Fix for chrome://cast getting blocked by content security policy.

The provided policy for the cast UI was "object-src *", which used to include "chrome:" until a recent CL changed the use of “*” from a blacklist (that did not include "chrome:") to a whitelist (that still does not include "chrome:"). Because of this, the policy just needs to be updated to specifically allow "chrome:" now. BUG=634168 Review-Url: https://codereview.chromium.org/2347503002 Cr-Commit-Position: refs/heads/master@{#418883}

Fix for chrome://cast getting blocked by content security policy.
The provided policy for the cast UI was "object-src *", which used to include "chrome:" until a recent CL changed the use of “*” from a blacklist (that did not include "chrome:") to a whitelist (that still does not include "chrome:"). Because of this, the policy just needs to be updated to specifically allow "chrome:" now. BUG=634168 Review-Url: https://codereview.chromium.org/2347503002 Cr-Commit-Position: refs/heads/master@{#418883}
67b0b5d0 · paulmeyer · Commit bot · f423a9fb · 67b0b5d0
Commit 67b0b5d0 authored Sep 15, 2016 by paulmeyer Committed by Commit bot Sep 15, 2016
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 1 deletion

chrome/browser/ui/webui/cast/cast_ui.cc chrome/browser/ui/webui/cast/cast_ui.cc +1 -1

No files found.
--- a/chrome/browser/ui/webui/cast/cast_ui.cc
+++ b/chrome/browser/ui/webui/cast/cast_ui.cc
@@ -32,7 +32,7 @@ CastUI::CastUI(content::WebUI* web_ui)
  html_source->AddString("extensionId", extension_id);
  html_source->SetJsonPath("strings.js");
  html_source->SetDefaultResource(IDR_CAST_HTML);
-  html_source->OverrideContentSecurityPolicyObjectSrc("object-src *;");
+  html_source->OverrideContentSecurityPolicyObjectSrc("object-src * chrome:;");
  content::WebUIDataSource::Add(Profile::FromWebUI(web_ui), html_source);
 }