[webkit-reviews] review denied: [Bug 93777] Implement the form-action Content Security Policy directive. : [Attachment 158375] Jochen's feedback.
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Aug 14 11:35:36 PDT 2012
jochen at chromium.org has denied Mike West <mkwst at chromium.org>'s request for
review:
Bug 93777: Implement the form-action Content Security Policy directive.
https://bugs.webkit.org/show_bug.cgi?id=93777
Attachment 158375: Jochen's feedback.
https://bugs.webkit.org/attachment.cgi?id=158375&action=review
------- Additional Comments from jochen at chromium.org
View in context: https://bugs.webkit.org/attachment.cgi?id=158375&action=review
> Source/WebCore/loader/MainResourceLoader.cpp:208
> + cancel(ResourceError("", 400, newRequest.url().string(), "CSP"));
I read through the source a bit, and I think it's wrong to create a
ResourceError here. Usually, when we want a specific kind of error, we'd call
the FrameLoaderClient to give us such an error.
I also read the spec, and it doesn't say that we should create a 400, it says
we should react as if we'd received a 400. I believe just calling cancel()
would suffice in that case.
More information about the webkit-reviews
mailing list