| Index: Source/core/frame/csp/ContentSecurityPolicy.h
|
| diff --git a/Source/core/frame/csp/ContentSecurityPolicy.h b/Source/core/frame/csp/ContentSecurityPolicy.h
|
| index 925200321cbf5aedda5f51a009f737804b352101..fbeb52a2535f1ab1cbfbb4d9bd6f098648c57bef 100644
|
| --- a/Source/core/frame/csp/ContentSecurityPolicy.h
|
| +++ b/Source/core/frame/csp/ContentSecurityPolicy.h
|
| @@ -86,6 +86,10 @@ public:
|
| static const char ReflectedXSS[];
|
| static const char Referrer[];
|
|
|
| + // Manifest Directives (to be merged into CSP 1.1)
|
| + // https://w3c.github.io/manifest/#content-security-policy
|
| + static const char ManifestSrc[];
|
| +
|
| enum ReportingStatus {
|
| SendReport,
|
| SuppressReport
|
| @@ -129,6 +133,8 @@ public:
|
| bool allowChildContextFromSource(const KURL&, ReportingStatus = SendReport) const;
|
| bool allowWorkerContextFromSource(const KURL&, ReportingStatus = SendReport) const;
|
|
|
| + bool allowManifestFromSource(const KURL&, ReportingStatus = SendReport) const;
|
| +
|
| // The nonce and hash allow functions are guaranteed to not have any side
|
| // effects, including reporting.
|
| // Nonce/Hash functions check all policies relating to use of a script/style
|
|
|
Chromium Code Reviews
Issue 570563003:
Implement CSP check for manifest fetching (Closed)
Base URL: svn://svn.chromium.org/blink/trunk