Obsolete
Status Update
No update yet.
Comments
bu...@chromium.org
The following revision refers to this bug:
https://chromium.googlesource.com/chromium/src.git/+/ecd916766fcea37603d7b56f858c5bdf19c42071
commit ecd916766fcea37603d7b56f858c5bdf19c42071
Author: Andy Paicu <andypaicu@chromium.org>
Date: Thu Mar 08 10:57:03 2018
'navigate-to' directive tests
PR:https://github.com/w3c/webappsec-csp/pull/290
Bug: 805886
Change-Id: I5bdda65c7e70e729b33a3647135fee6453e97e66
Reviewed-on:https://chromium-review.googlesource.com/934181
Commit-Queue: Andy Paicu <andypaicu@chromium.org>
Reviewed-by: Mike West <mkwst@chromium.org>
Cr-Commit-Position: refs/heads/master@{#541769}
[add]https://crrev.com/ecd916766fcea37603d7b56f858c5bdf19c42071/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/anchor-navigation-always-allowed.html
[add]https://crrev.com/ecd916766fcea37603d7b56f858c5bdf19c42071/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/anchor-navigation-always-allowed.html.headers
[add]https://crrev.com/ecd916766fcea37603d7b56f858c5bdf19c42071/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/child-navigates-parent-allowed.html
[add]https://crrev.com/ecd916766fcea37603d7b56f858c5bdf19c42071/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/child-navigates-parent-allowed.html.headers
[add]https://crrev.com/ecd916766fcea37603d7b56f858c5bdf19c42071/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/child-navigates-parent-blocked-expected.txt
[add]https://crrev.com/ecd916766fcea37603d7b56f858c5bdf19c42071/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/child-navigates-parent-blocked.html
[add]https://crrev.com/ecd916766fcea37603d7b56f858c5bdf19c42071/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/child-navigates-parent-blocked.html.headers
[add]https://crrev.com/ecd916766fcea37603d7b56f858c5bdf19c42071/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/form-action/form-action-allows-navigate-to-allows.html
[add]https://crrev.com/ecd916766fcea37603d7b56f858c5bdf19c42071/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/form-action/form-action-allows-navigate-to-blocks.html
[add]https://crrev.com/ecd916766fcea37603d7b56f858c5bdf19c42071/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/form-action/form-action-blocks-navigate-to-allows.html
[add]https://crrev.com/ecd916766fcea37603d7b56f858c5bdf19c42071/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/form-action/form-action-blocks-navigate-to-blocks.html
[add]https://crrev.com/ecd916766fcea37603d7b56f858c5bdf19c42071/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/form-allowed.html
[add]https://crrev.com/ecd916766fcea37603d7b56f858c5bdf19c42071/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/form-blocked-expected.txt
[add]https://crrev.com/ecd916766fcea37603d7b56f858c5bdf19c42071/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/form-blocked.html
[add]https://crrev.com/ecd916766fcea37603d7b56f858c5bdf19c42071/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/form-cross-origin-allowed.sub.html
[add]https://crrev.com/ecd916766fcea37603d7b56f858c5bdf19c42071/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/form-cross-origin-blocked.sub-expected.txt
[add]https://crrev.com/ecd916766fcea37603d7b56f858c5bdf19c42071/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/form-cross-origin-blocked.sub.html
[add]https://crrev.com/ecd916766fcea37603d7b56f858c5bdf19c42071/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/form-redirected-allowed.html
[add]https://crrev.com/ecd916766fcea37603d7b56f858c5bdf19c42071/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/form-redirected-blocked.sub-expected.txt
[add]https://crrev.com/ecd916766fcea37603d7b56f858c5bdf19c42071/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/form-redirected-blocked.sub.html
[add]https://crrev.com/ecd916766fcea37603d7b56f858c5bdf19c42071/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/href-location-allowed.html
[add]https://crrev.com/ecd916766fcea37603d7b56f858c5bdf19c42071/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/href-location-blocked-expected.txt
[add]https://crrev.com/ecd916766fcea37603d7b56f858c5bdf19c42071/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/href-location-blocked.html
[add]https://crrev.com/ecd916766fcea37603d7b56f858c5bdf19c42071/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/href-location-cross-origin-allowed.sub.html
[add]https://crrev.com/ecd916766fcea37603d7b56f858c5bdf19c42071/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/href-location-cross-origin-blocked.sub-expected.txt
[add]https://crrev.com/ecd916766fcea37603d7b56f858c5bdf19c42071/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/href-location-cross-origin-blocked.sub.html
[add]https://crrev.com/ecd916766fcea37603d7b56f858c5bdf19c42071/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/href-location-redirected-allowed.html
[add]https://crrev.com/ecd916766fcea37603d7b56f858c5bdf19c42071/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/href-location-redirected-blocked.sub-expected.txt
[add]https://crrev.com/ecd916766fcea37603d7b56f858c5bdf19c42071/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/href-location-redirected-blocked.sub.html
[add]https://crrev.com/ecd916766fcea37603d7b56f858c5bdf19c42071/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/link-click-allowed.html
[add]https://crrev.com/ecd916766fcea37603d7b56f858c5bdf19c42071/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/link-click-blocked-expected.txt
[add]https://crrev.com/ecd916766fcea37603d7b56f858c5bdf19c42071/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/link-click-blocked.html
[add]https://crrev.com/ecd916766fcea37603d7b56f858c5bdf19c42071/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/link-click-cross-origin-allowed.sub.html
[add]https://crrev.com/ecd916766fcea37603d7b56f858c5bdf19c42071/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/link-click-cross-origin-blocked.sub-expected.txt
[add]https://crrev.com/ecd916766fcea37603d7b56f858c5bdf19c42071/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/link-click-cross-origin-blocked.sub.html
