Tweaking the "insecure CSP" error message to clarify that both 'script-src' and 'object-src' must b…

chrome/common/extensions/extension_manifest_constants.cc

Index: chrome/common/extensions/extension_manifest_constants.cc
diff --git a/chrome/common/extensions/extension_manifest_constants.cc b/chrome/common/extensions/extension_manifest_constants.cc
index de33389949657752fa343541e83b90572a681dc2..802f0e7c71bb7333b64e2fdcaaab6c1a7feef761 100644
--- a/chrome/common/extensions/extension_manifest_constants.cc
+++ b/chrome/common/extensions/extension_manifest_constants.cc
@@ -457,12 +457,13 @@ const char kInvalidWebURLs[] =
 const char kInvalidZipHash[] =
     "Required key 'zip_hash' is missing or invalid.";
 const char kInsecureContentSecurityPolicy[] =
-    "Invalid value for 'content_security_policy': The 'script-src' and"
-    " 'object-src' directives can only whitelist secure resources. You may"
-    " include any of the following sources: \"'self'\", \"http://127.0.0.1\","
-    " \"http://localhost\", or any \"https://\" or \"chrome-extension://\""
-    " origin. For more information, see"
-    " http://developer.chrome.com/extensions/contentSecurityPolicy.html";
+    "Invalid value for 'content_security_policy': Both 'script-src' and"
+    " 'object-src' directives must be specified (either explicitly, or"
+    " implicitly via 'default-src'), and both must whitelist only secure"
+    " resources. You may include any of the following sources: \"'self'\","
+    " \"'unsafe-eval'\", \"http://127.0.0.1\", \"http://localhost\", or any"
+    " \"https://\" or \"chrome-extension://\" origin. For more information,"
+    " see http://developer.chrome.com/extensions/contentSecurityPolicy.html";
 const char kLaunchPathAndExtentAreExclusive[] =
     "The 'app.launch.local_path' and 'app.urls' keys cannot both be set.";
 const char kLaunchPathAndURLAreExclusive[] =