69cc847f5802c6d871836695d5f984db682af776 - chromium/src

commit	69cc847f5802c6d871836695d5f984db682af776	[log] [tgz]
author	amalika <amalika@google.com>	Tue Oct 18 14:35:00 2016
committer	Commit bot <commit-bot@chromium.org>	Tue Oct 18 14:37:12 2016
tree	148cf6dc0c347122f130aa6e49ff92ee50148a73
parent	cbc7b1ed4e9facd8de1d4e481ecc9a5c14df83b2 [diff]

This is part of an experimental feature in Content Security Policy.

This patch introduces a new header Allow-CSP-From that allows the embedded iframe
to use a whitelist to enforce upon itself embedder's CSP.

BUG=647588

Review-Url: https://codereview.chromium.org/2404373003
Cr-Commit-Position: refs/heads/master@{#425955}

third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/embeddedEnforcement/allow_csp_from-header.html[Added - diff]
third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/embeddedEnforcement/embedding_csp-header.html[diff]
third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/resources/child-csp-test.js[Added - diff]
third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/resources/respond-with-allow-csp-from-header.php[Added - diff]
third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/resources/respond-with-allow-csp-from-multiple-headers.php[Added - diff]
third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp[diff]
third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.h[diff]
third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicyTest.cpp[diff]
third_party/WebKit/Source/core/loader/DocumentLoader.cpp[diff]
third_party/WebKit/Source/platform/network/HTTPNames.in[diff]

10 files changed