summaryrefslogtreecommitdiffstats
path: root/WebCore/loader/CrossOriginAccessControl.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'WebCore/loader/CrossOriginAccessControl.cpp')
-rw-r--r--WebCore/loader/CrossOriginAccessControl.cpp4
1 files changed, 4 insertions, 0 deletions
diff --git a/WebCore/loader/CrossOriginAccessControl.cpp b/WebCore/loader/CrossOriginAccessControl.cpp
index f0f8b6a..7a21280 100644
--- a/WebCore/loader/CrossOriginAccessControl.cpp
+++ b/WebCore/loader/CrossOriginAccessControl.cpp
@@ -100,6 +100,10 @@ bool passesAccessControlCheck(const ResourceResponse& response, bool includeCred
if (accessControlOriginString == "*" && !includeCredentials)
return true;
+ // A sandboxed frame has a unique origin (for same-origin purposes).
+ if (securityOrigin->isSandboxed(SandboxOrigin))
+ return false;
+
RefPtr<SecurityOrigin> accessControlOrigin = SecurityOrigin::createFromString(accessControlOriginString);
if (!accessControlOrigin->isSameSchemeHostPort(securityOrigin))
return false;
generated by cgit v1.1 at 2025-05-13 23:56:15 +0000