| Index: chrome/common/chrome_content_client.cc
|
| diff --git a/chrome/common/chrome_content_client.cc b/chrome/common/chrome_content_client.cc
|
| index 91acb7d5f6cee2592df87450f8da7967c4ada7cd..7cc75b449ce4c2cba9c5f25a9f308b6e8f2c8b35 100644
|
| --- a/chrome/common/chrome_content_client.cc
|
| +++ b/chrome/common/chrome_content_client.cc
|
| @@ -41,6 +41,7 @@
|
| #include "content/public/common/url_constants.h"
|
| #include "content/public/common/user_agent.h"
|
| #include "extensions/common/constants.h"
|
| +#include "extensions/common/switches.h"
|
| #include "extensions/features/features.h"
|
| #include "gpu/config/gpu_info.h"
|
| #include "media/media_features.h"
|
| @@ -619,7 +620,16 @@ void ChromeContentClient::AddAdditionalSchemes(Schemes* schemes) {
|
| // TODO(kalman): See what happens with a service worker.
|
| schemes->cors_enabled_schemes.push_back(extensions::kExtensionScheme);
|
|
|
| - schemes->csp_bypassing_schemes.push_back(extensions::kExtensionScheme);
|
| + // Outside of extension processes, Content Security Policy cannot be used to
|
| + // block the chrome-extension:// scheme. This is to prevent a page from using
|
| + // CSP to block user scripts. Within app/extension processes, this bypass is
|
| + // not necessary. And within isolated app processes, we rely on a restrictive
|
| + // CSP to ensure isolation of the StoragePartition, so it's important that
|
| + // other extensions be blocked.
|
| + if (!base::CommandLine::ForCurrentProcess()->HasSwitch(
|
| + extensions::switches::kExtensionProcess)) {
|
| + schemes->csp_bypassing_schemes.push_back(extensions::kExtensionScheme);
|
| + }
|
| #endif
|
|
|
| #if defined(OS_CHROMEOS)
|
|
|
Chromium Code Reviews
Issue 2737673002:
[WIP] Synthetic repro for bug 693720
