| Index: Source/core/fetch/ResourceFetcher.cpp
|
| diff --git a/Source/core/fetch/ResourceFetcher.cpp b/Source/core/fetch/ResourceFetcher.cpp
|
| index 1b338d08ad250a1ff8457c470e53e9344db84ca4..f40e0523ced1335dede8d56a5ff17db3f2a1a641 100644
|
| --- a/Source/core/fetch/ResourceFetcher.cpp
|
| +++ b/Source/core/fetch/ResourceFetcher.cpp
|
| @@ -557,6 +557,12 @@ bool ResourceFetcher::canRequest(Resource::Type type, const ResourceRequest& res
|
| return false;
|
| }
|
|
|
| + // FIXME(http://crbug.com/390497): Make sure that CSP uses RequestContext instead of this terrible Resource::Type enum.
|
| + if (resourceRequest.requestContext() == WebURLRequest::RequestContextManifest) {
|
| + if (!shouldBypassMainWorldCSP && !csp->allowManifestFromSource(url, cspReporting))
|
| + return false;
|
| + }
|
| +
|
| // Measure the number of legacy URL schemes ('ftp://') and the number of embedded-credential
|
| // ('http://user:password@...') resources embedded as subresources. in the hopes that we can
|
| // block them at some point in the future.
|
|
|
Chromium Code Reviews
Issue 570563003:
Implement CSP check for manifest fetching (Closed)
Base URL: svn://svn.chromium.org/blink/trunk