Implement CSPEE Blanket Enforcement logic out-of-blink #24311
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This changes adds to the AncestorThrottle a check for the step
"Does response allow blanket enforcement of policy from request" of
Content Security Policy: Embedded Enforcement:
https://w3c.github.io/webappsec-cspee/#origin-allowed Behind the flag
This is one of the steps of moving CSPEE out-of-blink and is hidden
under the flag network::features::kOutOfBlinkCSPEE.
Change-Id: Id3092322134e055810d4006e63e6974ee64315be
Bug: 1094909
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2218019
Commit-Queue: Antonio Sartori <antoniosartori@chromium.org>
Reviewed-by: Kinuko Yasuda <kinuko@chromium.org>
Reviewed-by: Arthur Sonzogni <arthursonzogni@chromium.org>
Reviewed-by: Mike West <mkwst@chromium.org>
Cr-Commit-Position: refs/heads/master@{#784753}