See discussion in crbug.com/896041 and the doc discussing this change- https://docs.google.com/document/d/1vzcRg-wc2RP5yHDz4abCjgS7uzZuQYFd0izmiMFb-mY/edit?usp=sharing. Also note that in Manifest V3, "content_security_policy" manifest key will only be a dictionary and not a string.
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/d4c1a926a9185194779ca8c26768e85c00954ab7 commit d4c1a926a9185194779ca8c26768e85c00954ab7 Author: Karan Bhatia <karandeepb@chromium.org> Date: Fri Dec 14 22:21:39 2018 Extensions: Implement "content_security_policy.extension_pages" manifest key. This CL implements the "content_security_policy.extension_pages" manifest key. This is part of allowing "content_security_policy" key to be specified as a dictionary. In follow-ups, "content_security_policy.sandbox" and "content_security_policy.content_scripts" will be implemented. BUG=914224 Change-Id: I1e3a3b1757d1417bf12c3f4fb2fa652fe8bc29e8 Reviewed-on: https://chromium-review.googlesource.com/c/1373253 Commit-Queue: Karan Bhatia <karandeepb@chromium.org> Reviewed-by: Devlin <rdevlin.cronin@chromium.org> Cr-Commit-Position: refs/heads/master@{#616847} [modify] https://crrev.com/d4c1a926a9185194779ca8c26768e85c00954ab7/extensions/common/api/_manifest_features.json [modify] https://crrev.com/d4c1a926a9185194779ca8c26768e85c00954ab7/extensions/common/manifest_constants.cc [modify] https://crrev.com/d4c1a926a9185194779ca8c26768e85c00954ab7/extensions/common/manifest_constants.h [modify] https://crrev.com/d4c1a926a9185194779ca8c26768e85c00954ab7/extensions/common/manifest_handlers/csp_info.cc [modify] https://crrev.com/d4c1a926a9185194779ca8c26768e85c00954ab7/extensions/common/manifest_handlers/csp_info.h [modify] https://crrev.com/d4c1a926a9185194779ca8c26768e85c00954ab7/extensions/common/manifest_handlers/csp_info_unittest.cc [add] https://crrev.com/d4c1a926a9185194779ca8c26768e85c00954ab7/extensions/test/data/manifest_tests/csp_dictionary_valid.json [add] https://crrev.com/d4c1a926a9185194779ca8c26768e85c00954ab7/extensions/test/data/manifest_tests/csp_empty_dictionary_valid.json [add] https://crrev.com/d4c1a926a9185194779ca8c26768e85c00954ab7/extensions/test/data/manifest_tests/csp_empty_valid.json [add] https://crrev.com/d4c1a926a9185194779ca8c26768e85c00954ab7/extensions/test/data/manifest_tests/csp_invalid_1.json [add] https://crrev.com/d4c1a926a9185194779ca8c26768e85c00954ab7/extensions/test/data/manifest_tests/csp_invalid_2.json [add] https://crrev.com/d4c1a926a9185194779ca8c26768e85c00954ab7/extensions/test/data/manifest_tests/csp_invalid_3.json [add] https://crrev.com/d4c1a926a9185194779ca8c26768e85c00954ab7/extensions/test/data/manifest_tests/csp_string_valid.json
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/bdc60d060bba4d848fde3d6dde129d875eac0528 commit bdc60d060bba4d848fde3d6dde129d875eac0528 Author: Karan Bhatia <karandeepb@chromium.org> Date: Fri Dec 21 23:12:44 2018 Extensions: Restrict "content_security_policy" dictionary key to trunk. r616847 introduced the ability for the "content_security_policy" manifest key to be used as a dictionary. While the CL restricted the "content_security_policy.extension_pages" key to the trunk channel, it didn't restrict the usage of "content_security_policy" manifest key as a dictionary on non-trunk channels. Fix this. BUG=914224 Change-Id: Ida60cbfadf7001b4253c65967b0d106ec5bb098b Reviewed-on: https://chromium-review.googlesource.com/c/1388171 Commit-Queue: Karan Bhatia <karandeepb@chromium.org> Reviewed-by: Devlin <rdevlin.cronin@chromium.org> Cr-Commit-Position: refs/heads/master@{#618658} [modify] https://crrev.com/bdc60d060bba4d848fde3d6dde129d875eac0528/extensions/common/api/_manifest_features.json [modify] https://crrev.com/bdc60d060bba4d848fde3d6dde129d875eac0528/extensions/common/manifest_handlers/csp_info.cc [modify] https://crrev.com/bdc60d060bba4d848fde3d6dde129d875eac0528/extensions/common/manifest_handlers/csp_info_unittest.cc
