| Index: Source/core/frame/csp/ContentSecurityPolicy.h
|
| diff --git a/Source/core/frame/csp/ContentSecurityPolicy.h b/Source/core/frame/csp/ContentSecurityPolicy.h
|
| index 55690b5fa28ea24775458bae413acd2f649878ba..a2aaf590a1a12e8519a8e42fbed7cc6fb2ca8584 100644
|
| --- a/Source/core/frame/csp/ContentSecurityPolicy.h
|
| +++ b/Source/core/frame/csp/ContentSecurityPolicy.h
|
| @@ -75,7 +75,7 @@ public:
|
| static const char ScriptSrc[];
|
| static const char StyleSrc[];
|
|
|
| - // CSP 1.1 Directives
|
| + // CSP Level 2 Directives
|
| static const char BaseURI[];
|
| static const char ChildSrc[];
|
| static const char FormAction[];
|
| @@ -84,6 +84,10 @@ public:
|
| static const char ReflectedXSS[];
|
| static const char Referrer[];
|
|
|
| + // Manifest Directives (to be merged into CSP Level 2)
|
| + // https://w3c.github.io/manifest/#content-security-policy
|
| + static const char ManifestSrc[];
|
| +
|
| enum ReportingStatus {
|
| SendReport,
|
| SuppressReport
|
| @@ -127,6 +131,8 @@ public:
|
| bool allowChildContextFromSource(const KURL&, ReportingStatus = SendReport) const;
|
| bool allowWorkerContextFromSource(const KURL&, ReportingStatus = SendReport) const;
|
|
|
| + bool allowManifestFromSource(const KURL&, ReportingStatus = SendReport) const;
|
| +
|
| // The nonce and hash allow functions are guaranteed to not have any side
|
| // effects, including reporting.
|
| // Nonce/Hash functions check all policies relating to use of a script/style
|
|
|
Chromium Code Reviews
Issue 570563003:
Implement CSP check for manifest fetching (Closed)
Base URL: svn://svn.chromium.org/blink/trunk