From 3ba901b7a140b8c8a754393a437005f3e2c903e0 Mon Sep 17 00:00:00 2001
From: Karan Bhatia <karandeepb@chromium.org>
Date: Thu, 22 Apr 2021 01:48:44 +0000
Subject: [PATCH] Revert "Extensions: Prohibit remote stylesheets by default in
MV3."
This reverts commit a9d01743d6e64d68ec89bc9b13f50a128adb4073.
Reason for revert: We have decided to not disallow remote stylesheets
on a platform level for now.
Original change's description:
> Extensions: Prohibit remote stylesheets by default in MV3.
>
> This CL hardens the requirements for
> "content_security_policy.extension_pages" manifest key in Manifest V3 to
> prohibit remote CSS by disallowing insecure values for "style-src".
> Since this is a breaking change, allow extensions to specify insecure
> (effective) values till M93 and raise an install warning.
>
> Bug: 1016997
> Change-Id: I5cf67166f35d5cf21e819e852aca774a870acf08
> Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2812500
> Commit-Queue: Karan Bhatia <karandeepb@chromium.org>
> Reviewed-by: Devlin <rdevlin.cronin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#872200}
Bug: 1016997
Change-Id: Ibad5b532654f27643cef044b8e0a553c44b4f441
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2845455
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Reviewed-by: Devlin <rdevlin.cronin@chromium.org>
Commit-Queue: Devlin <rdevlin.cronin@chromium.org>
Commit-Queue: Karan Bhatia <karandeepb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#874974}
---
extensions/common/csp_validator.cc | 34 ++------
extensions/common/csp_validator.h | 3 +-
extensions/common/csp_validator_unittest.cc | 80 ++++++++-----------
extensions/common/manifest_constants.cc | 2 +-
.../common/manifest_handlers/csp_info.cc | 35 +++-----
.../manifest_handlers/csp_info_unittest.cc | 49 +++---------
.../manifest_tests/csp_missing_style_src.json | 8 --
.../manifest_tests/csp_safe_style_src.json | 8 --
.../manifest_tests/csp_unsafe_style_src.json | 8 --
.../manifest_tests/sandbox_dictionary_2.json | 2 +-
10 files changed, 69 insertions(+), 160 deletions(-)
delete mode 100644 extensions/test/data/manifest_tests/csp_missing_style_src.json
delete mode 100644 extensions/test/data/manifest_tests/csp_safe_style_src.json
delete mode 100644 extensions/test/data/manifest_tests/csp_unsafe_style_src.json
diff --git a/extensions/common/csp_validator.cc b/extensions/common/csp_validator.cc
index 7bfefd1f0c0c1..b54e1b7cb9d68 100644
--- a/extensions/common/csp_validator.cc
+++ b/extensions/common/csp_validator.cc
@@ -21,7 +21,6 @@
#include "base/strings/string_split.h"
#include "base/strings/string_util.h"
#include "base/strings/stringprintf.h"
-#include "base/strings/utf_string_conversions.h"
#include "content/public/common/url_constants.h"
#include "extensions/common/constants.h"
#include "extensions/common/error_utils.h"
@@ -41,7 +40,6 @@ const char kObjectSrc[] = "object-src";
const char kFrameSrc[] = "frame-src";
const char kChildSrc[] = "child-src";
const char kWorkerSrc[] = "worker-src";
-const char kStyleSrc[] = "style-src";
const char kSelfSource[] = "'self'";
const char kNoneSource[] = "'none'";
@@ -238,7 +236,7 @@ std::string GetSecureDirectiveValues(
std::string source_lower = base::ToLowerASCII(source_literal);
bool is_secure_csp_token = false;
- // We might need to relax this allowlist over time.