[add]https://crrev.com/ecd916766fcea37603d7b56f858c5bdf19c42071/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/link-click-redirected-allowed.html
[add]https://crrev.com/ecd916766fcea37603d7b56f858c5bdf19c42071/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/link-click-redirected-blocked.sub-expected.txt
[add]https://crrev.com/ecd916766fcea37603d7b56f858c5bdf19c42071/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/link-click-redirected-blocked.sub.html
[add]https://crrev.com/ecd916766fcea37603d7b56f858c5bdf19c42071/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/meta-refresh-allowed.html
[add]https://crrev.com/ecd916766fcea37603d7b56f858c5bdf19c42071/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/meta-refresh-blocked-expected.txt
[add]https://crrev.com/ecd916766fcea37603d7b56f858c5bdf19c42071/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/meta-refresh-blocked.html
[add]https://crrev.com/ecd916766fcea37603d7b56f858c5bdf19c42071/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/meta-refresh-cross-origin-allowed.sub.html
[add]https://crrev.com/ecd916766fcea37603d7b56f858c5bdf19c42071/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/meta-refresh-cross-origin-blocked.sub-expected.txt
[add]https://crrev.com/ecd916766fcea37603d7b56f858c5bdf19c42071/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/meta-refresh-cross-origin-blocked.sub.html
[add]https://crrev.com/ecd916766fcea37603d7b56f858c5bdf19c42071/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/meta-refresh-redirected-allowed.html
[add]https://crrev.com/ecd916766fcea37603d7b56f858c5bdf19c42071/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/meta-refresh-redirected-blocked.sub-expected.txt
[add]https://crrev.com/ecd916766fcea37603d7b56f858c5bdf19c42071/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/meta-refresh-redirected-blocked.sub.html
[add]https://crrev.com/ecd916766fcea37603d7b56f858c5bdf19c42071/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/parent-navigates-child-allowed.html
[add]https://crrev.com/ecd916766fcea37603d7b56f858c5bdf19c42071/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/parent-navigates-child-allowed.html.headers
[add]https://crrev.com/ecd916766fcea37603d7b56f858c5bdf19c42071/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/parent-navigates-child-blocked-expected.txt
[add]https://crrev.com/ecd916766fcea37603d7b56f858c5bdf19c42071/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/parent-navigates-child-blocked.html
[add]https://crrev.com/ecd916766fcea37603d7b56f858c5bdf19c42071/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/parent-navigates-child-blocked.html.headers
[add]https://crrev.com/ecd916766fcea37603d7b56f858c5bdf19c42071/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/support/form_action_navigation.sub.html
[add]https://crrev.com/ecd916766fcea37603d7b56f858c5bdf19c42071/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/support/form_action_navigation.sub.html.sub.headers
[add]https://crrev.com/ecd916766fcea37603d7b56f858c5bdf19c42071/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/support/href_location_navigation.sub.html
[add]https://crrev.com/ecd916766fcea37603d7b56f858c5bdf19c42071/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/support/href_location_navigation.sub.html.sub.headers
[add]https://crrev.com/ecd916766fcea37603d7b56f858c5bdf19c42071/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/support/link_click_navigation.sub.html
[add]https://crrev.com/ecd916766fcea37603d7b56f858c5bdf19c42071/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/support/link_click_navigation.sub.html.sub.headers
[add]https://crrev.com/ecd916766fcea37603d7b56f858c5bdf19c42071/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/support/meta_refresh_navigation.sub.html
[add]https://crrev.com/ecd916766fcea37603d7b56f858c5bdf19c42071/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/support/meta_refresh_navigation.sub.html.sub.headers
[add]https://crrev.com/ecd916766fcea37603d7b56f858c5bdf19c42071/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/support/navigate_parent.sub.html
[add]https://crrev.com/ecd916766fcea37603d7b56f858c5bdf19c42071/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/support/navigate_parent.sub.html.sub.headers
[add]https://crrev.com/ecd916766fcea37603d7b56f858c5bdf19c42071/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/support/post_message_to_frame_owner.html
[add]https://crrev.com/ecd916766fcea37603d7b56f858c5bdf19c42071/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/support/redirect_to_post_message_to_frame_owner.py
[add]https://crrev.com/ecd916766fcea37603d7b56f858c5bdf19c42071/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/support/wait_for_navigation.html
[add]https://crrev.com/ecd916766fcea37603d7b56f858c5bdf19c42071/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/support/wait_for_navigation.html.sub.headers
commit ecd916766fcea37603d7b56f858c5bdf19c42071
Author: Andy Paicu <andypaicu@chromium.org>
Date: Thu Mar 08 10:57:03 2018
'navigate-to' directive tests
PR:
Bug: 805886
Change-Id: I5bdda65c7e70e729b33a3647135fee6453e97e66
Reviewed-on:
Commit-Queue: Andy Paicu <andypaicu@chromium.org>
Reviewed-by: Mike West <mkwst@chromium.org>
Cr-Commit-Position: refs/heads/master@{#541769}
[add]
[add]
[add]
[add]
[add]
[add]
[add]
[add]
[add]
[add]
[add]
[add]
[add]
[add]
[add]
[add]
[add]
[add]
[add]
[add]
[add]
[add]
[add]
[add]
[add]
[add]
[add]
[add]
[add]
[add]
[add]
[add]
[add]
[add]
[add]
[add]
[add]
[add]
[add]
[add]
[add]
[add]
[add]
[add]
[add]
[add]
[add]
[add]
[add]
[add]
[add]
[add]
[add]
[add]
[add]
[add]
[add]
[add]
[add]
[add]
[add]
[add]
[add]
[add]
[add]
[add]
an...@chromium.org
[Empty comment from Monorail migration]
an...@chromium.org
[Empty comment from Monorail migration]
bu...@chromium.org
The following revision refers to this bug:
https://chromium.googlesource.com/chromium/src.git/+/cd1e4e06d19b1624be069d564ce49978007f9a5b
commit cd1e4e06d19b1624be069d564ce49978007f9a5b
Author: Andy Paicu <andypaicu@chromium.org>
Date: Wed May 16 09:59:20 2018
Navigate-to current implementation level.
This feature is getting to big for a single code review so I'm splitting it up.
This is all behind the experimental CSP features flag.
