Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1411)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: chrome/browser/ui/webui/devtools_ui.cc

Issue 2003963004: Enable CSP on more WebUI pages (Closed) Base URL: https://chromium.googlesource.com/a/chromium/src.git@master
Patch Set: fix new tab Created 4 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « chrome/browser/ui/webui/app_launcher_page_ui.cc ('k') | chrome/browser/ui/webui/interstitials/interstitial_ui.cc » ('j') | content/public/browser/url_data_source.h » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: chrome/browser/ui/webui/devtools_ui.cc
diff --git a/chrome/browser/ui/webui/devtools_ui.cc b/chrome/browser/ui/webui/devtools_ui.cc
index 1c5f89a5fc2be8a0facf5e4426a2bc00776e6185..2a956f035c0e3a63e12ec0d184f2dc664f3edbae 100644
--- a/chrome/browser/ui/webui/devtools_ui.cc
+++ b/chrome/browser/ui/webui/devtools_ui.cc
@@ -96,7 +96,10 @@ class DevToolsDataSource : public content::URLDataSource,
private:
// content::URLDataSource overrides.
std::string GetMimeType(const std::string& path) const override;
- bool ShouldAddContentSecurityPolicy() const override;
+ std::string GetContentSecurityPolicyScriptSrc() const override;
+ std::string GetContentSecurityPolicyObjectSrc() const override;
+ std::string GetContentSecurityPolicyFrameSrc() const override;
+
bool ShouldDenyXFrameOptions() const override;
bool ShouldServeMimeTypeAsContentTypeHeader() const override;
@@ -174,8 +177,17 @@ std::string DevToolsDataSource::GetMimeType(const std::string& path) const {
return GetMimeTypeForPath(path);
}
-bool DevToolsDataSource::ShouldAddContentSecurityPolicy() const {
- return false;
+std::string DevToolsDataSource::GetContentSecurityPolicyScriptSrc() const {
+ return "script-src 'self' 'unsafe-eval' https://chrome-devtools-frontend.appspot.com;";
+}
+
+std::string DevToolsDataSource::GetContentSecurityPolicyObjectSrc() const {
+ // Add style-src.
+ return "object-src 'none'; style-src 'self' 'unsafe-inline';";
+}
+
+std::string DevToolsDataSource::GetContentSecurityPolicyFrameSrc() const {
+ return "frame-src chrome-extension://*;";
}
bool DevToolsDataSource::ShouldDenyXFrameOptions() const {
« no previous file with comments | « chrome/browser/ui/webui/app_launcher_page_ui.cc ('k') | chrome/browser/ui/webui/interstitials/interstitial_ui.cc » ('j') | content/public/browser/url_data_source.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698