extensions/common/manifest_handlers/csp_info.cc - Issue 747403002: Ignore insecure parts of CSP in extensions and allow extension to load

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: extensions/common/manifest_handlers/csp_info.cc

Issue 747403002: Ignore insecure parts of CSP in extensions and allow extension to load (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: rebase Created 6 years, 1 month ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: extensions/common/manifest_handlers/csp_info.cc

diff --git a/extensions/common/manifest_handlers/csp_info.cc b/extensions/common/manifest_handlers/csp_info.cc

index 2c3838fa6351daad489a6fb16d9830d7775719d2..02c9e980e39a3cb5a649b387ec95faf6ab711eff 100644

--- a/extensions/common/manifest_handlers/csp_info.cc

+++ b/extensions/common/manifest_handlers/csp_info.cc

@@ -9,6 +9,7 @@

#include "base/strings/utf_string_conversions.h"

#include "base/values.h"

#include "extensions/common/csp_validator.h"

+#include "extensions/common/install_warning.h"

#include "extensions/common/manifest_constants.h"

#include "extensions/common/manifest_handlers/sandboxed_page_info.h"

@@ -109,7 +110,8 @@ bool CSPHandler::Parse(Extension* extension, base::string16* error) {

kDefaultContentSecurityPolicy;

CHECK(ContentSecurityPolicyIsSecure(content_security_policy,

not at google - send to devlin 2014/12/01 19:19:31 Indeed I find these changes hard to reason about b

- GetValidatorOptions(extension)));

+ GetValidatorOptions(extension),

+ NULL, NULL));

extension->SetManifestData(keys::kContentSecurityPolicy,

new CSPInfo(content_security_policy));

}

@@ -125,11 +127,14 @@ bool CSPHandler::Parse(Extension* extension, base::string16* error) {

*error = base::ASCIIToUTF16(errors::kInvalidContentSecurityPolicy);

return false;

}

+ std::string sanitized_csp;

+ std::vector<InstallWarning> warnings;

if (extension->manifest_version() >= 2 &&

!ContentSecurityPolicyIsSecure(content_security_policy,

- GetValidatorOptions(extension))) {

- *error = base::ASCIIToUTF16(errors::kInsecureContentSecurityPolicy);

- return false;

+ GetValidatorOptions(extension),

+ &sanitized_csp, &warnings)) {

+ extension->AddInstallWarnings(warnings);

+ content_security_policy = sanitized_csp;

}

extension->SetManifestData(keys::kContentSecurityPolicy,

« extensions/common/csp_validator_unittest.cc ('K') | « extensions/common/manifest_constants.cc ('k') | no next file » | no next file with comments »