| Index: Source/core/frame/csp/CSPSourceList.cpp
|
| diff --git a/Source/core/frame/csp/CSPSourceList.cpp b/Source/core/frame/csp/CSPSourceList.cpp
|
| index 9cf7753faf3a5a96483740769d60a0805afa940f..d16fbab12a42688ec6e82f9b19f79fbdeef88ef2 100644
|
| --- a/Source/core/frame/csp/CSPSourceList.cpp
|
| +++ b/Source/core/frame/csp/CSPSourceList.cpp
|
| @@ -35,6 +35,7 @@ static bool isSourceListNone(const UChar* begin, const UChar* end)
|
| CSPSourceList::CSPSourceList(ContentSecurityPolicy* policy, const String& directiveName)
|
| : m_policy(policy)
|
| , m_directiveName(directiveName)
|
| + , m_allowSelf(false)
|
| , m_allowStar(false)
|
| , m_allowInline(false)
|
| , m_allowEval(false)
|
| @@ -49,6 +50,9 @@ bool CSPSourceList::matches(const KURL& url) const
|
|
|
| KURL effectiveURL = SecurityOrigin::shouldUseInnerURL(url) ? SecurityOrigin::extractInnerURL(url) : url;
|
|
|
| + if (m_allowSelf && m_policy->urlMatchesSelf(effectiveURL))
|
| + return true;
|
| +
|
| for (size_t i = 0; i < m_list.size(); ++i) {
|
| if (m_list[i].matches(effectiveURL))
|
| return true;
|
| @@ -452,7 +456,7 @@ bool CSPSourceList::parsePort(const UChar* begin, const UChar* end, int& port, b
|
|
|
| void CSPSourceList::addSourceSelf()
|
| {
|
| - m_list.append(CSPSource(m_policy, m_policy->securityOrigin()->protocol(), m_policy->securityOrigin()->host(), m_policy->securityOrigin()->port(), String(), false, false));
|
| + m_allowSelf = true;
|
| }
|
|
|
| void CSPSourceList::addSourceStar()
|
|
|
Chromium Code Reviews
Issue 549163003:
CSP: Change 'self' to ask the policy object whether a URL matches. (Closed)
Base URL: svn://svn.chromium.org/blink/trunk