| commit | e51864cbd2777a5b06d6be1f1b80a1866cc978da | |
| author | jww@chromium.org <jww@chromium.org> | |
| Wed, 23 Sep 2015 01:36:37 +0000 (23 01:36 +0000) | ||
| committer | jww@chromium.org <jww@chromium.org> | |
| Wed, 23 Sep 2015 01:36:37 +0000 (23 01:36 +0000) | ||
| tree | c60472b4b42caea5a429c61f3353ba72928056c9 | treesnapshot (tar.gz zip) |
| parent | 134c13894bf5fb087f9017698547ec12c963bfa6 | commitdiff |
Apply CSP default-src hash values to script-src and style-src.
This fixes a minor bug where we forgot to add hash values in the
default-src CSP directive to the list of hash algorithms seen. Thus,
when the hash whitelist was checked for inline styles and scripts, the
CSP potentially might believe that no algorithms have been seen, so the
whitelist check would skip all of the stored hash values.
This fixes the bug by adding the algorithms to the list of algorithms
seen when a default-src directive is reached.
BUG=534568
R=mkwst@chromium.org
Review URL: https://codereview.chromium.org/1360693002
git-svn-id: svn://svn.chromium.org/blink/trunk@202656 bbb929c8-8fbe-4397-9dbb-9b2b20218538
This fixes a minor bug where we forgot to add hash values in the
default-src CSP directive to the list of hash algorithms seen. Thus,
when the hash whitelist was checked for inline styles and scripts, the
CSP potentially might believe that no algorithms have been seen, so the
whitelist check would skip all of the stored hash values.
This fixes the bug by adding the algorithms to the list of algorithms
seen when a default-src directive is reached.
BUG=534568
R=mkwst@chromium.org
Review URL: https://codereview.chromium.org/1360693002
git-svn-id: svn://svn.chromium.org/blink/trunk@202656 bbb929c8-8fbe-4397-9dbb-9b2b20218538