| Index: content/public/browser/url_data_source.cc
|
| diff --git a/content/public/browser/url_data_source.cc b/content/public/browser/url_data_source.cc
|
| index 0c76c50afd0f41af02359306f6b042c96ceb2831..6292e6545f55de4c52e063ea08641bb95345a1be 100644
|
| --- a/content/public/browser/url_data_source.cc
|
| +++ b/content/public/browser/url_data_source.cc
|
| @@ -33,6 +33,13 @@ bool URLDataSource::ShouldAddContentSecurityPolicy() const {
|
| return true;
|
| }
|
|
|
| +std::string URLDataSource::GetContentSecurityPolicyScriptSrc() const {
|
| + // Specific resources require unsafe-eval in the Content Security Policy.
|
| + // TODO(tsepez,mfoltz): Remove 'unsafe-eval' when tests have been fixed to
|
| + // not use eval()/new Function(). http://crbug.com/525224
|
| + return "script-src chrome://resources 'self' 'unsafe-eval';";
|
| +}
|
| +
|
| std::string URLDataSource::GetContentSecurityPolicyObjectSrc() const {
|
| return "object-src 'none';";
|
| }
|
| @@ -41,6 +48,14 @@ std::string URLDataSource::GetContentSecurityPolicyFrameSrc() const {
|
| return "frame-src 'none';";
|
| }
|
|
|
| +std::string URLDataSource::GetContentSecurityPolicyStyleSrc() const {
|
| + return "";
|
| +}
|
| +
|
| +std::string URLDataSource::GetContentSecurityPolicyImgSrc() const {
|
| + return "";
|
| +}
|
| +
|
| bool URLDataSource::ShouldDenyXFrameOptions() const {
|
| return true;
|
| }
|
|
|
Chromium Code Reviews
Issue 2003963004:
Enable CSP on more WebUI pages (Closed)
Base URL: https://chromium.googlesource.com/a/chromium/src.git@master