39d12f5665910578d2e18251a0225a7aebe6964b - chromium/src

commit	39d12f5665910578d2e18251a0225a7aebe6964b	[log] [tgz]
author	shekyan <shekyan@gmail.com>	Tue Aug 09 03:38:48 2016
committer	Commit bot <commit-bot@chromium.org>	Tue Aug 09 03:41:52 2016
tree	a86260b5fbbc398e515590cfbab2bfe8468ca9a2
parent	cdaf163921fb3bd75eee844173b95eec40eb972d [diff]

Change wildcard source expression matching to conform latest spec

This patch changes wildcard source expression matching to require
schemes other than http/https/ws/wss be explicitly present
in the source list to match, per
https://w3c.github.io/webappsec-csp/#match-url-to-source-expression

This also updates CSP injected in inline_login_ui.cc to explicitly allow
`chrome:` as in `connect-src * chrome:` to fix failing tests.

This also changes Content Security Policy in manifests of Feedback and
PDF Viewer extensions to allow objects from `file:`.

BUG=611314
R=mkwst@chromium.org
CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:closure_compilation

Review-Url: https://codereview.chromium.org/2209113002
Cr-Commit-Position: refs/heads/master@{#410566}

8 files changed