Index: extensions/common/csp_validator.h |
diff --git a/extensions/common/csp_validator.h b/extensions/common/csp_validator.h |
index 93676b0b8e66dcbb6f5a7d82d9ba0e337323aaf5..66fdeac52d181e99f8e3359068e1a8f45fdbdbd3 100644 |
--- a/extensions/common/csp_validator.h |
+++ b/extensions/common/csp_validator.h |
@@ -51,6 +51,14 @@ std::string SanitizeContentSecurityPolicy( |
int options, |
std::vector<InstallWarning>* warnings); |
+// Given the Content Security Policy of an app sandbox page, returns the |
+// effective CSP for that sandbox page. |
+// |
+// The effective policy restricts the page from loading external web content |
+// (frames and scripts) within the page. This is done through adding 'self' |
+// directive source to relevant CSP directive names. |
+std::string GetEffectiveSandoxedPageCSP(const std::string& policy); |
+ |
// Checks whether the given |policy| enforces a unique origin sandbox as |
// defined by http://www.whatwg.org/specs/web-apps/current-work/multipage/ |
// the-iframe-element.html#attr-iframe-sandbox. The policy must have the |