diff options
author | jww <jww@chromium.org> | 2015-10-01 13:41:11 -0700 |
---|---|---|
committer | Commit bot <commit-bot@chromium.org> | 2015-10-01 20:41:49 +0000 |
commit | 4cdab1b55e1c3b5ec71b9a9156fe97c97d869b94 (patch) | |
tree | 99fe0ae07d83ddd6ea8da590de7e7a65f834519b | |
parent | 60f8586bf335855d73664d430a2a260e98fc94cf (diff) | |
download | chromium_src-4cdab1b55e1c3b5ec71b9a9156fe97c97d869b94.zip chromium_src-4cdab1b55e1c3b5ec71b9a9156fe97c97d869b94.tar.gz chromium_src-4cdab1b55e1c3b5ec71b9a9156fe97c97d869b94.tar.bz2 |
Update the CSP of two component extensions based on prior CSP change.
In an earlier CL (https://codereview.chromium.org/1361763005), we
modified Content Security Policy to match the spec so that a pure
wildcard "*" does -not- match blob:, filesystem:, and data: URLs.
However, this broke a few component extensions that relied on this
earlier behavior.
This CL fixes them by merely adding those protocols explicitly to the
directives that previously had pure wildcard sources. This should allow
for indistinguishable behavior compared to before the CSP fix.
BUG=536718
TBR=rkc@chromium.org,raymes@chromium.org
Review URL: https://codereview.chromium.org/1382923002
Cr-Commit-Position: refs/heads/master@{#351877}
-rw-r--r-- | chrome/browser/resources/feedback/manifest.json | 2 | ||||
-rw-r--r-- | chrome/browser/resources/pdf/manifest.json | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/chrome/browser/resources/feedback/manifest.json b/chrome/browser/resources/feedback/manifest.json index 1fd74ae..5371e97 100644 --- a/chrome/browser/resources/feedback/manifest.json +++ b/chrome/browser/resources/feedback/manifest.json @@ -18,7 +18,7 @@ "background": { "scripts": ["js/event_handler.js"] }, - "content_security_policy": "default-src 'none'; script-src 'self' blob: filesystem: chrome://resources; style-src 'unsafe-inline' *; img-src *; media-src 'self' blob: filesystem:" + "content_security_policy": "default-src 'none'; script-src 'self' blob: filesystem: chrome://resources; style-src 'unsafe-inline' blob: filesystem: data: *; img-src * blob: filesystem: data:; media-src 'self' blob: filesystem:" }, "display_in_launcher": false, "display_in_new_tab_page": false diff --git a/chrome/browser/resources/pdf/manifest.json b/chrome/browser/resources/pdf/manifest.json index 11a0b99..b3c4e94 100644 --- a/chrome/browser/resources/pdf/manifest.json +++ b/chrome/browser/resources/pdf/manifest.json @@ -14,7 +14,7 @@ "mime_types": [ "application/pdf" ], - "content_security_policy": "script-src 'self' blob: filesystem: chrome://resources; object-src *; plugin-types application/x-google-chrome-pdf", + "content_security_policy": "script-src 'self' blob: filesystem: chrome://resources; object-src * blob: filesystem: data:; plugin-types application/x-google-chrome-pdf", // This is to work-around an issue where this extension is not granted // permission to access chrome://resources when iframed for print preview. // See https://crbug.com/444752. |