diff options
author | alexmos <alexmos@chromium.org> | 2016-02-05 13:21:56 -0800 |
---|---|---|
committer | Commit bot <commit-bot@chromium.org> | 2016-02-05 21:23:14 +0000 |
commit | e667cc2e501fabab3605b838e4ee0d642a9c4a59 (patch) | |
tree | 15feeb0e470972eccb66af725871efb76f2d57ee /cc/proto | |
parent | 30cb640ea8d04e901781e662fb53020c80d01f14 (diff) | |
download | chromium_src-e667cc2e501fabab3605b838e4ee0d642a9c4a59.zip chromium_src-e667cc2e501fabab3605b838e4ee0d642a9c4a59.tar.gz chromium_src-e667cc2e501fabab3605b838e4ee0d642a9c4a59.tar.bz2 |
Use origin rather than url in CSPDirectiveList::checkAncestors.
This should make this check compatible with remote frames, which don't
have access to URLs by design.
This causes a behavioral change for sandboxed documents, which will
no longer match as they would with URLs, since their origin is unique
(assuming no allow-same-origin). This should be ok -- see
https://github.com/w3c/webappsec/issues/311 for discussion.
BUG=582544
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_site_isolation
Review URL: https://codereview.chromium.org/1654393002
Cr-Commit-Position: refs/heads/master@{#373913}
Diffstat (limited to 'cc/proto')
0 files changed, 0 insertions, 0 deletions