Chromium Code Reviews Chromium Code Reviews
Issue 2003963004:
Enable CSP on more WebUI pages (Closed)
Base URL: https://chromium.googlesource.com/a/chromium/src.git@master| Index: chrome/browser/ui/webui/system_info_ui.cc |
| diff --git a/chrome/browser/ui/webui/system_info_ui.cc b/chrome/browser/ui/webui/system_info_ui.cc |
| index 7aa85064f3ed80f6e9d09f6b65feaa2129992668..90eb38dab538e54f1739d77cb953af7dbf3cac55 100644 |
| --- a/chrome/browser/ui/webui/system_info_ui.cc |
| +++ b/chrome/browser/ui/webui/system_info_ui.cc |
| @@ -59,7 +59,17 @@ class SystemInfoUIHTMLSource : public content::URLDataSource{ |
| std::string GetMimeType(const std::string&) const override { |
| return "text/html"; |
| } |
| - bool ShouldAddContentSecurityPolicy() const override { return false; } |
| + std::string GetContentSecurityPolicyScriptSrc() const override { |
| + // Add 'unsafe-inline' to script-src. |
| + return "script-src 'self' chrome://resources 'unsafe-eval' " |
| + "'unsafe-inline';"; |
| + } |
| + |
| + std::string GetContentSecurityPolicyObjectSrc() const override { |
| + // Add style-src. |
| + return "object-src 'none'; style-src 'self' chrome://resources " |
|
Tom Sepez
2016/05/25 23:07:03
and here
wychen
2016/05/26 17:54:23
Done.
|
| + "'unsafe-inline';"; |
| + } |
| private: |
| ~SystemInfoUIHTMLSource() override {} |
