commit | 1a51903a122803cd0eb4356edb84444feda25f79 | [log] [tgz] |
---|---|---|
author | Karan Bhatia <karandeepb@chromium.org> | Tue Jan 08 04:27:24 2019 |
committer | Commit Bot <commit-bot@chromium.org> | Tue Jan 08 04:27:24 2019 |
tree | aca146c9c073fdd863a1d380217549e5381a9e32 | |
parent | 1c4657fc77a03e44f2aa62408cd317af9d7bd59e [diff] |
Introduce ExecutionContext::GetContentSecurityPolicyForWorld. This CL makes the following changes: - Introduce IsolatedWorldCSP blink runtime feature. If the feature is enabled, we will use the actual CSP defined by an isolated world. If it is disabled (default), we'll use an empty CSP for the isolated world, which will just have the effect of bypassing the main world CSP. - Introduce ExecutionContext::GetContentSecurityPolicyForWorld() which returns the correct ContentSecurityPolicy to use based on the current world. No non-test usages of this method are added in this CL. - Partially implement IsolatedWorldCSPDelegate. This CL implements the initial pieces to support applying a custom CSP for isolated worlds. It should have no behavior change. In future CLs, we'll: - Plumb the correct security origin for isolated world csps. - Replace the usages of ContentSecurityPolicy::ShouldBypassMainWorld with ExecutionContext::GetContentSecurityPolicyForWorld to ensure we end up using the isolated world specified CSP when needed. Doc=https://docs.google.com/document/d/1_Ku4P86It4ewL_4k_YwrpNKo0YhCM1yuE1fzR673Ask/edit?usp=sharing (Googlers only) BUG=896041 Change-Id: I2542e3c8412d6ed2637ddffc20645374261b03a7 Reviewed-on: https://chromium-review.googlesource.com/c/1368663 Reviewed-by: Kentaro Hara <haraken@chromium.org> Commit-Queue: Karan Bhatia <karandeepb@chromium.org> Cr-Commit-Position: refs/heads/master@{#620617}
Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web.
The project's web site is https://www.chromium.org.
Documentation in the source is rooted in docs/README.md.
Learn how to Get Around the Chromium Source Code Directory Structure .