+ // We might need to relax this whitelist over time.
if (source_lower == kSelfSource || source_lower == kNoneSource ||
source_lower == "'wasm-eval'" || source_lower == "blob:" ||
source_lower == "filesystem:" ||
@@ -624,8 +622,7 @@ bool ContentSecurityPolicyIsSandboxed(
bool DoesCSPDisallowRemoteCode(const std::string& content_security_policy,
base::StringPiece manifest_key,
- std::u16string* error,
- std::vector<InstallWarning>& warnings) {
+ std::u16string* error) {
DCHECK(error);
struct DirectiveMapping {
@@ -638,12 +635,13 @@ bool DoesCSPDisallowRemoteCode(const std::string& content_security_policy,
DirectiveMapping script_src_mapping({DirectiveStatus({kScriptSrc})});
DirectiveMapping object_src_mapping({DirectiveStatus({kObjectSrc})});
DirectiveMapping worker_src_mapping({DirectiveStatus({kWorkerSrc})});
- DirectiveMapping style_src_mapping({DirectiveStatus({kStyleSrc})});
DirectiveMapping default_src_mapping({DirectiveStatus({kDefaultSrc})});
DirectiveMapping* directive_mappings[] = {
- &script_src_mapping, &object_src_mapping, &worker_src_mapping,
- &style_src_mapping, &default_src_mapping,
+ &script_src_mapping,
+ &object_src_mapping,
+ &worker_src_mapping,
+ &default_src_mapping,
};
// Populate |directive_mappings|.
@@ -679,9 +677,6 @@ bool DoesCSPDisallowRemoteCode(const std::string& content_security_policy,
// "object-src" fallbacks to "default-src".
fallback_if_necessary(&object_src_mapping, default_src_mapping);
- // "style-src" fallbacks to "default-src".
- fallback_if_necessary(&style_src_mapping, default_src_mapping);
-
// "worker-src" fallbacks to "script-src", which might itself fallback to
// "default-src".
fallback_if_necessary(&worker_src_mapping, script_src_mapping);
@@ -724,23 +719,8 @@ bool DoesCSPDisallowRemoteCode(const std::string& content_security_policy,
continue;
}
- std::u16string insecure_directive_error_or_warning;
- if (!is_secure_directive(*mapping, &insecure_directive_error_or_warning)) {
- // TODO(crbug.com/1016997): Special accommodation for "style-src": Allow
- // extensions to not specify a safe value for "style-src" till M93 but
- // raise an install warning.
- if (mapping == &style_src_mapping) {
- std::string warning =
- base::UTF16ToASCII(insecure_directive_error_or_warning);
- warning += " This will cause an error beginning M93.";
- warnings.push_back(
- InstallWarning(std::move(warning), manifest_key.as_string()));
- continue;
- }
-
- *error = std::move(insecure_directive_error_or_warning);
+ if (!is_secure_directive(*mapping, error))
return false;
- }
DCHECK(mapping->directive);
secure_directives.insert(mapping->directive);
diff --git a/extensions/common/csp_validator.h b/extensions/common/csp_validator.h
index 13b6039b3c0e7..c30c5a63ff93f 100644
--- a/extensions/common/csp_validator.h
+++ b/extensions/common/csp_validator.h
@@ -133,8 +133,7 @@ bool ContentSecurityPolicyIsSandboxed(
// If not, populates |error|.
