<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"

"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />

<title>[206254] trunk/Source/WebCore</title>

</head>

<body>

<style type="text/css"><!--

#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }

#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }

#msg dt:after { content:':';}

#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt;  }

#msg dl a { font-weight: bold}

#msg dl a:link    { color:#fc3; }

#msg dl a:active  { color:#ff0; }

#msg dl a:visited { color:#cc6; }

h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }

#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }

#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }

#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }

#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }

#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }

#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }

#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }

#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }

#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }

#logmsg pre { background: #eee; padding: 1em; }

#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}

#logmsg dl { margin: 0; }

#logmsg dt { font-weight: bold; }

#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }

#logmsg dd:before { content:'\00bb';}

#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }

#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }

#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }

#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }

#logmsg table th.Corner { text-align: left; }

#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }

#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }

#patch { width: 100%; }

#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}

#patch .propset h4, #patch .binary h4 {margin:0;}

#patch pre {padding:0;line-height:1.2em;margin:0;}

#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}

#patch .propset .diff, #patch .binary .diff  {padding:10px 0;}

#patch span {display:block;padding:0 10px;}

#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}

#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}

#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}

#patch .lines, .info {color:#888;background:#fff;}

--></style>

<div id="msg">

<dl class="meta">

<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/206254">206254</a></dd>

<dt>Author</dt> <dd>commit-queue@webkit.org</dd>

<dt>Date</dt> <dd>2016-09-22 01:28:37 -0700 (Thu, 22 Sep 2016)</dd>

</dl>

<h3>Log Message</h3>

<pre>Refactor ContentSecurityPolicy::allow* methods

https://bugs.webkit.org/show_bug.cgi?id=162335

Patch by Youenn Fablet &lt;youenn@apple.com&gt; on 2016-09-22

Reviewed by Darin Adler.

No change of behavior.

Removing the second parameter of ContentSecurityPolicy::allow* methods.

When true, this parameter makes the methods return true.

This patch updates the callers of allow* methods to check for the parameter before making the call.

Made some refactoring to share more code between the various allow* methods.

* Modules/fetch/FetchLoader.cpp:

(WebCore::FetchLoader::start):

* Modules/websockets/WebSocket.cpp:

(WebCore::WebSocket::connect):

* html/HTMLMediaElement.cpp:

(WebCore::HTMLMediaElement::isSafeToLoadURL):

(WebCore::HTMLMediaElement::outOfBandTrackSources):

* html/HTMLPlugInImageElement.cpp:

(WebCore::HTMLPlugInImageElement::allowedToLoadPluginContent):

* html/HTMLTrackElement.cpp:

(WebCore::HTMLTrackElement::canLoadURL):

* loader/DocumentThreadableLoader.cpp:

(WebCore::DocumentThreadableLoader::DocumentThreadableLoader):

(WebCore::DocumentThreadableLoader::redirectReceived):

(WebCore::DocumentThreadableLoader::loadRequest):

(WebCore::DocumentThreadableLoader::isAllowedByContentSecurityPolicy):

* loader/DocumentThreadableLoader.h:

* loader/FrameLoader.cpp:

(WebCore::FrameLoader::checkIfFormActionAllowedByCSP):

* loader/PolicyChecker.cpp:

(WebCore::isAllowedByContentSecurityPolicy):

* loader/SubframeLoader.cpp:

(WebCore::SubframeLoader::createJavaAppletWidget):

* loader/cache/CachedResourceLoader.cpp:

(WebCore::CachedResourceLoader::allowedByContentSecurityPolicy):

* page/EventSource.cpp:

(WebCore::EventSource::create):

* page/csp/ContentSecurityPolicy.cpp:

(WebCore::ContentSecurityPolicy::allowObjectFromSource):

(WebCore::ContentSecurityPolicy::allowChildFrameFromSource):

(WebCore::ContentSecurityPolicy::allowResourceFromSource):

(WebCore::ContentSecurityPolicy::allowChildContextFromSource):

(WebCore::ContentSecurityPolicy::allowScriptFromSource):

(WebCore::ContentSecurityPolicy::allowImageFromSource):

(WebCore::ContentSecurityPolicy::allowStyleFromSource):

(WebCore::ContentSecurityPolicy::allowFontFromSource):

(WebCore::ContentSecurityPolicy::allowMediaFromSource):

(WebCore::ContentSecurityPolicy::allowConnectToSource):

(WebCore::ContentSecurityPolicy::allowFormAction):

* page/csp/ContentSecurityPolicy.h:

* workers/AbstractWorker.cpp:

(WebCore::AbstractWorker::resolveURL):

* workers/WorkerGlobalScope.cpp:

(WebCore::WorkerGlobalScope::importScripts):

* xml/XMLHttpRequest.cpp:

(WebCore::XMLHttpRequest::initSend):</pre>

<h3>Modified Paths</h3>

<ul>

<li><a href="#trunkSourceWebCoreChangeLog">trunk/Source/WebCore/ChangeLog</a></li>

<li><a href="#trunkSourceWebCoreModulesfetchFetchLoadercpp">trunk/Source/WebCore/Modules/fetch/FetchLoader.cpp</a></li>

<li><a href="#trunkSourceWebCoreModuleswebsocketsWebSocketcpp">trunk/Source/WebCore/Modules/websockets/WebSocket.cpp</a></li>

<li><a href="#trunkSourceWebCorehtmlHTMLMediaElementcpp">trunk/Source/WebCore/html/HTMLMediaElement.cpp</a></li>

<li><a href="#trunkSourceWebCorehtmlHTMLPlugInImageElementcpp">trunk/Source/WebCore/html/HTMLPlugInImageElement.cpp</a></li>

<li><a href="#trunkSourceWebCorehtmlHTMLTrackElementcpp">trunk/Source/WebCore/html/HTMLTrackElement.cpp</a></li>

<li><a href="#trunkSourceWebCoreloaderDocumentThreadableLoadercpp">trunk/Source/WebCore/loader/DocumentThreadableLoader.cpp</a></li>

<li><a href="#trunkSourceWebCoreloaderDocumentThreadableLoaderh">trunk/Source/WebCore/loader/DocumentThreadableLoader.h</a></li>

<li><a href="#trunkSourceWebCoreloaderFrameLoadercpp">trunk/Source/WebCore/loader/FrameLoader.cpp</a></li>

<li><a href="#trunkSourceWebCoreloaderPolicyCheckercpp">trunk/Source/WebCore/loader/PolicyChecker.cpp</a></li>

<li><a href="#trunkSourceWebCoreloaderSubframeLoadercpp">trunk/Source/WebCore/loader/SubframeLoader.cpp</a></li>

<li><a href="#trunkSourceWebCoreloadercacheCachedResourceLoadercpp">trunk/Source/WebCore/loader/cache/CachedResourceLoader.cpp</a></li>

<li><a href="#trunkSourceWebCorepageEventSourcecpp">trunk/Source/WebCore/page/EventSource.cpp</a></li>

<li><a href="#trunkSourceWebCorepagecspContentSecurityPolicycpp">trunk/Source/WebCore/page/csp/ContentSecurityPolicy.cpp</a></li>

<li><a href="#trunkSourceWebCorepagecspContentSecurityPolicyh">trunk/Source/WebCore/page/csp/ContentSecurityPolicy.h</a></li>

<li><a href="#trunkSourceWebCoreworkersAbstractWorkercpp">trunk/Source/WebCore/workers/AbstractWorker.cpp</a></li>

<li><a href="#trunkSourceWebCoreworkersWorkerGlobalScopecpp">trunk/Source/WebCore/workers/WorkerGlobalScope.cpp</a></li>

<li><a href="#trunkSourceWebCorexmlXMLHttpRequestcpp">trunk/Source/WebCore/xml/XMLHttpRequest.cpp</a></li>

</ul>

</div>

<div id="patch">

<h3>Diff</h3>

<a id="trunkSourceWebCoreChangeLog"></a>

<div class="modfile"><h4>Modified: trunk/Source/WebCore/ChangeLog (206253 => 206254)</h4>

<pre class="diff"><span>

<span class="info">--- trunk/Source/WebCore/ChangeLog        2016-09-22 07:57:32 UTC (rev 206253)

+++ trunk/Source/WebCore/ChangeLog        2016-09-22 08:28:37 UTC (rev 206254)

</span><span class="lines">@@ -1,3 +1,65 @@

</span><ins>+2016-09-22  Youenn Fablet  &lt;youenn@apple.com&gt;

+

+        Refactor ContentSecurityPolicy::allow* methods

+        https://bugs.webkit.org/show_bug.cgi?id=162335

+

+        Reviewed by Darin Adler.

+

+        No change of behavior.

+

+        Removing the second parameter of ContentSecurityPolicy::allow* methods.

+        When true, this parameter makes the methods return true.

+        This patch updates the callers of allow* methods to check for the parameter before making the call.

+

+        Made some refactoring to share more code between the various allow* methods.