What is covered:
The 'navigate-to' directive is now parsed and understood
The navigation relevant directives are passed as part of common params
A navigation csp context is created out of the navigation relevant directives
This navigation csp context is used to perform the 'navigate-to' checks
What is not covered but I will cover in future CRs:
securitypolicyviolation events are raised on the wrong host because we don't know
what the initiator is
CSP reports are sent using the current frame host as an intermediary which has
negative security implications
There are no WPT tests for the 'unsafe-allow-redirects' flag, only unit tests
I2S:https://groups.google.com/a/chromium.org/forum/#!topic/blink-dev/EJ4xF_DwZyk
Spec:https://w3c.github.io/webappsec-csp/#directive-navigate-to
Bug: 805886
Change-Id: Iaab324163dbe7389dcd440afa1ee51c0de215401
TBR=jochen@chromium.org
Change-Id: Iaab324163dbe7389dcd440afa1ee51c0de215401
Reviewed-on:https://chromium-review.googlesource.com/957726
Commit-Queue: Andy Paicu <andypaicu@chromium.org>
Reviewed-by: Jochen Eisinger <jochen@chromium.org>
Reviewed-by: Alex Moshchuk <alexmos@chromium.org>
Cr-Commit-Position: refs/heads/master@{#559026}
[modify]https://crrev.com/cd1e4e06d19b1624be069d564ce49978007f9a5b/content/browser/BUILD.gn
[modify]https://crrev.com/cd1e4e06d19b1624be069d564ce49978007f9a5b/content/browser/browser_side_navigation_browsertest.cc
[modify]https://crrev.com/cd1e4e06d19b1624be069d564ce49978007f9a5b/content/browser/frame_host/form_submission_throttle.cc
[modify]https://crrev.com/cd1e4e06d19b1624be069d564ce49978007f9a5b/content/browser/frame_host/navigation_entry_impl.cc
[modify]https://crrev.com/cd1e4e06d19b1624be069d564ce49978007f9a5b/content/browser/frame_host/navigation_request.cc
[modify]https://crrev.com/cd1e4e06d19b1624be069d564ce49978007f9a5b/content/browser/frame_host/navigation_request.h
[modify]https://crrev.com/cd1e4e06d19b1624be069d564ce49978007f9a5b/content/browser/frame_host/render_frame_host_impl.cc
[add]https://crrev.com/cd1e4e06d19b1624be069d564ce49978007f9a5b/content/browser/initiator_csp_context.cc
[add]https://crrev.com/cd1e4e06d19b1624be069d564ce49978007f9a5b/content/browser/initiator_csp_context.h
[modify]https://crrev.com/cd1e4e06d19b1624be069d564ce49978007f9a5b/content/common/content_security_policy/content_security_policy.cc
[modify]https://crrev.com/cd1e4e06d19b1624be069d564ce49978007f9a5b/content/common/content_security_policy/content_security_policy.h
[modify]https://crrev.com/cd1e4e06d19b1624be069d564ce49978007f9a5b/content/common/content_security_policy/content_security_policy_unittest.cc
[modify]https://crrev.com/cd1e4e06d19b1624be069d564ce49978007f9a5b/content/common/content_security_policy/csp_context.cc
[modify]https://crrev.com/cd1e4e06d19b1624be069d564ce49978007f9a5b/content/common/content_security_policy/csp_context.h
[modify]https://crrev.com/cd1e4e06d19b1624be069d564ce49978007f9a5b/content/common/content_security_policy/csp_context_unittest.cc
[modify]https://crrev.com/cd1e4e06d19b1624be069d564ce49978007f9a5b/content/common/content_security_policy/csp_directive.cc
[modify]https://crrev.com/cd1e4e06d19b1624be069d564ce49978007f9a5b/content/common/content_security_policy/csp_directive.h
[modify]https://crrev.com/cd1e4e06d19b1624be069d564ce49978007f9a5b/content/common/content_security_policy/csp_source_list.cc
[modify]https://crrev.com/cd1e4e06d19b1624be069d564ce49978007f9a5b/content/common/content_security_policy/csp_source_list.h
[modify]https://crrev.com/cd1e4e06d19b1624be069d564ce49978007f9a5b/content/common/content_security_policy/csp_source_list_unittest.cc
[modify]https://crrev.com/cd1e4e06d19b1624be069d564ce49978007f9a5b/content/common/frame_messages.h
[modify]https://crrev.com/cd1e4e06d19b1624be069d564ce49978007f9a5b/content/common/navigation_params.cc
[modify]https://crrev.com/cd1e4e06d19b1624be069d564ce49978007f9a5b/content/common/navigation_params.h
[modify]https://crrev.com/cd1e4e06d19b1624be069d564ce49978007f9a5b/content/public/test/render_view_test.cc
[modify]https://crrev.com/cd1e4e06d19b1624be069d564ce49978007f9a5b/content/renderer/content_security_policy_util.cc
[modify]https://crrev.com/cd1e4e06d19b1624be069d564ce49978007f9a5b/content/renderer/content_security_policy_util.h
[modify]https://crrev.com/cd1e4e06d19b1624be069d564ce49978007f9a5b/content/renderer/render_frame_impl.cc
[modify]https://crrev.com/cd1e4e06d19b1624be069d564ce49978007f9a5b/content/renderer/render_frame_impl.h
[modify]https://crrev.com/cd1e4e06d19b1624be069d564ce49978007f9a5b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/child-navigates-parent-allowed.html.headers
[delete]https://crrev.com/400881d78eee06884ebc488096caacf7ca70f74c/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/child-navigates-parent-blocked-expected.txt
[delete]https://crrev.com/400881d78eee06884ebc488096caacf7ca70f74c/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/child-navigates-parent-blocked.html
[add]https://crrev.com/cd1e4e06d19b1624be069d564ce49978007f9a5b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/child-navigates-parent-blocked.sub.html
[rename]https://crrev.com/cd1e4e06d19b1624be069d564ce49978007f9a5b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/child-navigates-parent-blocked.sub.html.headers
[modify]https://crrev.com/cd1e4e06d19b1624be069d564ce49978007f9a5b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/form-allowed.html
[delete]https://crrev.com/400881d78eee06884ebc488096caacf7ca70f74c/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/form-blocked-expected.txt
[delete]https://crrev.com/400881d78eee06884ebc488096caacf7ca70f74c/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/form-blocked.html
[add]https://crrev.com/cd1e4e06d19b1624be069d564ce49978007f9a5b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/form-blocked.sub.html
[modify]https://crrev.com/cd1e4e06d19b1624be069d564ce49978007f9a5b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/form-cross-origin-allowed.sub.html
[delete]https://crrev.com/400881d78eee06884ebc488096caacf7ca70f74c/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/form-cross-origin-blocked.sub-expected.txt
