e598765e4822eac833a547abca92ce87a1287dc0 - chromium/src

commit	e598765e4822eac833a547abca92ce87a1287dc0	[log] [tgz]
author	mkwst <mkwst@chromium.org>	Wed Nov 30 12:36:42 2016
committer	Commit bot <commit-bot@chromium.org>	Wed Nov 30 12:38:50 2016
tree	7f852860ef0125014cab63a7c06576e95722588a
parent	0c90e3e66218b17c8d1de1bdd8aaf8973c1a5359 [diff]

CSP: "local schemes" should inherit policy when window.opened.

https://w3c.github.io/webappsec-csp/#initialize-document-csp mandates
that resources with "local schemes" ('data:', 'blob:', 'filesystem:',
'about:') inherit the policy of their opening context when opened via
things like 'window.open'. We're not doing that, but we ought to.

BUG=669086
R=jochen@chromium.org

Review-Url: https://codereview.chromium.org/2530343006
Cr-Commit-Position: refs/heads/master@{#435233}

third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/cascade/cross-origin-window-open.html[Added - diff]
third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/cascade/cross-origin-with-own-policy-window-open.html[Added - diff]
third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/cascade/same-origin-window-open.html[Added - diff]
third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/cascade/same-origin-with-own-policy-window-open.html[Added - diff]
third_party/WebKit/Source/core/dom/Document.cpp[diff]

5 files changed