Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(8567)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: chrome/common/extensions/csp_validator.cc

Issue 10855122: Whitelisting `127.0.0.1` and `localhost` for HTTP in extensions' CSP. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Second pass. Created 8 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | chrome/common/extensions/csp_validator_unittest.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: chrome/common/extensions/csp_validator.cc
diff --git a/chrome/common/extensions/csp_validator.cc b/chrome/common/extensions/csp_validator.cc
index a57bdb0ce9bbb3288d744dcf2c7da383d015ea7b..9138f5c9aef8c420331393603d23736c3422ca62 100644
--- a/chrome/common/extensions/csp_validator.cc
+++ b/chrome/common/extensions/csp_validator.cc
@@ -46,6 +46,10 @@ bool HasOnlySecureTokens(StringTokenizer& tokenizer) {
// We might need to relax this whitelist over time.
if (source == "'self'" ||
source == "'none'" ||
+ source == "http://127.0.0.1" ||
+ LowerCaseEqualsASCII(source, "http://localhost") ||
+ StartsWithASCII(source, "http://127.0.0.1:", false) ||
+ StartsWithASCII(source, "http://localhost:", false) ||
StartsWithASCII(source, "https://", true) ||
StartsWithASCII(source, "chrome://", true) ||
StartsWithASCII(source, "chrome-extension://", true) ||
« no previous file with comments | « no previous file | chrome/common/extensions/csp_validator_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698