Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(12)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 10873060: Adding 'blob:' and 'filesystem:' URLs as secure sources for extensions. (Closed)

Created:
8 years, 4 months ago by Mike West
Modified:
8 years, 3 months ago
CC:
chromium-reviews, Aaron Boodman, mihaip-chromium-reviews_chromium.org
Visibility:
Public.

Description

Adding 'blob:' and 'filesystem:' URLs as secure sources for extensions. Extensions currently enforce the requirement that Content Security Policy directives contain only secure sources. As 'blob:' and 'filesystem:' URLs are same-origin with the resource that created them, and never touch the network, we should allow them in extensions' 'content_security_policy' declarations. BUG=144610 Committed: http://src.chromium.org/viewvc/chrome?view=rev&revision=153624

Patch Set 1 #

Total comments: 4

Patch Set 2 : Adam's feedback. #

Unified diffs Side-by-side diffs Delta from patch set Stats (+11 lines, -0 lines) Patch
M chrome/common/extensions/csp_validator.cc View 1 1 chunk +2 lines, -0 lines 0 comments Download
M chrome/common/extensions/csp_validator_unittest.cc View 1 1 chunk +9 lines, -0 lines 0 comments Download

Messages

Total messages: 8 (0 generated)
Mike West
Hello, Adam, Aaron, and Mihai! Would you mind taking a look at this CL? Maps ...
8 years, 4 months ago (2012-08-24 11:52:36 UTC) #1
abarth-chromium
LGTM (but I am not an owner) http://codereview.chromium.org/10873060/diff/1/chrome/common/extensions/csp_validator.cc File chrome/common/extensions/csp_validator.cc (right): http://codereview.chromium.org/10873060/diff/1/chrome/common/extensions/csp_validator.cc#newcode58 chrome/common/extensions/csp_validator.cc:58: StartsWithASCII(source, "filesystem:", ...
8 years, 4 months ago (2012-08-24 14:55:00 UTC) #2
Mike West
Thanks Adam. Once Mihai or Aaron weighs in, I'll spin a new patch with the ...
8 years, 4 months ago (2012-08-24 15:13:36 UTC) #3
Mihai Parparita -not on Chrome
Accepting only the scheme as a source makes sense to me. Mihai On Fri, Aug ...
8 years, 4 months ago (2012-08-24 17:34:19 UTC) #4
Mike West
On 2012/08/24 17:34:19, Mihai Parparita wrote: > Accepting only the scheme as a source makes ...
8 years, 3 months ago (2012-08-27 08:46:12 UTC) #5
Mihai Parparita -not on Chrome
LGTM
8 years, 3 months ago (2012-08-27 23:40:14 UTC) #6
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/mkwst@chromium.org/10873060/9001
8 years, 3 months ago (2012-08-27 23:40:34 UTC) #7
commit-bot: I haz the power
8 years, 3 months ago (2012-08-28 04:06:49 UTC) #8 
Change committed as 153624

Powered by Google App Engine
This is Rietveld 408576698