bool DoesCSPDisallowRemoteCode(const std::string& content_security_policy,
base::StringPiece manifest_key,
- std::u16string* error,
- std::vector<InstallWarning>& warnings);
+ std::u16string* error);
} // namespace csp_validator
diff --git a/extensions/common/csp_validator_unittest.cc b/extensions/common/csp_validator_unittest.cc
index 18b58f5dc6312..5646f5be5221e 100644
--- a/extensions/common/csp_validator_unittest.cc
+++ b/extensions/common/csp_validator_unittest.cc
@@ -14,31 +14,34 @@
#include "extensions/common/manifest_constants.h"
#include "testing/gtest/include/gtest/gtest.h"
-namespace extensions {
-namespace {
+using extensions::csp_validator::ContentSecurityPolicyIsLegal;
+using extensions::csp_validator::GetEffectiveSandoxedPageCSP;
+using extensions::csp_validator::SanitizeContentSecurityPolicy;
+using extensions::csp_validator::ContentSecurityPolicyIsSandboxed;
+using extensions::csp_validator::OPTIONS_NONE;
+using extensions::csp_validator::OPTIONS_ALLOW_UNSAFE_EVAL;
+using extensions::csp_validator::OPTIONS_ALLOW_INSECURE_OBJECT_SRC;
+using extensions::ErrorUtils;
+using extensions::InstallWarning;
+using extensions::Manifest;
-using csp_validator::ContentSecurityPolicyIsLegal;
-using csp_validator::ContentSecurityPolicyIsSandboxed;
-using csp_validator::CSPParser;
-using csp_validator::GetEffectiveSandoxedPageCSP;
-using csp_validator::OPTIONS_ALLOW_INSECURE_OBJECT_SRC;
-using csp_validator::OPTIONS_ALLOW_UNSAFE_EVAL;
-using csp_validator::OPTIONS_NONE;
-using csp_validator::SanitizeContentSecurityPolicy;
+namespace {
std::string InsecureValueWarning(
const std::string& directive,
const std::string& value,
- const std::string& manifest_key = manifest_keys::kContentSecurityPolicy) {
+ const std::string& manifest_key =
+ extensions::manifest_keys::kContentSecurityPolicy) {
return ErrorUtils::FormatErrorMessage(
- manifest_errors::kInvalidCSPInsecureValueIgnored, manifest_key, value,
- directive);
+ extensions::manifest_errors::kInvalidCSPInsecureValueIgnored,
+ manifest_key, value, directive);
}
std::string MissingSecureSrcWarning(const std::string& manifest_key,
const std::string& directive) {
return ErrorUtils::FormatErrorMessage(
- manifest_errors::kInvalidCSPMissingSecureSrc, manifest_key, directive);
+ extensions::manifest_errors::kInvalidCSPMissingSecureSrc, manifest_key,
+ directive);
}
bool CSPEquals(const std::string& csp1, const std::string& csp2) {
@@ -59,14 +62,15 @@ struct SanitizedCSPResult {
SanitizedCSPResult SanitizeCSP(const std::string& policy, int options) {
SanitizedCSPResult result;
result.csp = SanitizeContentSecurityPolicy(
- policy, manifest_keys::kContentSecurityPolicy, options, &result.warnings);
+ policy, extensions::manifest_keys::kContentSecurityPolicy, options,
+ &result.warnings);
return result;
}
SanitizedCSPResult SanitizeSandboxPageCSP(const std::string& policy) {
SanitizedCSPResult result;
result.csp = GetEffectiveSandoxedPageCSP(
- policy, manifest_keys::kSandboxedPagesCSP, &result.warnings);
+ policy, extensions::manifest_keys::kSandboxedPagesCSP, &result.warnings);
return result;
}
@@ -153,8 +157,8 @@ TEST(ExtensionCSPValidator, IsLegal) {
TEST(ExtensionCSPValidator, IsSecure) {
auto missing_secure_src_warning = [](const std::string& directive) {
- return MissingSecureSrcWarning(manifest_keys::kContentSecurityPolicy,
- directive);
+ return MissingSecureSrcWarning(
+ extensions::manifest_keys::kContentSecurityPolicy, directive);
};
EXPECT_TRUE(CheckCSP(SanitizeCSP(std::string(), OPTIONS_ALLOW_UNSAFE_EVAL),
