Iframe load event fires when blocked by CSP
Reported by
signupsa...@gmail.com,
Oct 28
|
||||
Issue descriptionUserAgent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36 Steps to reproduce the problem: 1. Set a CSP that blocks iframe loading (frame-src 'none') 2. Create an iframe and set a load event handler 3. Load the page What is the expected behavior? The iframe should use an error event instead of a load event when blocked. What went wrong? The iframe uses the load event instead of the error event when blocked. Did this work before? N/A Chrome version: 70.0.3538.77 Channel: stable OS Version: OS X 10.13.6 Flash Version: I'm LITERALLY shaking with anger and may write in my blog and make 3 tweets about this if it's not fixed immediately! 😡 P.S. thank you for your hard work! xoxo
,
Oct 29
,
Oct 31
Able to reproduce the issue on reported chrome #70.3538.77 and latest chrome #72.0.3596.0 using Windows 10, Ubuntu 17.10 and Mac OS 10.13.6 by following steps as per comment #9. The behavior is seen from old M-60 builds(#60.0.3112.113). This is a non-regression issue, hence marking it as Untriaged and requesting someone from the dev team to look into the issue. Thanks.!
,
Nov 5
|
||||
►
Sign in to add a comment |
||||
Comment 1 by krajshree@chromium.org
, Oct 29