Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(43)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: extensions/common/csp_validator.h

Issue 754713002: Allow arbitrary object-src CSP directives for component extensions (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 6 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« chrome/browser/resources/pdf/pdf.js ('K') | « chrome/browser/resources/pdf/pdf.js ('k') | extensions/common/csp_validator.cc » ('j') | extensions/common/csp_validator_unittest.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: extensions/common/csp_validator.h
diff --git a/extensions/common/csp_validator.h b/extensions/common/csp_validator.h
index e7446f6d4fd885f0363d7002f9d780053e3ab7ba..c001332762201ac2ca9ef44d8d4f1b716be45449 100644
--- a/extensions/common/csp_validator.h
+++ b/extensions/common/csp_validator.h
@@ -18,6 +18,12 @@ namespace csp_validator {
// will cause problems when we transmit the policy in an HTTP header.
bool ContentSecurityPolicyIsLegal(const std::string& policy);
+enum Options {
Sam McNally 2014/11/24 04:40:15 Comments?
not at google - send to devlin 2014/11/24 18:18:02 when you do: please add a comment to ALLOW_INSECUR
raymes 2014/11/25 13:34:10 Done.
raymes 2014/11/25 13:34:10 Done.
+ NO_OPTIONS = 0x00,
Sam McNally 2014/11/24 04:40:15 Prefix values with OPTIONS_.
raymes 2014/11/25 13:34:10 Done.
+ ALLOW_UNSAFE_EVAL = 0x01,
+ ALLOW_INSECURE_OBJECT_SRC = 0x02,
not at google - send to devlin 2014/11/24 18:18:02 Let's keep discussing this enum: More typical styl
raymes 2014/11/25 13:34:10 Done.
+};
+
// Checks whether the given |policy| meets the minimum security requirements
// for use in the extension system.
//
@@ -29,7 +35,7 @@ bool ContentSecurityPolicyIsLegal(const std::string& policy);
// 'unsafe-eval' in the script-src directive, so that is allowed as a special
// case for extensions. Platform apps disallow it.
bool ContentSecurityPolicyIsSecure(
- const std::string& policy, Manifest::Type type);
+ const std::string& policy, int options);
not at google - send to devlin 2014/11/24 18:18:03 Mention that this is a bitmask.
raymes 2014/11/25 13:34:10 Done.
// Checks whether the given |policy| enforces a unique origin sandbox as
// defined by http://www.whatwg.org/specs/web-apps/current-work/multipage/
« chrome/browser/resources/pdf/pdf.js ('K') | « chrome/browser/resources/pdf/pdf.js ('k') | extensions/common/csp_validator.cc » ('j') | extensions/common/csp_validator_unittest.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698