Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(550)

Unified Diff: Source/core/frame/csp/CSPDirectiveList.cpp

Issue 1142623002: Stop sending the 'CSP' header. (Closed) Base URL: https://chromium.googlesource.com/chromium/blink.git@master
Patch Set: Created 5 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
Index: Source/core/frame/csp/CSPDirectiveList.cpp
diff --git a/Source/core/frame/csp/CSPDirectiveList.cpp b/Source/core/frame/csp/CSPDirectiveList.cpp
index 4dd95cddcba29d4f280685ef4a6988f341f1e469..7a030d07201aae14fff2c3119d75b5b3b00e8304 100644
--- a/Source/core/frame/csp/CSPDirectiveList.cpp
+++ b/Source/core/frame/csp/CSPDirectiveList.cpp
@@ -416,34 +416,9 @@ const String& CSPDirectiveList::pluginTypesText() const
bool CSPDirectiveList::shouldSendCSPHeader(Resource::Type type) const
{
- switch (type) {
- case Resource::XSLStyleSheet:
- ASSERT(RuntimeEnabledFeatures::xsltEnabled());
- return !!operativeDirective(m_scriptSrc.get());
- case Resource::Script:
- case Resource::ImportResource:
- return !!operativeDirective(m_scriptSrc.get());
- case Resource::CSSStyleSheet:
- return !!operativeDirective(m_styleSrc.get());
- case Resource::SVGDocument:
- case Resource::Image:
- return !!operativeDirective(m_imgSrc.get());
- case Resource::Font:
- return !!operativeDirective(m_fontSrc.get());
- case Resource::Media:
- case Resource::TextTrack:
- return !!operativeDirective(m_mediaSrc.get());
- case Resource::Raw:
- // This request could be for a plugin, a child frame, a worker, or
- // something else. If there any potentially relevant policies,
- // send the CSP header; sending it unnecessarily can't hurt.
- return !!operativeDirective(m_objectSrc.get()) || !!m_pluginTypes.get() || !!operativeDirective(m_childSrc.get()) || !!operativeDirective(m_frameSrc.get()) || !!operativeDirective(m_connectSrc.get()) || !!operativeDirective(m_manifestSrc.get()) || !!m_formAction.get();
- case Resource::MainResource:
- case Resource::LinkPrefetch:
- case Resource::LinkSubresource:
- return false;
- }
- ASSERT_NOT_REACHED();
+ // TODO(mkwst): Revisit this once the CORS prefetch issue with the 'CSP'
+ // header is worked out, one way or another:
+ // https://github.com/whatwg/fetch/issues/52
return false;
}

Powered by Google App Engine
This is Rietveld 408576698