Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(720)

Unified Diff: chrome/common/extensions/docs/templates/articles/app_csp.html

Issue 1361763005: Disallow CSP source * matching of data:, blob:, and filesystem: URLs (Closed) Base URL: https://chromium.googlesource.com/chromium/src@master
Patch Set: Better extensions fix Created 5 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | chrome/common/extensions/docs/templates/articles/offline_apps.html » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: chrome/common/extensions/docs/templates/articles/app_csp.html
diff --git a/chrome/common/extensions/docs/templates/articles/app_csp.html b/chrome/common/extensions/docs/templates/articles/app_csp.html
index 3dad58edc1e4cb849f3c59f034b06828afc3ec1d..04d7709facd4a533ebbc5a285bda64d95f90f5a3 100644
--- a/chrome/common/extensions/docs/templates/articles/app_csp.html
+++ b/chrome/common/extensions/docs/templates/articles/app_csp.html
@@ -51,12 +51,12 @@ you from doing the following:</p>
<pre>
default-src 'self';
-connect-src *;
+connect-src * data: blob: filesystem:;
style-src 'self' data: chrome-extension-resource: 'unsafe-inline';
img-src 'self' data: chrome-extension-resource:;
frame-src 'self' data: chrome-extension-resource:;
font-src 'self' data: chrome-extension-resource:;
-media-src *;
+media-src * data: blob: filesystem:;
</pre>
<p>
« no previous file with comments | « no previous file | chrome/common/extensions/docs/templates/articles/offline_apps.html » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698