Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(2175)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: appengine/isolate/handlers_frontend.py

Issue 2681293003: Fix iframe security policy directives for viewing isolate content (Closed)
Patch Set: Fix iframe security policy directive with child-src (use 'self') Created 3 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « appengine/components/components/auth/handler.py ('k') | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: appengine/isolate/handlers_frontend.py
diff --git a/appengine/isolate/handlers_frontend.py b/appengine/isolate/handlers_frontend.py
index 5b72d8fc03ba6540230383f5878082325292fe6b..9d0d2c80bbb2d6e627ab1b6eb0c9ad09891959a2 100644
--- a/appengine/isolate/handlers_frontend.py
+++ b/appengine/isolate/handlers_frontend.py
@@ -205,6 +205,11 @@ class BrowseHandler(auth.AuthenticatingHandler):
self.abort(404, 'Unable to retrieve the entry')
self.response.write(template.render('isolate/browse.html', params))
+ def get_content_security_policy(self):
+ csp = super(BrowseHandler, self).get_content_security_policy()
+ csp.setdefault('child-src', []).append("'self'")
+ return csp
+
class ContentHandler(auth.AuthenticatingHandler):
@auth.autologin
« no previous file with comments | « appengine/components/components/auth/handler.py ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698