OLD | NEW |
1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "extensions/common/manifest_handlers/csp_info.h" | 5 #include "extensions/common/manifest_handlers/csp_info.h" |
6 | 6 |
7 #include "base/memory/scoped_ptr.h" | 7 #include "base/memory/scoped_ptr.h" |
8 #include "base/strings/string_util.h" | 8 #include "base/strings/string_util.h" |
9 #include "base/strings/utf_string_conversions.h" | 9 #include "base/strings/utf_string_conversions.h" |
10 #include "base/values.h" | 10 #include "base/values.h" |
11 #include "extensions/common/csp_validator.h" | 11 #include "extensions/common/csp_validator.h" |
12 #include "extensions/common/install_warning.h" | 12 #include "extensions/common/install_warning.h" |
13 #include "extensions/common/manifest_constants.h" | 13 #include "extensions/common/manifest_constants.h" |
14 #include "extensions/common/manifest_handlers/sandboxed_page_info.h" | 14 #include "extensions/common/manifest_handlers/sandboxed_page_info.h" |
15 | 15 |
16 namespace extensions { | 16 namespace extensions { |
17 | 17 |
18 namespace keys = manifest_keys; | 18 namespace keys = manifest_keys; |
19 namespace errors = manifest_errors; | 19 namespace errors = manifest_errors; |
20 | 20 |
21 using csp_validator::ContentSecurityPolicyIsLegal; | 21 using csp_validator::ContentSecurityPolicyIsLegal; |
22 using csp_validator::SanitizeContentSecurityPolicy; | 22 using csp_validator::SanitizeContentSecurityPolicy; |
23 | 23 |
24 namespace { | 24 namespace { |
25 | 25 |
26 const char kDefaultContentSecurityPolicy[] = | 26 const char kDefaultContentSecurityPolicy[] = |
27 "script-src 'self' chrome-extension-resource:; object-src 'self';"; | 27 "script-src 'self' blob: filesystem: chrome-extension-resource:; " |
| 28 "object-src 'self' blob: filesystem:;"; |
28 | 29 |
29 #define PLATFORM_APP_LOCAL_CSP_SOURCES \ | 30 #define PLATFORM_APP_LOCAL_CSP_SOURCES \ |
30 "'self' data: chrome-extension-resource:" | 31 "'self' blob: filesystem: data: chrome-extension-resource:" |
| 32 |
31 const char kDefaultPlatformAppContentSecurityPolicy[] = | 33 const char kDefaultPlatformAppContentSecurityPolicy[] = |
32 // Platform apps can only use local resources by default. | 34 // Platform apps can only use local resources by default. |
33 "default-src 'self' chrome-extension-resource:;" | 35 "default-src 'self' blob: filesystem: chrome-extension-resource:;" |
34 // For remote resources, they can fetch them via XMLHttpRequest. | 36 // For remote resources, they can fetch them via XMLHttpRequest. |
35 " connect-src *;" | 37 " connect-src *;" |
36 // And serve them via data: or same-origin (blob:, filesystem:) URLs | 38 // And serve them via data: or same-origin (blob:, filesystem:) URLs |
37 " style-src " PLATFORM_APP_LOCAL_CSP_SOURCES " 'unsafe-inline';" | 39 " style-src " PLATFORM_APP_LOCAL_CSP_SOURCES " 'unsafe-inline';" |
38 " img-src " PLATFORM_APP_LOCAL_CSP_SOURCES ";" | 40 " img-src " PLATFORM_APP_LOCAL_CSP_SOURCES ";" |
39 " frame-src " PLATFORM_APP_LOCAL_CSP_SOURCES ";" | 41 " frame-src " PLATFORM_APP_LOCAL_CSP_SOURCES ";" |
40 " font-src " PLATFORM_APP_LOCAL_CSP_SOURCES ";" | 42 " font-src " PLATFORM_APP_LOCAL_CSP_SOURCES ";" |
41 // Media can be loaded from remote resources since: | 43 // Media can be loaded from remote resources since: |
42 // 1. <video> and <audio> have good fallback behavior when offline or under | 44 // 1. <video> and <audio> have good fallback behavior when offline or under |
43 // spotty connectivity. | 45 // spotty connectivity. |
(...skipping 107 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
151 type == Manifest::TYPE_LEGACY_PACKAGED_APP; | 153 type == Manifest::TYPE_LEGACY_PACKAGED_APP; |
152 } | 154 } |
153 | 155 |
154 const std::vector<std::string> CSPHandler::Keys() const { | 156 const std::vector<std::string> CSPHandler::Keys() const { |
155 const std::string& key = is_platform_app_ ? | 157 const std::string& key = is_platform_app_ ? |
156 keys::kPlatformAppContentSecurityPolicy : keys::kContentSecurityPolicy; | 158 keys::kPlatformAppContentSecurityPolicy : keys::kContentSecurityPolicy; |
157 return SingleKey(key); | 159 return SingleKey(key); |
158 } | 160 } |
159 | 161 |
160 } // namespace extensions | 162 } // namespace extensions |
OLD | NEW |