diff options
| author | mkwst@chromium.org <mkwst@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-11-07 15:34:50 +0000 |
|---|---|---|
| committer | mkwst@chromium.org <mkwst@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-11-07 15:34:50 +0000 |
| commit | 4db72870c1929edfb10874c8388a130a797843e4 (patch) | |
| tree | 60e743632ed894d7b40273618dd5fe9809dac5af | |
| parent | 8534b6c46d32b4ee586744f55ed0a281b648e499 (diff) | |
| download | chromium_src-4db72870c1929edfb10874c8388a130a797843e4.zip chromium_src-4db72870c1929edfb10874c8388a130a797843e4.tar.gz chromium_src-4db72870c1929edfb10874c8388a130a797843e4.tar.bz2 | |
Prefer 'Content-Security-Policy' to 'X-WebKit-CSP'.
Support for the canonical CSP header landed in wkrev.com/133095. This CL
migrates the various places inside Chromium that use the prefixed header
over to the new hotness.
BUG=151857
TBR=aa@chromium.org,michaeln@chromium.org,sky@chromium.org,estade@chromium.org,kinuko@chromium.org,willchan@chromium.org,phajdan.jr@chromium.org
Review URL: https://chromiumcodereview.appspot.com/11368048
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@166435 0039d316-1c4b-4281-b951-d872f2087c98
9 files changed, 14 insertions, 17 deletions
diff --git a/chrome/browser/extensions/extension_protocols.cc b/chrome/browser/extensions/extension_protocols.cc index 1d85d8b..c9ed325 100644 --- a/chrome/browser/extensions/extension_protocols.cc +++ b/chrome/browser/extensions/extension_protocols.cc @@ -48,7 +48,7 @@ net::HttpResponseHeaders* BuildHttpHeaders( raw_headers.append("HTTP/1.1 200 OK"); if (!content_security_policy.empty()) { raw_headers.append(1, '\0'); - raw_headers.append("X-WebKit-CSP: "); + raw_headers.append("Content-Security-Policy: "); raw_headers.append(content_security_policy); } diff --git a/chrome/browser/ui/webui/chrome_url_data_manager_backend.cc b/chrome/browser/ui/webui/chrome_url_data_manager_backend.cc index 3d01b47..de0ed74 100644 --- a/chrome/browser/ui/webui/chrome_url_data_manager_backend.cc +++ b/chrome/browser/ui/webui/chrome_url_data_manager_backend.cc @@ -40,14 +40,10 @@ using content::BrowserThread; namespace { -// X-WebKit-CSP is our development name for Content-Security-Policy. -// TODO(tsepez) rename when Content-security-policy is done. // TODO(tsepez) remove unsafe-eval when bidichecker_packaged.js fixed. -// TODO(tsepez) chrome-extension: permits the ChromeVox screen reader -// extension to function on these pages. Remove it when the extension -// is updated to stop injecting script into the pages. const char kChromeURLContentSecurityPolicyHeaderBase[] = - "X-WebKit-CSP: script-src chrome://resources 'self' 'unsafe-eval'; "; + "Content-Security-Policy: script-src chrome://resources " + "'self' 'unsafe-eval'; "; // TODO(tsepez) The following should be replaced with a centralized table. // See crbug.com/104631. diff --git a/chrome/test/data/extensions/api_test/extension_resource_request_policy/web_accessible/accessible_resource_with_csp.html b/chrome/test/data/extensions/api_test/extension_resource_request_policy/web_accessible/accessible_resource_with_csp.html index 25933fc..361f263 100644 --- a/chrome/test/data/extensions/api_test/extension_resource_request_policy/web_accessible/accessible_resource_with_csp.html +++ b/chrome/test/data/extensions/api_test/extension_resource_request_policy/web_accessible/accessible_resource_with_csp.html @@ -1,2 +1,2 @@ -<meta http-equiv="X-WebKit-CSP" content="img-src 'none';"> +<meta http-equiv="Content-Security-Policy" content="img-src 'none';"> <img onload="document.title='Loaded'" onerror="document.title='Image failed to load'" src="chrome-extension://ggmldgjhdenlnjjjmehkomheglpmijnf/test.png"> diff --git a/chrome/test/functional/special_tabs.py