Issue 855275 link

Starred by 1 user

Issue metadata

Status:	Duplicate
Merged:	issue 807838
Owner:	█ andypaicu@chromium.org Last visit > 30 days ago
Closed:	Jun 2018
Components:	Blink>SecurityFeature>ContentSecurityPolicy Blink>Workers
EstimatedDays:	----
NextAction:	----
OS:	----
Pri:	2
Type:	Bug

blink::ContentSecurityPolicy is thread hostile, yet is used from multiple threads

Project Member Reported by mek@chromium.org, Jun 21 2018

Issue description

In particular calling AddPolicyFromHeaderValue is not something that is safe to do from multiple threads, even if different ContentSecurityPolicy instances are used, because:
- it uses blink::CSPDirectiveList to parse the header
- blink::CSPDirectiveList uses blink::SpaceSplitString to parse the string
- blink::SpaceSplitString uses a DEFINE_STATIC_LOCAL singleton DataMap (to cache things I think?) with no consideration for multiple threads

Comment 1 by mek@chromium.org, Jun 21 2018

(and the multi-threaded usage comes from blink::WorkerOrWorkletGlobalScope::InitContentSecurityPolicyFromVector, which is called on worker threads)

Comment 2 by shimazu@chromium.org, Jun 22 2018

Mergedinto: 807838
Status: Duplicate (was: Untriaged)

I think this is the same with issue 807838.

►

Issue 855275 link

Issue metadata

blink::ContentSecurityPolicy is thread hostile, yet is used from multiple threads

Issue description

Comment 1 by mek@chromium.org, Jun 21 2018

Comment 1 Deleted

Comment 2 by shimazu@chromium.org, Jun 22 2018

Comment 2 Deleted

Sign in to add a comment