We should merge <https://src.chromium.org/viewvc/blink?view=rev&revision=194094> and <https://src.chromium.org/viewvc/blink?view=rev&revision=194143> (in order). Use the served CSP header for dedicated workers This CL makes workers obey the CSP that was served as a header along with the worker script, instead of inheriting the CSP from the document that spawned the worker. (Blob and file URLs still inherit the CSP from the parent document.)
<rdar://problem/24383254>
Created attachment 270118 [details] Patch and Layout Test
Attachment 270118 [details] did not pass style-queue: ERROR: Source/WebCore/workers/DedicatedWorkerThread.h:37: Code inside a namespace should not be indented. [whitespace/indent] [4] ERROR: Source/WebCore/workers/WorkerGlobalScopeProxy.h:41: Code inside a namespace should not be indented. [whitespace/indent] [4] ERROR: Source/WebCore/workers/WorkerMessagingProxy.h:43: Code inside a namespace should not be indented. [whitespace/indent] [4] ERROR: Source/WebCore/workers/DedicatedWorkerGlobalScope.h:39: Code inside a namespace should not be indented. [whitespace/indent] [4] ERROR: Source/WebCore/workers/WorkerThread.h:38: Code inside a namespace should not be indented. [whitespace/indent] [4] Total errors found: 5 in 26 files If any of these errors are false positives, please file a bug against check-webkit-style.
Created attachment 270120 [details] Patch and Layout Test Add files ContentSecurityPolicyResponseHeaders.{cpp, h} to the CMake build system and Visual Studio project file
Attachment 270120 [details] did not pass style-queue: ERROR: Source/WebCore/workers/DedicatedWorkerThread.h:37: Code inside a namespace should not be indented. [whitespace/indent] [4] ERROR: Source/WebCore/workers/WorkerGlobalScopeProxy.h:41: Code inside a namespace should not be indented. [whitespace/indent] [4] ERROR: Source/WebCore/workers/WorkerMessagingProxy.h:43: Code inside a namespace should not be indented. [whitespace/indent] [4] ERROR: Source/WebCore/workers/DedicatedWorkerGlobalScope.h:39: Code inside a namespace should not be indented. [whitespace/indent] [4] ERROR: Source/WebCore/workers/WorkerThread.h:38: Code inside a namespace should not be indented. [whitespace/indent] [4] Total errors found: 5 in 29 files If any of these errors are false positives, please file a bug against check-webkit-style.
Created attachment 270127 [details] Patch and Layout Tests Updated patch to inherit CSP from owner document of worker when script URL of worker is a file URL as per comment #0. Added tests LayoutTests/fast/workers/worker-inherits-csp-blocks-{eval, xhr}.html to ensure we do not regress this behavior.
Attachment 270127 [details] did not pass style-queue: ERROR: Source/WebCore/workers/DedicatedWorkerThread.h:37: Code inside a namespace should not be indented. [whitespace/indent] [4] ERROR: Source/WebCore/workers/WorkerGlobalScopeProxy.h:41: Code inside a namespace should not be indented. [whitespace/indent] [4] ERROR: Source/WebCore/workers/WorkerMessagingProxy.h:43: Code inside a namespace should not be indented. [whitespace/indent] [4] ERROR: Source/WebCore/workers/DedicatedWorkerGlobalScope.h:39: Code inside a namespace should not be indented. [whitespace/indent] [4] ERROR: Source/WebCore/workers/WorkerThread.h:38: Code inside a namespace should not be indented. [whitespace/indent] [4] Total errors found: 5 in 35 files If any of these errors are false positives, please file a bug against check-webkit-style.
Comment on attachment 270127 [details] Patch and Layout Tests View in context: https://bugs.webkit.org/attachment.cgi?id=270127&action=review r=me. I don't know why the patch will not apply on the WK2 bot, but presumably its a machine-specific issue. Please watch test results carefully after landing. > Source/WebCore/ChangeLog:58 > + (WebCore::ContentSecurityPolicyResponseHeaders::isolatedCopy): Make an copy of this object that is Make *a* copy! :-)
Committed r195948: <http://trac.webkit.org/changeset/195948>