Index: extensions/common/csp_validator.h |
diff --git a/extensions/common/csp_validator.h b/extensions/common/csp_validator.h |
index 192f898c8664c8a2db70158a5b38225ad9ab0d73..e8aa78c4ca3dc33b1ff8b102379172320588c91c 100644 |
--- a/extensions/common/csp_validator.h |
+++ b/extensions/common/csp_validator.h |
@@ -25,7 +25,9 @@ enum Options { |
// Allows 'unsafe-eval' to be specified as a source in a directive. |
OPTIONS_ALLOW_UNSAFE_EVAL = 1 << 0, |
// Allow an object-src to be specified with any sources (i.e. it may contain |
- // wildcards or http sources). |
+ // wildcards or http sources). Specifying this requires the CSP to contain |
+ // a plugin-types directive which restricts the plugins that can be loaded |
+ // to those which are fully sandboxed. |
OPTIONS_ALLOW_INSECURE_OBJECT_SRC = 1 << 1, |
}; |