Issue 702540 link

Starred by 1 user

Issue metadata

Status:	Available
Owner:	----
Cc:	█ mkwst@chromium.org █ nick@chromium.org clamy@chromium.org arthurso...@chromium.org █ nasko@chromium.org
Components:	Blink>SecurityFeature>ContentSecurityPolicy UI>Browser>Navigation
EstimatedDays:	----
NextAction:	----
OS:	All
Pri:	3
Type:	Task

The origin of the isolated world in which the navigation originated should be checked.

Project Member Reported by arthurso...@chromium.org, Mar 17 2017

Issue description

This follow the discussion that first happens there:
https://codereview.chromium.org/2655463006/#msg126

When a navigation is initiated from an isolated world, the Content-Security-Policy of the main world should not be enforced. For the moment, the browser knows what to do with the pseudo boolean: common_navigation_params.should_check_main_world_csp.

For security reasons, it would be nice to pass the origin of the isolated world. Then the browser would be able to double check that it corresponds to an extension that was supposed to run an user script in the page.

Comment 1 by est...@chromium.org, Nov 10 2017

Labels: Hotlist-EnamelAndFriendsFixIt

Comment 2 by est...@chromium.org, Feb 18 2018

Labels: -Hotlist-EnamelAndFriendsFixIt

►

Issue 702540 link

Issue metadata

The origin of the isolated world in which the navigation originated should be checked.

Issue description

Comment 1 by est...@chromium.org, Nov 10 2017

Comment 1 Deleted

Comment 2 by est...@chromium.org, Feb 18 2018

Comment 2 Deleted

Sign in to add a comment