+

+        * Modules/fetch/FetchLoader.cpp:

+        (WebCore::FetchLoader::start):

+        * Modules/websockets/WebSocket.cpp:

+        (WebCore::WebSocket::connect):

+        * html/HTMLMediaElement.cpp:

+        (WebCore::HTMLMediaElement::isSafeToLoadURL):

+        (WebCore::HTMLMediaElement::outOfBandTrackSources):

+        * html/HTMLPlugInImageElement.cpp:

+        (WebCore::HTMLPlugInImageElement::allowedToLoadPluginContent):

+        * html/HTMLTrackElement.cpp:

+        (WebCore::HTMLTrackElement::canLoadURL):

+        * loader/DocumentThreadableLoader.cpp:

+        (WebCore::DocumentThreadableLoader::DocumentThreadableLoader):

+        (WebCore::DocumentThreadableLoader::redirectReceived):

+        (WebCore::DocumentThreadableLoader::loadRequest):

+        (WebCore::DocumentThreadableLoader::isAllowedByContentSecurityPolicy):

+        * loader/DocumentThreadableLoader.h:

+        * loader/FrameLoader.cpp:

+        (WebCore::FrameLoader::checkIfFormActionAllowedByCSP):

+        * loader/PolicyChecker.cpp:

+        (WebCore::isAllowedByContentSecurityPolicy):

+        * loader/SubframeLoader.cpp:

+        (WebCore::SubframeLoader::createJavaAppletWidget):

+        * loader/cache/CachedResourceLoader.cpp:

+        (WebCore::CachedResourceLoader::allowedByContentSecurityPolicy):

+        * page/EventSource.cpp:

+        (WebCore::EventSource::create):

+        * page/csp/ContentSecurityPolicy.cpp:

+        (WebCore::ContentSecurityPolicy::allowObjectFromSource):

+        (WebCore::ContentSecurityPolicy::allowChildFrameFromSource):

+        (WebCore::ContentSecurityPolicy::allowResourceFromSource):

+        (WebCore::ContentSecurityPolicy::allowChildContextFromSource):

+        (WebCore::ContentSecurityPolicy::allowScriptFromSource):

+        (WebCore::ContentSecurityPolicy::allowImageFromSource):

+        (WebCore::ContentSecurityPolicy::allowStyleFromSource):

+        (WebCore::ContentSecurityPolicy::allowFontFromSource):

+        (WebCore::ContentSecurityPolicy::allowMediaFromSource):

+        (WebCore::ContentSecurityPolicy::allowConnectToSource):

+        (WebCore::ContentSecurityPolicy::allowFormAction):

+        * page/csp/ContentSecurityPolicy.h:

+        * workers/AbstractWorker.cpp:

+        (WebCore::AbstractWorker::resolveURL):

+        * workers/WorkerGlobalScope.cpp:

+        (WebCore::WorkerGlobalScope::importScripts):

+        * xml/XMLHttpRequest.cpp:

+        (WebCore::XMLHttpRequest::initSend):

+

</ins><span class="cx"> 2016-09-19  Sergio Villar Senin  &lt;svillar@igalia.com&gt;

</span><span class="cx"> 

</span><span class="cx">         [css-grid] Remove the x2 computation of row sizes with indefinite heights

</span></span></pre></div>

<a id="trunkSourceWebCoreModulesfetchFetchLoadercpp"></a>

<div class="modfile"><h4>Modified: trunk/Source/WebCore/Modules/fetch/FetchLoader.cpp (206253 => 206254)</h4>

<pre class="diff"><span>

<span class="info">--- trunk/Source/WebCore/Modules/fetch/FetchLoader.cpp        2016-09-22 07:57:32 UTC (rev 206253)

+++ trunk/Source/WebCore/Modules/fetch/FetchLoader.cpp        2016-09-22 08:28:37 UTC (rev 206254)

</span><span class="lines">@@ -85,9 +85,11 @@

</span><span class="cx">     ResourceRequest fetchRequest = request.internalRequest();

</span><span class="cx"> 

</span><span class="cx">     ASSERT(context.contentSecurityPolicy());

</span><del>-    context.contentSecurityPolicy()-&gt;upgradeInsecureRequestIfNeeded(fetchRequest, ContentSecurityPolicy::InsecureRequestType::Load);

</del><ins>+    auto&amp; contentSecurityPolicy = *context.contentSecurityPolicy();

</ins><span class="cx"> 

</span><del>-    if (!context.contentSecurityPolicy()-&gt;allowConnectToSource(fetchRequest.url(), context.shouldBypassMainWorldContentSecurityPolicy())) {

</del><ins>+    contentSecurityPolicy.upgradeInsecureRequestIfNeeded(fetchRequest, ContentSecurityPolicy::InsecureRequestType::Load);

+

+    if (!context.shouldBypassMainWorldContentSecurityPolicy() &amp;&amp; !contentSecurityPolicy.allowConnectToSource(fetchRequest.url())) {

</ins><span class="cx">         m_client.didFail();

</span><span class="cx">         return;

</span><span class="cx">     }

</span></span></pre></div>

<a id="trunkSourceWebCoreModuleswebsocketsWebSocketcpp"></a>

<div class="modfile"><h4>Modified: trunk/Source/WebCore/Modules/websockets/WebSocket.cpp (206253 => 206254)</h4>

<pre class="diff"><span>

<span class="info">--- trunk/Source/WebCore/Modules/websockets/WebSocket.cpp        2016-09-22 07:57:32 UTC (rev 206253)

+++ trunk/Source/WebCore/Modules/websockets/WebSocket.cpp        2016-09-22 08:28:37 UTC (rev 206254)

</span><span class="lines">@@ -217,8 +217,11 @@

</span><span class="cx">     LOG(Network, &quot;WebSocket %p connect() url='%s'&quot;, this, url.utf8().data());

</span><span class="cx">     m_url = URL(URL(), url);

</span><span class="cx"> 

</span><ins>+    ASSERT(scriptExecutionContext());

+    auto&amp; context = *scriptExecutionContext();

+

</ins><span class="cx">     if (!m_url.isValid()) {

</span><del>-        scriptExecutionContext()-&gt;addConsoleMessage(MessageSource::JS, MessageLevel::Error, &quot;Invalid url for WebSocket &quot; + m_url.stringCenterEllipsizedToLength());

</del><ins>+        context.addConsoleMessage(MessageSource::JS, MessageLevel::Error, &quot;Invalid url for WebSocket &quot; + m_url.stringCenterEllipsizedToLength());

</ins><span class="cx">         m_state = CLOSED;

</span><span class="cx">         ec = SYNTAX_ERR;

</span><span class="cx">         return;

</span><span class="lines">@@ -225,22 +228,25 @@

</span><span class="cx">     }

</span><span class="cx"> 

</span><span class="cx">     if (!m_url.protocolIs(&quot;ws&quot;) &amp;&amp; !m_url.protocolIs(&quot;wss&quot;)) {

</span><del>-        scriptExecutionContext()-&gt;addConsoleMessage(MessageSource::JS, MessageLevel::Error, &quot;Wrong url scheme for WebSocket &quot; + m_url.stringCenterEllipsizedToLength());

</del><ins>+        context.addConsoleMessage(MessageSource::JS, MessageLevel::Error, &quot;Wrong url scheme for WebSocket &quot; + m_url.stringCenterEllipsizedToLength());

</ins><span class="cx">         m_state = CLOSED;

</span><span class="cx">         ec = SYNTAX_ERR;

</span><span class="cx">         return;

</span><span class="cx">     }

</span><span class="cx">     if (m_url.hasFragmentIdentifier()) {

</span><del>-        scriptExecutionContext()-&gt;addConsoleMessage(MessageSource::JS, MessageLevel::Error, &quot;URL has fragment component &quot; + m_url.stringCenterEllipsizedToLength());

</del><ins>+        context.addConsoleMessage(MessageSource::JS, MessageLevel::Error, &quot;URL has fragment component &quot; + m_url.stringCenterEllipsizedToLength());

</ins><span class="cx">         m_state = CLOSED;

</span><span class="cx">         ec = SYNTAX_ERR;

</span><span class="cx">         return;

</span><span class="cx">     }

</span><span class="cx"> 

</span><del>-    scriptExecutionContext()-&gt;contentSecurityPolicy()-&gt;upgradeInsecureRequestIfNeeded(m_url, ContentSecurityPolicy::InsecureRequestType::Load);

-    

</del><ins>+    ASSERT(context.contentSecurityPolicy());

+    auto&amp; contentSecurityPolicy = *context.contentSecurityPolicy();

+

+    contentSecurityPolicy.upgradeInsecureRequestIfNeeded(m_url, ContentSecurityPolicy::InsecureRequestType::Load);

+

</ins><span class="cx">     if (!portAllowed(m_url)) {

</span><del>-        scriptExecutionContext()-&gt;addConsoleMessage(MessageSource::JS, MessageLevel::Error, &quot;WebSocket port &quot; + String::number(m_url.port()) + &quot; blocked&quot;);

</del><ins>+        context.addConsoleMessage(MessageSource::JS, MessageLevel::Error, &quot;WebSocket port &quot; + String::number(m_url.port()) + &quot; blocked&quot;);

</ins><span class="cx">         m_state = CLOSED;

</span><span class="cx">         ec = SECURITY_ERR;

</span><span class="cx">         return;

</span><span class="lines">@@ -247,7 +253,7 @@

</span><span class="cx">     }

</span><span class="cx"> 

<span class="cx">     // FIXME: Convert this to check the isolated world's Content Security Policy once webkit.org/b/104520 is solved.

</span><del>-    if (!scriptExecutionContext()-&gt;contentSecurityPolicy()-&gt;allowConnectToSource(m_url, scriptExecutionContext()-&gt;shouldBypassMainWorldContentSecurityPolicy())) {

</del><ins>+    if (!context.shouldBypassMainWorldContentSecurityPolicy() &amp;&amp; !contentSecurityPolicy.allowConnectToSource(m_url)) {

</ins><span class="cx">         m_state = CLOSED;

</span><span class="cx"> 

<span class="cx">         // FIXME: Should this be throwing an exception?

</span><span class="lines">@@ -255,7 +261,7 @@

</span><span class="cx">         return;

</span><span class="cx">     }

</span><span class="cx"> 

</span><del>-    if (auto* provider = scriptExecutionContext()-&gt;socketProvider())

</del><ins>+    if (auto* provider = context.socketProvider())

</ins><span class="cx">         m_channel = ThreadableWebSocketChannel::create(*scriptExecutionContext(), *this, *provider);

</span><span class="cx"> 

<span class="cx">     // Every ScriptExecutionContext should have a SocketProvider.

