Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(682)

Unified Diff: Source/core/frame/csp/ContentSecurityPolicy.h

Issue 570563003: Implement CSP check for manifest fetching (Closed) Base URL: svn://svn.chromium.org/blink/trunk
Patch Set: Rebased Created 6 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
Index: Source/core/frame/csp/ContentSecurityPolicy.h
diff --git a/Source/core/frame/csp/ContentSecurityPolicy.h b/Source/core/frame/csp/ContentSecurityPolicy.h
index 925200321cbf5aedda5f51a009f737804b352101..fbeb52a2535f1ab1cbfbb4d9bd6f098648c57bef 100644
--- a/Source/core/frame/csp/ContentSecurityPolicy.h
+++ b/Source/core/frame/csp/ContentSecurityPolicy.h
@@ -86,6 +86,10 @@ public:
static const char ReflectedXSS[];
static const char Referrer[];
+ // Manifest Directives (to be merged into CSP 1.1)
Mike West 2014/09/29 11:00:46 Nit: Can you change this and line 80 to refer to "
+ // https://w3c.github.io/manifest/#content-security-policy
+ static const char ManifestSrc[];
+
enum ReportingStatus {
SendReport,
SuppressReport
@@ -129,6 +133,8 @@ public:
bool allowChildContextFromSource(const KURL&, ReportingStatus = SendReport) const;
bool allowWorkerContextFromSource(const KURL&, ReportingStatus = SendReport) const;
+ bool allowManifestFromSource(const KURL&, ReportingStatus = SendReport) const;
+
// The nonce and hash allow functions are guaranteed to not have any side
// effects, including reporting.
// Nonce/Hash functions check all policies relating to use of a script/style

Powered by Google App Engine
This is Rietveld 408576698