New issue
Advanced search Search tips

Issue 788061 link

Starred by 3 users
Status: Fixed
Owner:
mmenke@chromium.org
Closed: Nov 2017
Cc:
est...@chromium.org
eroman@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 3
Type: Bug

Blocking:
issue 775525



Sign in to add a comment

net_internals/main.js MainView.stopCapturing violates same origin policy

Project Member Reported by meade@chromium.org, Nov 23 2017 
https://cs.chromium.org/chromium/src/chrome/browser/resources/net_internals/main.js?l=146

I have started chromium-review.googlesource.com/783911 to fix  http://crbug.com/775525  (CSSStyleSheet.insertRule succeeds on cross origin sheets), however my CL causes a bunch of NetInternalsTests to fail. The cause is a call to document.styleSheets[0].insertRule, which will now throw a SecurityError.

FWIW, the check that's failing is here:
https://cs.chromium.org/chromium/src/third_party/WebKit/Source/core/css/CSSStyleSheet.cpp?l=259

mmenke@, eroman@, estark@, could one of you please take a look, or get someone to take a look? Thanks!
Project Member

Comment 1 by bugdroid1@chromium.org, Nov 29 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/ae26e11aa2883a84b1144cabb0ab63a8dba2570f

commit ae26e11aa2883a84b1144cabb0ab63a8dba2570f
Author: Matt Menke <mmenke@chromium.org>
Date: Wed Nov 29 01:05:31 2017

net-internals: Fix same-origin policy violation.

It was modifying a style sheet from another origin to hide some UI
elements when capturing was stopped. This CL makes it add another sheet
instead.

Bug:  788061 
Cq-Include-Trybots: master.tryserver.chromium.linux:closure_compilation
Change-Id: I734543786e80d5046b93fda1e970f9e5e40f6096
Reviewed-on: https://chromium-review.googlesource.com/794542
Reviewed-by: Eric Roman <eroman@chromium.org>
Commit-Queue: Matt Menke <mmenke@chromium.org>
Cr-Commit-Position: refs/heads/master@{#519940}
[modify] https://crrev.com/ae26e11aa2883a84b1144cabb0ab63a8dba2570f/chrome/browser/resources/net_internals/main.js

Comment 2 by mmenke@chromium.org, Nov 29 2017

Status: Fixed (was: Untriaged)

Comment 3 by meade@chromium.org, Nov 29 2017 

Thank you for fixing it so quickly!

Sign in to add a comment