lib/csp.js - Issue 29367316: Issue 4722 - Drop support for Chrome 41 - 48

Keyboard Shortcuts

	File
u :	up to issue
m :	publish + mail comments
M :	edit review message
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line
<Enter> :	respond to / edit current comment
d :	mark current comment as done

	Issue
u :	up to list of issues
m :	publish + mail comments
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue
# :	close issue

	Comment/message editing
<Ctrl> + s or <Ctrl> + Enter :	save comment
<Esc> :	cancel edit

Unified Diff: lib/csp.js

Issue 29367316: Issue 4722 - Drop support for Chrome 41 - 48 (Closed)

Patch Set: Brought back http CSP comment + indistinguishableTypes Created Dec. 13, 2016, 3:04 p.m.

Use n/p to move between diff chunks; N/P to move between comments.

Jump to:

Index: lib/csp.js

diff --git a/lib/csp.js b/lib/csp.js

index 937792e99861062ac326b7f38b5adeb71c6fc5ec..5309863ab1bb65b9f8a5318d44ef723d0a6d49e9 100644

--- a/lib/csp.js

+++ b/lib/csp.js

@@ -34,15 +34,13 @@ chrome.webRequest.onHeadersReceived.addListener(function(details)

// since the Chrome extension API does not allow us to intercept them.

// https://bugs.chromium.org/p/chromium/issues/detail?id=129353

- // We also need the frame-src and child-src restrictions since CSPs are

+ // We also need the child-src and object-src restrictions since CSPs are

// not inherited from the parent for documents with data: and blob: URLs.

// https://bugs.chromium.org/p/chromium/issues/detail?id=513860

- // As of Chrome 49 "http:" also includes "https:" implictly. We specify

- // both here for compatibility with earlier versions of Chrome.

+ // "http:" also includes "https:" implictly.

// https://www.chromestatus.com/feature/6653486812889088

- value: "connect-src http: https:; frame-src http: https:; " +

- "child-src http: https:; object-src http: https:"

+ value: "connect-src http:; child-src http:; object-src http:"

});

return {responseHeaders: details.responseHeaders};

}

« no previous file with comments | « include.preload.js ('k') | lib/icon.js » ('j') | no next file with comments »