Bug 69294 - Move ContentSecurityPolicy to the ScriptExecutionContext to prepare it for working with XHR and workers
Summary: Move ContentSecurityPolicy to the ScriptExecutionContext to prepare it for wo...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: New Bugs (show other bugs)
Version: 528+ (Nightly build)
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Sam Weinig
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2011-10-03 14:53 PDT by Sam Weinig
Modified: 2011-10-03 15:34 PDT (History)
0 users

See Also:


Attachments
Patch (11.64 KB, patch)
2011-10-03 15:01 PDT, Sam Weinig
darin: review+
Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Sam Weinig 2011-10-03 14:53:51 PDT
Move ContentSecurityPolicy to the ScriptExecutionContext to prepare it for working with XHR and workers
Comment 1 Sam Weinig 2011-10-03 15:01:22 PDT
Created attachment 109535 [details]
Patch
Comment 2 Darin Adler 2011-10-03 15:08:31 PDT
Comment on attachment 109535 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=109535&action=review

> Source/WebCore/dom/ScriptExecutionContext.h:178
>          // Note: It is dangerous to change the security origin of a script context
>          //       that already contains content.
>          void setSecurityOrigin(PassRefPtr<SecurityOrigin>);
> +        void setContentSecurityPolicy(PassRefPtr<ContentSecurityPolicy>);

Paragraphing here is a little strange since the comment above is about the security origin, not the content security policy.
Comment 3 Adam Barth 2011-10-03 15:08:45 PDT
Comment on attachment 109535 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=109535&action=review

> Source/WebCore/workers/WorkerContext.cpp:120
> +    // FIXME: This should probably adopt the ContentSecurityPolicy of the document
> +    // that created this worker. 

There was some discussion about this in the working group.  The other choice is to use the header that comes with the script.
Comment 4 Sam Weinig 2011-10-03 15:34:31 PDT
Committed r96550: <http://trac.webkit.org/changeset/96550>