@@ -473,7 +477,7 @@ TEST(ExtensionCSPValidator, EffectiveSandboxedPageCSP) {
auto insecure_value_warning = [](const std::string& directive,
const std::string& value) {
return InsecureValueWarning(directive, value,
- manifest_keys::kSandboxedPagesCSP);
+ extensions::manifest_keys::kSandboxedPagesCSP);
};
EXPECT_TRUE(CheckCSP(
@@ -535,6 +539,7 @@ TEST(ExtensionCSPValidator, EffectiveSandboxedPageCSP) {
insecure_value_warning("child-src", "http://foo.com")));
}
+namespace extensions {
namespace csp_validator {
void PrintTo(const CSPParser::Directive& directive, ::std::ostream* os) {
@@ -545,9 +550,10 @@ void PrintTo(const CSPParser::Directive& directive, ::std::ostream* os) {
}
} // namespace csp_validator
+} // namespace extensions
TEST(ExtensionCSPValidator, ParseCSP) {
- using CSPParser = csp_validator::CSPParser;
+ using CSPParser = extensions::csp_validator::CSPParser;
using DirectiveList = CSPParser::DirectiveList;
struct TestCase {
@@ -594,8 +600,8 @@ TEST(ExtensionCSPValidator, DoesCSPDisallowRemoteCode) {
auto insecure_value_error = [kManifestKey](const std::string& directive,
const std::string& value) {
return ErrorUtils::FormatErrorMessage(
- manifest_errors::kInvalidCSPInsecureValueError, kManifestKey, value,
- directive);
+ extensions::manifest_errors::kInvalidCSPInsecureValueError,
+ kManifestKey, value, directive);
};
auto missing_secure_src_error = [kManifestKey](const std::string& directive) {
@@ -605,10 +611,9 @@ TEST(ExtensionCSPValidator, DoesCSPDisallowRemoteCode) {
struct {
const char* policy;
std::string expected_error; // Empty if no error expected.
- std::string expected_warning; // Empty if no warning expected.
} test_cases[] = {
{"frame-src google.com; default-src yahoo.com; script-src 'self'; "
- "worker-src; object-src http://localhost:80 'none'; style-src 'self'",
+ "worker-src; object-src http://localhost:80 'none'",
""},
{"worker-src http://localhost google.com; script-src; object-src 'self'",
insecure_value_error("worker-src", "google.com")},
@@ -622,35 +627,16 @@ TEST(ExtensionCSPValidator, DoesCSPDisallowRemoteCode) {
{"script-src; worker-src 'self'; default-src google.com",
insecure_value_error("object-src", "google.com")},
// "worker-src" falls back to "script-src".
- {"script-src 'self'; object-src 'none'; style-src 'none'; default-src "
- "google.com",
- ""},
+ {"script-src 'self'; object-src 'none'; default-src google.com", ""},
{"script-src 'unsafe-eval'; worker-src; default-src;",
- insecure_value_error("script-src", "'unsafe-eval'")},
- {"script-src; object-src; style-src 'self';"},
- {"script-src; object-src; style-src google.com;", "",
- "'dummy_key': Insecure CSP value \"google.com\" in directive "
- "'style-src'. This will cause an error beginning M93."},
- {"script-src; object-src;", "",
- "'dummy_key': CSP directive 'style-src' must be specified (either "
- "explicitly, or implicitly via 'default-src') and must allow only "
- "secure resources. This will cause an error beginning M93."}};
+ insecure_value_error("script-src", "'unsafe-eval'")}};
for (const auto& test_case : test_cases) {
SCOPED_TRACE(test_case.policy);
std::u16string error;
- std::vector<InstallWarning> warnings;
- bool result = csp_validator::DoesCSPDisallowRemoteCode(
- test_case.policy, kManifestKey, &error, warnings);
+ bool result = extensions::csp_validator::DoesCSPDisallowRemoteCode(
+ test_case.policy, kManifestKey, &error);
EXPECT_EQ(test_case.expected_error.empty(), result);
