Index: Source/core/frame/csp/CSPDirectiveList.cpp |
diff --git a/Source/core/frame/csp/CSPDirectiveList.cpp b/Source/core/frame/csp/CSPDirectiveList.cpp |
index cde021c47977c9a0ab434f2aa5085c8523b280ec..93e1e78af715a573aed95211696ae2fd5d6372ac 100644 |
--- a/Source/core/frame/csp/CSPDirectiveList.cpp |
+++ b/Source/core/frame/csp/CSPDirectiveList.cpp |
@@ -581,14 +581,17 @@ void CSPDirectiveList::enforceStrictMixedContentChecking(const String& name, con |
void CSPDirectiveList::enableInsecureContentUpgrade(const String& name, const String& value) |
{ |
+ if (m_reportOnly) { |
+ m_policy->reportInvalidInReportOnly(name); |
+ return; |
+ } |
Yoav Weiss
2015/03/05 12:06:14
Why is report-only invalid here?
|
if (m_upgradeInsecureRequests) { |
m_policy->reportDuplicateDirective(name); |
return; |
} |
m_upgradeInsecureRequests = true; |
- // FIXME: Monitoring insecure content currently has no effect. We'll eventually wire it up |
- // to the CSP reporting mechanism if we go this route. https://crbug.com/455674 |
- m_policy->setInsecureContentPolicy(m_reportOnly ? SecurityContext::InsecureContentMonitor : SecurityContext::InsecureContentUpgrade); |
+ |
+ m_policy->setInsecureContentPolicy(SecurityContext::InsecureContentUpgrade); |
if (!value.isEmpty()) |
m_policy->reportValueForEmptyDirective(name, value); |
} |