CSP: object-src is being incorrectly applied to plugin-loaded subresources |
|||||||
Issue descriptionhttps://codereview.chromium.org/1866433002 started applying the object-src CSP directive to requests with RequestContextEmbed, RequestContextObject, or RequestContextPlugin. It turns out that RequestContextPlugin is used for subresources that plugins themselves request, which should probably bypass CSP checks. https://code.google.com/p/chromium/codesearch#chromium/src/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp&q=ContentSecurityPolicy::allowrequest&sq=package:chromium&l=557 (RequestContextPlugin should be in the block at the end of the switch that just returns true.)
,
Apr 15 2016
,
Apr 15 2016
,
Apr 18 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/1055ddd2281c6d0ae450477968ceeb63f210a2fa commit 1055ddd2281c6d0ae450477968ceeb63f210a2fa Author: estark <estark@chromium.org> Date: Mon Apr 18 22:18:00 2016 Bypass CSP checks for plugin-loaded requests A recent refactor of how CSP gets applied to requests accidentally started applying object-src directives to subresources that are loaded by plugins. This CL skips CSP checks for RequestContextPlugin. BUG= 603952 Review URL: https://codereview.chromium.org/1894593003 Cr-Commit-Position: refs/heads/master@{#388043} [modify] https://crrev.com/1055ddd2281c6d0ae450477968ceeb63f210a2fa/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp [modify] https://crrev.com/1055ddd2281c6d0ae450477968ceeb63f210a2fa/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicyTest.cpp
,
Apr 19 2016
,
Apr 20 2016
shuchen@ or wuyingbing@, can you please check if the problem you noticed is fixed in today's Canary (without having to modify your CSP)? If so, I'll request a merge to M51.
,
Apr 21 2016
Verify on Canary 52.02712.1
,
Apr 21 2016
Requesting merge to M51, where the bug was introduced.
,
Apr 21 2016
Your change meets the bar and is auto-approved for M51 (branch: 2704)
,
Apr 21 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/5c9b6eb6926bb03da6a95a4e7f30aacdf79889f0 commit 5c9b6eb6926bb03da6a95a4e7f30aacdf79889f0 Author: Emily Stark <estark@google.com> Date: Thu Apr 21 03:41:46 2016 Bypass CSP checks for plugin-loaded requests A recent refactor of how CSP gets applied to requests accidentally started applying object-src directives to subresources that are loaded by plugins. This CL skips CSP checks for RequestContextPlugin. BUG= 603952 Review URL: https://codereview.chromium.org/1894593003 Cr-Commit-Position: refs/heads/master@{#388043} (cherry picked from commit 1055ddd2281c6d0ae450477968ceeb63f210a2fa) Review URL: https://codereview.chromium.org/1907663003 . Cr-Commit-Position: refs/branch-heads/2704@{#159} Cr-Branched-From: 6e53600def8f60d8c632fadc70d7c1939ccea347-refs/heads/master@{#386251} [modify] https://crrev.com/5c9b6eb6926bb03da6a95a4e7f30aacdf79889f0/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp [modify] https://crrev.com/5c9b6eb6926bb03da6a95a4e7f30aacdf79889f0/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicyTest.cpp |
|||||||
►
Sign in to add a comment |
|||||||
Comment 1 by est...@chromium.org
, Apr 15 2016