DescriptionPart 3.5: Is policy list subsumed under subsuming policy?
This is part of an experimental feature Embedding-CSP.
Here we add support for `none` source lists. Note that
normalized returned CSP might not explicitly declare `none`, but
with contradictory sources can allow effectively `none`.
For example if the secure origin is `http://google.com`:
Content-Security-Policy: script-src 'self'
Content-Security-Policy: script-src https://example.test/
then it should be subsumed by the Embedding-CSP that is :
Content-Security-Policy: script-src 'none'
BUG=647588
Committed: https://crrev.com/82f74b025438d88016d67f1d27b7ffca1d149dac
Cr-Commit-Position: refs/heads/master@{#436270}
Patch Set 1 #Patch Set 2 : more test cases #Patch Set 3 : Rebasing #
Total comments: 1
Patch Set 4 : Renaming + adding a test #Patch Set 5 : Rebasing #Patch Set 6 : Debugging #Patch Set 7 : Removing debugging #
Depends on Patchset: Messages
Total messages: 26 (19 generated)
|