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/cfbcaaacf35c8f1a59aaf9d708228e81bf5c03e5 commit cfbcaaacf35c8f1a59aaf9d708228e81bf5c03e5 Author: Karan Bhatia <karandeepb@chromium.org> Date: Thu Dec 27 22:38:50 2018 Extensions: Simplify extension page CSP parsing. This CL simplifies the CSP parsing logic for extension pages a bit. It should introduce no behavior change. BUG=914224 Change-Id: I5c1c2fbcc48364f0e013b16fa6d545da428193b1 Reviewed-on: https://chromium-review.googlesource.com/c/1391361 Reviewed-by: Devlin <rdevlin.cronin@chromium.org> Commit-Queue: Karan Bhatia <karandeepb@chromium.org> Cr-Commit-Position: refs/heads/master@{#619079} [modify] https://crrev.com/cfbcaaacf35c8f1a59aaf9d708228e81bf5c03e5/extensions/common/api/_manifest_features.json [modify] https://crrev.com/cfbcaaacf35c8f1a59aaf9d708228e81bf5c03e5/extensions/common/manifest_handlers/csp_info.cc [modify] https://crrev.com/cfbcaaacf35c8f1a59aaf9d708228e81bf5c03e5/extensions/common/manifest_handlers/csp_info.h
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/0d5f87422fc1b3c8dfe49ba526a52428241b0c77 commit 0d5f87422fc1b3c8dfe49ba526a52428241b0c77 Author: Karan Bhatia <karandeepb@chromium.org> Date: Thu Jan 03 23:41:06 2019 Extensions: Use a single CSPHandler instance for both extensions and platform apps. This CL changes CSPHandler so that it can be used for both extensions and platform apps without creating a different instance for the two. This helps simplify the code. BUG=914224 Change-Id: Ib99fd306071514706d6a3a6b032870f016736a9e Reviewed-on: https://chromium-review.googlesource.com/c/1394912 Reviewed-by: Devlin <rdevlin.cronin@chromium.org> Commit-Queue: Karan Bhatia <karandeepb@chromium.org> Cr-Commit-Position: refs/heads/master@{#619807} [modify] https://crrev.com/0d5f87422fc1b3c8dfe49ba526a52428241b0c77/extensions/common/common_manifest_handlers.cc [modify] https://crrev.com/0d5f87422fc1b3c8dfe49ba526a52428241b0c77/extensions/common/manifest_handlers/csp_info.cc [modify] https://crrev.com/0d5f87422fc1b3c8dfe49ba526a52428241b0c77/extensions/common/manifest_handlers/csp_info.h
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/43e4933a8a378e0bdfdfea6ae1f3b27c4d7d2c8e commit 43e4933a8a378e0bdfdfea6ae1f3b27c4d7d2c8e Author: Karan Bhatia <karandeepb@chromium.org> Date: Thu Jan 03 23:57:19 2019 Extensions: Move handling of sandbox page CSP to CSPHandler. This CL moves handling of the "sandbox.content_security_policy" to the CSPHandler from SandboxedPageHandler. This should have no behavior change. This is in preparation of introducing the "content_security_policy.sandbox" manifest key. BUG=914224 Change-Id: I27e839a09211d7fccc0104e6195d6c123cca8ef2 Reviewed-on: https://chromium-review.googlesource.com/c/1391877 Commit-Queue: Karan Bhatia <karandeepb@chromium.org> Reviewed-by: Devlin <rdevlin.cronin@chromium.org> Cr-Commit-Position: refs/heads/master@{#619817} [modify] https://crrev.com/43e4933a8a378e0bdfdfea6ae1f3b27c4d7d2c8e/extensions/common/manifest.h [modify] https://crrev.com/43e4933a8a378e0bdfdfea6ae1f3b27c4d7d2c8e/extensions/common/manifest_constants.cc [modify] https://crrev.com/43e4933a8a378e0bdfdfea6ae1f3b27c4d7d2c8e/extensions/common/manifest_constants.h [modify] https://crrev.com/43e4933a8a378e0bdfdfea6ae1f3b27c4d7d2c8e/extensions/common/manifest_handlers/csp_info.cc [modify] https://crrev.com/43e4933a8a378e0bdfdfea6ae1f3b27c4d7d2c8e/extensions/common/manifest_handlers/csp_info.h [modify] https://crrev.com/43e4933a8a378e0bdfdfea6ae1f3b27c4d7d2c8e/extensions/common/manifest_handlers/csp_info_unittest.cc [modify] https://crrev.com/43e4933a8a378e0bdfdfea6ae1f3b27c4d7d2c8e/extensions/common/manifest_handlers/sandboxed_page_info.cc [modify] https://crrev.com/43e4933a8a378e0bdfdfea6ae1f3b27c4d7d2c8e/extensions/common/manifest_handlers/sandboxed_page_info.h [add] https://crrev.com/43e4933a8a378e0bdfdfea6ae1f3b27c4d7d2c8e/extensions/test/data/manifest_tests/sandboxed_pages_valid_6.json [add] https://crrev.com/43e4933a8a378e0bdfdfea6ae1f3b27c4d7d2c8e/extensions/test/data/manifest_tests/sandboxed_pages_valid_7.json
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/18d29b0c56b689fb3b4398b5b407eddeb4baffa3 commit 18d29b0c56b689fb3b4398b5b407eddeb4baffa3 Author: Karan Bhatia <karandeepb@chromium.org> Date: Tue Jan 08 23:45:39 2019 Extensions: Introduce "content_security_policy.sandbox" manifest key. This CL implements the parsing for "content_security_policy.sandbox" manifest key. This is part of allowing "content_security_policy" key to be specified as a dictionary. In a follow-up, "content_security_policy.content_scripts" will be implemented. BUG=914224 Change-Id: Ia5ed3a2bee901c9babfc02e8f73e9228955bae75 Reviewed-on: https://chromium-review.googlesource.com/c/1391485 Commit-Queue: Karan Bhatia <karandeepb@chromium.org> Reviewed-by: Devlin <rdevlin.cronin@chromium.org> Cr-Commit-Position: refs/heads/master@{#620938} [modify] https://crrev.com/18d29b0c56b689fb3b4398b5b407eddeb4baffa3/extensions/common/manifest_constants.cc [modify] https://crrev.com/18d29b0c56b689fb3b4398b5b407eddeb4baffa3/extensions/common/manifest_constants.h [modify] https://crrev.com/18d29b0c56b689fb3b4398b5b407eddeb4baffa3/extensions/common/manifest_handlers/csp_info.cc [modify] https://crrev.com/18d29b0c56b689fb3b4398b5b407eddeb4baffa3/extensions/common/manifest_handlers/csp_info.h [modify] https://crrev.com/18d29b0c56b689fb3b4398b5b407eddeb4baffa3/extensions/common/manifest_handlers/csp_info_unittest.cc [add] https://crrev.com/18d29b0c56b689fb3b4398b5b407eddeb4baffa3/extensions/test/data/manifest_tests/sandbox_both_keys.json [add] https://crrev.com/18d29b0c56b689fb3b4398b5b407eddeb4baffa3/extensions/test/data/manifest_tests/sandbox_csp_with_dictionary.json [add] https://crrev.com/18d29b0c56b689fb3b4398b5b407eddeb4baffa3/extensions/test/data/manifest_tests/sandbox_dictionary_1.json [add] https://crrev.com/18d29b0c56b689fb3b4398b5b407eddeb4baffa3/extensions/test/data/manifest_tests/sandbox_dictionary_2.json [add] https://crrev.com/18d29b0c56b689fb3b4398b5b407eddeb4baffa3/extensions/test/data/manifest_tests/sandbox_invalid_type.json [add] https://crrev.com/18d29b0c56b689fb3b4398b5b407eddeb4baffa3/extensions/test/data/manifest_tests/unsandboxed_csp.json
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/f34832e8e2733edb4d7985a1ac73277b1090124c commit f34832e8e2733edb4d7985a1ac73277b1090124c Author: Karan Bhatia <karandeepb@chromium.org> Date: Fri Jan 18 02:02:00 2019 Extensions: Plumb manifest key for csp related install warnings. Currently csp related install warnings can use the incorrect manifest key. This change ensures the correct manifest key is used. BUG=914224 Change-Id: I10ae72c5f2f65e2502c0e149aa38058e64820396 Reviewed-on: https://chromium-review.googlesource.com/c/1407914 Commit-Queue: Karan Bhatia <karandeepb@chromium.org> Reviewed-by: Devlin <rdevlin.cronin@chromium.org> Cr-Commit-Position: refs/heads/master@{#623955} [modify] https://crrev.com/f34832e8e2733edb4d7985a1ac73277b1090124c/chrome/common/extensions/manifest_tests/extension_manifests_contentsecuritypolicy_unittest.cc [modify] https://crrev.com/f34832e8e2733edb4d7985a1ac73277b1090124c/chrome/common/extensions/manifest_tests/extension_manifests_platformapp_unittest.cc [modify] https://crrev.com/f34832e8e2733edb4d7985a1ac73277b1090124c/extensions/common/csp_validator.cc [modify] https://crrev.com/f34832e8e2733edb4d7985a1ac73277b1090124c/extensions/common/csp_validator.h [modify] https://crrev.com/f34832e8e2733edb4d7985a1ac73277b1090124c/extensions/common/csp_validator_unittest.cc [modify] https://crrev.com/f34832e8e2733edb4d7985a1ac73277b1090124c/extensions/common/manifest_constants.cc [modify] https://crrev.com/f34832e8e2733edb4d7985a1ac73277b1090124c/extensions/common/manifest_constants.h [modify] https://crrev.com/f34832e8e2733edb4d7985a1ac73277b1090124c/extensions/common/manifest_handlers/csp_info.cc [modify] https://crrev.com/f34832e8e2733edb4d7985a1ac73277b1090124c/extensions/common/manifest_handlers/csp_info.h
Comment 1 by karandeepb@chromium.org
, Dec 12