b/chrome/test/functional/special_tabs.py index 8c6ebe8..f33c83c 100755 --- a/chrome/test/functional/special_tabs.py +++ b/chrome/test/functional/special_tabs.py @@ -272,7 +272,7 @@ class SpecialTabsTest(pyauto.PyUITest): exclude_list = [] no_csp = 'CSP' in properties and not properties['CSP'] if no_csp: - exclude_list.extend(['X-WebKit-CSP']) + exclude_list.extend(['Content-Security-Policy']) else: exclude_list.extend(['<script>', 'onclick=', 'onload=', 'onchange=', 'onsubmit=', 'javascript:']) diff --git a/content/browser/histogram_internals_request_job.cc b/content/browser/histogram_internals_request_job.cc index 08e2629..55ff5a9 100644 --- a/content/browser/histogram_internals_request_job.cc +++ b/content/browser/histogram_internals_request_job.cc @@ -46,8 +46,8 @@ void AboutHistogram(std::string* data, const std::string& path) { data->append("<!DOCTYPE html>\n<html>\n<head>\n"); data->append( - "<meta http-equiv=\"X-WebKit-CSP\" content=\"object-src 'none'; " - "script-src 'none' 'unsafe-eval'\">"); + "<meta http-equiv=\"Content-Security-Policy\" " + "content=\"object-src 'none'; script-src 'none' 'unsafe-eval'\">"); data->append("<title>"); data->append(net::EscapeForHTML(unescaped_title)); data->append("</title>\n"); diff --git a/content/browser/tcmalloc_internals_request_job.cc b/content/browser/tcmalloc_internals_request_job.cc index 2c4ef0d..87975b4 100644 --- a/content/browser/tcmalloc_internals_request_job.cc +++ b/content/browser/tcmalloc_internals_request_job.cc @@ -73,8 +73,8 @@ void RequestTcmallocStatsFromChildRenderProcesses() { void AboutTcmalloc(std::string* data) { data->append("<!DOCTYPE html>\n<html>\n<head>\n"); data->append( - "<meta http-equiv=\"X-WebKit-CSP\" content=\"object-src 'none'; " - "script-src 'none' 'unsafe-eval'\">"); + "<meta http-equiv=\"Content-Security-Policy\" " + "content=\"object-src 'none'; script-src 'none' 'unsafe-eval'\">"); data->append("<title>tcmalloc stats</title>"); data->append("</head><body>"); diff --git a/net/url_request/view_cache_helper.cc b/net/url_request/view_cache_helper.cc index fde3442..d468075 100644 --- a/net/url_request/view_cache_helper.cc +++ b/net/url_request/view_cache_helper.cc @@ -17,8 +17,9 @@ #include "net/url_request/url_request_context.h" #define VIEW_CACHE_HEAD \ - "<html><meta charset=\"utf-8\"><meta http-equiv=\"X-WebKit-CSP\" " \ - "content=\"object-src 'none'; script-src 'none' 'unsafe-eval'\">" \ + "<html><meta charset=\"utf-8\">" \ + "<meta http-equiv=\"Content-Security-Policy\" " \ + " content=\"object-src 'none'; script-src 'none' 'unsafe-eval'\">" \ "<body><table>" #define VIEW_CACHE_TAIL \ diff --git a/webkit/appcache/view_appcache_internals_job.cc b/webkit/appcache/view_appcache_internals_job.cc index c33c7ae..995df05 100644 --- a/webkit/appcache/view_appcache_internals_job.cc +++ b/webkit/appcache/view_appcache_internals_job.cc @@ -54,7 +54,7 @@ void EmitPageStart(std::string* out) { out->append( "<!DOCTYPE HTML>\n" "<html><title>AppCache Internals</title>\n" - "<meta http-equiv=\"X-WebKit-CSP\"" + "<meta http-equiv=\"Content-Security-Policy\"" " content=\"object-src 'none'; script-src 'none'\">\n" "<style>\n" "body { font-family: sans-serif; font-size: 0.8em; }\n" diff --git a/webkit/blob/view_blob_internals_job.cc b/webkit/blob/view_blob_internals_job.cc index 4256713..292c8f9 100644 --- a/webkit/blob/view_blob_internals_job.cc +++ b/webkit/blob/view_blob_internals_job.cc @@ -39,7 +39,7 @@ void StartHTML(std::string* out) { out->append( "<!DOCTYPE HTML>" "<html><title>Blob Storage Internals</title>" - "<meta http-equiv=\"X-WebKit-CSP\"" + "<meta http-equiv=\"Content-Security-Policy\"" " content=\"object-src 'none'; script-src 'none'\">\n" "<style>\n" "body { font-family: sans-serif; font-size: 0.8em; }\n" |