Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1311)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: content/public/browser/url_data_source.cc

Issue 2003963004: Enable CSP on more WebUI pages (Closed) Base URL: https://chromium.googlesource.com/a/chromium/src.git@master
Patch Set: fix new tab Created 4 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« content/public/browser/url_data_source.h ('K') | « content/public/browser/url_data_source.h ('k') | third_party/WebKit/Source/devtools/front_end/inspector.html » ('j') | third_party/WebKit/Source/devtools/front_end/inspector.html » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: content/public/browser/url_data_source.cc
diff --git a/content/public/browser/url_data_source.cc b/content/public/browser/url_data_source.cc
index 0c76c50afd0f41af02359306f6b042c96ceb2831..b2bd5d3b73c2424ea1f6766564526b4c5910437a 100644
--- a/content/public/browser/url_data_source.cc
+++ b/content/public/browser/url_data_source.cc
@@ -33,6 +33,13 @@ bool URLDataSource::ShouldAddContentSecurityPolicy() const {
return true;
}
+std::string URLDataSource::GetContentSecurityPolicyScriptSrc() const {
+ // Specific resources require unsafe-eval in the Content Security Policy.
+ // TODO(tsepez,mfoltz): Remove 'unsafe-eval' when tests have been fixed to
+ // not use eval()/new Function(). http://crbug.com/525224
+ return "script-src chrome://resources 'self' 'unsafe-eval';";
+}
+
std::string URLDataSource::GetContentSecurityPolicyObjectSrc() const {
return "object-src 'none';";
}
« content/public/browser/url_data_source.h ('K') | « content/public/browser/url_data_source.h ('k') | third_party/WebKit/Source/devtools/front_end/inspector.html » ('j') | third_party/WebKit/Source/devtools/front_end/inspector.html » ('J')

Powered by Google App Engine
This is Rietveld 408576698