DescriptionCSP 1.1: Ignore report-only inside <meta>.
This patch pipes the source of a policy through to the CSPDirectiveList,
and uses that information to ignore report-only policies which were
delivered via <meta>. A future CL will also ignore 'report-uri' inside
<meta>, which is why we need to pipe this to the directive list, and not
just to the policy object itself.
Spec: http://w3c.github.io/webappsec/specs/content-security-policy/csp-specification.dev.html#html-meta-element
BUG=335489
Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=165522
Patch Set 1 #Patch Set 2 : Test. #Patch Set 3 : Rebase. #Patch Set 4 : Rebase. #
Total comments: 1
Patch Set 5 : Nit. #Patch Set 6 : Nit. #
Messages
Total messages: 8 (0 generated)
|