diff options
Diffstat (limited to 'chromium/third_party/WebKit/Source/core/loader/FrameLoader.cpp')
-rw-r--r-- | chromium/third_party/WebKit/Source/core/loader/FrameLoader.cpp | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/chromium/third_party/WebKit/Source/core/loader/FrameLoader.cpp b/chromium/third_party/WebKit/Source/core/loader/FrameLoader.cpp index a30abc938b2..f0b1f6e9d63 100644 --- a/chromium/third_party/WebKit/Source/core/loader/FrameLoader.cpp +++ b/chromium/third_party/WebKit/Source/core/loader/FrameLoader.cpp @@ -432,8 +432,12 @@ void FrameLoader::ReplaceDocumentWhileExecutingJavaScriptURL( // Compute this before clearing the frame, because it may need to inherit an // aliased security context. + // The document CSP is the correct one as it is used for CSP checks + // done previously before getting here: + // HTMLFormElement::ScheduleFormSubmission + // HTMLFrameElementBase::OpenURL WebGlobalObjectReusePolicy global_object_reuse_policy = - frame_->ShouldReuseDefaultView(url) + frame_->ShouldReuseDefaultView(url, document->GetContentSecurityPolicy()) ? WebGlobalObjectReusePolicy::kUseExisting : WebGlobalObjectReusePolicy::kCreateNew; |