OOPIF support for 'plugin-types' Content Security Policy.
The CL makes 'plugin-types' Content Security Policy compatible with
OOPIFs by avoiding isLocalFrame check and toLocalFrame cast inside
ContentSecurityPolicy::allowPluginTypeForDocument method. The method
was tweaked to get a ContentSecurityPolicy object for the parent frame
in a way that works both for local and remote frames.
Additionally, it turned out that before this CL, the error message about
the blocked plugin would incorrectly report the declared MIME type of
the plugin if the parent frame is local (i.e. without
--site-per-process), but would report actual, correct MIME type if the
parent frame was remote (i.e. with --site-per-process, after fixing
allowPluginTypeForDocument method). This would result in non-sensical
error messages where the blocked plugin seems to match the list of
allowed MIME types:
Refused to load 'http://localhost:8000/plugins/resources/mock-plugin.pl'
(MIME type 'text/plain') because it violates the following Content
Security Policy Directive: 'plugin-types text/plain'.
The expected error message is obviously:
Refused to load 'http://localhost:8000/plugins/resources/mock-plugin.pl'
(MIME type 'application/x-blink-test-plugin') because it violates the
following Content Security Policy Directive: 'plugin-types text/plain'.
This is fixed by tweaking HTMLPlugInElement::allowedToLoadObject to
always pass the value of type attribute declared in the plugin document,
rather than passing the value of the type attribute declared in the
parent document.
BUG=633749
Review-Url: https://codereview.chromium.org/2213593002
Cr-Commit-Position: refs/heads/master@{#412855}
7 files changed
