Index: Source/core/fetch/ResourceFetcher.cpp |
diff --git a/Source/core/fetch/ResourceFetcher.cpp b/Source/core/fetch/ResourceFetcher.cpp |
index 73149d0feafa4792027a8cfae678c90ff5413ecf..2436d8d86fb0904e0c23caa459eea4274610ee08 100644 |
--- a/Source/core/fetch/ResourceFetcher.cpp |
+++ b/Source/core/fetch/ResourceFetcher.cpp |
@@ -555,6 +555,12 @@ bool ResourceFetcher::canRequest(Resource::Type type, const ResourceRequest& res |
return false; |
} |
+ // FIXME(mkwst): Make sure that CSP uses RequestContext instead of this terrible Resource::Type enum. |
Mike West
2014/09/16 11:46:20
Nit: We don't generally do the (<nick>) thing in B
|
+ if (resourceRequest.requestContext() == WebURLRequest::RequestContextManifest) { |
+ if (!shouldBypassMainWorldCSP && !csp->allowManifestFromSource(url, cspReporting)) |
+ return false; |
+ } |
+ |
// Last of all, check for mixed content. We do this last so that when |
// folks block mixed content with a CSP policy, they don't get a warning. |
// They'll still get a warning in the console about CSP blocking the load. |