</span><span class="lines">@@ -270,7 +276,7 @@

<span class="cx">     // comply with WebSocket API specification, but it seems to be the only reasonable way to handle this conflict.

</span><span class="cx">     for (auto&amp; protocol : protocols) {

</span><span class="cx">         if (!isValidProtocolString(protocol)) {

</span><del>-            scriptExecutionContext()-&gt;addConsoleMessage(MessageSource::JS, MessageLevel::Error, &quot;Wrong protocol for WebSocket '&quot; + encodeProtocolString(protocol) + &quot;'&quot;);

</del><ins>+            context.addConsoleMessage(MessageSource::JS, MessageLevel::Error, &quot;Wrong protocol for WebSocket '&quot; + encodeProtocolString(protocol) + &quot;'&quot;);

</ins><span class="cx">             m_state = CLOSED;

</span><span class="cx">             ec = SYNTAX_ERR;

</span><span class="cx">             return;

</span><span class="lines">@@ -279,7 +285,7 @@

</span><span class="cx">     HashSet&lt;String&gt; visited;

</span><span class="cx">     for (auto&amp; protocol : protocols) {

</span><span class="cx">         if (!visited.add(protocol).isNewEntry) {

</span><del>-            scriptExecutionContext()-&gt;addConsoleMessage(MessageSource::JS, MessageLevel::Error, &quot;WebSocket protocols contain duplicates: '&quot; + encodeProtocolString(protocol) + &quot;'&quot;);

</del><ins>+            context.addConsoleMessage(MessageSource::JS, MessageLevel::Error, &quot;WebSocket protocols contain duplicates: '&quot; + encodeProtocolString(protocol) + &quot;'&quot;);

</ins><span class="cx">             m_state = CLOSED;

</span><span class="cx">             ec = SYNTAX_ERR;

</span><span class="cx">             return;

</span><span class="lines">@@ -286,8 +292,8 @@

</span><span class="cx">         }

</span><span class="cx">     }

</span><span class="cx"> 

</span><del>-    if (is&lt;Document&gt;(*scriptExecutionContext())) {

-        Document&amp; document = downcast&lt;Document&gt;(*scriptExecutionContext());

</del><ins>+    if (is&lt;Document&gt;(context)) {

+        Document&amp; document = downcast&lt;Document&gt;(context);

</ins><span class="cx">         if (!document.frame()-&gt;loader().mixedContentChecker().canRunInsecureContent(document.securityOrigin(), m_url)) {

<span class="cx">             // Balanced by the call to ActiveDOMObject::unsetPendingActivity() in WebSocket::stop().

</span><span class="cx">             ActiveDOMObject::setPendingActivity(this);

</span></span></pre></div>

<a id="trunkSourceWebCorehtmlHTMLMediaElementcpp"></a>

<div class="modfile"><h4>Modified: trunk/Source/WebCore/html/HTMLMediaElement.cpp (206253 => 206254)</h4>

<pre class="diff"><span>

<span class="info">--- trunk/Source/WebCore/html/HTMLMediaElement.cpp        2016-09-22 07:57:32 UTC (rev 206253)

+++ trunk/Source/WebCore/html/HTMLMediaElement.cpp        2016-09-22 08:28:37 UTC (rev 206254)

</span><span class="lines">@@ -1989,6 +1989,16 @@

</span><span class="cx"> 

</span><span class="cx"> #endif

</span><span class="cx"> 

</span><ins>+static inline bool isAllowedToLoadMediaURL(HTMLMediaElement&amp; element, const URL&amp; url, bool isInUserAgentShadowTree)

+{

+    // Elements in user agent show tree should load whatever the embedding document policy is.

+    if (isInUserAgentShadowTree)

+        return true;

+

+    ASSERT(element.document().contentSecurityPolicy());

+    return element.document().contentSecurityPolicy()-&gt;allowMediaFromSource(url);

+}

+

</ins><span class="cx"> bool HTMLMediaElement::isSafeToLoadURL(const URL&amp; url, InvalidURLAction actionIfInvalid)

</span><span class="cx"> {

</span><span class="cx">     if (!url.isValid()) {

</span><span class="lines">@@ -2004,7 +2014,7 @@

</span><span class="cx">         return false;

</span><span class="cx">     }

</span><span class="cx"> 

</span><del>-    if (!document().contentSecurityPolicy()-&gt;allowMediaFromSource(url, isInUserAgentShadowTree())) {

</del><ins>+    if (!isAllowedToLoadMediaURL(*this, url, isInUserAgentShadowTree())) {

</ins><span class="cx">         LOG(Media, &quot;HTMLMediaElement::isSafeToLoadURL(%p) - %s -&gt; rejected by Content Security Policy&quot;, this, urlForLoggingMedia(url).utf8().data());

</span><span class="cx">         return false;

</span><span class="cx">     }

</span><span class="lines">@@ -6364,8 +6374,8 @@

</span><span class="cx">         URL url = trackElement.getNonEmptyURLAttribute(srcAttr);

</span><span class="cx">         if (url.isEmpty())

</span><span class="cx">             continue;

</span><del>-        

-        if (!document().contentSecurityPolicy()-&gt;allowMediaFromSource(url, trackElement.isInUserAgentShadowTree()))

</del><ins>+

+        if (!isAllowedToLoadMediaURL(*this, url, trackElement.isInUserAgentShadowTree()))

</ins><span class="cx">             continue;

</span><span class="cx"> 

</span><span class="cx">         auto&amp; track = *trackElement.track();

</span></span></pre></div>

<a id="trunkSourceWebCorehtmlHTMLPlugInImageElementcpp"></a>

<div class="modfile"><h4>Modified: trunk/Source/WebCore/html/HTMLPlugInImageElement.cpp (206253 => 206254)</h4>

<pre class="diff"><span>

<span class="info">--- trunk/Source/WebCore/html/HTMLPlugInImageElement.cpp        2016-09-22 07:57:32 UTC (rev 206253)

+++ trunk/Source/WebCore/html/HTMLPlugInImageElement.cpp        2016-09-22 08:28:37 UTC (rev 206254)

</span><span class="lines">@@ -775,6 +775,10 @@

</span><span class="cx"> 

</span><span class="cx"> bool HTMLPlugInImageElement::allowedToLoadPluginContent(const String&amp; url, const String&amp; mimeType) const

</span><span class="cx"> {

<ins>+    // Elements in user agent show tree should load whatever the embedding document policy is.

+    if (isInUserAgentShadowTree())

+        return true;

+

</ins><span class="cx">     URL completedURL;

</span><span class="cx">     if (!url.isEmpty())

</span><span class="cx">         completedURL = document().completeURL(url);

</span><span class="lines">@@ -784,10 +788,12 @@

</span><span class="cx"> 

</span><span class="cx">     contentSecurityPolicy.upgradeInsecureRequestIfNeeded(completedURL, ContentSecurityPolicy::InsecureRequestType::Load);

</span><span class="cx"> 

<del>-    String declaredMimeType = document().isPluginDocument() &amp;&amp; document().ownerElement() ?

</del><ins>+    if (!contentSecurityPolicy.allowObjectFromSource(completedURL))

+        return false;

+

+    auto&amp; declaredMimeType = document().isPluginDocument() &amp;&amp; document().ownerElement() ?

</ins><span class="cx">         document().ownerElement()-&gt;attributeWithoutSynchronization(HTMLNames::typeAttr) : attributeWithoutSynchronization(HTMLNames::typeAttr);

</span><del>-    bool isInUserAgentShadowTree = this-&gt;isInUserAgentShadowTree();

-    return contentSecurityPolicy.allowObjectFromSource(completedURL, isInUserAgentShadowTree) &amp;&amp; contentSecurityPolicy.allowPluginType(mimeType, declaredMimeType, completedURL, isInUserAgentShadowTree);

</del><ins>+    return contentSecurityPolicy.allowPluginType(mimeType, declaredMimeType, completedURL);

</ins><span class="cx"> }

</span><span class="cx"> 

</span><span class="cx"> bool HTMLPlugInImageElement::requestObject(const String&amp; url, const String&amp; mimeType, const Vector&lt;String&gt;&amp; paramNames, const Vector&lt;String&gt;&amp; paramValues)

</span></span></pre></div>

<a id="trunkSourceWebCorehtmlHTMLTrackElementcpp"></a>

<div class="modfile"><h4>Modified: trunk/Source/WebCore/html/HTMLTrackElement.cpp (206253 => 206254)</h4>

<pre class="diff"><span>

<span class="info">--- trunk/Source/WebCore/html/HTMLTrackElement.cpp        2016-09-22 07:57:32 UTC (rev 206253)

+++ trunk/Source/WebCore/html/HTMLTrackElement.cpp        2016-09-22 08:28:37 UTC (rev 206254)

</span><span class="lines">@@ -216,11 +216,13 @@

</span><span class="cx">     if (url.isEmpty())

</span><span class="cx">         return false;

</span><span class="cx"> 

</span><del>-    if (!document().contentSecurityPolicy()-&gt;allowMediaFromSource(url, isInUserAgentShadowTree())) {

</del><ins>+    ASSERT(document().contentSecurityPolicy());

+    // Elements in user agent show tree should load whatever the embedding document policy is.

