New issue
Advanced search Search tips
Starred by 2 users

Issue metadata

Status: Assigned
Owner:
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 2
Type: Bug

Blocking:
issue 896041
issue 896897



Sign in to add a comment
link

Issue 914224: Extensions: Implement support for "content_security_policy" manifest key to be a dictionary.

Reported by karandeepb@chromium.org, Dec 12 Project Member

Issue description

See discussion in crbug.com/896041 and the doc discussing this change- https://docs.google.com/document/d/1vzcRg-wc2RP5yHDz4abCjgS7uzZuQYFd0izmiMFb-mY/edit?usp=sharing.

Also note that in Manifest V3, "content_security_policy" manifest key will only be a dictionary and not a string.
 

Comment 1 by karandeepb@chromium.org, Dec 12

Components: Platform>Extensions

Comment 2 by bugdroid1@chromium.org, Dec 14

Project Member
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/d4c1a926a9185194779ca8c26768e85c00954ab7

commit d4c1a926a9185194779ca8c26768e85c00954ab7
Author: Karan Bhatia <karandeepb@chromium.org>
Date: Fri Dec 14 22:21:39 2018

Extensions: Implement "content_security_policy.extension_pages" manifest key.

This CL implements the "content_security_policy.extension_pages" manifest key.
This is part of allowing "content_security_policy" key to be specified as a
dictionary. In follow-ups, "content_security_policy.sandbox" and "content_security_policy.content_scripts" will be implemented.

BUG=914224

Change-Id: I1e3a3b1757d1417bf12c3f4fb2fa652fe8bc29e8
Reviewed-on: https://chromium-review.googlesource.com/c/1373253
Commit-Queue: Karan Bhatia <karandeepb@chromium.org>
Reviewed-by: Devlin <rdevlin.cronin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#616847}
[modify] https://crrev.com/d4c1a926a9185194779ca8c26768e85c00954ab7/extensions/common/api/_manifest_features.json
[modify] https://crrev.com/d4c1a926a9185194779ca8c26768e85c00954ab7/extensions/common/manifest_constants.cc
[modify] https://crrev.com/d4c1a926a9185194779ca8c26768e85c00954ab7/extensions/common/manifest_constants.h
[modify] https://crrev.com/d4c1a926a9185194779ca8c26768e85c00954ab7/extensions/common/manifest_handlers/csp_info.cc
[modify] https://crrev.com/d4c1a926a9185194779ca8c26768e85c00954ab7/extensions/common/manifest_handlers/csp_info.h
[modify] https://crrev.com/d4c1a926a9185194779ca8c26768e85c00954ab7/extensions/common/manifest_handlers/csp_info_unittest.cc
[add] https://crrev.com/d4c1a926a9185194779ca8c26768e85c00954ab7/extensions/test/data/manifest_tests/csp_dictionary_valid.json
[add] https://crrev.com/d4c1a926a9185194779ca8c26768e85c00954ab7/extensions/test/data/manifest_tests/csp_empty_dictionary_valid.json
[add] https://crrev.com/d4c1a926a9185194779ca8c26768e85c00954ab7/extensions/test/data/manifest_tests/csp_empty_valid.json
[add] https://crrev.com/d4c1a926a9185194779ca8c26768e85c00954ab7/extensions/test/data/manifest_tests/csp_invalid_1.json
[add] https://crrev.com/d4c1a926a9185194779ca8c26768e85c00954ab7/extensions/test/data/manifest_tests/csp_invalid_2.json
[add] https://crrev.com/d4c1a926a9185194779ca8c26768e85c00954ab7/extensions/test/data/manifest_tests/csp_invalid_3.json
[add] https://crrev.com/d4c1a926a9185194779ca8c26768e85c00954ab7/extensions/test/data/manifest_tests/csp_string_valid.json

Comment 3 by bugdroid1@chromium.org, Dec 21

Project Member
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/bdc60d060bba4d848fde3d6dde129d875eac0528

commit bdc60d060bba4d848fde3d6dde129d875eac0528
Author: Karan Bhatia <karandeepb@chromium.org>
Date: Fri Dec 21 23:12:44 2018

Extensions: Restrict "content_security_policy" dictionary key to trunk.

r616847 introduced the ability for the "content_security_policy" manifest key to
be used as a dictionary. While the CL restricted the
"content_security_policy.extension_pages" key to the trunk channel, it didn't
restrict the usage of "content_security_policy" manifest key as a dictionary on
non-trunk channels. Fix this.

