Chromium Code Reviews Chromium Code Reviews
Issue 673183003:
Allow *.googleapis.com to be used in CSP (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| Index: extensions/common/csp_validator.cc |
| diff --git a/extensions/common/csp_validator.cc b/extensions/common/csp_validator.cc |
| index fc3f541a041bfc0c30db7360e0bd8ec37895b65d..8992e8013ee10949282863f90de1b25cd6f9e80b 100644 |
| --- a/extensions/common/csp_validator.cc |
| +++ b/extensions/common/csp_validator.cc |
| @@ -87,6 +87,12 @@ bool isNonWildcardTLD(const std::string& url, |
| if (!is_wildcard_subdomain || !should_check_rcd) |
| return true; |
| + // Allow *.googleapis.com to be whitelisted for backwards-compatibility. |
| + // AWS has registered several public suffixes but hosts the user-generated |
| + // content directly under the public suffix without a subdomain. |
|
not at google - send to devlin
2014/10/24 22:16:51
Reference that bug here. Also some examples in the
robwu
2014/10/24 22:34:08
Done.
|
| + if (host == "googleapis.com" || EndsWith(host, ".amazonaws.com", true)) |
| + return true; |
| + |
| // Wildcards on subdomains of a TLD are not allowed. |
| size_t registry_length = net::registry_controlled_domains::GetRegistryLength( |
| host, |
