New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 793658 link

Starred by 2 users
Status: Duplicate
Merged: issue 649869
Owner: ----
Closed: Dec 2017
Cc:
mkwst@chromium.org
alex...@chromium.org
arthurso...@chromium.org
nasko@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Windows , Chrome , Mac
Pri: 3
Type: Bug



Sign in to add a comment

Frames blocked by CSP are reported as being blocked by an extension

Reported by scott.he...@gmail.com, Dec 10 2017 
Chrome Version       : 63.0.3239.84
OS Version: 10.0

What steps will reproduce the problem?
1. Implement a CSP to block iframes.
2. Include an iframe on the page.
3. Error message is incorrect.

What is the expected result?
The message should indicate the iframe was blocked by CSP.

What happens instead of that?
The message indicates the iframe was blocked by an extension.

Please provide any additional information below. Attach a screenshot if
possible.

UserAgentString: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Screenshot attached.
chrome-iframe-csp-block.png
62.8 KB View Download

Comment 1 by alex...@chromium.org, Dec 11 2017

Cc: mkwst@chromium.org alex...@chromium.org arthurso...@chromium.org nasko@chromium.org
Components: Blink>SecurityFeature>ContentSecurityPolicy
Labels: OS-Chrome OS-Linux OS-Mac
Status: Available (was: Unconfirmed)
I think this is because we always serve that error message for navigations blocked via ERR_BLOCKED_BY_CLIENT - see https://cs.chromium.org/chromium/src/components/error_page/common/localized_error.cc?l=278&rcl=54381f2c1caacdcd96cf4e94d7f32b0ac7e0f88c.

Now that this is used more widely, including by browser-side CSP enforcements as part of PlzNav, we should figure out a way to use a better error message here.

Comment 2 by alex...@chromium.org, Dec 11 2017

Mergedinto: 649869
Status: Duplicate (was: Available)
Ah, seems like we already have a bug for this - merging to issue 649869.

Comment 3 by scott.he...@gmail.com, Dec 11 2017 

Ah my bad, that didn't come up when searching.

Sign in to add a comment