Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(175)

Unified Diff: third_party/WebKit/Source/core/loader/FrameLoader.cpp

Issue 2896833002: Added validation of the policy specified in the 'csp' attribute (Closed)
Patch Set: Fixed issue with the renaming of the embedding-csp header Created 3 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
Index: third_party/WebKit/Source/core/loader/FrameLoader.cpp
diff --git a/third_party/WebKit/Source/core/loader/FrameLoader.cpp b/third_party/WebKit/Source/core/loader/FrameLoader.cpp
index 5bc3baacfc881129f9e342c99a4963cb7befe6e5..7cf55f7e43f92241a2cf32abcd4a7488d4fab27b 100644
--- a/third_party/WebKit/Source/core/loader/FrameLoader.cpp
+++ b/third_party/WebKit/Source/core/loader/FrameLoader.cpp
@@ -56,6 +56,7 @@
#include "core/frame/LocalFrameClient.h"
#include "core/frame/Settings.h"
#include "core/frame/VisualViewport.h"
+#include "core/frame/csp/CSPDirectiveList.h"
#include "core/frame/csp/ContentSecurityPolicy.h"
#include "core/html/HTMLFormElement.h"
#include "core/html/HTMLFrameOwnerElement.h"
@@ -1603,8 +1604,7 @@ void FrameLoader::ModifyRequestForCSP(ResourceRequest& resource_request,
Document* document) const {
if (RuntimeEnabledFeatures::embedderCSPEnforcementEnabled() &&
!RequiredCSP().IsEmpty()) {
- // TODO(amalika): Strengthen this DCHECK that requiredCSP has proper format
- DCHECK(RequiredCSP().GetString().ContainsOnlyASCII());
+ DCHECK(CSPDirectiveList::IsValid(RequiredCSP().GetString()));
resource_request.SetHTTPHeaderField(HTTPNames::Required_CSP, RequiredCSP());
}

Powered by Google App Engine
This is Rietveld 408576698