Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1318)

Unified Diff: chrome/browser/ui/webui/system_info_ui.cc

Issue 2003963004: Enable CSP on more WebUI pages (Closed) Base URL: https://chromium.googlesource.com/a/chromium/src.git@master
Patch Set: revert devtools, fix comments, split methods Created 4 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
Index: chrome/browser/ui/webui/system_info_ui.cc
diff --git a/chrome/browser/ui/webui/system_info_ui.cc b/chrome/browser/ui/webui/system_info_ui.cc
index 7aa85064f3ed80f6e9d09f6b65feaa2129992668..90eb38dab538e54f1739d77cb953af7dbf3cac55 100644
--- a/chrome/browser/ui/webui/system_info_ui.cc
+++ b/chrome/browser/ui/webui/system_info_ui.cc
@@ -59,7 +59,17 @@ class SystemInfoUIHTMLSource : public content::URLDataSource{
std::string GetMimeType(const std::string&) const override {
return "text/html";
}
- bool ShouldAddContentSecurityPolicy() const override { return false; }
+ std::string GetContentSecurityPolicyScriptSrc() const override {
+ // Add 'unsafe-inline' to script-src.
+ return "script-src 'self' chrome://resources 'unsafe-eval' "
+ "'unsafe-inline';";
+ }
+
+ std::string GetContentSecurityPolicyObjectSrc() const override {
+ // Add style-src.
+ return "object-src 'none'; style-src 'self' chrome://resources "
Tom Sepez 2016/05/25 23:07:03 and here
wychen 2016/05/26 17:54:23 Done.
+ "'unsafe-inline';";
+ }
private:
~SystemInfoUIHTMLSource() override {}

Powered by Google App Engine
This is Rietveld 408576698