CSP in chrome://cache page is invalid |
|||
Issue descriptionChrome Version: 62.3167 What steps will reproduce the problem? (1) Open console on chrome://cache Observe: "The source list for Content Security Policy directive 'script-src' contains an invalid source: ''none''. It will be ignored. Note that 'none' has no effect unless it is the only expression in the source list." https://cs.chromium.org/chromium/src/net/url_request/view_cache_helper.cc?l=22&rcl=1a10b0cc3a3c52b16ea8734aab307ebee28c3496 Do we actually want 'unsafe-eval' on this page?
,
Jul 26 2017
Yeah, nice catch. I think this is one I "kicked down the road" to get the other CSP stuff working without having to completely rewrite this page.
,
Jul 27 2017
https://chromium-review.googlesource.com/590074
,
Jul 28 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/10b3b05bc2916a9d3882c7d2db080a490d2d9369 commit 10b3b05bc2916a9d3882c7d2db080a490d2d9369 Author: Eric Lawrence <elawrence@chromium.org> Date: Fri Jul 28 14:50:53 2017 Remove 'unsafe-eval' from chrome://cache Content-Security-Policy The Content-Security-Policy declared by the chrome://cache page included 'unsafe-eval' which is not needed. This unnecessary token also causes the 'none' token to be invalid, as 'none' must appear alone. Bug: 749169 Change-Id: I7c1096d3f202f55b01cd5213bd23e7eaddad4d09 Reviewed-on: https://chromium-review.googlesource.com/590074 Reviewed-by: Eric Roman <eroman@chromium.org> Commit-Queue: Eric Lawrence <elawrence@chromium.org> Cr-Commit-Position: refs/heads/master@{#490389} [modify] https://crrev.com/10b3b05bc2916a9d3882c7d2db080a490d2d9369/net/url_request/view_cache_helper.cc
,
Jul 31 2017
|
|||
►
Sign in to add a comment |
|||
Comment 1 by mmenke@chromium.org
, Jul 26 2017