+    if (!isInUserAgentShadowTree() &amp;&amp; !document().contentSecurityPolicy()-&gt;allowMediaFromSource(url)) {

</ins><span class="cx">         LOG(Media, &quot;HTMLTrackElement::canLoadURL(%s) -&gt; rejected by Content Security Policy&quot;, urlForLoggingTrack(url).utf8().data());

</span><span class="cx">         return false;

</span><span class="cx">     }

</span><del>-    

</del><ins>+

</ins><span class="cx">     return dispatchBeforeLoadEvent(url.string());

</span><span class="cx"> }

</span><span class="cx"> 

</span></span></pre></div>

<a id="trunkSourceWebCoreloaderDocumentThreadableLoadercpp"></a>

<div class="modfile"><h4>Modified: trunk/Source/WebCore/loader/DocumentThreadableLoader.cpp (206253 => 206254)</h4>

<pre class="diff"><span>

<span class="info">--- trunk/Source/WebCore/loader/DocumentThreadableLoader.cpp        2016-09-22 07:57:32 UTC (rev 206253)

+++ trunk/Source/WebCore/loader/DocumentThreadableLoader.cpp        2016-09-22 08:28:37 UTC (rev 206254)

</span><span class="lines">@@ -35,7 +35,6 @@

</span><span class="cx"> #include &quot;CachedResourceLoader.h&quot;

</span><span class="cx"> #include &quot;CachedResourceRequest.h&quot;

</span><span class="cx"> #include &quot;CachedResourceRequestInitiators.h&quot;

</span><del>-#include &quot;ContentSecurityPolicy.h&quot;

</del><span class="cx"> #include &quot;CrossOriginAccessControl.h&quot;

</span><span class="cx"> #include &quot;CrossOriginPreflightChecker.h&quot;

</span><span class="cx"> #include &quot;CrossOriginPreflightResultCache.h&quot;

</span><span class="lines">@@ -98,7 +97,7 @@

<span class="cx">     // Referrer and Origin headers should be set after the preflight if any.

</span><span class="cx">     ASSERT(!request.hasHTTPReferrer() &amp;&amp; !request.hasHTTPOrigin());

</span><span class="cx"> 

</span><del>-    ASSERT_WITH_SECURITY_IMPLICATION(isAllowedByContentSecurityPolicy(request.url()));

</del><ins>+    ASSERT_WITH_SECURITY_IMPLICATION(isAllowedByContentSecurityPolicy(request.url(), ContentSecurityPolicy::RedirectResponseReceived::No));

</ins><span class="cx"> 

</span><span class="cx">     m_options.allowCredentials = (m_options.credentials == FetchOptions::Credentials::Include || (m_options.credentials == FetchOptions::Credentials::SameOrigin &amp;&amp; m_sameOriginRequest)) ? AllowStoredCredentials : DoNotAllowStoredCredentials;

</span><span class="cx"> 

</span><span class="lines">@@ -223,7 +222,7 @@

</span><span class="cx">     ASSERT_UNUSED(resource, resource == m_resource);

</span><span class="cx"> 

</span><span class="cx">     Ref&lt;DocumentThreadableLoader&gt; protectedThis(*this);

</span><del>-    if (!isAllowedByContentSecurityPolicy(request.url(), !redirectResponse.isNull())) {

</del><ins>+    if (!isAllowedByContentSecurityPolicy(request.url(), redirectResponse.isNull() ? ContentSecurityPolicy::RedirectResponseReceived::No : ContentSecurityPolicy::RedirectResponseReceived::Yes)) {

</ins><span class="cx">         reportContentSecurityPolicyError(*m_client, redirectResponse.url());

</span><span class="cx">         clearResource();

</span><span class="cx">         return;

</span><span class="lines">@@ -417,7 +416,7 @@

<span class="cx">     // requested. Also comparing the request and response URLs as strings will fail if the requestURL still has its credentials.

</span><span class="cx">     bool didRedirect = requestURL != response.url();

</span><span class="cx">     if (didRedirect) {

</span><del>-        if (!isAllowedByContentSecurityPolicy(response.url(), didRedirect)) {

</del><ins>+        if (!isAllowedByContentSecurityPolicy(response.url(), ContentSecurityPolicy::RedirectResponseReceived::Yes)) {

</ins><span class="cx">             reportContentSecurityPolicyError(*m_client, requestURL);

</span><span class="cx">             return;

</span><span class="cx">         }

</span><span class="lines">@@ -448,20 +447,17 @@

</span><span class="cx">     didFinishLoading(identifier, 0.0);

</span><span class="cx"> }

</span><span class="cx"> 

</span><del>-bool DocumentThreadableLoader::isAllowedByContentSecurityPolicy(const URL&amp; url, bool didRedirect)

</del><ins>+bool DocumentThreadableLoader::isAllowedByContentSecurityPolicy(const URL&amp; url, ContentSecurityPolicy::RedirectResponseReceived redirectResponseReceived)

</ins><span class="cx"> {

</span><del>-    bool overrideContentSecurityPolicy = false;

-    ContentSecurityPolicy::RedirectResponseReceived redirectResponseReceived = didRedirect ? ContentSecurityPolicy::RedirectResponseReceived::Yes : ContentSecurityPolicy::RedirectResponseReceived::No;

-

</del><span class="cx">     switch (m_options.contentSecurityPolicyEnforcement) {

</span><span class="cx">     case ContentSecurityPolicyEnforcement::DoNotEnforce:

</span><span class="cx">         return true;

</span><span class="cx">     case ContentSecurityPolicyEnforcement::EnforceChildSrcDirective:

</span><del>-        return contentSecurityPolicy().allowChildContextFromSource(url, overrideContentSecurityPolicy, redirectResponseReceived);

</del><ins>+        return contentSecurityPolicy().allowChildContextFromSource(url, redirectResponseReceived);

</ins><span class="cx">     case ContentSecurityPolicyEnforcement::EnforceConnectSrcDirective:

</span><del>-        return contentSecurityPolicy().allowConnectToSource(url, overrideContentSecurityPolicy, redirectResponseReceived);

</del><ins>+        return contentSecurityPolicy().allowConnectToSource(url, redirectResponseReceived);

</ins><span class="cx">     case ContentSecurityPolicyEnforcement::EnforceScriptSrcDirective:

</span><del>-        return contentSecurityPolicy().allowScriptFromSource(url, overrideContentSecurityPolicy, redirectResponseReceived);

</del><ins>+        return contentSecurityPolicy().allowScriptFromSource(url, redirectResponseReceived);

</ins><span class="cx">     }

</span><span class="cx">     ASSERT_NOT_REACHED();

</span><span class="cx">     return false;

</span></span></pre></div>

<a id="trunkSourceWebCoreloaderDocumentThreadableLoaderh"></a>

<div class="modfile"><h4>Modified: trunk/Source/WebCore/loader/DocumentThreadableLoader.h (206253 => 206254)</h4>

<pre class="diff"><span>

<span class="info">--- trunk/Source/WebCore/loader/DocumentThreadableLoader.h        2016-09-22 07:57:32 UTC (rev 206253)

+++ trunk/Source/WebCore/loader/DocumentThreadableLoader.h        2016-09-22 08:28:37 UTC (rev 206254)

</span><span class="lines">@@ -31,6 +31,7 @@

</span><span class="cx"> 

</span><span class="cx"> #pragma once

</span><span class="cx"> 

</span><ins>+#include &quot;ContentSecurityPolicy.h&quot;

</ins><span class="cx"> #include &quot;CrossOriginPreflightChecker.h&quot;

</span><span class="cx"> #include &quot;ResourceResponse.h&quot;

</span><span class="cx"> #include &quot;SecurityOrigin.h&quot;

</span><span class="lines">@@ -94,7 +95,7 @@

</span><span class="cx"> 

</span><span class="cx">         void loadRequest(ResourceRequest&amp;&amp;, SecurityCheckPolicy);

</span><span class="cx">         bool isAllowedRedirect(const URL&amp;);

</span><del>-        bool isAllowedByContentSecurityPolicy(const URL&amp;, bool didRedirect = false);

</del><ins>+        bool isAllowedByContentSecurityPolicy(const URL&amp;, ContentSecurityPolicy::RedirectResponseReceived);

</ins><span class="cx"> 

</span><span class="cx">         bool isXMLHttpRequest() const final;

</span><span class="cx"> 

</span></span></pre></div>

<a id="trunkSourceWebCoreloaderFrameLoadercpp"></a>

<div class="modfile"><h4>Modified: trunk/Source/WebCore/loader/FrameLoader.cpp (206253 => 206254)</h4>

<pre class="diff"><span>

<span class="info">--- trunk/Source/WebCore/loader/FrameLoader.cpp        2016-09-22 07:57:32 UTC (rev 206253)

+++ trunk/Source/WebCore/loader/FrameLoader.cpp        2016-09-22 08:28:37 UTC (rev 206254)

</span><span class="lines">@@ -942,7 +942,7 @@

</span><span class="cx">         return true;

</span><span class="cx"> 

</span><span class="cx">     auto redirectResponseReceived = didReceiveRedirectResponse ? ContentSecurityPolicy::RedirectResponseReceived::Yes : ContentSecurityPolicy::RedirectResponseReceived::No;

</span><del>-    return m_frame.document()-&gt;contentSecurityPolicy()-&gt;allowFormAction(url, false /* overrideContentSecurityPolicy */, redirectResponseReceived);

</del><ins>+    return m_frame.document()-&gt;contentSecurityPolicy()-&gt;allowFormAction(url, redirectResponseReceived);

</ins><span class="cx"> }

</span><span class="cx"> 

</span><span class="cx"> Frame* FrameLoader::opener()

</span></span></pre></div>

<a id="trunkSourceWebCoreloaderPolicyCheckercpp"></a>

<div class="modfile"><h4>Modified: trunk/Source/WebCore/loader/PolicyChecker.cpp (206253 => 206254)</h4>

<pre class="diff"><span>

<span class="info">--- trunk/Source/WebCore/loader/PolicyChecker.cpp        2016-09-22 07:57:32 UTC (rev 206253)

+++ trunk/Source/WebCore/loader/PolicyChecker.cpp        2016-09-22 08:28:37 UTC (rev 206254)

</span><span class="lines">@@ -55,10 +55,16 @@

</span><span class="cx"> {

</span><span class="cx">     if (!ownerElement)

</span><span class="cx">         return true;

<ins>+    // Elements in user agent show tree should load whatever the embedding document policy is.

