Index: content/browser/frame_host/form_submission_throttle.cc |
diff --git a/content/browser/frame_host/form_submission_throttle.cc b/content/browser/frame_host/form_submission_throttle.cc |
index 5784bbfa3317bd268e36176c8fa916481c357b03..5a235d8698ee0244657d5532963e8b7fc36b6e88 100644 |
--- a/content/browser/frame_host/form_submission_throttle.cc |
+++ b/content/browser/frame_host/form_submission_throttle.cc |
@@ -60,8 +60,12 @@ FormSubmissionThrottle::CheckContentSecurityPolicyFormAction(bool is_redirect) { |
RenderFrameHostImpl* render_frame = |
handle->frame_tree_node()->current_frame_host(); |
+ // TODO(estark): Move this check into NavigationRequest and split it into (1) |
+ // check report-only CSP, (2) upgrade request if needed, (3) check enforced |
+ // CSP to match how frame-src works. https://crbug.com/713388 |
if (render_frame->IsAllowedByCsp(CSPDirective::FormAction, url, is_redirect, |
- handle->source_location())) { |
+ handle->source_location(), |
+ CSPContext::CHECK_ALL_CSP)) { |
return NavigationThrottle::PROCEED; |
} |