[modify]https://crrev.com/cd1e4e06d19b1624be069d564ce49978007f9a5b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/form-cross-origin-blocked.sub.html
[modify]https://crrev.com/cd1e4e06d19b1624be069d564ce49978007f9a5b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/form-redirected-allowed.html
[delete]https://crrev.com/400881d78eee06884ebc488096caacf7ca70f74c/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/form-redirected-blocked.sub-expected.txt
[modify]https://crrev.com/cd1e4e06d19b1624be069d564ce49978007f9a5b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/form-redirected-blocked.sub.html
[modify]https://crrev.com/cd1e4e06d19b1624be069d564ce49978007f9a5b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/href-location-allowed.html
[delete]https://crrev.com/400881d78eee06884ebc488096caacf7ca70f74c/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/href-location-blocked-expected.txt
[delete]https://crrev.com/400881d78eee06884ebc488096caacf7ca70f74c/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/href-location-blocked.html
[add]https://crrev.com/cd1e4e06d19b1624be069d564ce49978007f9a5b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/href-location-blocked.sub.html
[modify]https://crrev.com/cd1e4e06d19b1624be069d564ce49978007f9a5b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/href-location-cross-origin-allowed.sub.html
[delete]https://crrev.com/400881d78eee06884ebc488096caacf7ca70f74c/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/href-location-cross-origin-blocked.sub-expected.txt
[modify]https://crrev.com/cd1e4e06d19b1624be069d564ce49978007f9a5b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/href-location-cross-origin-blocked.sub.html
[modify]https://crrev.com/cd1e4e06d19b1624be069d564ce49978007f9a5b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/href-location-redirected-allowed.html
[delete]https://crrev.com/400881d78eee06884ebc488096caacf7ca70f74c/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/href-location-redirected-blocked.sub-expected.txt
[modify]https://crrev.com/cd1e4e06d19b1624be069d564ce49978007f9a5b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/href-location-redirected-blocked.sub.html
[modify]https://crrev.com/cd1e4e06d19b1624be069d564ce49978007f9a5b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/link-click-allowed.html
[delete]https://crrev.com/400881d78eee06884ebc488096caacf7ca70f74c/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/link-click-blocked-expected.txt
[delete]https://crrev.com/400881d78eee06884ebc488096caacf7ca70f74c/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/link-click-blocked.html
[add]https://crrev.com/cd1e4e06d19b1624be069d564ce49978007f9a5b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/link-click-blocked.sub.html
[modify]https://crrev.com/cd1e4e06d19b1624be069d564ce49978007f9a5b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/link-click-cross-origin-allowed.sub.html
[delete]https://crrev.com/400881d78eee06884ebc488096caacf7ca70f74c/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/link-click-cross-origin-blocked.sub-expected.txt
[modify]https://crrev.com/cd1e4e06d19b1624be069d564ce49978007f9a5b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/link-click-cross-origin-blocked.sub.html
[modify]https://crrev.com/cd1e4e06d19b1624be069d564ce49978007f9a5b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/link-click-redirected-allowed.html
[delete]https://crrev.com/400881d78eee06884ebc488096caacf7ca70f74c/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/link-click-redirected-blocked.sub-expected.txt
[modify]https://crrev.com/cd1e4e06d19b1624be069d564ce49978007f9a5b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/link-click-redirected-blocked.sub.html
[delete]https://crrev.com/400881d78eee06884ebc488096caacf7ca70f74c/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/meta-refresh-blocked-expected.txt
[delete]https://crrev.com/400881d78eee06884ebc488096caacf7ca70f74c/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/meta-refresh-blocked.html
[add]https://crrev.com/cd1e4e06d19b1624be069d564ce49978007f9a5b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/meta-refresh-blocked.sub.html
[delete]https://crrev.com/400881d78eee06884ebc488096caacf7ca70f74c/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/meta-refresh-cross-origin-blocked.sub-expected.txt
[modify]https://crrev.com/cd1e4e06d19b1624be069d564ce49978007f9a5b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/meta-refresh-cross-origin-blocked.sub.html
[delete]https://crrev.com/400881d78eee06884ebc488096caacf7ca70f74c/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/meta-refresh-redirected-blocked.sub-expected.txt
[modify]https://crrev.com/cd1e4e06d19b1624be069d564ce49978007f9a5b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/meta-refresh-redirected-blocked.sub.html
[delete]https://crrev.com/400881d78eee06884ebc488096caacf7ca70f74c/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/parent-navigates-child-blocked-expected.txt
[modify]https://crrev.com/cd1e4e06d19b1624be069d564ce49978007f9a5b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/parent-navigates-child-blocked.html
[delete]https://crrev.com/400881d78eee06884ebc488096caacf7ca70f74c/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/parent-navigates-child-blocked.html.headers
[add]https://crrev.com/cd1e4e06d19b1624be069d564ce49978007f9a5b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/parent-navigates-child-blocked.html.sub.headers
[modify]https://crrev.com/cd1e4e06d19b1624be069d564ce49978007f9a5b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/support/form_action_navigation.sub.html
[modify]https://crrev.com/cd1e4e06d19b1624be069d564ce49978007f9a5b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/support/form_action_navigation.sub.html.sub.headers
[modify]https://crrev.com/cd1e4e06d19b1624be069d564ce49978007f9a5b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/support/href_location_navigation.sub.html
[modify]https://crrev.com/cd1e4e06d19b1624be069d564ce49978007f9a5b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/support/href_location_navigation.sub.html.sub.headers
