Google Git
Sign in
chromium / chromium / src / 1725a3de59f6df8c70d053502dca62ddfaec8949
commit1725a3de59f6df8c70d053502dca62ddfaec8949[log] [tgz]
authorRouslan Solomakhin <rouslan@chromium.org>Thu Sep 22 19:06:56 2022
committerChromium LUCI CQ <chromium-scoped@luci-project-accounts.iam.gserviceaccount.com>Thu Sep 22 19:06:56 2022
tree4d2d7d3803535cf9dd70920914207e437501bfbe
parentcca62b5a2bf7ee2e98ecc44823b98a53825d7261 [diff]
[Web Payment] Content Security Checker on Android

Before this patch, Web Payment API on Android did not obey Content
Security Policy (CSP) rules when downloading payment method manifests
and web app manifests of payment apps. The manifest downloads are
managed in the browser, while CSP rules are managed in the renderer.

This patch pipes the CSP check through the Android-specific
PaymentRequestClient Mojo connection to the renderer.

After this patch, if chrome://flags/#web-payment-api-csp is set to
"Enabled", then Web Payment API on Android will obey CSP rules when
downloading payment method manifests and web app manifests of payment
apps.

Intent to prototype:
https://groups.google.com/a/chromium.org/g/blink-dev/c/jklZJYcOVyg/m/Gfwa4QQBAwAJ

Bug: 1349091
Change-Id: I7d758c7ca67a9649ba1eb54491e7ad98e623f992
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3892427
Reviewed-by: Daniel Cheng <dcheng@chromium.org>
Reviewed-by: Stephen McGruer <smcgruer@chromium.org>
Commit-Queue: Rouslan Solomakhin <rouslan@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1050323}
26 files changed
tree: 4d2d7d3803535cf9dd70920914207e437501bfbe
  1. android_webview/
  2. apps/
  3. ash/
  4. base/
  5. build/
  6. build_overrides/
  7. buildtools/
  8. cc/
  9. chrome/
  10. chromecast/
  11. chromeos/
  12. codelabs/
  13. components/
  14. content/
  15. courgette/
  16. crypto/
  17. dbus/
  18. device/
  19. docs/
  20. extensions/
  21. fuchsia_web/
  22. gin/
  23. google_apis/
  24. google_update/
  25. gpu/
  26. headless/
  27. infra/
  28. ios/
  29. ipc/
  30. media/
  31. mojo/
  32. native_client_sdk/
  33. net/
  34. pdf/
  35. ppapi/
  36. printing/
  37. remoting/
  38. rlz/
  39. sandbox/
  40. services/
  41. skia/
  42. sql/
  43. storage/
  44. styleguide/
  45. testing/
  46. third_party/
  47. tools/
  48. ui/
  49. url/
  50. weblayer/
  51. .clang-format
  52. .clang-tidy
  53. .eslintrc.js
  54. .git-blame-ignore-revs
  55. .gitattributes
  56. .gitignore
  57. .gn
  58. .mailmap
  59. .rustfmt.toml
  60. .vpython3
  61. .yapfignore
  62. AUTHORS
  63. BUILD.gn
  64. CODE_OF_CONDUCT.md
  65. codereview.settings
  66. DEPS
  67. DIR_METADATA
  68. ENG_REVIEW_OWNERS
  69. LICENSE
  70. LICENSE.chromium_os
  71. OWNERS
  72. PRESUBMIT.py
  73. PRESUBMIT_test.py
  74. PRESUBMIT_test_mocks.py
  75. README.md
  76. WATCHLISTS
README.md

Logo Chromium

Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web.

The project's web site is https://www.chromium.org.

To check out the source code locally, don't use git clone! Instead, follow the instructions on how to get the code.

Documentation in the source is rooted in docs/README.md.

Learn how to Get Around the Chromium Source Code Directory Structure .

For historical reasons, there are some small top level directories. Now the guidance is that new top level directories are for product (e.g. Chrome, Android WebView, Ash). Even if these products have multiple executables, the code should be in subdirectories of the product.

If you found a bug, please file it at https://crbug.com/new.