Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(91)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: chrome/browser/ui/webui/system_info_ui.cc

Issue 2003963004: Enable CSP on more WebUI pages (Closed) Base URL: https://chromium.googlesource.com/a/chromium/src.git@master
Patch Set: address comments Created 4 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« chrome/browser/ui/webui/devtools_ui.cc ('K') | « chrome/browser/ui/webui/ntp/new_tab_ui.cc ('k') | content/browser/webui/url_data_manager_backend.cc » ('j') | content/public/browser/url_data_source.h » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: chrome/browser/ui/webui/system_info_ui.cc
diff --git a/chrome/browser/ui/webui/system_info_ui.cc b/chrome/browser/ui/webui/system_info_ui.cc
index 7aa85064f3ed80f6e9d09f6b65feaa2129992668..90eb38dab538e54f1739d77cb953af7dbf3cac55 100644
--- a/chrome/browser/ui/webui/system_info_ui.cc
+++ b/chrome/browser/ui/webui/system_info_ui.cc
@@ -59,7 +59,17 @@ class SystemInfoUIHTMLSource : public content::URLDataSource{
std::string GetMimeType(const std::string&) const override {
return "text/html";
}
- bool ShouldAddContentSecurityPolicy() const override { return false; }
+ std::string GetContentSecurityPolicyScriptSrc() const override {
+ // Add 'unsafe-inline' to script-src.
+ return "script-src 'self' chrome://resources 'unsafe-eval' "
+ "'unsafe-inline';";
+ }
+
+ std::string GetContentSecurityPolicyObjectSrc() const override {
+ // Add style-src.
+ return "object-src 'none'; style-src 'self' chrome://resources "
+ "'unsafe-inline';";
+ }
private:
~SystemInfoUIHTMLSource() override {}
« chrome/browser/ui/webui/devtools_ui.cc ('K') | « chrome/browser/ui/webui/ntp/new_tab_ui.cc ('k') | content/browser/webui/url_data_manager_backend.cc » ('j') | content/public/browser/url_data_source.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698