Index: chrome/browser/ui/webui/system_info_ui.cc |
diff --git a/chrome/browser/ui/webui/system_info_ui.cc b/chrome/browser/ui/webui/system_info_ui.cc |
index 7aa85064f3ed80f6e9d09f6b65feaa2129992668..90eb38dab538e54f1739d77cb953af7dbf3cac55 100644 |
--- a/chrome/browser/ui/webui/system_info_ui.cc |
+++ b/chrome/browser/ui/webui/system_info_ui.cc |
@@ -59,7 +59,17 @@ class SystemInfoUIHTMLSource : public content::URLDataSource{ |
std::string GetMimeType(const std::string&) const override { |
return "text/html"; |
} |
- bool ShouldAddContentSecurityPolicy() const override { return false; } |
+ std::string GetContentSecurityPolicyScriptSrc() const override { |
+ // Add 'unsafe-inline' to script-src. |
+ return "script-src 'self' chrome://resources 'unsafe-eval' " |
+ "'unsafe-inline';"; |
+ } |
+ |
+ std::string GetContentSecurityPolicyObjectSrc() const override { |
+ // Add style-src. |
+ return "object-src 'none'; style-src 'self' chrome://resources " |
Tom Sepez
2016/05/25 23:07:03
and here
wychen
2016/05/26 17:54:23
Done.
|
+ "'unsafe-inline';"; |
+ } |
private: |
~SystemInfoUIHTMLSource() override {} |