0
Files
src/tools
Rouslan Solomakhin 6cc110854f [Web Payment] Blink CSP check for payment method identifier
Before this patch, a Content Security Policy (CSP) violation in payment
method identifier would be counted, but there was no way to enforce CSP.

This patch adds a chrome://flags/#web-payment-api-csp flag that enables
enforcing the CSP connect-src directive for payment method identifiers.

After this patch, if chrome://flags/#web-payment-api-csp is set to
"Enabled", then a CSP violation in payment method identifier will print
a "refused to connect" error message and PaymentRequest constructor will
throw a RangeError. (Not in this patch: handling redirects, e.g., from
https://host.com/pay to https://pay.host.com/.)

Intent to prototype:
https://groups.google.com/a/chromium.org/g/blink-dev/c/jklZJYcOVyg/m/Gfwa4QQBAwAJ

Bug: 1349091
Change-Id: I2df9bf8a0e207f06dc674b53263b219803c3a5ff
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3805640
Commit-Queue: Rouslan Solomakhin <rouslan@chromium.org>
Reviewed-by: Daniel Bratell <bratell.d@gmail.com>
Reviewed-by: Arthur Sonzogni <arthursonzogni@chromium.org>
Reviewed-by: Stephen McGruer <smcgruer@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1032997}
2022-08-09 14:02:57 +00:00
..
2022-08-04 00:13:57 +00:00
2022-07-27 02:18:33 +00:00
2022-08-09 02:06:48 +00:00
2022-06-07 05:52:57 +00:00
2022-07-19 23:12:05 +00:00
2022-06-13 19:18:06 +00:00
2022-08-08 06:03:59 +00:00
2022-08-09 00:02:48 +00:00
2022-07-01 01:38:31 +00:00
2022-05-16 15:29:38 +00:00