| Index: content/common/content_security_policy/csp_source_unittest.cc
|
| diff --git a/content/common/content_security_policy/csp_source_unittest.cc b/content/common/content_security_policy/csp_source_unittest.cc
|
| index 50879f2719f9af7b15d7eac887d8e0f0fd12cdb6..81a1c5f14c18a6e51cd4572fde1197976a64be52 100644
|
| --- a/content/common/content_security_policy/csp_source_unittest.cc
|
| +++ b/content/common/content_security_policy/csp_source_unittest.cc
|
| @@ -112,14 +112,15 @@ TEST(CSPSourceTest, AllowScheme) {
|
| EXPECT_FALSE(Allow(source, GURL("http://a.com"), &context));
|
| EXPECT_TRUE(Allow(source, GURL("ftp://a.com"), &context));
|
|
|
| - // Self's scheme is unique.
|
| + // Self's scheme is unique (non standard scheme).
|
| context.SetSelf(url::Origin(GURL("non-standard-scheme://a.com")));
|
| - // TODO(mkwst, arthursonzogni): This result might be wrong.
|
| - // See http://crbug.com/692449
|
| EXPECT_FALSE(Allow(source, GURL("http://a.com"), &context));
|
| - // TODO(mkwst, arthursonzogni): This result might be wrong.
|
| - // See http://crbug.com/692449
|
| EXPECT_FALSE(Allow(source, GURL("non-standard-scheme://a.com"), &context));
|
| +
|
| + // Self's scheme is unique (data-url).
|
| + context.SetSelf(url::Origin(GURL("data:text/html,<iframe src=[...]>")));
|
| + EXPECT_FALSE(Allow(source, GURL("http://a.com"), &context));
|
| + EXPECT_FALSE(Allow(source, GURL("data:text/html,hello"), &context));
|
| }
|
| }
|
|
|
|
|
Chromium Code Reviews
Issue 2937503002:
CSP, PlzNavigate: make clear what happens with unique origins. (Closed)