+    if (ownerElement-&gt;isInUserAgentShadowTree())

+        return true;

+

</ins><span class="cx">     auto redirectResponseReceived = didReceiveRedirectResponse ? ContentSecurityPolicy::RedirectResponseReceived::Yes : ContentSecurityPolicy::RedirectResponseReceived::No;

</span><ins>+

+    ASSERT(ownerElement-&gt;document().contentSecurityPolicy());

</ins><span class="cx">     if (is&lt;HTMLPlugInElement&gt;(ownerElement))

</span><del>-        return ownerElement-&gt;document().contentSecurityPolicy()-&gt;allowObjectFromSource(url, ownerElement-&gt;isInUserAgentShadowTree(), redirectResponseReceived);

-    return ownerElement-&gt;document().contentSecurityPolicy()-&gt;allowChildFrameFromSource(url, ownerElement-&gt;isInUserAgentShadowTree(), redirectResponseReceived);

</del><ins>+        return ownerElement-&gt;document().contentSecurityPolicy()-&gt;allowObjectFromSource(url, redirectResponseReceived);

+    return ownerElement-&gt;document().contentSecurityPolicy()-&gt;allowChildFrameFromSource(url, redirectResponseReceived);

</ins><span class="cx"> }

</span><span class="cx"> 

</span><span class="cx"> PolicyChecker::PolicyChecker(Frame&amp; frame)

</span></span></pre></div>

<a id="trunkSourceWebCoreloaderSubframeLoadercpp"></a>

<div class="modfile"><h4>Modified: trunk/Source/WebCore/loader/SubframeLoader.cpp (206253 => 206254)</h4>

<pre class="diff"><span>

<span class="info">--- trunk/Source/WebCore/loader/SubframeLoader.cpp        2016-09-22 07:57:32 UTC (rev 206253)

+++ trunk/Source/WebCore/loader/SubframeLoader.cpp        2016-09-22 08:28:37 UTC (rev 206254)

</span><span class="lines">@@ -248,9 +248,11 @@

</span><span class="cx">         }

</span><span class="cx"> 

</span><span class="cx">         const char javaAppletMimeType[] = &quot;application/x-java-applet&quot;;

</span><del>-        bool isInUserAgentShadowTree = element.isInUserAgentShadowTree();

-        if (!element.document().contentSecurityPolicy()-&gt;allowObjectFromSource(codeBaseURL, isInUserAgentShadowTree)

-            || !element.document().contentSecurityPolicy()-&gt;allowPluginType(javaAppletMimeType, javaAppletMimeType, codeBaseURL, isInUserAgentShadowTree))

</del><ins>+        ASSERT(element.document().contentSecurityPolicy());

+        auto&amp; contentSecurityPolicy = *element.document().contentSecurityPolicy();

+        // Elements in user agent show tree should load whatever the embedding document policy is.

+        if (!element.isInUserAgentShadowTree()

+            &amp;&amp; (!contentSecurityPolicy.allowObjectFromSource(codeBaseURL) || !contentSecurityPolicy.allowPluginType(javaAppletMimeType, javaAppletMimeType, codeBaseURL)))

</ins><span class="cx">             return nullptr;

</span><span class="cx">     }

</span><span class="cx"> 

</span></span></pre></div>

<a id="trunkSourceWebCoreloadercacheCachedResourceLoadercpp"></a>

<div class="modfile"><h4>Modified: trunk/Source/WebCore/loader/cache/CachedResourceLoader.cpp (206253 => 206254)</h4>

<pre class="diff"><span>

<span class="info">--- trunk/Source/WebCore/loader/cache/CachedResourceLoader.cpp        2016-09-22 07:57:32 UTC (rev 206253)

+++ trunk/Source/WebCore/loader/cache/CachedResourceLoader.cpp        2016-09-22 08:28:37 UTC (rev 206254)

</span><span class="lines">@@ -399,16 +399,16 @@

</span><span class="cx">     case CachedResource::XSLStyleSheet:

</span><span class="cx"> #endif

</span><span class="cx">     case CachedResource::Script:

</span><del>-        if (!m_document-&gt;contentSecurityPolicy()-&gt;allowScriptFromSource(url, false, redirectResponseReceived))

</del><ins>+        if (!m_document-&gt;contentSecurityPolicy()-&gt;allowScriptFromSource(url, redirectResponseReceived))

</ins><span class="cx">             return false;

</span><span class="cx">         break;

</span><span class="cx">     case CachedResource::CSSStyleSheet:

</span><del>-        if (!m_document-&gt;contentSecurityPolicy()-&gt;allowStyleFromSource(url, false, redirectResponseReceived))

</del><ins>+        if (!m_document-&gt;contentSecurityPolicy()-&gt;allowStyleFromSource(url, redirectResponseReceived))

</ins><span class="cx">             return false;

</span><span class="cx">         break;

</span><span class="cx">     case CachedResource::SVGDocumentResource:

</span><span class="cx">     case CachedResource::ImageResource:

</span><del>-        if (!m_document-&gt;contentSecurityPolicy()-&gt;allowImageFromSource(url, false, redirectResponseReceived))

</del><ins>+        if (!m_document-&gt;contentSecurityPolicy()-&gt;allowImageFromSource(url, redirectResponseReceived))

</ins><span class="cx">             return false;

</span><span class="cx">         break;

</span><span class="cx"> #if ENABLE(SVG_FONTS)

</span><span class="lines">@@ -415,7 +415,7 @@

</span><span class="cx">     case CachedResource::SVGFontResource:

</span><span class="cx"> #endif

</span><span class="cx">     case CachedResource::FontResource:

</span><del>-        if (!m_document-&gt;contentSecurityPolicy()-&gt;allowFontFromSource(url, false, redirectResponseReceived))

</del><ins>+        if (!m_document-&gt;contentSecurityPolicy()-&gt;allowFontFromSource(url, redirectResponseReceived))

</ins><span class="cx">             return false;

</span><span class="cx">         break;

</span><span class="cx">     case CachedResource::MediaResource:

</span><span class="lines">@@ -422,7 +422,7 @@

</span><span class="cx"> #if ENABLE(VIDEO_TRACK)

</span><span class="cx">     case CachedResource::TextTrackResource:

</span><span class="cx"> #endif

</span><del>-        if (!m_document-&gt;contentSecurityPolicy()-&gt;allowMediaFromSource(url, false, redirectResponseReceived))

</del><ins>+        if (!m_document-&gt;contentSecurityPolicy()-&gt;allowMediaFromSource(url, redirectResponseReceived))

</ins><span class="cx">             return false;

</span><span class="cx">         break;

</span><span class="cx">     case CachedResource::RawResource:

</span></span></pre></div>

<a id="trunkSourceWebCorepageEventSourcecpp"></a>

<div class="modfile"><h4>Modified: trunk/Source/WebCore/page/EventSource.cpp (206253 => 206254)</h4>

<pre class="diff"><span>

<span class="info">--- trunk/Source/WebCore/page/EventSource.cpp        2016-09-22 07:57:32 UTC (rev 206253)

+++ trunk/Source/WebCore/page/EventSource.cpp        2016-09-22 08:28:37 UTC (rev 206254)

</span><span class="lines">@@ -72,7 +72,7 @@

</span><span class="cx">     }

</span><span class="cx"> 

<span class="cx">     // FIXME: Convert this to check the isolated world's Content Security Policy once webkit.org/b/104520 is solved.

</span><del>-    if (!context.contentSecurityPolicy()-&gt;allowConnectToSource(fullURL, context.shouldBypassMainWorldContentSecurityPolicy())) {

</del><ins>+    if (!context.shouldBypassMainWorldContentSecurityPolicy() &amp;&amp; !context.contentSecurityPolicy()-&gt;allowConnectToSource(fullURL)) {

</ins><span class="cx">         // FIXME: Should this be throwing an exception?