EXPECT_EQ(base::ASCIIToUTF16(test_case.expected_error), error);
- EXPECT_EQ(test_case.expected_warning.empty(), warnings.empty());
- if (!warnings.empty()) {
- EXPECT_EQ(1u, warnings.size());
- EXPECT_EQ(test_case.expected_warning, warnings[0].message);
- EXPECT_EQ(kManifestKey, warnings[0].key);
- }
}
}
-
-} // namespace extensions
diff --git a/extensions/common/manifest_constants.cc b/extensions/common/manifest_constants.cc
index d111484349f21..090ab28baac09 100644
--- a/extensions/common/manifest_constants.cc
+++ b/extensions/common/manifest_constants.cc
@@ -349,7 +349,7 @@ const char kInvalidCSPInsecureValueError[] =
"'*': Insecure CSP value \"*\" in directive '*'.";
const char kInvalidCSPMissingSecureSrc[] =
"'*': CSP directive '*' must be specified (either explicitly, or "
- "implicitly via 'default-src') and must allow only secure resources.";
+ "implicitly via 'default-src') and must whitelist only secure resources.";
const char kInvalidDefaultLocale[] =
"Invalid value for default locale - locale name must be a string.";
const char kInvalidDescription[] =
diff --git a/extensions/common/manifest_handlers/csp_info.cc b/extensions/common/manifest_handlers/csp_info.cc
index 86cbbd01a9cf5..1b06d06cec875 100644
--- a/extensions/common/manifest_handlers/csp_info.cc
+++ b/extensions/common/manifest_handlers/csp_info.cc
@@ -7,8 +7,6 @@
#include <memory>
#include <utility>
-#include "base/check.h"
-#include "base/dcheck_is_on.h"
#include "base/no_destructor.h"
#include "base/strings/string_util.h"
#include "base/strings/utf_string_conversions.h"
@@ -33,6 +31,9 @@ const char kDefaultContentSecurityPolicy[] =
"script-src 'self' blob: filesystem:; "
"object-src 'self' blob: filesystem:;";
+// The default secure CSP to be used in order to prevent remote scripts.
+const char kDefaultSecureCSP[] = "script-src 'self'; object-src 'self';";
+
const char kDefaultSandboxedPageContentSecurityPolicy[] =
"sandbox allow-scripts allow-forms allow-popups allow-modals; "
"script-src 'self' 'unsafe-inline' 'unsafe-eval'; child-src 'self';";
@@ -92,9 +93,6 @@ const base::Value* GetManifestPath(const Extension* extension,
const char* GetDefaultExtensionPagesCSP(Extension* extension,
bool secure_only) {
- // The default secure CSP used to mitigate against remotely hosted code.
- static const char kDefaultSecureCSP[] =
- "script-src 'self'; style-src 'self'; object-src 'self';";
if (secure_only)
return kDefaultSecureCSP;
@@ -122,12 +120,10 @@ const std::string& CSPInfo::GetExtensionPagesCSP(const Extension* extension) {
// static
const std::string* CSPInfo::GetIsolatedWorldCSP(const Extension& extension) {
if (extension.manifest_version() >= 3) {
- const char kDefaultMV3IsolatedWorldCSP[] =
- "script-src 'self'; object-src 'self';";
// The isolated world will use its own CSP which blocks remotely hosted
// code.
static const base::NoDestructor<std::string> default_isolated_world_csp(
- kDefaultMV3IsolatedWorldCSP);
+ kDefaultSecureCSP);
return default_isolated_world_csp.get();
}
@@ -245,19 +241,17 @@ bool CSPHandler::ParseExtensionPagesCSP(
return false;
}
- std::vector<InstallWarning> warnings;
if (secure_only) {
- if (!csp_validator::DoesCSPDisallowRemoteCode(
- content_security_policy_str, manifest_key, error, warnings)) {
+ if (!csp_validator::DoesCSPDisallowRemoteCode(content_security_policy_str,
+ manifest_key, error)) {
return false;
}
-
- extension->AddInstallWarnings(std::move(warnings));
SetExtensionPagesCSP(extension, manifest_key, secure_only,
content_security_policy_str);
