diff options
| author | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2019-05-16 09:59:13 +0200 |
|---|---|---|
| committer | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2019-05-20 10:28:53 +0000 |
| commit | 6c11fb357ec39bf087b8b632e2b1e375aef1b38b (patch) | |
| tree | c8315530db18a8ee566521c39ab8a6af4f72bc03 /chromium/third_party/blink/renderer/platform/weborigin/security_origin.cc | |
| parent | 3ffaed019d0772e59d6cdb2d0d32fe4834c31f72 (diff) | |
| download | qtwebengine-chromium-6c11fb357ec39bf087b8b632e2b1e375aef1b38b.tar.gz | |
BASELINE: Update Chromium to 74.0.3729.159
Change-Id: I8d2497da544c275415aedd94dd25328d555de811
Reviewed-by: Michael BrĂ¼ning <michael.bruning@qt.io>
Diffstat (limited to 'chromium/third_party/blink/renderer/platform/weborigin/security_origin.cc')
| -rw-r--r-- | chromium/third_party/blink/renderer/platform/weborigin/security_origin.cc | 23 |
1 files changed, 12 insertions, 11 deletions
diff --git a/chromium/third_party/blink/renderer/platform/weborigin/security_origin.cc b/chromium/third_party/blink/renderer/platform/weborigin/security_origin.cc index 267e2e64316..d629c18cab9 100644 --- a/chromium/third_party/blink/renderer/platform/weborigin/security_origin.cc +++ b/chromium/third_party/blink/renderer/platform/weborigin/security_origin.cc @@ -306,6 +306,9 @@ bool SecurityOrigin::CanAccess(const SecurityOrigin* other, return true; } + // This is needed to ensure an origin can access to itself under nullified + // document.domain. + // TODO(tzik): Update the nulled domain handling and remove this condition. if (this == other) { detail = AccessResultDomainDetail::kDomainNotRelevant; return true; @@ -313,11 +316,11 @@ bool SecurityOrigin::CanAccess(const SecurityOrigin* other, if (IsOpaque() || other->IsOpaque()) { detail = AccessResultDomainDetail::kDomainNotRelevant; - return false; + return nonce_if_opaque_ == other->nonce_if_opaque_; } // document.domain handling, as per - // https://html.spec.whatwg.org/multipage/browsers.html#dom-document-domain: + // https://html.spec.whatwg.org/C/#dom-document-domain: // // 1) Neither document has set document.domain. In this case, we insist // that the scheme, host, and port of the URLs match. @@ -332,10 +335,7 @@ bool SecurityOrigin::CanAccess(const SecurityOrigin* other, if (host_ == other->host_ && port_ == other->port_) can_access = true; } else if (domain_was_set_in_dom_ && other->domain_was_set_in_dom_) { - // TODO(mkwst): If/when we ship this behavior, change this to check - // IsNull() rather than relying on string comparison. - // https://crbug.com/733150 - if (domain_ == other->domain_ && domain_ != "null") { + if (domain_ == other->domain_) { can_access = true; detail = (host_ == other->host_ && port_ == other->port_) ? AccessResultDomainDetail::kDomainMatchUnnecessary @@ -545,14 +545,15 @@ scoped_refptr<SecurityOrigin> SecurityOrigin::Create(const String& protocol, } bool SecurityOrigin::IsSameSchemeHostPort(const SecurityOrigin* other) const { + // This is needed to ensure a local origin considered to have the same scheme, + // host, and port to itself. + // TODO(tzik): Make the local origin unique but not opaque, and remove this + // condition. if (this == other) return true; - if (IsOpaque() || other->IsOpaque()) { - // TODO(dcheng|nasko): Add nonce equality check here, such that opaque - // origins that are copy of each other can be equal. - return false; - } + if (IsOpaque() || other->IsOpaque()) + return nonce_if_opaque_ == other->nonce_if_opaque_; if (host_ != other->host_) return false; |