Bypass CSP checks for plugin-loaded requests

third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicyTest.cpp

Index: third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicyTest.cpp
diff --git a/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicyTest.cpp b/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicyTest.cpp
index 8610d41d8da699808782c0087cdfd21a7642a792..dab336c2540fe6b8f6768424675dc094a8349a08 100644
--- a/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicyTest.cpp
+++ b/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicyTest.cpp
@@ -197,4 +197,17 @@ TEST_F(ContentSecurityPolicyTest, ReportURIInMeta)
     EXPECT_FALSE(directiveList->reportEndpoints().isEmpty());
 }
 
+// Tests that object-src directives are applied to a request to load a
+// plugin, but not to subresource requests that the plugin itself
+// makes. https://crbug.com/603952
+TEST_F(ContentSecurityPolicyTest, ObjectSrc)
+{
+    KURL url(KURL(), "https://example.test");
+    csp->bindToExecutionContext(document.get());
+    csp->didReceiveHeader("object-src 'none';", ContentSecurityPolicyHeaderTypeEnforce, ContentSecurityPolicyHeaderSourceMeta);
+    EXPECT_FALSE(csp->allowRequest(WebURLRequest::RequestContextObject, url, ContentSecurityPolicy::DidNotRedirect, ContentSecurityPolicy::SuppressReport));
+    EXPECT_FALSE(csp->allowRequest(WebURLRequest::RequestContextEmbed, url, ContentSecurityPolicy::DidNotRedirect, ContentSecurityPolicy::SuppressReport));
+    EXPECT_TRUE(csp->allowRequest(WebURLRequest::RequestContextPlugin, url, ContentSecurityPolicy::DidNotRedirect, ContentSecurityPolicy::SuppressReport));
+}
+
 } // namespace blink