return true;
}
+ std::vector<InstallWarning> warnings;
std::string sanitized_content_security_policy = SanitizeContentSecurityPolicy(
content_security_policy_str, manifest_key.as_string(),
GetValidatorOptions(extension), &warnings);
@@ -303,19 +297,16 @@ bool CSPHandler::SetExtensionPagesCSP(Extension* extension,
base::StringPiece manifest_key,
bool secure_only,
std::string content_security_policy) {
-#if DCHECK_IS_ON()
if (secure_only) {
std::u16string error;
- std::vector<InstallWarning> install_warnings;
- CHECK(csp_validator::DoesCSPDisallowRemoteCode(
- content_security_policy, manifest_key, &error, install_warnings));
+ DCHECK(csp_validator::DoesCSPDisallowRemoteCode(content_security_policy,
+ manifest_key, &error));
} else {
- CHECK_EQ(content_security_policy,
- SanitizeContentSecurityPolicy(
- content_security_policy, manifest_key.as_string(),
- GetValidatorOptions(extension), nullptr));
+ DCHECK_EQ(content_security_policy,
+ SanitizeContentSecurityPolicy(
+ content_security_policy, manifest_key.as_string(),
+ GetValidatorOptions(extension), nullptr));
}
-#endif // DCHECK_IS_ON()
extension->SetManifestData(
keys::kContentSecurityPolicy,
diff --git a/extensions/common/manifest_handlers/csp_info_unittest.cc b/extensions/common/manifest_handlers/csp_info_unittest.cc
index 62492c4ba4cd3..a88d88ba7d94d 100644
--- a/extensions/common/manifest_handlers/csp_info_unittest.cc
+++ b/extensions/common/manifest_handlers/csp_info_unittest.cc
@@ -28,9 +28,7 @@ const char kDefaultSandboxedPageCSP[] =
const char kDefaultExtensionPagesCSP[] =
"script-src 'self' blob: filesystem:; "
"object-src 'self' blob: filesystem:;";
-const char kSecureExtensionPagesCSP[] =
- "script-src 'self'; style-src 'self'; object-src 'self';";
-const char kSecureIsolatedWorldCSP[] = "script-src 'self'; object-src 'self';";
+const char kDefaultSecureCSP[] = "script-src 'self'; object-src 'self';";
} // namespace
@@ -126,37 +124,17 @@ TEST_F(CSPInfoUnitTest, CSPStringKey) {
TEST_F(CSPInfoUnitTest, CSPDictionary_ExtensionPages) {
struct {
- const char* file_name = nullptr;
- const char* csp = nullptr;
- const char* expected_warning = nullptr;
- } cases[] = {
- {"csp_dictionary_valid_1.json", "default-src 'none'"},
- {"csp_dictionary_valid_2.json",
- "worker-src 'self'; script-src; default-src 'self'"},
- {"csp_empty_dictionary_valid.json", kSecureExtensionPagesCSP},
- {"csp_unsafe_style_src.json",
- "script-src; object-src; default-src google.com",
- "'content_security_policy.extension_pages': Insecure CSP value "
- "\"google.com\" in directive 'style-src'. This will cause an error "
- "beginning M93."},
- {"csp_missing_style_src.json", "script-src; object-src;",
- "'content_security_policy.extension_pages': CSP directive 'style-src' "
- "must be specified (either explicitly, or implicitly via 'default-src') "
- "and must allow only secure resources. This will cause an "
- "error beginning M93."},
- {"csp_safe_style_src.json", "script-src; object-src; style-src"}};
+ const char* file_name;
+ const char* csp;
+ } cases[] = {{"csp_dictionary_valid_1.json", "default-src 'none'"},
+ {"csp_dictionary_valid_2.json",
+ "worker-src 'self'; script-src; default-src 'self'"},
+ {"csp_empty_dictionary_valid.json", kDefaultSecureCSP}};
for (const auto& test_case : cases) {
SCOPED_TRACE(base::StringPrintf("Testing %s.", test_case.file_name));
-
- scoped_refptr<Extension> extension;
- if (!test_case.expected_warning) {
- extension = LoadAndExpectSuccess(test_case.file_name);
