A ContentSecurityPolicy object currently depends on either a ScriptExecutionContext or a Frame in order to perform logging, dispatch DOM events, and send CSP reports. Ideally, we want it be dependent on a delegate to perform these operations so that we can implement them appropriate for workers and with respect to the NetworkProcess. Notice that class Document extends ScriptExecutionContext. For documents, one of the reasons the class ContentSecurityPolicy has a dependency on ScriptExecutionContext is because it needs to know the document's referrer when dispatching DOM events and sending CSP reports for violations. It is sufficient to pass the referrer information to a ContentSecurityPolicy directly instead of having ContentSecurityPolicy indirectly query this information from the specified ScriptExecutionContext or Frame. This will also make it straightforward to correctly compute the referrer for a worker in a subsequent bug.
Created attachment 339695 [details] Patch
(In reply to Daniel Bates from comment #0) > Ideally, we want it be dependent on a delegate > to perform these operations so that we can implement them appropriate for > workers and with respect to the NetworkProcess. Notice that class Document > extends ScriptExecutionContext. This should read: Ideally, we want it to be dependent only on a delegate to perform these operations so that we can implement them appropriately for workers and with respect to the NetworkProcess. > This will also make it straightforward to correctly compute the referrer for a worker in a subsequent bug. Disregard this remark. Only documents have a referrer. That is, workers do not have a referrer.
Comment on attachment 339695 [details] Patch R=me. Do we already have test coverage for this?
(In reply to Per Arne Vollan from comment #3) > Do we already have test coverage for this? Yes, we do.
Comment on attachment 339695 [details] Patch Clearing flags on attachment: 339695 Committed r231445: <https://trac.webkit.org/changeset/231445>
All reviewed patches have been landed. Closing bug.
<rdar://problem/40028310>