[modify]https://crrev.com/cd1e4e06d19b1624be069d564ce49978007f9a5b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/support/link_click_navigation.sub.html
[modify]https://crrev.com/cd1e4e06d19b1624be069d564ce49978007f9a5b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/support/link_click_navigation.sub.html.sub.headers
[modify]https://crrev.com/cd1e4e06d19b1624be069d564ce49978007f9a5b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/support/meta_refresh_navigation.sub.html
[modify]https://crrev.com/cd1e4e06d19b1624be069d564ce49978007f9a5b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/support/meta_refresh_navigation.sub.html.sub.headers
[modify]https://crrev.com/cd1e4e06d19b1624be069d564ce49978007f9a5b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/support/navigate_parent.sub.html.sub.headers
[modify]https://crrev.com/cd1e4e06d19b1624be069d564ce49978007f9a5b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/support/redirect_to_post_message_to_frame_owner.py
[modify]https://crrev.com/cd1e4e06d19b1624be069d564ce49978007f9a5b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/support/checkReport.sub.js
[modify]https://crrev.com/cd1e4e06d19b1624be069d564ce49978007f9a5b/third_party/blink/public/platform/web_content_security_policy_struct.h
[modify]https://crrev.com/cd1e4e06d19b1624be069d564ce49978007f9a5b/third_party/blink/public/platform/web_url_request.h
[modify]https://crrev.com/cd1e4e06d19b1624be069d564ce49978007f9a5b/third_party/blink/renderer/core/frame/csp/content_security_policy.cc
[modify]https://crrev.com/cd1e4e06d19b1624be069d564ce49978007f9a5b/third_party/blink/renderer/core/frame/csp/content_security_policy.h
[modify]https://crrev.com/cd1e4e06d19b1624be069d564ce49978007f9a5b/third_party/blink/renderer/core/frame/csp/content_security_policy_test.cc
[modify]https://crrev.com/cd1e4e06d19b1624be069d564ce49978007f9a5b/third_party/blink/renderer/core/frame/csp/csp_directive_list.cc
[modify]https://crrev.com/cd1e4e06d19b1624be069d564ce49978007f9a5b/third_party/blink/renderer/core/frame/csp/csp_directive_list.h
[modify]https://crrev.com/cd1e4e06d19b1624be069d564ce49978007f9a5b/third_party/blink/renderer/core/frame/csp/source_list_directive.cc
[modify]https://crrev.com/cd1e4e06d19b1624be069d564ce49978007f9a5b/third_party/blink/renderer/core/frame/csp/source_list_directive.h
[modify]https://crrev.com/cd1e4e06d19b1624be069d564ce49978007f9a5b/third_party/blink/renderer/core/loader/frame_loader.cc
[modify]https://crrev.com/cd1e4e06d19b1624be069d564ce49978007f9a5b/third_party/blink/renderer/platform/exported/web_url_request.cc
[modify]https://crrev.com/cd1e4e06d19b1624be069d564ce49978007f9a5b/third_party/blink/renderer/platform/loader/fetch/resource_request.cc
[modify]https://crrev.com/cd1e4e06d19b1624be069d564ce49978007f9a5b/third_party/blink/renderer/platform/loader/fetch/resource_request.h
commit cd1e4e06d19b1624be069d564ce49978007f9a5b
Author: Andy Paicu <andypaicu@chromium.org>
Date: Wed May 16 09:59:20 2018
Navigate-to current implementation level.
This feature is getting to big for a single code review so I'm splitting it up.
This is all behind the experimental CSP features flag.
What is covered:
The 'navigate-to' directive is now parsed and understood
The navigation relevant directives are passed as part of common params
A navigation csp context is created out of the navigation relevant directives
This navigation csp context is used to perform the 'navigate-to' checks
What is not covered but I will cover in future CRs:
securitypolicyviolation events are raised on the wrong host because we don't know
what the initiator is
CSP reports are sent using the current frame host as an intermediary which has
negative security implications
There are no WPT tests for the 'unsafe-allow-redirects' flag, only unit tests
I2S:
Spec:
Bug: 805886
Change-Id: Iaab324163dbe7389dcd440afa1ee51c0de215401
TBR=jochen@chromium.org
Change-Id: Iaab324163dbe7389dcd440afa1ee51c0de215401
Reviewed-on:
Commit-Queue: Andy Paicu <andypaicu@chromium.org>
Reviewed-by: Jochen Eisinger <jochen@chromium.org>
Reviewed-by: Alex Moshchuk <alexmos@chromium.org>
Cr-Commit-Position: refs/heads/master@{#559026}
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[add]
[add]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[delete]
[delete]
[add]
[rename]
[modify]
[delete]
[delete]
[add]
[modify]
[delete]
[modify]
[modify]
[delete]
[modify]
[modify]
[delete]
[delete]
[add]
[modify]
[delete]
[modify]
[modify]
[delete]
[modify]
[modify]
[delete]
[delete]
[add]
[modify]
[delete]
[modify]
[modify]
[delete]
[modify]
[delete]
[delete]
[add]
[delete]
[modify]
[delete]
[modify]
[delete]
[modify]
[delete]
[add]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
bu...@chromium.org
The following revision refers to this bug:
https://chromium.googlesource.com/chromium/src.git/+/c93d30860caccb4c17b5bb0a897888575d06c9fd
commit c93d30860caccb4c17b5bb0a897888575d06c9fd
Author: Andy Paicu <andypaicu@chromium.org>
Date: Wed Oct 10 15:33:45 2018
"navigate-to" remaining work
This patch includes:
The security violation event and CSP report are now sent to the correct
document via an interface ptr sent though the common params
Added 'unsafe-allowed-redirects' keyword tests
Bundled all CSP info into one InitiatorCSPInfo struct
Modified existing tests to test the violation event as well
Bug: 837627, 805886
Change-Id: I03124f29d4205ad4a5c2ac899b15f42e8e23659b
Reviewed-on:https://chromium-review.googlesource.com/c/1124476
Commit-Queue: Andy Paicu <andypaicu@chromium.org>
Reviewed-by: Jochen Eisinger <jochen@chromium.org>
Reviewed-by: Alex Moshchuk <alexmos@chromium.org>
Reviewed-by: Mike West <mkwst@chromium.org>
Reviewed-by: Arthur Sonzogni <arthursonzogni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#598336}
[modify]https://crrev.com/c93d30860caccb4c17b5bb0a897888575d06c9fd/components/printing/renderer/print_render_frame_helper.cc
[modify]https://crrev.com/c93d30860caccb4c17b5bb0a897888575d06c9fd/content/browser/frame_host/form_submission_throttle.cc
[modify]https://crrev.com/c93d30860caccb4c17b5bb0a897888575d06c9fd/content/browser/frame_host/form_submission_throttle.h
[modify]https://crrev.com/c93d30860caccb4c17b5bb0a897888575d06c9fd/content/browser/frame_host/navigation_entry_impl.cc
