| Index: chrome/common/extensions/docs/static/contentSecurityPolicy.html
|
| diff --git a/chrome/common/extensions/docs/static/contentSecurityPolicy.html b/chrome/common/extensions/docs/static/contentSecurityPolicy.html
|
| index 69e95c8a366c1a94fba9c93967d076d01a5088f3..e70b58fbb3e36e72e476f7c4c8bcd4c48d5f6a02 100644
|
| --- a/chrome/common/extensions/docs/static/contentSecurityPolicy.html
|
| +++ b/chrome/common/extensions/docs/static/contentSecurityPolicy.html
|
| @@ -237,6 +237,13 @@ popup.html:
|
| </p>
|
|
|
| <p>
|
| + To ease development, we're also allowing the whitelisting of resources loaded
|
| + over HTTP from servers on your local machine. You may whitelist script and
|
| + object sources on any port of either <code>http://127.0.0.1</code> or
|
| + <code>http://localhost</code>.
|
| +</p>
|
| +
|
| +<p>
|
| A relaxed policy definition which allows script resources to be loaded from
|
| <code>example.com</code> over HTTPS might look like:
|
| </p>
|
|
|
Chromium Code Reviews
Issue 10855122:
Whitelisting `127.0.0.1` and `localhost` for HTTP in extensions' CSP. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src