content/browser/frame_host/ancestor_throttle.cc · 0f15bf8492ec41f3c9197849e62a10b07315db78 · eriksson monteiro / tangled

Send CSP frame-ancestors violations also when XFO is present · 0f15bf84

Antonio Sartori authored Aug 05, 2020

If a Content-Security-Policy frame-ancestors directive is enforced,
then the X-Frame-Options header is ignored. However, if the
frame-ancestors directive is report-only, the X-Frame-Options header
is checked and the frame possibly blocked. However, in this second
case, we must still check whether we have to send a
Content-Security-Policy violation report.

Bug: 1097078
Change-Id: I9768a3859184ac1d35bd938f45cc40e111e2af4b
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2339115Reviewed-by: Arthur Sonzogni <arthursonzogni@chromium.org>
Commit-Queue: Antonio Sartori <antoniosartori@chromium.org>
Cr-Commit-Position: refs/heads/master@{#795022}

0f15bf84

ancestor_throttle.cc 20.1 KB

Replace ancestor_throttle.cc