[modify]https://crrev.com/c93d30860caccb4c17b5bb0a897888575d06c9fd/content/browser/frame_host/navigation_request.cc
[modify]https://crrev.com/c93d30860caccb4c17b5bb0a897888575d06c9fd/content/browser/frame_host/navigation_request.h
[modify]https://crrev.com/c93d30860caccb4c17b5bb0a897888575d06c9fd/content/browser/frame_host/navigator.cc
[modify]https://crrev.com/c93d30860caccb4c17b5bb0a897888575d06c9fd/content/browser/frame_host/navigator.h
[modify]https://crrev.com/c93d30860caccb4c17b5bb0a897888575d06c9fd/content/browser/frame_host/navigator_impl.cc
[modify]https://crrev.com/c93d30860caccb4c17b5bb0a897888575d06c9fd/content/browser/frame_host/navigator_impl.h
[modify]https://crrev.com/c93d30860caccb4c17b5bb0a897888575d06c9fd/content/browser/frame_host/render_frame_host_impl.cc
[modify]https://crrev.com/c93d30860caccb4c17b5bb0a897888575d06c9fd/content/browser/frame_host/render_frame_host_impl.h
[modify]https://crrev.com/c93d30860caccb4c17b5bb0a897888575d06c9fd/content/browser/initiator_csp_context.cc
[modify]https://crrev.com/c93d30860caccb4c17b5bb0a897888575d06c9fd/content/browser/initiator_csp_context.h
[modify]https://crrev.com/c93d30860caccb4c17b5bb0a897888575d06c9fd/content/browser/navigation_browsertest.cc
[modify]https://crrev.com/c93d30860caccb4c17b5bb0a897888575d06c9fd/content/common/content_security_policy/content_security_policy.cc
[modify]https://crrev.com/c93d30860caccb4c17b5bb0a897888575d06c9fd/content/common/content_security_policy/content_security_policy.h
[modify]https://crrev.com/c93d30860caccb4c17b5bb0a897888575d06c9fd/content/common/content_security_policy/content_security_policy_unittest.cc
[modify]https://crrev.com/c93d30860caccb4c17b5bb0a897888575d06c9fd/content/common/content_security_policy/csp_context.cc
[modify]https://crrev.com/c93d30860caccb4c17b5bb0a897888575d06c9fd/content/common/content_security_policy/csp_context.h
[modify]https://crrev.com/c93d30860caccb4c17b5bb0a897888575d06c9fd/content/common/content_security_policy/csp_source.cc
[modify]https://crrev.com/c93d30860caccb4c17b5bb0a897888575d06c9fd/content/common/content_security_policy/csp_source.h
[modify]https://crrev.com/c93d30860caccb4c17b5bb0a897888575d06c9fd/content/common/content_security_policy/csp_source_list.cc
[modify]https://crrev.com/c93d30860caccb4c17b5bb0a897888575d06c9fd/content/common/content_security_policy/csp_source_list.h
[modify]https://crrev.com/c93d30860caccb4c17b5bb0a897888575d06c9fd/content/common/frame.mojom
[modify]https://crrev.com/c93d30860caccb4c17b5bb0a897888575d06c9fd/content/common/frame_messages.h
[modify]https://crrev.com/c93d30860caccb4c17b5bb0a897888575d06c9fd/content/common/navigation_params.cc
[modify]https://crrev.com/c93d30860caccb4c17b5bb0a897888575d06c9fd/content/common/navigation_params.h
[modify]https://crrev.com/c93d30860caccb4c17b5bb0a897888575d06c9fd/content/public/test/navigation_simulator.cc
[modify]https://crrev.com/c93d30860caccb4c17b5bb0a897888575d06c9fd/content/public/test/render_view_test.cc
[modify]https://crrev.com/c93d30860caccb4c17b5bb0a897888575d06c9fd/content/renderer/pepper/pepper_plugin_instance_impl.cc
[modify]https://crrev.com/c93d30860caccb4c17b5bb0a897888575d06c9fd/content/renderer/render_frame_impl.cc
[modify]https://crrev.com/c93d30860caccb4c17b5bb0a897888575d06c9fd/content/renderer/render_frame_impl.h
[modify]https://crrev.com/c93d30860caccb4c17b5bb0a897888575d06c9fd/content/test/test_render_frame.cc
[modify]https://crrev.com/c93d30860caccb4c17b5bb0a897888575d06c9fd/content/test/test_render_frame_host.cc
[modify]https://crrev.com/c93d30860caccb4c17b5bb0a897888575d06c9fd/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/child-navigates-parent-allowed.html
[modify]https://crrev.com/c93d30860caccb4c17b5bb0a897888575d06c9fd/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/child-navigates-parent-blocked.sub.html
[modify]https://crrev.com/c93d30860caccb4c17b5bb0a897888575d06c9fd/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/form-action/form-action-allows-navigate-to-allows.html
[modify]https://crrev.com/c93d30860caccb4c17b5bb0a897888575d06c9fd/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/form-action/form-action-allows-navigate-to-blocks.html
[modify]https://crrev.com/c93d30860caccb4c17b5bb0a897888575d06c9fd/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/form-action/form-action-blocks-navigate-to-allows.html
[modify]https://crrev.com/c93d30860caccb4c17b5bb0a897888575d06c9fd/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/form-action/form-action-blocks-navigate-to-blocks.html
[modify]https://crrev.com/c93d30860caccb4c17b5bb0a897888575d06c9fd/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/form-blocked.sub.html
[modify]https://crrev.com/c93d30860caccb4c17b5bb0a897888575d06c9fd/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/form-cross-origin-blocked.sub.html
[modify]https://crrev.com/c93d30860caccb4c17b5bb0a897888575d06c9fd/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/form-redirected-blocked.sub.html
[modify]https://crrev.com/c93d30860caccb4c17b5bb0a897888575d06c9fd/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/href-location-blocked.sub.html
[modify]https://crrev.com/c93d30860caccb4c17b5bb0a897888575d06c9fd/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/href-location-cross-origin-blocked.sub.html
[modify]https://crrev.com/c93d30860caccb4c17b5bb0a897888575d06c9fd/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/href-location-redirected-blocked.sub.html
[modify]https://crrev.com/c93d30860caccb4c17b5bb0a897888575d06c9fd/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/link-click-allowed.html
[modify]https://crrev.com/c93d30860caccb4c17b5bb0a897888575d06c9fd/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/link-click-blocked.sub.html
[modify]https://crrev.com/c93d30860caccb4c17b5bb0a897888575d06c9fd/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/link-click-cross-origin-allowed.sub.html
[modify]https://crrev.com/c93d30860caccb4c17b5bb0a897888575d06c9fd/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/link-click-cross-origin-blocked.sub.html
[modify]https://crrev.com/c93d30860caccb4c17b5bb0a897888575d06c9fd/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/link-click-redirected-allowed.html
