Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CSP handling of 'self' inside sandbox iframe was incorrect. #17326

Merged
merged 1 commit into from Jun 18, 2019

Conversation

chromium-wpt-export-bot
Copy link
Collaborator

@chromium-wpt-export-bot chromium-wpt-export-bot commented Jun 13, 2019

The correct handling of 'self' depended on the timing of when the
ExecutionContext's sandbox flags were applied. If a CSP policy for 'self'
was applied after the origin was derived to be opaque it would fail.

BUG=973991

Change-Id: Ie6f384b02aa3dea3ce48c3052f06b7bd8fb2d3ea
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1658764
Commit-Queue: Dave Tapuska <dtapuska@chromium.org>
Reviewed-by: Mike West <mkwst@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Cr-Commit-Position: refs/heads/master@{#670074}

Copy link
Collaborator

@wpt-pr-bot wpt-pr-bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Already reviewed downstream.

@chromium-wpt-export-bot chromium-wpt-export-bot force-pushed the chromium-export-cl-1658764 branch 3 times, most recently from 5a9bf8f to 1664ca2 Compare June 18, 2019 13:33
The correct handling of 'self' depended on the timing of when the
ExecutionContext's sandbox flags were applied. If a CSP policy for 'self'
was applied after the origin was derived to be opaque it would fail.

BUG=973991

Change-Id: Ie6f384b02aa3dea3ce48c3052f06b7bd8fb2d3ea
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1658764
Commit-Queue: Dave Tapuska <dtapuska@chromium.org>
Reviewed-by: Mike West <mkwst@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Cr-Commit-Position: refs/heads/master@{#670074}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

3 participants