[webkit-reviews] review granted: [Bug 230269] Add violations reporting support for Cross-Origin-Embedder-Policy : [Attachment 438244] Patch
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Sep 16 00:51:48 PDT 2021
youenn fablet <youennf at gmail.com> has granted Chris Dumez <cdumez at apple.com>'s
request for review:
Bug 230269: Add violations reporting support for Cross-Origin-Embedder-Policy
https://bugs.webkit.org/show_bug.cgi?id=230269
Attachment 438244: Patch
https://bugs.webkit.org/attachment.cgi?id=438244&action=review
--- Comment #9 from youenn fablet <youennf at gmail.com> ---
Comment on attachment 438244
--> https://bugs.webkit.org/attachment.cgi?id=438244
Patch
View in context: https://bugs.webkit.org/attachment.cgi?id=438244&action=review
> Source/WebCore/loader/cache/CachedResourceLoader.cpp:803
> + return frame.isMainFrame() ? FetchOptions::Destination::Document :
FetchOptions::Destination::Iframe;
We could differentiate SVGDocumentResource from MainResource so that only
MainResource checks for Document vs. Iframe.
> Source/WebKit/NetworkProcess/NetworkLoadChecker.cpp:166
> + return WTFMove(*error);
Why not just returning error here?
> Source/WebKit/NetworkProcess/NetworkLoadChecker.cpp:177
> + return WTFMove(*error);
Why not just returning error here?
> Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp:647
> return true;
Are we sure this return true is correct?
It seems we should return true if ownerPolicy's value is "unsafe-none" OR
policy's value is "require-corp", but we do an if (AND) above.
More information about the webkit-reviews
mailing list