Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(5220)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: chrome/common/extensions/csp_validator.cc

Issue 10855122: Whitelisting `127.0.0.1` and `localhost` for HTTP in extensions' CSP. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Less stupid patch. Created 8 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | chrome/common/extensions/csp_validator_unittest.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: chrome/common/extensions/csp_validator.cc
diff --git a/chrome/common/extensions/csp_validator.cc b/chrome/common/extensions/csp_validator.cc
index a57bdb0ce9bbb3288d744dcf2c7da383d015ea7b..225fbd726715ceedf88d02c12d8da3724a6f454d 100644
--- a/chrome/common/extensions/csp_validator.cc
+++ b/chrome/common/extensions/csp_validator.cc
@@ -46,6 +46,8 @@ bool HasOnlySecureTokens(StringTokenizer& tokenizer) {
// We might need to relax this whitelist over time.
if (source == "'self'" ||
source == "'none'" ||
+ source == "http://127.0.0.1" ||
+ source == "http://localhost" ||
abarth-chromium 2012/08/13 15:50:01 This one should probably be case insensitive.
abarth-chromium 2012/08/13 15:50:42 Do we want to allow non-default ports? You might
StartsWithASCII(source, "https://", true) ||
StartsWithASCII(source, "chrome://", true) ||
StartsWithASCII(source, "chrome-extension://", true) ||
« no previous file with comments | « no previous file | chrome/common/extensions/csp_validator_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698