Bug 69294

Summary: Move ContentSecurityPolicy to the ScriptExecutionContext to prepare it for working with XHR and workers
Product: WebKit Reporter: Sam Weinig <sam>
Component: New BugsAssignee: Sam Weinig <sam>
Status: RESOLVED FIXED    
Severity: Normal    
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch darin: review+

Sam Weinig
Reported 2011-10-03 14:53:51 PDT
Move ContentSecurityPolicy to the ScriptExecutionContext to prepare it for working with XHR and workers
Attachments
Patch (11.64 KB, patch)
2011-10-03 15:01 PDT, Sam Weinig 		darin: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Sam Weinig
Comment 1 2011-10-03 15:01:22 PDT
Created attachment 109535 [details] Patch
Darin Adler
Comment 2 2011-10-03 15:08:31 PDT
Comment on attachment 109535 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=109535&action=review > Source/WebCore/dom/ScriptExecutionContext.h:178 > // Note: It is dangerous to change the security origin of a script context > // that already contains content. > void setSecurityOrigin(PassRefPtr<SecurityOrigin>); > + void setContentSecurityPolicy(PassRefPtr<ContentSecurityPolicy>); Paragraphing here is a little strange since the comment above is about the security origin, not the content security policy.
Adam Barth
Comment 3 2011-10-03 15:08:45 PDT
Comment on attachment 109535 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=109535&action=review > Source/WebCore/workers/WorkerContext.cpp:120 > + // FIXME: This should probably adopt the ContentSecurityPolicy of the document > + // that created this worker. There was some discussion about this in the working group. The other choice is to use the header that comes with the script.
Sam Weinig
Comment 4 2011-10-03 15:34:31 PDT
Committed r96550: <http://trac.webkit.org/changeset/96550>
Note You need to log in before you can comment on or make changes to this bug.