BUG=914224

Change-Id: Ida60cbfadf7001b4253c65967b0d106ec5bb098b
Reviewed-on: https://chromium-review.googlesource.com/c/1388171
Commit-Queue: Karan Bhatia <karandeepb@chromium.org>
Reviewed-by: Devlin <rdevlin.cronin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#618658}
[modify] https://crrev.com/bdc60d060bba4d848fde3d6dde129d875eac0528/extensions/common/api/_manifest_features.json
[modify] https://crrev.com/bdc60d060bba4d848fde3d6dde129d875eac0528/extensions/common/manifest_handlers/csp_info.cc
[modify] https://crrev.com/bdc60d060bba4d848fde3d6dde129d875eac0528/extensions/common/manifest_handlers/csp_info_unittest.cc

Comment 4 by bugdroid1@chromium.org, Dec 27

Project Member
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/cfbcaaacf35c8f1a59aaf9d708228e81bf5c03e5

commit cfbcaaacf35c8f1a59aaf9d708228e81bf5c03e5
Author: Karan Bhatia <karandeepb@chromium.org>
Date: Thu Dec 27 22:38:50 2018

Extensions: Simplify extension page CSP parsing.

This CL simplifies the CSP parsing logic for extension pages a bit. It should
introduce no behavior change.

BUG=914224

Change-Id: I5c1c2fbcc48364f0e013b16fa6d545da428193b1
Reviewed-on: https://chromium-review.googlesource.com/c/1391361
Reviewed-by: Devlin <rdevlin.cronin@chromium.org>
Commit-Queue: Karan Bhatia <karandeepb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#619079}
[modify] https://crrev.com/cfbcaaacf35c8f1a59aaf9d708228e81bf5c03e5/extensions/common/api/_manifest_features.json
[modify] https://crrev.com/cfbcaaacf35c8f1a59aaf9d708228e81bf5c03e5/extensions/common/manifest_handlers/csp_info.cc
[modify] https://crrev.com/cfbcaaacf35c8f1a59aaf9d708228e81bf5c03e5/extensions/common/manifest_handlers/csp_info.h

Comment 5 by bugdroid1@chromium.org, Jan 3

Project Member
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/0d5f87422fc1b3c8dfe49ba526a52428241b0c77

commit 0d5f87422fc1b3c8dfe49ba526a52428241b0c77
Author: Karan Bhatia <karandeepb@chromium.org>
Date: Thu Jan 03 23:41:06 2019

Extensions: Use a single CSPHandler instance for both extensions and platform apps.

This CL changes CSPHandler so that it can be used for both extensions and
platform apps without creating a different instance for the two. This helps
simplify the code.

BUG=914224

Change-Id: Ib99fd306071514706d6a3a6b032870f016736a9e
Reviewed-on: https://chromium-review.googlesource.com/c/1394912
Reviewed-by: Devlin <rdevlin.cronin@chromium.org>
Commit-Queue: Karan Bhatia <karandeepb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#619807}
[modify] https://crrev.com/0d5f87422fc1b3c8dfe49ba526a52428241b0c77/extensions/common/common_manifest_handlers.cc
[modify] https://crrev.com/0d5f87422fc1b3c8dfe49ba526a52428241b0c77/extensions/common/manifest_handlers/csp_info.cc
[modify] https://crrev.com/0d5f87422fc1b3c8dfe49ba526a52428241b0c77/extensions/common/manifest_handlers/csp_info.h

Comment 6 by bugdroid1@chromium.org, Jan 3

Project Member
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/43e4933a8a378e0bdfdfea6ae1f3b27c4d7d2c8e

commit 43e4933a8a378e0bdfdfea6ae1f3b27c4d7d2c8e
Author: Karan Bhatia <karandeepb@chromium.org>
Date: Thu Jan 03 23:57:19 2019

Extensions: Move handling of sandbox page CSP to CSPHandler.

This CL moves handling of the "sandbox.content_security_policy" to the
CSPHandler from SandboxedPageHandler. This should have no behavior change. This
is in preparation of introducing the "content_security_policy.sandbox" manifest
key.

