Issue 1184353002: Explicitly whitelist 'blob:' and 'filesystem:' in extensions' default CSP.

Issue 1184353002: Explicitly whitelist 'blob:' and 'filesystem:' in extensions' default CSP. (Closed)

Created:
5 years, 6 months ago by Mike West

Modified:
5 years, 6 months ago

Reviewers:
Finnur

CC:
chromium-apps-reviews_chromium.org, chromium-reviews, extensions-reviews_chromium.org

Base URL:
https://chromium.googlesource.com/chromium/src.git@master

Target Ref:
refs/pending/heads/master

Project:
chromium

Visibility:
Public.

More Reviews

Description

Explicitly whitelist 'blob:' and 'filesystem:' in extensions' default CSP. 'blob:' and 'filesystem:' should not match 'self' in CSP source expressions, but they currently do. In order to avoid breakage, this patch whitelists them explicitly (which is a no-op at the moment) so that we can change Blink's behavior without breaking extensions. Perhaps we can re-evaluate this in v3. :) BUG=473904 Committed: https://crrev.com/04a6c801d52357e7ad14ecaf8c528a97a3451fd5 Cr-Commit-Position: refs/heads/master@{#334599}

Patch Set 1 #

Total comments: 3

Patch Set 2 : Nit. #

Patch Set 3 : Test. #

Created: 5 years, 6 months ago

Download [raw] [tar.bz2]

		Unified diffs	Side-by-side diffs	Delta from patch set	Stats (+7 lines, -4 lines)			Patch
	M	chrome/common/extensions/manifest_tests/extension_manifests_sandboxed_unittest.cc	View	1 2	1 chunk	+2 lines, -1 line	0 comments	Download
	M	extensions/common/manifest_handlers/csp_info.cc	View	1	1 chunk	+5 lines, -3 lines	0 comments	Download

Messages

Total messages: 12 (4 generated)

Expand Messages | Collapse Messages | Show Generated Messages | Hide Generated Messages

commit-bot: I haz the power

Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1184353002/1

5 years, 6 months ago (2015-06-16 13:03:51 UTC) #2

Mike West

finnur@, Mind taking a look? (I'm not sure whether or not you're actually still working ...

5 years, 6 months ago (2015-06-16 13:04:18 UTC) #4

Mike West

https://codereview.chromium.org/1184353002/diff/1/extensions/common/manifest_handlers/csp_info.cc File extensions/common/manifest_handlers/csp_info.cc (right): https://codereview.chromium.org/1184353002/diff/1/extensions/common/manifest_handlers/csp_info.cc#newcode45 extensions/common/manifest_handlers/csp_info.cc:45: ";" This is all `git cl format`. Sorry. :/

5 years, 6 months ago (2015-06-16 13:04:47 UTC) #5

Finnur

LGTM, with comments. https://codereview.chromium.org/1184353002/diff/1/extensions/common/manifest_handlers/csp_info.cc File extensions/common/manifest_handlers/csp_info.cc (right): https://codereview.chromium.org/1184353002/diff/1/extensions/common/manifest_handlers/csp_info.cc#newcode34 extensions/common/manifest_handlers/csp_info.cc:34: "default-src 'self' blob: filesystem: chrome-extension-resource:;" This ...

5 years, 6 months ago (2015-06-16 13:20:01 UTC) #6

Mike West

On 2015/06/16 at 13:20:01, finnur wrote: > LGTM, with comments. > > https://codereview.chromium.org/1184353002/diff/1/extensions/common/manifest_handlers/csp_info.cc > File ...

5 years, 6 months ago (2015-06-16 13:39:41 UTC) #7

commit-bot: I haz the power

CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1184353002/40001

5 years, 6 months ago (2015-06-16 13:39:50 UTC) #10

commit-bot: I haz the power

5 years, 6 months ago (2015-06-16 14:27:25 UTC) #12

Message was sent while issue was closed.

Patchset 3 (id:??) landed as
https://crrev.com/04a6c801d52357e7ad14ecaf8c528a97a3451fd5
Cr-Commit-Position: refs/heads/master@{#334599}

Expand Messages | Collapse Messages | Show Generated Messages | Hide Generated Messages