[modify]https://crrev.com/c93d30860caccb4c17b5bb0a897888575d06c9fd/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/link-click-redirected-blocked.sub.html
[modify]https://crrev.com/c93d30860caccb4c17b5bb0a897888575d06c9fd/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/meta-refresh-blocked.sub.html
[modify]https://crrev.com/c93d30860caccb4c17b5bb0a897888575d06c9fd/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/meta-refresh-cross-origin-blocked.sub.html
[modify]https://crrev.com/c93d30860caccb4c17b5bb0a897888575d06c9fd/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/meta-refresh-redirected-blocked.sub.html
[modify]https://crrev.com/c93d30860caccb4c17b5bb0a897888575d06c9fd/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/parent-navigates-child-allowed.html
[modify]https://crrev.com/c93d30860caccb4c17b5bb0a897888575d06c9fd/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/parent-navigates-child-blocked.html
[add]https://crrev.com/c93d30860caccb4c17b5bb0a897888575d06c9fd/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/spv-only-sent-to-initiator.html
[add]https://crrev.com/c93d30860caccb4c17b5bb0a897888575d06c9fd/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/support/delayed_frame.py
[modify]https://crrev.com/c93d30860caccb4c17b5bb0a897888575d06c9fd/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/support/href_location_navigation.sub.html
[modify]https://crrev.com/c93d30860caccb4c17b5bb0a897888575d06c9fd/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/support/link_click_navigation.sub.html
[modify]https://crrev.com/c93d30860caccb4c17b5bb0a897888575d06c9fd/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/support/redirect_to_post_message_to_frame_owner.py
[add]https://crrev.com/c93d30860caccb4c17b5bb0a897888575d06c9fd/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/support/spv-test-iframe1.sub.html
[add]https://crrev.com/c93d30860caccb4c17b5bb0a897888575d06c9fd/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/support/spv-test-iframe1.sub.html.sub.headers
[add]https://crrev.com/c93d30860caccb4c17b5bb0a897888575d06c9fd/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/support/spv-test-iframe2.sub.html
[add]https://crrev.com/c93d30860caccb4c17b5bb0a897888575d06c9fd/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/support/spv-test-iframe3.sub.html
[add]https://crrev.com/c93d30860caccb4c17b5bb0a897888575d06c9fd/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/unsafe-allow-redirects/allowed-end-of-chain-because-of-same-origin.sub.html
[add]https://crrev.com/c93d30860caccb4c17b5bb0a897888575d06c9fd/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/unsafe-allow-redirects/allowed-end-of-chain.sub.html
[add]https://crrev.com/c93d30860caccb4c17b5bb0a897888575d06c9fd/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/navigate-to/unsafe-allow-redirects/blocked-end-of-chain.sub.html
[modify]https://crrev.com/c93d30860caccb4c17b5bb0a897888575d06c9fd/third_party/blink/public/mojom/BUILD.gn
[add]https://crrev.com/c93d30860caccb4c17b5bb0a897888575d06c9fd/third_party/blink/public/mojom/frame/navigation_initiator.mojom
[modify]https://crrev.com/c93d30860caccb4c17b5bb0a897888575d06c9fd/third_party/blink/public/platform/web_url_request.h
[modify]https://crrev.com/c93d30860caccb4c17b5bb0a897888575d06c9fd/third_party/blink/public/web/web_local_frame_client.h
[modify]https://crrev.com/c93d30860caccb4c17b5bb0a897888575d06c9fd/third_party/blink/renderer/core/dom/document.cc
[modify]https://crrev.com/c93d30860caccb4c17b5bb0a897888575d06c9fd/third_party/blink/renderer/core/dom/document.h
[modify]https://crrev.com/c93d30860caccb4c17b5bb0a897888575d06c9fd/third_party/blink/renderer/core/exported/local_frame_client_impl.cc
[modify]https://crrev.com/c93d30860caccb4c17b5bb0a897888575d06c9fd/third_party/blink/renderer/core/exported/local_frame_client_impl.h
[modify]https://crrev.com/c93d30860caccb4c17b5bb0a897888575d06c9fd/third_party/blink/renderer/core/exported/web_document_subresource_filter_test.cc
[modify]https://crrev.com/c93d30860caccb4c17b5bb0a897888575d06c9fd/third_party/blink/renderer/core/exported/web_frame_test.cc
[modify]https://crrev.com/c93d30860caccb4c17b5bb0a897888575d06c9fd/third_party/blink/renderer/core/frame/local_frame_client.h
[modify]https://crrev.com/c93d30860caccb4c17b5bb0a897888575d06c9fd/third_party/blink/renderer/core/loader/empty_clients.h
[modify]https://crrev.com/c93d30860caccb4c17b5bb0a897888575d06c9fd/third_party/blink/renderer/core/loader/frame_loader.cc
[modify]https://crrev.com/c93d30860caccb4c17b5bb0a897888575d06c9fd/third_party/blink/renderer/platform/exported/web_url_request.cc
commit c93d30860caccb4c17b5bb0a897888575d06c9fd
Author: Andy Paicu <andypaicu@chromium.org>
Date: Wed Oct 10 15:33:45 2018
"navigate-to" remaining work
This patch includes:
The security violation event and CSP report are now sent to the correct
document via an interface ptr sent though the common params
Added 'unsafe-allowed-redirects' keyword tests
Bundled all CSP info into one InitiatorCSPInfo struct
Modified existing tests to test the violation event as well
Bug: 837627, 805886
Change-Id: I03124f29d4205ad4a5c2ac899b15f42e8e23659b
Reviewed-on:
Commit-Queue: Andy Paicu <andypaicu@chromium.org>
Reviewed-by: Jochen Eisinger <jochen@chromium.org>
Reviewed-by: Alex Moshchuk <alexmos@chromium.org>
Reviewed-by: Mike West <mkwst@chromium.org>
Reviewed-by: Arthur Sonzogni <arthursonzogni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#598336}
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[add]
[add]
[modify]
[modify]
[modify]
[add]
[add]
[add]
[add]
[add]
[add]
[add]
[modify]
[add]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
[modify]
bu...@chops-service-accounts.iam.gserviceaccount.com
The following revision refers to this bug:
https://chromium.googlesource.com/chromium/src.git/+/ceaafd48c2f962f9e894e36956401db5094798d6
commit ceaafd48c2f962f9e894e36956401db5094798d6
Author: Andy Paicu <andypaicu@chromium.org>
Date: Fri Mar 13 16:20:39 2020
Launch the `navigate-to` directive
The directive has been behind a flag for a year and we have received
no [negative] feedback.