BUG=914224

Change-Id: I27e839a09211d7fccc0104e6195d6c123cca8ef2
Reviewed-on: https://chromium-review.googlesource.com/c/1391877
Commit-Queue: Karan Bhatia <karandeepb@chromium.org>
Reviewed-by: Devlin <rdevlin.cronin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#619817}
[modify] https://crrev.com/43e4933a8a378e0bdfdfea6ae1f3b27c4d7d2c8e/extensions/common/manifest.h
[modify] https://crrev.com/43e4933a8a378e0bdfdfea6ae1f3b27c4d7d2c8e/extensions/common/manifest_constants.cc
[modify] https://crrev.com/43e4933a8a378e0bdfdfea6ae1f3b27c4d7d2c8e/extensions/common/manifest_constants.h
[modify] https://crrev.com/43e4933a8a378e0bdfdfea6ae1f3b27c4d7d2c8e/extensions/common/manifest_handlers/csp_info.cc
[modify] https://crrev.com/43e4933a8a378e0bdfdfea6ae1f3b27c4d7d2c8e/extensions/common/manifest_handlers/csp_info.h
[modify] https://crrev.com/43e4933a8a378e0bdfdfea6ae1f3b27c4d7d2c8e/extensions/common/manifest_handlers/csp_info_unittest.cc
[modify] https://crrev.com/43e4933a8a378e0bdfdfea6ae1f3b27c4d7d2c8e/extensions/common/manifest_handlers/sandboxed_page_info.cc
[modify] https://crrev.com/43e4933a8a378e0bdfdfea6ae1f3b27c4d7d2c8e/extensions/common/manifest_handlers/sandboxed_page_info.h
[add] https://crrev.com/43e4933a8a378e0bdfdfea6ae1f3b27c4d7d2c8e/extensions/test/data/manifest_tests/sandboxed_pages_valid_6.json
[add] https://crrev.com/43e4933a8a378e0bdfdfea6ae1f3b27c4d7d2c8e/extensions/test/data/manifest_tests/sandboxed_pages_valid_7.json

Comment 7 by bugdroid1@chromium.org, Jan 8

Project Member
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/18d29b0c56b689fb3b4398b5b407eddeb4baffa3

commit 18d29b0c56b689fb3b4398b5b407eddeb4baffa3
Author: Karan Bhatia <karandeepb@chromium.org>
Date: Tue Jan 08 23:45:39 2019

Extensions: Introduce "content_security_policy.sandbox" manifest key.

This CL implements the parsing for "content_security_policy.sandbox" manifest key.
This is part of allowing "content_security_policy" key to be specified as a
dictionary. In a follow-up, "content_security_policy.content_scripts" will be
implemented.

BUG=914224

Change-Id: Ia5ed3a2bee901c9babfc02e8f73e9228955bae75
Reviewed-on: https://chromium-review.googlesource.com/c/1391485
Commit-Queue: Karan Bhatia <karandeepb@chromium.org>
Reviewed-by: Devlin <rdevlin.cronin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#620938}
[modify] https://crrev.com/18d29b0c56b689fb3b4398b5b407eddeb4baffa3/extensions/common/manifest_constants.cc
[modify] https://crrev.com/18d29b0c56b689fb3b4398b5b407eddeb4baffa3/extensions/common/manifest_constants.h
[modify] https://crrev.com/18d29b0c56b689fb3b4398b5b407eddeb4baffa3/extensions/common/manifest_handlers/csp_info.cc
[modify] https://crrev.com/18d29b0c56b689fb3b4398b5b407eddeb4baffa3/extensions/common/manifest_handlers/csp_info.h
[modify] https://crrev.com/18d29b0c56b689fb3b4398b5b407eddeb4baffa3/extensions/common/manifest_handlers/csp_info_unittest.cc
[add] https://crrev.com/18d29b0c56b689fb3b4398b5b407eddeb4baffa3/extensions/test/data/manifest_tests/sandbox_both_keys.json
[add] https://crrev.com/18d29b0c56b689fb3b4398b5b407eddeb4baffa3/extensions/test/data/manifest_tests/sandbox_csp_with_dictionary.json
[add] https://crrev.com/18d29b0c56b689fb3b4398b5b407eddeb4baffa3/extensions/test/data/manifest_tests/sandbox_dictionary_1.json
[add] https://crrev.com/18d29b0c56b689fb3b4398b5b407eddeb4baffa3/extensions/test/data/manifest_tests/sandbox_dictionary_2.json
[add] https://crrev.com/18d29b0c56b689fb3b4398b5b407eddeb4baffa3/extensions/test/data/manifest_tests/sandbox_invalid_type.json
[add] https://crrev.com/18d29b0c56b689fb3b4398b5b407eddeb4baffa3/extensions/test/data/manifest_tests/unsandboxed_csp.json

