RESOLVED FIXED 69294
Move ContentSecurityPolicy to the ScriptExecutionContext to prepare it for working with XHR and workers
https://bugs.webkit.org/show_bug.cgi?id=69294
Summary Move ContentSecurityPolicy to the ScriptExecutionContext to prepare it for wo...
Sam Weinig
Reported 2011-10-03 14:53:51 PDT
Move ContentSecurityPolicy to the ScriptExecutionContext to prepare it for working with XHR and workers
Attachments
Patch (11.64 KB, patch)
2011-10-03 15:01 PDT, Sam Weinig
darin: review+
Sam Weinig
Comment 1 2011-10-03 15:01:22 PDT
Darin Adler
Comment 2 2011-10-03 15:08:31 PDT
Comment on attachment 109535 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=109535&action=review > Source/WebCore/dom/ScriptExecutionContext.h:178 > // Note: It is dangerous to change the security origin of a script context > // that already contains content. > void setSecurityOrigin(PassRefPtr<SecurityOrigin>); > + void setContentSecurityPolicy(PassRefPtr<ContentSecurityPolicy>); Paragraphing here is a little strange since the comment above is about the security origin, not the content security policy.
Adam Barth
Comment 3 2011-10-03 15:08:45 PDT
Comment on attachment 109535 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=109535&action=review > Source/WebCore/workers/WorkerContext.cpp:120 > + // FIXME: This should probably adopt the ContentSecurityPolicy of the document > + // that created this worker. There was some discussion about this in the working group. The other choice is to use the header that comes with the script.
Sam Weinig
Comment 4 2011-10-03 15:34:31 PDT
Note You need to log in before you can comment on or make changes to this bug.