| Index: third_party/WebKit/Source/core/loader/FrameLoader.cpp
|
| diff --git a/third_party/WebKit/Source/core/loader/FrameLoader.cpp b/third_party/WebKit/Source/core/loader/FrameLoader.cpp
|
| index 753a477bced593affce5eac0398a1df5de6a8279..3bd0f6f60ad80ee875af89abc93d73599c22847e 100644
|
| --- a/third_party/WebKit/Source/core/loader/FrameLoader.cpp
|
| +++ b/third_party/WebKit/Source/core/loader/FrameLoader.cpp
|
| @@ -55,6 +55,7 @@
|
| #include "core/frame/LocalFrameView.h"
|
| #include "core/frame/Settings.h"
|
| #include "core/frame/VisualViewport.h"
|
| +#include "core/frame/csp/CSPDirectiveList.h"
|
| #include "core/frame/csp/ContentSecurityPolicy.h"
|
| #include "core/html/HTMLFormElement.h"
|
| #include "core/html/HTMLFrameOwnerElement.h"
|
| @@ -1571,8 +1572,12 @@ void FrameLoader::ModifyRequestForCSP(ResourceRequest& resource_request,
|
| Document* document) const {
|
| if (RuntimeEnabledFeatures::embedderCSPEnforcementEnabled() &&
|
| !RequiredCSP().IsEmpty()) {
|
| - // TODO(amalika): Strengthen this DCHECK that requiredCSP has proper format
|
| - DCHECK(RequiredCSP().GetString().ContainsOnlyASCII());
|
| + DCHECK(
|
| + CSPDirectiveList::IsValid(RequiredCSP().GetString(),
|
| + ContentSecurityPolicyHeaderType::
|
| + kContentSecurityPolicyHeaderTypeEnforce,
|
| + ContentSecurityPolicyHeaderSource::
|
| + kContentSecurityPolicyHeaderSourceHTTP));
|
| resource_request.SetHTTPHeaderField(HTTPNames::Required_CSP, RequiredCSP());
|
| }
|
|
|
|
|
Chromium Code Reviews
Issue 2896833002:
Added validation of the policy specified in the 'csp' attribute (Closed)
