| Index: Source/core/frame/csp/ContentSecurityPolicy.cpp
|
| diff --git a/Source/core/frame/csp/ContentSecurityPolicy.cpp b/Source/core/frame/csp/ContentSecurityPolicy.cpp
|
| index 80af84f042786d4b885d3329b8afde7e1ac9fc02..798b757f6641dd0df5979629cd7383c11e0173d9 100644
|
| --- a/Source/core/frame/csp/ContentSecurityPolicy.cpp
|
| +++ b/Source/core/frame/csp/ContentSecurityPolicy.cpp
|
| @@ -89,6 +89,10 @@ const char ContentSecurityPolicy::PluginTypes[] = "plugin-types";
|
| const char ContentSecurityPolicy::ReflectedXSS[] = "reflected-xss";
|
| const char ContentSecurityPolicy::Referrer[] = "referrer";
|
|
|
| +// Manifest Directives
|
| +// https://w3c.github.io/manifest/#content-security-policy
|
| +const char ContentSecurityPolicy::ManifestSrc[] = "manifest-src";
|
| +
|
| bool ContentSecurityPolicy::isDirectiveName(const String& name)
|
| {
|
| return (equalIgnoringCase(name, ConnectSrc)
|
| @@ -109,6 +113,7 @@ bool ContentSecurityPolicy::isDirectiveName(const String& name)
|
| || equalIgnoringCase(name, PluginTypes)
|
| || equalIgnoringCase(name, ReflectedXSS)
|
| || equalIgnoringCase(name, Referrer)
|
| + || equalIgnoringCase(name, ManifestSrc)
|
| );
|
| }
|
|
|
| @@ -533,6 +538,11 @@ bool ContentSecurityPolicy::allowWorkerContextFromSource(const KURL& url, Conten
|
| isAllowedByAllWithURL<&CSPDirectiveList::allowScriptFromSource>(m_policies, url, reportingStatus);
|
| }
|
|
|
| +bool ContentSecurityPolicy::allowManifestFromSource(const KURL& url, ContentSecurityPolicy::ReportingStatus reportingStatus) const
|
| +{
|
| + return isAllowedByAllWithURL<&CSPDirectiveList::allowManifestFromSource>(m_policies, url, reportingStatus);
|
| +}
|
| +
|
| bool ContentSecurityPolicy::isActive() const
|
| {
|
| return !m_policies.isEmpty();
|
|
|
Chromium Code Reviews
Issue 570563003:
Implement CSP check for manifest fetching (Closed)
Base URL: svn://svn.chromium.org/blink/trunk