Spec:https://w3c.github.io/webappsec-csp/#directive-navigate-to
I2S:https://groups.google.com/a/chromium.org/forum/#!topic/blink-dev/EJ4xF_DwZyk
Bug: 805886
Change-Id: I746aed4032149b86a5f9974246e2ec35bf8eb356
Reviewed-on:https://chromium-review.googlesource.com/c/chromium/src/+/1856100
Reviewed-by: Andy Paicu <andypaicu@chromium.org>
Reviewed-by: Mike West <mkwst@chromium.org>
Commit-Queue: Andy Paicu <andypaicu@chromium.org>
Auto-Submit: Andy Paicu <andypaicu@chromium.org>
Cr-Commit-Position: refs/heads/master@{#750183}
[modify]https://crrev.com/ceaafd48c2f962f9e894e36956401db5094798d6/third_party/blink/renderer/core/loader/frame_loader.cc
commit ceaafd48c2f962f9e894e36956401db5094798d6
Author: Andy Paicu <andypaicu@chromium.org>
Date: Fri Mar 13 16:20:39 2020
Launch the `navigate-to` directive
The directive has been behind a flag for a year and we have received
no [negative] feedback.
Spec:
I2S:
Bug: 805886
Change-Id: I746aed4032149b86a5f9974246e2ec35bf8eb356
Reviewed-on:
Reviewed-by: Andy Paicu <andypaicu@chromium.org>
Reviewed-by: Mike West <mkwst@chromium.org>
Commit-Queue: Andy Paicu <andypaicu@chromium.org>
Auto-Submit: Andy Paicu <andypaicu@chromium.org>
Cr-Commit-Position: refs/heads/master@{#750183}
[modify]
bu...@chops-service-accounts.iam.gserviceaccount.com
The following revision refers to this bug:
https://chromium.googlesource.com/chromium/src.git/+/d4a648ae674f0f8889ca3d0c6e9ba182fc3fd5a0
commit d4a648ae674f0f8889ca3d0c6e9ba182fc3fd5a0
Author: Andy Paicu <andypaicu@chromium.org>
Date: Wed Mar 18 11:37:54 2020
Revert "Launch the `navigate-to` directive"
This reverts commit ceaafd48c2f962f9e894e36956401db5094798d6.
Reason for revert: likely cause of clusterfuzz crash
Original change's description:
commit d4a648ae674f0f8889ca3d0c6e9ba182fc3fd5a0
Author: Andy Paicu <andypaicu@chromium.org>
Date: Wed Mar 18 11:37:54 2020
Revert "Launch the `navigate-to` directive"
This reverts commit ceaafd48c2f962f9e894e36956401db5094798d6.
Reason for revert: likely cause of clusterfuzz crash
Original change's description:
TBR=mkwst@chromium.org,andypaicu@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
TBR=mkwst@chromium.org
Bug: 805886
Change-Id: I03090af2eaee38c57084b4f0d8d0307e9d8e72aa
Reviewed-on:
Commit-Queue: Andy Paicu <andypaicu@chromium.org>
Reviewed-by: Andy Paicu <andypaicu@chromium.org>
Cr-Commit-Position: refs/heads/master@{#751289}
[modify]
ar...@chromium.org
[Empty comment from Monorail migration]
fa...@chromium.org
[Description Changed]
fa...@chromium.org
I'll re-open this as the final commit was a Revert, so it's more clear this has not launched yet. Please re-close if this was meant to stay closed.
fa...@chromium.org
[Empty comment from Monorail migration]
jb...@chromium.org
[Empty comment from Monorail migration]
jb...@chromium.org
[Empty comment from Monorail migration]
jb...@chromium.org
[Empty comment from Monorail migration]
ar...@google.com
[Empty comment from Monorail migration]
an...@chromium.org
[Empty comment from Monorail migration]
an...@chromium.org
No longer working on this. Setting back to available.
an...@chromium.org
I think it makes sense to close this for now. We are not actively working on this, and navigate-to has been removed from the CSP spec for now.
an...@chromium.org
[Empty comment from Monorail migration]
ar...@chromium.org
[Empty comment from Monorail migration]
is...@google.com
This issue was migrated from crbug.com/chromium/805886?no_tracker_redirect=1
[Auto-CCs applied]
[Monorail blocked-on:crbug.com/chromium/1346605 , crbug.com/chromium/1350804 , crbug.com/chromium/1354640 , crbug.com/chromium/1363311 , crbug.com/chromium/837627 ]
[Monorail blocking:crbug.com/chromium/1211609 , crbug.com/chromium/749395 ]
[Monorail components added to Component Tags custom field.]
[Auto-CCs applied]
[Monorail blocked-on:
[Monorail blocking:
[Monorail components added to Component Tags custom field.]
Description
chromestatus: