OLD | NEW |
1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "extensions/common/manifest_handlers/csp_info.h" | 5 #include "extensions/common/manifest_handlers/csp_info.h" |
6 | 6 |
7 #include "base/memory/scoped_ptr.h" | 7 #include "base/memory/scoped_ptr.h" |
8 #include "base/strings/string_util.h" | 8 #include "base/strings/string_util.h" |
9 #include "base/strings/utf_string_conversions.h" | 9 #include "base/strings/utf_string_conversions.h" |
10 #include "base/values.h" | 10 #include "base/values.h" |
(...skipping 16 matching lines...) Expand all Loading... |
27 "script-src 'self' blob: filesystem: chrome-extension-resource:; " | 27 "script-src 'self' blob: filesystem: chrome-extension-resource:; " |
28 "object-src 'self' blob: filesystem:;"; | 28 "object-src 'self' blob: filesystem:;"; |
29 | 29 |
30 #define PLATFORM_APP_LOCAL_CSP_SOURCES \ | 30 #define PLATFORM_APP_LOCAL_CSP_SOURCES \ |
31 "'self' blob: filesystem: data: chrome-extension-resource:" | 31 "'self' blob: filesystem: data: chrome-extension-resource:" |
32 | 32 |
33 const char kDefaultPlatformAppContentSecurityPolicy[] = | 33 const char kDefaultPlatformAppContentSecurityPolicy[] = |
34 // Platform apps can only use local resources by default. | 34 // Platform apps can only use local resources by default. |
35 "default-src 'self' blob: filesystem: chrome-extension-resource:;" | 35 "default-src 'self' blob: filesystem: chrome-extension-resource:;" |
36 // For remote resources, they can fetch them via XMLHttpRequest. | 36 // For remote resources, they can fetch them via XMLHttpRequest. |
37 " connect-src *;" | 37 " connect-src * data: blob: filesystem:;" |
38 // And serve them via data: or same-origin (blob:, filesystem:) URLs | 38 // And serve them via data: or same-origin (blob:, filesystem:) URLs |
39 " style-src " PLATFORM_APP_LOCAL_CSP_SOURCES " 'unsafe-inline';" | 39 " style-src " PLATFORM_APP_LOCAL_CSP_SOURCES " 'unsafe-inline';" |
40 " img-src " PLATFORM_APP_LOCAL_CSP_SOURCES ";" | 40 " img-src " PLATFORM_APP_LOCAL_CSP_SOURCES ";" |
41 " frame-src " PLATFORM_APP_LOCAL_CSP_SOURCES ";" | 41 " frame-src " PLATFORM_APP_LOCAL_CSP_SOURCES ";" |
42 " font-src " PLATFORM_APP_LOCAL_CSP_SOURCES ";" | 42 " font-src " PLATFORM_APP_LOCAL_CSP_SOURCES ";" |
43 // Media can be loaded from remote resources since: | 43 // Media can be loaded from remote resources since: |
44 // 1. <video> and <audio> have good fallback behavior when offline or under | 44 // 1. <video> and <audio> have good fallback behavior when offline or under |
45 // spotty connectivity. | 45 // spotty connectivity. |
46 // 2. Fetching via XHR and serving via blob: URLs currently does not allow | 46 // 2. Fetching via XHR and serving via blob: URLs currently does not allow |
47 // streaming or partial buffering. | 47 // streaming or partial buffering. |
48 " media-src *;"; | 48 " media-src * data: blob: filesystem:;"; |
49 | 49 |
50 int GetValidatorOptions(Extension* extension) { | 50 int GetValidatorOptions(Extension* extension) { |
51 int options = csp_validator::OPTIONS_NONE; | 51 int options = csp_validator::OPTIONS_NONE; |
52 | 52 |
53 // crbug.com/146487 | 53 // crbug.com/146487 |
54 if (extension->GetType() == Manifest::TYPE_EXTENSION || | 54 if (extension->GetType() == Manifest::TYPE_EXTENSION || |
55 extension->GetType() == Manifest::TYPE_LEGACY_PACKAGED_APP) { | 55 extension->GetType() == Manifest::TYPE_LEGACY_PACKAGED_APP) { |
56 options |= csp_validator::OPTIONS_ALLOW_UNSAFE_EVAL; | 56 options |= csp_validator::OPTIONS_ALLOW_UNSAFE_EVAL; |
57 } | 57 } |
58 | 58 |
(...skipping 94 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
153 type == Manifest::TYPE_LEGACY_PACKAGED_APP; | 153 type == Manifest::TYPE_LEGACY_PACKAGED_APP; |
154 } | 154 } |
155 | 155 |
156 const std::vector<std::string> CSPHandler::Keys() const { | 156 const std::vector<std::string> CSPHandler::Keys() const { |
157 const std::string& key = is_platform_app_ ? | 157 const std::string& key = is_platform_app_ ? |
158 keys::kPlatformAppContentSecurityPolicy : keys::kContentSecurityPolicy; | 158 keys::kPlatformAppContentSecurityPolicy : keys::kContentSecurityPolicy; |
159 return SingleKey(key); | 159 return SingleKey(key); |
160 } | 160 } |
161 | 161 |
162 } // namespace extensions | 162 } // namespace extensions |
OLD | NEW |