Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(774)

Unified Diff: Source/core/frame/csp/ContentSecurityPolicy.h

Issue 570563003: Implement CSP check for manifest fetching (Closed) Base URL: svn://svn.chromium.org/blink/trunk
Patch Set: Created 6 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
Index: Source/core/frame/csp/ContentSecurityPolicy.h
diff --git a/Source/core/frame/csp/ContentSecurityPolicy.h b/Source/core/frame/csp/ContentSecurityPolicy.h
index 001d1bdc45a4508c381924028c4740c0055111fa..5f660c42a1988573631d65289fd374145de92359 100644
--- a/Source/core/frame/csp/ContentSecurityPolicy.h
+++ b/Source/core/frame/csp/ContentSecurityPolicy.h
@@ -86,6 +86,10 @@ public:
static const char ReflectedXSS[];
static const char Referrer[];
+ // Manifest Directives (to be merged into CSP 1.1)
+ // https://w3c.github.io/manifest/#content-security-policy
+ static const char ManifestSrc[];
+
enum ReportingStatus {
SendReport,
SuppressReport
@@ -129,6 +133,8 @@ public:
bool allowChildContextFromSource(const KURL&, ReportingStatus = SendReport) const;
bool allowWorkerContextFromSource(const KURL&, ReportingStatus = SendReport) const;
+ bool allowManifestFromSource(const KURL&, ReportingStatus = SendReport) const;
+
// The nonce and hash allow functions are guaranteed to not have any side
// effects, including reporting.
// Nonce/Hash functions check all policies relating to use of a script/style

Powered by Google App Engine
This is Rietveld 408576698