong host because we don't know what the initiator is CSP reports are sent using the current frame host as an intermediary which has negative security implications There are no WPT tests for the 'unsafe-allow-redirects' flag, only unit tests I2S: https://groups.google.com/a/chromium.org/forum/#!topic/blink-dev/EJ4xF_DwZyk Spec: https://w3c.github.io/webappsec-csp/#directive-navigate-to Bug: 805886 Change-Id: Iaab324163dbe7389dcd440afa1ee51c0de215401 TBR=jochen@chromium.org Change-Id: Iaab324163dbe7389dcd440afa1ee51c0de215401 Reviewed-on: https://chromium-review.googlesource.com/957726 Commit-Queue: Andy Paicu <andypaicu@chromium.org> Reviewed-by: Jochen Eisinger <jochen@chromium.org> Reviewed-by: Alex Moshchuk <alexmos@chromium.org> Cr-Commit-Position: refs/heads/master@{#559026}
1 parent ad84337
Computing file changes ...