| Index: Source/core/frame/csp/ContentSecurityPolicy.cpp
|
| diff --git a/Source/core/frame/csp/ContentSecurityPolicy.cpp b/Source/core/frame/csp/ContentSecurityPolicy.cpp
|
| index ff4b3ebe4d4ffa9374e2e5bf262dfa173b6ff52d..46ae9f2262c0c2d1d316d7e417f27ee18695e3b8 100644
|
| --- a/Source/core/frame/csp/ContentSecurityPolicy.cpp
|
| +++ b/Source/core/frame/csp/ContentSecurityPolicy.cpp
|
| @@ -89,6 +89,10 @@ const char ContentSecurityPolicy::PluginTypes[] = "plugin-types";
|
| const char ContentSecurityPolicy::ReflectedXSS[] = "reflected-xss";
|
| const char ContentSecurityPolicy::Referrer[] = "referrer";
|
|
|
| +// Manifest Directives
|
| +// https://w3c.github.io/manifest/#content-security-policy
|
| +const char ContentSecurityPolicy::ManifestSrc[] = "manifest-src";
|
| +
|
| bool ContentSecurityPolicy::isDirectiveName(const String& name)
|
| {
|
| return (equalIgnoringCase(name, ConnectSrc)
|
| @@ -109,6 +113,7 @@ bool ContentSecurityPolicy::isDirectiveName(const String& name)
|
| || equalIgnoringCase(name, PluginTypes)
|
| || equalIgnoringCase(name, ReflectedXSS)
|
| || equalIgnoringCase(name, Referrer)
|
| + || equalIgnoringCase(name, ManifestSrc)
|
| );
|
| }
|
|
|
| @@ -531,6 +536,11 @@ bool ContentSecurityPolicy::allowWorkerContextFromSource(const KURL& url, Conten
|
| return isAllowedByAllWithURL<&CSPDirectiveList::allowChildContextFromSource>(m_policies, url, reportingStatus);
|
| }
|
|
|
| +bool ContentSecurityPolicy::allowManifestFromSource(const KURL& url, ContentSecurityPolicy::ReportingStatus reportingStatus) const
|
| +{
|
| + return isAllowedByAllWithURL<&CSPDirectiveList::allowManifestFromSource>(m_policies, url, reportingStatus);
|
| +}
|
| +
|
| bool ContentSecurityPolicy::isActive() const
|
| {
|
| return !m_policies.isEmpty();
|
|
|
Chromium Code Reviews
Issue 570563003:
Implement CSP check for manifest fetching (Closed)
Base URL: svn://svn.chromium.org/blink/trunk