</span><span class="cx">         ec = SECURITY_ERR;

</span><span class="cx">         return nullptr;

</span></span></pre></div>

<a id="trunkSourceWebCorepagecspContentSecurityPolicycpp"></a>

<div class="modfile"><h4>Modified: trunk/Source/WebCore/page/csp/ContentSecurityPolicy.cpp (206253 => 206254)</h4>

<pre class="diff"><span>

<span class="info">--- trunk/Source/WebCore/page/csp/ContentSecurityPolicy.cpp        2016-09-22 07:57:32 UTC (rev 206253)

+++ trunk/Source/WebCore/page/csp/ContentSecurityPolicy.cpp        2016-09-22 08:28:37 UTC (rev 206254)

</span><span class="lines">@@ -451,27 +451,10 @@

</span><span class="cx">     return allPoliciesAllow(WTFMove(handleViolatedDirective), &amp;ContentSecurityPolicyDirectiveList::violatedDirectiveForPluginType, type, typeAttribute);

</span><span class="cx"> }

</span><span class="cx"> 

</span><del>-bool ContentSecurityPolicy::allowScriptFromSource(const URL&amp; url, bool overrideContentSecurityPolicy, RedirectResponseReceived redirectResponseReceived) const

</del><ins>+bool ContentSecurityPolicy::allowObjectFromSource(const URL&amp; url, RedirectResponseReceived redirectResponseReceived) const

</ins><span class="cx"> {

</span><del>-    if (overrideContentSecurityPolicy)

-        return true;

</del><span class="cx">     if (SchemeRegistry::schemeShouldBypassContentSecurityPolicy(url.protocol()))

</span><span class="cx">         return true;

</span><del>-    String sourceURL;

-    TextPosition sourcePosition(WTF::OrdinalNumber::beforeFirst(), WTF::OrdinalNumber());

-    auto handleViolatedDirective = [&amp;] (const ContentSecurityPolicyDirective&amp; violatedDirective) {

-        String consoleMessage = consoleMessageForViolation(ContentSecurityPolicyDirectiveNames::scriptSrc, violatedDirective, url, &quot;Refused to load&quot;);

-        reportViolation(ContentSecurityPolicyDirectiveNames::scriptSrc, violatedDirective, url, consoleMessage, sourceURL, sourcePosition);

-    };

-    return allPoliciesAllow(WTFMove(handleViolatedDirective), &amp;ContentSecurityPolicyDirectiveList::violatedDirectiveForScript, url, redirectResponseReceived == RedirectResponseReceived::Yes);

-}

-

-bool ContentSecurityPolicy::allowObjectFromSource(const URL&amp; url, bool overrideContentSecurityPolicy, RedirectResponseReceived redirectResponseReceived) const

-{

-    if (overrideContentSecurityPolicy)

-        return true;

-    if (SchemeRegistry::schemeShouldBypassContentSecurityPolicy(url.protocol()))

-        return true;

</del><span class="cx">     // As per section object-src of the Content Security Policy Level 3 spec., &lt;http://w3c.github.io/webappsec-csp&gt; (Editor's Draft, 29 February 2016),

</span><span class="cx">     // &quot;If plugin content is loaded without an associated URL (perhaps an object element lacks a data attribute, but loads some default plugin based

<span class="cx">     // on the specified type), it MUST be blocked if object-src's value is 'none', but will otherwise be allowed&quot;.

</span><span class="lines">@@ -484,10 +467,8 @@

</span><span class="cx">     return allPoliciesAllow(WTFMove(handleViolatedDirective), &amp;ContentSecurityPolicyDirectiveList::violatedDirectiveForObjectSource, url, redirectResponseReceived == RedirectResponseReceived::Yes, ContentSecurityPolicySourceListDirective::ShouldAllowEmptyURLIfSourceListIsNotNone::Yes);

</span><span class="cx"> }

</span><span class="cx"> 

</span><del>-bool ContentSecurityPolicy::allowChildFrameFromSource(const URL&amp; url, bool overrideContentSecurityPolicy, RedirectResponseReceived redirectResponseReceived) const

</del><ins>+bool ContentSecurityPolicy::allowChildFrameFromSource(const URL&amp; url, RedirectResponseReceived redirectResponseReceived) const

</ins><span class="cx"> {

</span><del>-    if (overrideContentSecurityPolicy)

-        return true;

</del><span class="cx">     if (SchemeRegistry::schemeShouldBypassContentSecurityPolicy(url.protocol()))

</span><span class="cx">         return true;

</span><span class="cx">     String sourceURL;

</span><span class="lines">@@ -500,85 +481,51 @@

</span><span class="cx">     return allPoliciesAllow(WTFMove(handleViolatedDirective), &amp;ContentSecurityPolicyDirectiveList::violatedDirectiveForFrame, url, redirectResponseReceived == RedirectResponseReceived::Yes);

</span><span class="cx"> }

</span><span class="cx"> 

</span><del>-bool ContentSecurityPolicy::allowChildContextFromSource(const URL&amp; url, bool overrideContentSecurityPolicy, RedirectResponseReceived redirectResponseReceived) const

</del><ins>+bool ContentSecurityPolicy::allowResourceFromSource(const URL&amp; url, RedirectResponseReceived redirectResponseReceived, const char* name, ResourcePredicate resourcePredicate) const

</ins><span class="cx"> {

</span><del>-    if (overrideContentSecurityPolicy)

-        return true;

</del><span class="cx">     if (SchemeRegistry::schemeShouldBypassContentSecurityPolicy(url.protocol()))

</span><span class="cx">         return true;

</span><span class="cx">     String sourceURL;

</span><span class="cx">     TextPosition sourcePosition(WTF::OrdinalNumber::beforeFirst(), WTF::OrdinalNumber());

</span><span class="cx">     auto handleViolatedDirective = [&amp;] (const ContentSecurityPolicyDirective&amp; violatedDirective) {

</span><del>-        String consoleMessage = consoleMessageForViolation(ContentSecurityPolicyDirectiveNames::childSrc, violatedDirective, url, &quot;Refused to load&quot;);

-        reportViolation(ContentSecurityPolicyDirectiveNames::childSrc, violatedDirective, url, consoleMessage, sourceURL, sourcePosition);

</del><ins>+        String consoleMessage = consoleMessageForViolation(name, violatedDirective, url, &quot;Refused to load&quot;);

+        reportViolation(name, violatedDirective, url, consoleMessage, sourceURL, sourcePosition);

</ins><span class="cx">     };

</span><del>-    return allPoliciesAllow(WTFMove(handleViolatedDirective), &amp;ContentSecurityPolicyDirectiveList::violatedDirectiveForChildContext, url, redirectResponseReceived == RedirectResponseReceived::Yes);

</del><ins>+    return allPoliciesAllow(WTFMove(handleViolatedDirective), resourcePredicate, url, redirectResponseReceived == RedirectResponseReceived::Yes);

</ins><span class="cx"> }

</span><span class="cx"> 

</span><del>-bool ContentSecurityPolicy::allowImageFromSource(const URL&amp; url, bool overrideContentSecurityPolicy, RedirectResponseReceived redirectResponseReceived) const

</del><ins>+bool ContentSecurityPolicy::allowChildContextFromSource(const URL&amp; url, RedirectResponseReceived redirectResponseReceived) const

</ins><span class="cx"> {

</span><del>-    if (overrideContentSecurityPolicy)

-        return true;

-    if (SchemeRegistry::schemeShouldBypassContentSecurityPolicy(url.protocol()))

-        return true;

-    String sourceURL;

-    TextPosition sourcePosition(WTF::OrdinalNumber::beforeFirst(), WTF::OrdinalNumber());

-    auto handleViolatedDirective = [&amp;] (const ContentSecurityPolicyDirective&amp; violatedDirective) {

-        String consoleMessage = consoleMessageForViolation(ContentSecurityPolicyDirectiveNames::imgSrc, violatedDirective, url, &quot;Refused to load&quot;);

-        reportViolation(ContentSecurityPolicyDirectiveNames::imgSrc, violatedDirective, url, consoleMessage, sourceURL, sourcePosition);

-    };

-    return allPoliciesAllow(WTFMove(handleViolatedDirective), &amp;ContentSecurityPolicyDirectiveList::violatedDirectiveForImage, url, redirectResponseReceived == RedirectResponseReceived::Yes);

</del><ins>+    return allowResourceFromSource(url, redirectResponseReceived, ContentSecurityPolicyDirectiveNames::childSrc, &amp;ContentSecurityPolicyDirectiveList::violatedDirectiveForChildContext);

</ins><span class="cx"> }

</span><span class="cx"> 

</span><del>-bool ContentSecurityPolicy::allowStyleFromSource(const URL&amp; url, bool overrideContentSecurityPolicy, RedirectResponseReceived redirectResponseReceived) const

</del><ins>+bool ContentSecurityPolicy::allowScriptFromSource(const URL&amp; url, RedirectResponseReceived redirectResponseReceived) const

</ins><span class="cx"> {

</span><del>-    if (overrideContentSecurityPolicy)

-        return true;

-    if (SchemeRegistry::schemeShouldBypassContentSecurityPolicy(url.protocol()))

-        return true;

-    String sourceURL;

-    TextPosition sourcePosition(WTF::OrdinalNumber::beforeFirst(), WTF::OrdinalNumber());

-    auto handleViolatedDirective = [&amp;] (const ContentSecurityPolicyDirective&amp; violatedDirective) {

-        String consoleMessage = consoleMessageForViolation(ContentSecurityPolicyDirectiveNames::styleSrc, violatedDirective, url, &quot;Refused to load&quot;);

-        reportViolation(ContentSecurityPolicyDirectiveNames::styleSrc, violatedDirective, url, consoleMessage, sourceURL, sourcePosition);

-    };

-    return allPoliciesAllow(WTFMove(handleViolatedDirective), &amp;ContentSecurityPolicyDirectiveList::violatedDirectiveForStyle, url, redirectResponseReceived == RedirectResponseReceived::Yes);

</del><ins>+    return allowResourceFromSource(url, redirectResponseReceived, ContentSecurityPolicyDirectiveNames::scriptSrc, &amp;ContentSecurityPolicyDirectiveList::violatedDirectiveForScript);

</ins><span class="cx"> }

</span><span class="cx"> 

</span><del>-bool ContentSecurityPolicy::allowFontFromSource(const URL&amp; url, bool overrideContentSecurityPolicy, RedirectResponseReceived redirectResponseReceived) const

</del><ins>+bool ContentSecurityPolicy::allowImageFromSource(const URL&amp; url, RedirectResponseReceived redirectResponseReceived) const

</ins><span class="cx"> {

</span><del>-    if (overrideContentSecurityPolicy)

-        return true;

-    if (SchemeRegistry::schemeShouldBypassContentSecurityPolicy(url.protocol()))

-        return true;

-    String sourceURL;

