Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(22)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: chrome/browser/ui/webui/app_launcher_page_ui.cc

Issue 2003963004: Enable CSP on more WebUI pages (Closed) Base URL: https://chromium.googlesource.com/a/chromium/src.git@master
Patch Set: address comments Created 4 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « chrome/browser/ui/webui/app_launcher_page_ui.h ('k') | chrome/browser/ui/webui/devtools_ui.cc » ('j') | chrome/browser/ui/webui/devtools_ui.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "chrome/browser/ui/webui/app_launcher_page_ui.h" 5 #include "chrome/browser/ui/webui/app_launcher_page_ui.h"
6 6
7 #include <string> 7 #include <string>
8 8
9 #include "base/memory/ref_counted_memory.h" 9 #include "base/memory/ref_counted_memory.h"
10 #include "base/metrics/histogram.h" 10 #include "base/metrics/histogram.h"
(...skipping 113 matching lines...) Expand 10 before | Expand all | Expand 10 after
124 124
125 std::string AppLauncherPageUI::HTMLSource::GetMimeType( 125 std::string AppLauncherPageUI::HTMLSource::GetMimeType(
126 const std::string& resource) const { 126 const std::string& resource) const {
127 return "text/html"; 127 return "text/html";
128 } 128 }
129 129
130 bool AppLauncherPageUI::HTMLSource::ShouldReplaceExistingSource() const { 130 bool AppLauncherPageUI::HTMLSource::ShouldReplaceExistingSource() const {
131 return false; 131 return false;
132 } 132 }
133 133
134 bool AppLauncherPageUI::HTMLSource::ShouldAddContentSecurityPolicy() const { 134 std::string AppLauncherPageUI::HTMLSource::GetContentSecurityPolicyScriptSrc()
135 return false; 135 const {
136 // Add 'unsafe-inline' to script-src.
Tom Sepez 2016/05/25 19:20:56 Note that unsafe-inline is not really any better t
wychen 2016/05/25 22:49:41 Acknowledged.
137 return "script-src chrome://resources 'self' 'unsafe-eval' 'unsafe-inline';";
138 }
139
140 std::string AppLauncherPageUI::HTMLSource::GetContentSecurityPolicyObjectSrc()
141 const {
142 // Add style-src and img-src.
143 return "object-src 'none';"
144 "style-src 'self' chrome://resources chrome://theme 'unsafe-inline';"
Tom Sepez 2016/05/25 19:20:56 Seems wrong to mash these together. Can we introd
wychen 2016/05/25 22:49:41 Done.
145 "img-src chrome://extension-icon chrome://theme chrome://resources "
146 "data:;";
136 } 147 }
137 148
138 AppLauncherPageUI::HTMLSource::~HTMLSource() {} 149 AppLauncherPageUI::HTMLSource::~HTMLSource() {}
OLDNEW
« no previous file with comments | « chrome/browser/ui/webui/app_launcher_page_ui.h ('k') | chrome/browser/ui/webui/devtools_ui.cc » ('j') | chrome/browser/ui/webui/devtools_ui.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698