| Index: extensions/common/csp_validator.h
|
| diff --git a/extensions/common/csp_validator.h b/extensions/common/csp_validator.h
|
| index e7446f6d4fd885f0363d7002f9d780053e3ab7ba..2b6df2d3d2a0395357742d7372dab56cda8ec28b 100644
|
| --- a/extensions/common/csp_validator.h
|
| +++ b/extensions/common/csp_validator.h
|
| @@ -28,8 +28,15 @@ bool ContentSecurityPolicyIsLegal(const std::string& policy);
|
| // However, we found that it broke too many deployed extensions to limit
|
| // 'unsafe-eval' in the script-src directive, so that is allowed as a special
|
| // case for extensions. Platform apps disallow it.
|
| -bool ContentSecurityPolicyIsSecure(
|
| - const std::string& policy, Manifest::Type type);
|
| +//
|
| +// If |sanitized_csp| is not NULL, |policy| minus the insecure values is stored
|
| +// in |sanitized_csp|.
|
| +// If |warnings| is not NULL, any validation errors are appended to |warnings|.
|
| +// Returns whether |policy| meets the minimum security requirements.
|
| +bool ContentSecurityPolicyIsSecure(const std::string& policy,
|
| + Manifest::Type type,
|
| + std::string* sanitized_csp,
|
| + std::vector<InstallWarning>* warnings);
|
|
|
| // Checks whether the given |policy| enforces a unique origin sandbox as
|
| // defined by http://www.whatwg.org/specs/web-apps/current-work/multipage/
|
|
|
Chromium Code Reviews
Issue 747403002:
Ignore insecure parts of CSP in extensions and allow extension to load (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master