diff options
Diffstat (limited to 'chromium/content/public/browser/url_data_source.cc')
-rw-r--r-- | chromium/content/public/browser/url_data_source.cc | 7 |
1 files changed, 3 insertions, 4 deletions
diff --git a/chromium/content/public/browser/url_data_source.cc b/chromium/content/public/browser/url_data_source.cc index 57579e32ab7..8161895bd95 100644 --- a/chromium/content/public/browser/url_data_source.cc +++ b/chromium/content/public/browser/url_data_source.cc @@ -34,10 +34,9 @@ bool URLDataSource::ShouldAddContentSecurityPolicy() const { } std::string URLDataSource::GetContentSecurityPolicyScriptSrc() const { - // Specific resources require unsafe-eval in the Content Security Policy. - // TODO(tsepez,mfoltz): Remove 'unsafe-eval' when tests have been fixed to - // not use eval()/new Function(). http://crbug.com/525224 - return "script-src chrome://resources 'self' 'unsafe-eval';"; + // Note: Do not add 'unsafe-eval' here. Instead override CSP for the + // specific pages that need it, see context http://crbug.com/525224. + return "script-src chrome://resources 'self';"; } std::string URLDataSource::GetContentSecurityPolicyObjectSrc() const { |