Index: third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp |
diff --git a/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp b/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp |
index 34611c35cf3466b6a3e1401ca7c0c5637baf77bf..c49febb2d3609a6c93e7c9210b5f1205bc0353d2 100644 |
--- a/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp |
+++ b/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp |
@@ -1556,4 +1556,19 @@ void ContentSecurityPolicy::didSendViolationReport(const String& report) { |
m_violationReportsSent.add(report.impl()->hash()); |
} |
+bool ContentSecurityPolicy::subsumes(const ContentSecurityPolicy& other) { |
+ if (!m_policies.size() || !other.m_policies.size()) |
+ return !m_policies.size(); |
+ |
+ CSPDirectiveListVector otherVector; |
+ for (const auto& policy : other.m_policies) { |
+ if (!policy->isReportOnly()) |
+ otherVector.append(policy); |
+ } |
+ // Embedding-CSP specifies only one policy. |
+ DCHECK(m_policies.size(), 1u); |
amalika
2016/11/28 11:56:22
Since Embedding-CSP can't be more than just one po
Mike West
2016/11/28 13:08:02
I'd suggest returning `false` if more than one pol
amalika
2016/11/29 12:43:52
Changed!
|
+ |
+ return m_policies[0]->subsumes(otherVector); |
Mike West
2016/11/28 13:08:02
What if `m_policies[0]` is report-only?
amalika
2016/11/29 12:43:52
Current implementation of Embedding-CSP is such th
|
+} |
+ |
} // namespace blink |