Comment 8 by bugdroid1@chromium.org, Jan 18

Project Member
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/f34832e8e2733edb4d7985a1ac73277b1090124c

commit f34832e8e2733edb4d7985a1ac73277b1090124c
Author: Karan Bhatia <karandeepb@chromium.org>
Date: Fri Jan 18 02:02:00 2019

Extensions: Plumb manifest key for csp related install warnings.

Currently csp related install warnings can use the incorrect manifest key. This
change ensures the correct manifest key is used.

BUG=914224

Change-Id: I10ae72c5f2f65e2502c0e149aa38058e64820396
Reviewed-on: https://chromium-review.googlesource.com/c/1407914
Commit-Queue: Karan Bhatia <karandeepb@chromium.org>
Reviewed-by: Devlin <rdevlin.cronin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#623955}
[modify] https://crrev.com/f34832e8e2733edb4d7985a1ac73277b1090124c/chrome/common/extensions/manifest_tests/extension_manifests_contentsecuritypolicy_unittest.cc
[modify] https://crrev.com/f34832e8e2733edb4d7985a1ac73277b1090124c/chrome/common/extensions/manifest_tests/extension_manifests_platformapp_unittest.cc
[modify] https://crrev.com/f34832e8e2733edb4d7985a1ac73277b1090124c/extensions/common/csp_validator.cc
[modify] https://crrev.com/f34832e8e2733edb4d7985a1ac73277b1090124c/extensions/common/csp_validator.h
[modify] https://crrev.com/f34832e8e2733edb4d7985a1ac73277b1090124c/extensions/common/csp_validator_unittest.cc
[modify] https://crrev.com/f34832e8e2733edb4d7985a1ac73277b1090124c/extensions/common/manifest_constants.cc
[modify] https://crrev.com/f34832e8e2733edb4d7985a1ac73277b1090124c/extensions/common/manifest_constants.h
[modify] https://crrev.com/f34832e8e2733edb4d7985a1ac73277b1090124c/extensions/common/manifest_handlers/csp_info.cc
[modify] https://crrev.com/f34832e8e2733edb4d7985a1ac73277b1090124c/extensions/common/manifest_handlers/csp_info.h

Comment 9 by bugdroid, Jan 24

Project Member
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/11c67e5998f4dbb2d04b3e149c83e3f585846f2a

commit 11c67e5998f4dbb2d04b3e149c83e3f585846f2a
Author: Karan Bhatia <karandeepb@chromium.org>
Date: Thu Jan 24 04:28:00 2019

Extensions: Implement "content_security_policy.isolated_world" manifest key.

This CL implements the "content_security_policy.isolated_world" manifest key. In
a later CL, the parsed CSP will be plumbed to the renderer.

BUG=914224

Change-Id: Ia13904d760c40b20a3309c521d44666c2dfbc0c7
Reviewed-on: https://chromium-review.googlesource.com/c/1406233
Commit-Queue: Karan Bhatia <karandeepb@chromium.org>
Reviewed-by: Devlin <rdevlin.cronin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#625493}

Comment 10 by bugdroid, Jan 24

Project Member
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/75d36ac0c81c3e319652ab4de6297ff84fa0f09f

commit 75d36ac0c81c3e319652ab4de6297ff84fa0f09f
Author: Karan Bhatia <karandeepb@chromium.org>
Date: Thu Jan 24 05:25:42 2019

Extensions: Restrict mv3 extensions to use "content_security_policy" as dictionary.

This CL fixes an existing TODO and restricts manifest v3 extensions such that
they always use "content_security_policy" manifest key as a dictionary.

BUG=914224

Change-Id: I4b7be7cd9edf64a016d343660e11e4a197c5b409
Reviewed-on: https://chromium-review.googlesource.com/c/1423744
Commit-Queue: Karan Bhatia <karandeepb@chromium.org>
Reviewed-by: Devlin <rdevlin.cronin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#625515}

Sign in to add a comment