-    TextPosition sourcePosition(WTF::OrdinalNumber::beforeFirst(), WTF::OrdinalNumber());

-    auto handleViolatedDirective = [&amp;] (const ContentSecurityPolicyDirective&amp; violatedDirective) {

-        String consoleMessage = consoleMessageForViolation(ContentSecurityPolicyDirectiveNames::fontSrc, violatedDirective, url, &quot;Refused to load&quot;);

-        reportViolation(ContentSecurityPolicyDirectiveNames::fontSrc, violatedDirective, url, consoleMessage, sourceURL, sourcePosition);

-    };

-    return allPoliciesAllow(WTFMove(handleViolatedDirective), &amp;ContentSecurityPolicyDirectiveList::violatedDirectiveForFont, url, redirectResponseReceived == RedirectResponseReceived::Yes);

</del><ins>+    return allowResourceFromSource(url, redirectResponseReceived, ContentSecurityPolicyDirectiveNames::imgSrc, &amp;ContentSecurityPolicyDirectiveList::violatedDirectiveForImage);

</ins><span class="cx"> }

</span><span class="cx"> 

</span><del>-bool ContentSecurityPolicy::allowMediaFromSource(const URL&amp; url, bool overrideContentSecurityPolicy, RedirectResponseReceived redirectResponseReceived) const

</del><ins>+bool ContentSecurityPolicy::allowStyleFromSource(const URL&amp; url, RedirectResponseReceived redirectResponseReceived) const

</ins><span class="cx"> {

</span><del>-    if (overrideContentSecurityPolicy)

-        return true;

-    if (SchemeRegistry::schemeShouldBypassContentSecurityPolicy(url.protocol()))

-        return true;

-    String sourceURL;

-    TextPosition sourcePosition(WTF::OrdinalNumber::beforeFirst(), WTF::OrdinalNumber());

-    auto handleViolatedDirective = [&amp;] (const ContentSecurityPolicyDirective&amp; violatedDirective) {

-        String consoleMessage = consoleMessageForViolation(ContentSecurityPolicyDirectiveNames::mediaSrc, violatedDirective, url, &quot;Refused to load&quot;);

-        reportViolation(ContentSecurityPolicyDirectiveNames::mediaSrc, violatedDirective, url, consoleMessage, sourceURL, sourcePosition);

-    };

-    return allPoliciesAllow(WTFMove(handleViolatedDirective), &amp;ContentSecurityPolicyDirectiveList::violatedDirectiveForMedia, url, redirectResponseReceived == RedirectResponseReceived::Yes);

</del><ins>+    return allowResourceFromSource(url, redirectResponseReceived, ContentSecurityPolicyDirectiveNames::styleSrc, &amp;ContentSecurityPolicyDirectiveList::violatedDirectiveForStyle);

</ins><span class="cx"> }

</span><span class="cx"> 

</span><del>-bool ContentSecurityPolicy::allowConnectToSource(const URL&amp; url, bool overrideContentSecurityPolicy, RedirectResponseReceived redirectResponseReceived) const

</del><ins>+bool ContentSecurityPolicy::allowFontFromSource(const URL&amp; url, RedirectResponseReceived redirectResponseReceived) const

</ins><span class="cx"> {

</span><del>-    if (overrideContentSecurityPolicy)

-        return true;

</del><ins>+    return allowResourceFromSource(url, redirectResponseReceived, ContentSecurityPolicyDirectiveNames::fontSrc, &amp;ContentSecurityPolicyDirectiveList::violatedDirectiveForFont);

+}

+

+bool ContentSecurityPolicy::allowMediaFromSource(const URL&amp; url, RedirectResponseReceived redirectResponseReceived) const

+{

+    return allowResourceFromSource(url, redirectResponseReceived, ContentSecurityPolicyDirectiveNames::mediaSrc, &amp;ContentSecurityPolicyDirectiveList::violatedDirectiveForMedia);

+}

+

+bool ContentSecurityPolicy::allowConnectToSource(const URL&amp; url, RedirectResponseReceived redirectResponseReceived) const

+{

</ins><span class="cx">     if (SchemeRegistry::schemeShouldBypassContentSecurityPolicy(url.protocol()))

</span><span class="cx">         return true;

</span><span class="cx">     String sourceURL;

</span><span class="lines">@@ -590,19 +537,9 @@

</span><span class="cx">     return allPoliciesAllow(WTFMove(handleViolatedDirective), &amp;ContentSecurityPolicyDirectiveList::violatedDirectiveForConnectSource, url, redirectResponseReceived == RedirectResponseReceived::Yes);

</span><span class="cx"> }

</span><span class="cx"> 

</span><del>-bool ContentSecurityPolicy::allowFormAction(const URL&amp; url, bool overrideContentSecurityPolicy, RedirectResponseReceived redirectResponseReceived) const

</del><ins>+bool ContentSecurityPolicy::allowFormAction(const URL&amp; url, RedirectResponseReceived redirectResponseReceived) const

</ins><span class="cx"> {

</span><del>-    if (overrideContentSecurityPolicy)

-        return true;

-    if (SchemeRegistry::schemeShouldBypassContentSecurityPolicy(url.protocol()))

-        return true;

-    String sourceURL;

-    TextPosition sourcePosition(WTF::OrdinalNumber::beforeFirst(), WTF::OrdinalNumber());

-    auto handleViolatedDirective = [&amp;] (const ContentSecurityPolicyDirective&amp; violatedDirective) {

-        String consoleMessage = consoleMessageForViolation(ContentSecurityPolicyDirectiveNames::formAction, violatedDirective, url, &quot;Refused to load&quot;);

-        reportViolation(ContentSecurityPolicyDirectiveNames::formAction, violatedDirective, url, consoleMessage, sourceURL, sourcePosition);

-    };

-    return allPoliciesAllow(WTFMove(handleViolatedDirective), &amp;ContentSecurityPolicyDirectiveList::violatedDirectiveForFormAction, url, redirectResponseReceived == RedirectResponseReceived::Yes);

</del><ins>+    return allowResourceFromSource(url, redirectResponseReceived, ContentSecurityPolicyDirectiveNames::formAction, &amp;ContentSecurityPolicyDirectiveList::violatedDirectiveForFormAction);

</ins><span class="cx"> }

</span><span class="cx"> 

</span><span class="cx"> bool ContentSecurityPolicy::allowBaseURI(const URL&amp; url, bool overrideContentSecurityPolicy) const

</span></span></pre></div>

<a id="trunkSourceWebCorepagecspContentSecurityPolicyh"></a>

<div class="modfile"><h4>Modified: trunk/Source/WebCore/page/csp/ContentSecurityPolicy.h (206253 => 206254)</h4>

<pre class="diff"><span>

<span class="info">--- trunk/Source/WebCore/page/csp/ContentSecurityPolicy.h        2016-09-22 07:57:32 UTC (rev 206253)

+++ trunk/Source/WebCore/page/csp/ContentSecurityPolicy.h        2016-09-22 08:28:37 UTC (rev 206254)

</span><span class="lines">@@ -98,17 +98,18 @@

</span><span class="cx">     bool allowFrameAncestors(const Frame&amp;, const URL&amp;, bool overrideContentSecurityPolicy = false) const;

</span><span class="cx"> 

</span><span class="cx">     enum class RedirectResponseReceived { No, Yes };

</span><del>-    bool allowScriptFromSource(const URL&amp;, bool overrideContentSecurityPolicy = false, RedirectResponseReceived = RedirectResponseReceived::No) const;

-    bool allowChildFrameFromSource(const URL&amp;, bool overrideContentSecurityPolicy = false, RedirectResponseReceived = RedirectResponseReceived::No) const;

-    bool allowChildContextFromSource(const URL&amp;, bool overrideContentSecurityPolicy = false, RedirectResponseReceived = RedirectResponseReceived::No) const;

-    bool allowImageFromSource(const URL&amp;, bool overrideContentSecurityPolicy = false, RedirectResponseReceived = RedirectResponseReceived::No) const;

-    bool allowStyleFromSource(const URL&amp;, bool overrideContentSecurityPolicy = false, RedirectResponseReceived = RedirectResponseReceived::No) const;

-    bool allowFontFromSource(const URL&amp;, bool overrideContentSecurityPolicy = false, RedirectResponseReceived = RedirectResponseReceived::No) const;

-    bool allowMediaFromSource(const URL&amp;, bool overrideContentSecurityPolicy = false, RedirectResponseReceived = RedirectResponseReceived::No) const;

-    bool allowConnectToSource(const URL&amp;, bool overrideContentSecurityPolicy = false, RedirectResponseReceived = RedirectResponseReceived::No) const;

-    bool allowFormAction(const URL&amp;, bool overrideContentSecurityPolicy = false, RedirectResponseReceived = RedirectResponseReceived::No) const;

</del><ins>+    bool allowScriptFromSource(const URL&amp;, RedirectResponseReceived = RedirectResponseReceived::No) const;

+    bool allowImageFromSource(const URL&amp;, RedirectResponseReceived = RedirectResponseReceived::No) const;

+    bool allowStyleFromSource(const URL&amp;, RedirectResponseReceived = RedirectResponseReceived::No) const;

+    bool allowFontFromSource(const URL&amp;, RedirectResponseReceived = RedirectResponseReceived::No) const;

+    bool allowMediaFromSource(const URL&amp;, RedirectResponseReceived = RedirectResponseReceived::No) const;

</ins><span class="cx"> 

</span><del>-    bool allowObjectFromSource(const URL&amp;, bool overrideContentSecurityPolicy = false, RedirectResponseReceived = RedirectResponseReceived::No) const;