- } else {
- extension =
- LoadAndExpectWarning(test_case.file_name, test_case.expected_warning);
- }
-
+ scoped_refptr<Extension> extension =
+ LoadAndExpectSuccess(test_case.file_name);
ASSERT_TRUE(extension.get());
EXPECT_EQ(test_case.csp, CSPInfo::GetExtensionPagesCSP(extension.get()));
}
@@ -187,8 +165,7 @@ TEST_F(CSPInfoUnitTest, CSPDictionary_Sandbox) {
const char kCustomSandboxedCSP[] =
"sandbox; script-src 'self'; child-src 'self';";
- const char kCustomExtensionPagesCSP[] =
- "script-src; object-src; style-src http://localhost;";
+ const char kCustomExtensionPagesCSP[] = "script-src; object-src;";
struct {
const char* file_name;
@@ -196,7 +173,7 @@ TEST_F(CSPInfoUnitTest, CSPDictionary_Sandbox) {
const char* expected_csp;
} success_cases[] = {
{"sandbox_dictionary_1.json", "/test", kCustomSandboxedCSP},
- {"sandbox_dictionary_1.json", "/index", kSecureExtensionPagesCSP},
+ {"sandbox_dictionary_1.json", "/index", kDefaultSecureCSP},
{"sandbox_dictionary_2.json", "/test", kDefaultSandboxedPageCSP},
{"sandbox_dictionary_2.json", "/index", kCustomExtensionPagesCSP},
};
@@ -243,11 +220,11 @@ TEST_F(CSPInfoUnitTest, CSPDictionaryMandatoryForV3) {
const std::string* isolated_world_csp =
CSPInfo::GetIsolatedWorldCSP(*extension);
ASSERT_TRUE(isolated_world_csp);
- EXPECT_EQ(kSecureIsolatedWorldCSP, *isolated_world_csp);
+ EXPECT_EQ(kDefaultSecureCSP, *isolated_world_csp);
EXPECT_EQ(kDefaultSandboxedPageCSP,
CSPInfo::GetSandboxContentSecurityPolicy(extension.get()));
- EXPECT_EQ(kSecureExtensionPagesCSP,
+ EXPECT_EQ(kDefaultSecureCSP,
CSPInfo::GetExtensionPagesCSP(extension.get()));
}
}
diff --git a/extensions/test/data/manifest_tests/csp_missing_style_src.json b/extensions/test/data/manifest_tests/csp_missing_style_src.json
deleted file mode 100644
index 85e9cd9f89242..0000000000000
--- a/extensions/test/data/manifest_tests/csp_missing_style_src.json
+++ /dev/null
@@ -1,8 +0,0 @@
-{
- "name": "test",
- "version": "0.1",
- "manifest_version": 3,
- "content_security_policy": {
- "extension_pages" : "script-src; object-src;"
- }
-}
diff --git a/extensions/test/data/manifest_tests/csp_safe_style_src.json b/extensions/test/data/manifest_tests/csp_safe_style_src.json
deleted file mode 100644
index d5d8ad9787432..0000000000000
--- a/extensions/test/data/manifest_tests/csp_safe_style_src.json
+++ /dev/null
@@ -1,8 +0,0 @@
-{
- "name": "test",
- "version": "0.1",
- "manifest_version": 3,
- "content_security_policy": {
- "extension_pages" : "script-src; object-src; style-src"
- }
-}
diff --git a/extensions/test/data/manifest_tests/csp_unsafe_style_src.json b/extensions/test/data/manifest_tests/csp_unsafe_style_src.json
deleted file mode 100644
index 49b39409527e0..0000000000000
--- a/extensions/test/data/manifest_tests/csp_unsafe_style_src.json
+++ /dev/null
@@ -1,8 +0,0 @@
-{
- "name": "test",
- "version": "0.1",
- "manifest_version": 3,
- "content_security_policy": {
- "extension_pages" : "script-src; object-src; default-src google.com"
- }
-}
diff --git a/extensions/test/data/manifest_tests/sandbox_dictionary_2.json b/extensions/test/data/manifest_tests/sandbox_dictionary_2.json
index cd13e3d14d6c5..b370249917fb3 100644
--- a/extensions/test/data/manifest_tests/sandbox_dictionary_2.json
+++ b/extensions/test/data/manifest_tests/sandbox_dictionary_2.json
@@ -6,6 +6,6 @@
"pages": ["test"]
},
"content_security_policy" : {
- "extension_pages" : "script-src; object-src; style-src http://localhost;"
+ "extension_pages" : "script-src; object-src;"
}
}