| Index: third_party/WebKit/Source/core/loader/FrameLoader.cpp
|
| diff --git a/third_party/WebKit/Source/core/loader/FrameLoader.cpp b/third_party/WebKit/Source/core/loader/FrameLoader.cpp
|
| index 5bc3baacfc881129f9e342c99a4963cb7befe6e5..7cf55f7e43f92241a2cf32abcd4a7488d4fab27b 100644
|
| --- a/third_party/WebKit/Source/core/loader/FrameLoader.cpp
|
| +++ b/third_party/WebKit/Source/core/loader/FrameLoader.cpp
|
| @@ -56,6 +56,7 @@
|
| #include "core/frame/LocalFrameClient.h"
|
| #include "core/frame/Settings.h"
|
| #include "core/frame/VisualViewport.h"
|
| +#include "core/frame/csp/CSPDirectiveList.h"
|
| #include "core/frame/csp/ContentSecurityPolicy.h"
|
| #include "core/html/HTMLFormElement.h"
|
| #include "core/html/HTMLFrameOwnerElement.h"
|
| @@ -1603,8 +1604,7 @@ void FrameLoader::ModifyRequestForCSP(ResourceRequest& resource_request,
|
| Document* document) const {
|
| if (RuntimeEnabledFeatures::embedderCSPEnforcementEnabled() &&
|
| !RequiredCSP().IsEmpty()) {
|
| - // TODO(amalika): Strengthen this DCHECK that requiredCSP has proper format
|
| - DCHECK(RequiredCSP().GetString().ContainsOnlyASCII());
|
| + DCHECK(CSPDirectiveList::IsValid(RequiredCSP().GetString()));
|
| resource_request.SetHTTPHeaderField(HTTPNames::Required_CSP, RequiredCSP());
|
| }
|
|
|
|
|
Chromium Code Reviews
Issue 2896833002:
Added validation of the policy specified in the 'csp' attribute (Closed)
