| Index: extensions/common/manifest_handlers/csp_info.cc
|
| diff --git a/extensions/common/manifest_handlers/csp_info.cc b/extensions/common/manifest_handlers/csp_info.cc
|
| index 2fd74fb76b272a096eae2e8f215861835955aeb6..f3fe79c3aa73321fa6e2e7b5de2a845ceb03535e 100644
|
| --- a/extensions/common/manifest_handlers/csp_info.cc
|
| +++ b/extensions/common/manifest_handlers/csp_info.cc
|
| @@ -9,6 +9,7 @@
|
| #include "base/strings/utf_string_conversions.h"
|
| #include "base/values.h"
|
| #include "extensions/common/csp_validator.h"
|
| +#include "extensions/common/install_warning.h"
|
| #include "extensions/common/manifest_constants.h"
|
| #include "extensions/common/manifest_handlers/sandboxed_page_info.h"
|
|
|
| @@ -88,7 +89,7 @@ bool CSPHandler::Parse(Extension* extension, base::string16* error) {
|
| kDefaultContentSecurityPolicy;
|
|
|
| CHECK(ContentSecurityPolicyIsSecure(content_security_policy,
|
| - extension->GetType()));
|
| + extension->GetType(), NULL, NULL));
|
| extension->SetManifestData(keys::kContentSecurityPolicy,
|
| new CSPInfo(content_security_policy));
|
| }
|
| @@ -104,11 +105,14 @@ bool CSPHandler::Parse(Extension* extension, base::string16* error) {
|
| *error = base::ASCIIToUTF16(errors::kInvalidContentSecurityPolicy);
|
| return false;
|
| }
|
| + std::string sanitized_csp;
|
| + std::vector<InstallWarning> warnings;
|
| if (extension->manifest_version() >= 2 &&
|
| !ContentSecurityPolicyIsSecure(content_security_policy,
|
| - extension->GetType())) {
|
| - *error = base::ASCIIToUTF16(errors::kInsecureContentSecurityPolicy);
|
| - return false;
|
| + extension->GetType(), &sanitized_csp,
|
| + &warnings)) {
|
| + extension->AddInstallWarnings(warnings);
|
| + content_security_policy = sanitized_csp;
|
| }
|
|
|
| extension->SetManifestData(keys::kContentSecurityPolicy,
|
|
|
Chromium Code Reviews
Issue 747403002:
Ignore insecure parts of CSP in extensions and allow extension to load (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master