</del><ins>+    bool allowChildFrameFromSource(const URL&amp;, RedirectResponseReceived = RedirectResponseReceived::No) const;

+    bool allowChildContextFromSource(const URL&amp;, RedirectResponseReceived = RedirectResponseReceived::No) const;

+    bool allowConnectToSource(const URL&amp;, RedirectResponseReceived = RedirectResponseReceived::No) const;

+    bool allowFormAction(const URL&amp;, RedirectResponseReceived = RedirectResponseReceived::No) const;

+

+    bool allowObjectFromSource(const URL&amp;, RedirectResponseReceived = RedirectResponseReceived::No) const;

</ins><span class="cx">     bool allowBaseURI(const URL&amp;, bool overrideContentSecurityPolicy = false) const;

</span><span class="cx"> 

</span><span class="cx">     void setOverrideAllowInlineStyle(bool);

</span><span class="lines">@@ -188,6 +189,9 @@

</span><span class="cx">     template&lt;typename Predicate, typename... Args&gt;

</span><span class="cx">     bool allPoliciesAllow(ViolatedDirectiveCallback&amp;&amp;, Predicate&amp;&amp;, Args&amp;&amp;...) const WARN_UNUSED_RETURN;

</span><span class="cx"> 

</span><ins>+    using ResourcePredicate = const ContentSecurityPolicyDirective *(ContentSecurityPolicyDirectiveList::*)(const URL &amp;, bool) const;

+    bool allowResourceFromSource(const URL&amp;, RedirectResponseReceived, const char*, ResourcePredicate) const;

+

</ins><span class="cx">     using HashInEnforcedAndReportOnlyPoliciesPair = std::pair&lt;bool, bool&gt;;

</span><span class="cx">     template&lt;typename Predicate&gt; HashInEnforcedAndReportOnlyPoliciesPair findHashOfContentInPolicies(Predicate&amp;&amp;, const String&amp; content, OptionSet&lt;ContentSecurityPolicyHashAlgorithm&gt;) const WARN_UNUSED_RETURN;

</span><span class="cx"> 

</span></span></pre></div>

<a id="trunkSourceWebCoreworkersAbstractWorkercpp"></a>

<div class="modfile"><h4>Modified: trunk/Source/WebCore/workers/AbstractWorker.cpp (206253 => 206254)</h4>

<pre class="diff"><span>

<span class="info">--- trunk/Source/WebCore/workers/AbstractWorker.cpp        2016-09-22 07:57:32 UTC (rev 206253)

+++ trunk/Source/WebCore/workers/AbstractWorker.cpp        2016-09-22 08:28:37 UTC (rev 206254)

</span><span class="lines">@@ -63,7 +63,7 @@

</span><span class="cx">     }

</span><span class="cx"> 

</span><span class="cx">     ASSERT(scriptExecutionContext()-&gt;contentSecurityPolicy());

</span><del>-    if (!scriptExecutionContext()-&gt;contentSecurityPolicy()-&gt;allowChildContextFromSource(scriptURL, shouldBypassMainWorldContentSecurityPolicy)) {

</del><ins>+    if (!shouldBypassMainWorldContentSecurityPolicy &amp;&amp; !scriptExecutionContext()-&gt;contentSecurityPolicy()-&gt;allowChildContextFromSource(scriptURL)) {

</ins><span class="cx">         ec = SECURITY_ERR;

</span><span class="cx">         return URL();

</span><span class="cx">     }

</span></span></pre></div>

<a id="trunkSourceWebCoreworkersWorkerGlobalScopecpp"></a>

<div class="modfile"><h4>Modified: trunk/Source/WebCore/workers/WorkerGlobalScope.cpp (206253 => 206254)</h4>

<pre class="diff"><span>

<span class="info">--- trunk/Source/WebCore/workers/WorkerGlobalScope.cpp        2016-09-22 07:57:32 UTC (rev 206253)

+++ trunk/Source/WebCore/workers/WorkerGlobalScope.cpp        2016-09-22 08:28:37 UTC (rev 206254)

</span><span class="lines">@@ -216,11 +216,14 @@

</span><span class="cx"> 

</span><span class="cx"> void WorkerGlobalScope::importScripts(const Vector&lt;String&gt;&amp; urls, ExceptionCode&amp; ec)

</span><span class="cx"> {

</span><ins>+    ASSERT(scriptExecutionContext());

</ins><span class="cx">     ASSERT(contentSecurityPolicy());

</span><ins>+

+    auto&amp; context = *scriptExecutionContext();

</ins><span class="cx">     ec = 0;

</span><span class="cx">     Vector&lt;URL&gt; completedURLs;

</span><span class="cx">     for (auto&amp; entry : urls) {

</span><del>-        URL url = scriptExecutionContext()-&gt;completeURL(entry);

</del><ins>+        URL url = context.completeURL(entry);

</ins><span class="cx">         if (!url.isValid()) {

</span><span class="cx">             ec = SYNTAX_ERR;

</span><span class="cx">             return;

</span><span class="lines">@@ -230,14 +233,14 @@

</span><span class="cx"> 

</span><span class="cx">     for (auto&amp; url : completedURLs) {

<span class="cx">         // FIXME: Convert this to check the isolated world's Content Security Policy once webkit.org/b/104520 is solved.

</span><del>-        bool shouldBypassMainWorldContentSecurityPolicy = scriptExecutionContext()-&gt;shouldBypassMainWorldContentSecurityPolicy();

-        if (!scriptExecutionContext()-&gt;contentSecurityPolicy()-&gt;allowScriptFromSource(url, shouldBypassMainWorldContentSecurityPolicy)) {

</del><ins>+        bool shouldBypassMainWorldContentSecurityPolicy = context.shouldBypassMainWorldContentSecurityPolicy();

+        if (!shouldBypassMainWorldContentSecurityPolicy &amp;&amp; !context.contentSecurityPolicy()-&gt;allowScriptFromSource(url)) {

</ins><span class="cx">             ec = NETWORK_ERR;

</span><span class="cx">             return;

</span><span class="cx">         }

</span><span class="cx"> 

</span><span class="cx">         Ref&lt;WorkerScriptLoader&gt; scriptLoader = WorkerScriptLoader::create();

</span><del>-        scriptLoader-&gt;loadSynchronously(scriptExecutionContext(), url, FetchOptions::Mode::NoCors, shouldBypassMainWorldContentSecurityPolicy ? ContentSecurityPolicyEnforcement::DoNotEnforce : ContentSecurityPolicyEnforcement::EnforceScriptSrcDirective);

</del><ins>+        scriptLoader-&gt;loadSynchronously(&amp;context, url, FetchOptions::Mode::NoCors, shouldBypassMainWorldContentSecurityPolicy ? ContentSecurityPolicyEnforcement::DoNotEnforce : ContentSecurityPolicyEnforcement::EnforceScriptSrcDirective);

</ins><span class="cx"> 

<span class="cx">         // If the fetching attempt failed, throw a NETWORK_ERR exception and abort all these steps.

</span><span class="cx">         if (scriptLoader-&gt;failed()) {

</span><span class="lines">@@ -245,7 +248,7 @@

</span><span class="cx">             return;

</span><span class="cx">         }

</span><span class="cx"> 

</span><del>-        InspectorInstrumentation::scriptImported(scriptExecutionContext(), scriptLoader-&gt;identifier(), scriptLoader-&gt;script());

</del><ins>+        InspectorInstrumentation::scriptImported(&amp;context, scriptLoader-&gt;identifier(), scriptLoader-&gt;script());

</ins><span class="cx"> 

</span><span class="cx">         NakedPtr&lt;JSC::Exception&gt; exception;

</span><span class="cx">         m_script-&gt;evaluate(ScriptSourceCode(scriptLoader-&gt;script(), scriptLoader-&gt;responseURL()), exception);

</span></span></pre></div>

<a id="trunkSourceWebCorexmlXMLHttpRequestcpp"></a>

<div class="modfile"><h4>Modified: trunk/Source/WebCore/xml/XMLHttpRequest.cpp (206253 => 206254)</h4>

<pre class="diff"><span>

<span class="info">--- trunk/Source/WebCore/xml/XMLHttpRequest.cpp        2016-09-22 07:57:32 UTC (rev 206253)

+++ trunk/Source/WebCore/xml/XMLHttpRequest.cpp        2016-09-22 08:28:37 UTC (rev 206254)

</span><span class="lines">@@ -494,6 +494,8 @@

</span><span class="cx">     if (!scriptExecutionContext())

</span><span class="cx">         return false;

</span><span class="cx"> 

</span><ins>+    auto&amp; context = *scriptExecutionContext();

+

</ins><span class="cx">     if (m_state != OPENED || m_sendFlag) {

</span><span class="cx">         ec = INVALID_STATE_ERR;

</span><span class="cx">         return false;

</span><span class="lines">@@ -501,7 +503,7 @@

</span><span class="cx">     ASSERT(!m_loader);

</span><span class="cx"> 

<span class="cx">     // FIXME: Convert this to check the isolated world's Content Security Policy once webkit.org/b/104520 is solved.

</span><del>-    if (!scriptExecutionContext()-&gt;contentSecurityPolicy()-&gt;allowConnectToSource(m_url, scriptExecutionContext()-&gt;shouldBypassMainWorldContentSecurityPolicy())) {

</del><ins>+    if (!context.shouldBypassMainWorldContentSecurityPolicy() &amp;&amp; !context.contentSecurityPolicy()-&gt;allowConnectToSource(m_url)) {

</ins><span class="cx">         if (m_async) {

</span><span class="cx">             setPendingActivity(this);

</span><span class="cx">             m_timeoutTimer.stop();

</span></span></pre>

</div>

</div>

</body>

</html>