Use correct context for all subresources checks (thanks user72 for reporting).
This commit is contained in:
parent
52fe14e549
commit
37499bc4dc
|
@ -500,7 +500,7 @@ var RequestGuard = (() => {
|
|||
}
|
||||
if (!allowed) {
|
||||
let capabilities = intersectCapabilities(
|
||||
policy.get(url, documentUrl).perms,
|
||||
policy.get(url, ns.policyContext(request)).perms,
|
||||
request);
|
||||
allowed = !policyType || capabilities.has(policyType);
|
||||
if (allowed && request._dataUrl && type.endsWith("frame")) {
|
||||
|
|
Loading…
Reference in New Issue