6cc110854f
Before this patch, a Content Security Policy (CSP) violation in payment method identifier would be counted, but there was no way to enforce CSP. This patch adds a chrome://flags/#web-payment-api-csp flag that enables enforcing the CSP connect-src directive for payment method identifiers. After this patch, if chrome://flags/#web-payment-api-csp is set to "Enabled", then a CSP violation in payment method identifier will print a "refused to connect" error message and PaymentRequest constructor will throw a RangeError. (Not in this patch: handling redirects, e.g., from https://host.com/pay to https://pay.host.com/.) Intent to prototype: https://groups.google.com/a/chromium.org/g/blink-dev/c/jklZJYcOVyg/m/Gfwa4QQBAwAJ Bug: 1349091 Change-Id: I2df9bf8a0e207f06dc674b53263b219803c3a5ff Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3805640 Commit-Queue: Rouslan Solomakhin <rouslan@chromium.org> Reviewed-by: Daniel Bratell <bratell.d@gmail.com> Reviewed-by: Arthur Sonzogni <arthursonzogni@chromium.org> Reviewed-by: Stephen McGruer <smcgruer@chromium.org> Cr-Commit-Position: refs/heads/main@{#1032997}
Chromium
Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web.
The project's web site is https://www.chromium.org.
To check out the source code locally, don't use git clone! Instead,
follow the instructions on how to get the code.
Documentation in the source is rooted in docs/README.md.
Learn how to Get Around the Chromium Source Code Directory Structure .
For historical reasons, there are some small top level directories. Now the guidance is that new top level directories are for product (e.g. Chrome, Android WebView, Ash). Even if these products have multiple executables, the code should be in subdirectories of the product.
If you found a bug, please file it at https://crbug.com/new.