-
tyoshino authored
Resources represented by a data URL will stay being considered to be unique origin resource but are changed to allow cross origin access by the Access-Control-Allow-Origin header. We take this approach mainly because we want scripts in an iframe with a data URL specified to its src attribute to be executed as a script on a unique origin resource, not on the parent frame. We can choose to treat "loading" of data URL specially as same origin while execution as different origin. But such an approach complicates security policy checking algorithm. Grammar checking code is added to ensure we emit a valid content-type. Blink side CL https://codereview.chromium.org/54173002/ will be landed first to temporarily disable layout tests that will break, and then this CL will be landed. BUG=308768 Committed: https://src.chromium.org/viewvc/chrome?view=rev&revision=291007 Review URL: https://codereview.chromium.org/294193002 Cr-Commit-Position: refs/heads/master@{#294107}
05a2bf0b
