| commit | 2bfa22caf84f2db019efad7f288b1e8c211b37d2 | |
| author | tyoshino@chromium.org <tyoshino@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | |
| Thu, 21 Aug 2014 04:55:27 +0000 (21 04:55 +0000) | ||
| committer | tyoshino@chromium.org <tyoshino@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | |
| Thu, 21 Aug 2014 04:57:03 +0000 (21 04:57 +0000) | ||
| tree | 809931a88abfc45100eb8a335d8fb4f315a71aa2 | treesnapshot (tar.gz zip) |
| parent | 612a925563bb759bfd475b7323161420c9717309 | commitdiff |
Set response headers for data URL.
Resources represented by a data URL will stay being considered to be
unique origin resource but are changed to allow cross origin access by
the Access-Control-Allow-Origin header.
We take this approach mainly because we want scripts in an iframe with
a data URL specified to its src attribute to be executed as a script on
a unique origin resource, not on the parent frame.
We can choose to treat "loading" of data URL specially as same origin
while execution as different origin. But such an approach complicates
security policy checking algorithm.
Grammar checking code is added to ensure we emit a valid content-type.
Blink side CL https://codereview.chromium.org/54173002/ will be landed
first to temporarily disable layout tests that will break, and then
this CL will be landed.
BUG=308768
Review URL: https://codereview.chromium.org/294193002
Cr-Commit-Position: refs/heads/master@{#291007}
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@291007 0039d316-1c4b-4281-b951-d872f2087c98
Resources represented by a data URL will stay being considered to be
unique origin resource but are changed to allow cross origin access by
the Access-Control-Allow-Origin header.
We take this approach mainly because we want scripts in an iframe with
a data URL specified to its src attribute to be executed as a script on
a unique origin resource, not on the parent frame.
We can choose to treat "loading" of data URL specially as same origin
while execution as different origin. But such an approach complicates
security policy checking algorithm.
Grammar checking code is added to ensure we emit a valid content-type.
Blink side CL https://codereview.chromium.org/54173002/ will be landed
first to temporarily disable layout tests that will break, and then
this CL will be landed.
BUG=308768
Review URL: https://codereview.chromium.org/294193002
Cr-Commit-Position: refs/heads/master@{#291007}
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@291007 0039d316-1c4b-4281-b951-d872f2087c98