Pull 'worker-src' back behind the experimental flag.

Good discussion at w3c/webappsec-csp#146 suggests that we might want to modify `worker-src` before shipping it. So let's work that out first. BUG=666664 Review-Url: https://codereview.chromium.org/2503213005 Cr-Commit-Position: refs/heads/master@{#433152} (cherry picked from commit 8071e0f) Review URL: https://codereview.chromium.org/2541443003 . Cr-Commit-Position: refs/branch-heads/2924@{#151} Cr-Branched-From: 3a87aec-refs/heads/master@{#433059}
mirror · Nov 29, 2016 · a8df270 · a8df270
1 parent 85e1545
commit a8df270
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.cpp b/third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.cpp
@@ -1117,7 +1117,8 @@ void CSPDirectiveList::addDirective(const String& name, const String& value) {
     setCSPDirective<SourceListDirective>(name, value, m_baseURI);
   } else if (equalIgnoringCase(name, ContentSecurityPolicy::ChildSrc)) {
     setCSPDirective<SourceListDirective>(name, value, m_childSrc);
-  } else if (equalIgnoringCase(name, ContentSecurityPolicy::WorkerSrc)) {
+  } else if (equalIgnoringCase(name, ContentSecurityPolicy::WorkerSrc) &&
+             m_policy->experimentalFeaturesEnabled()) {
     setCSPDirective<SourceListDirective>(name, value, m_workerSrc);
   } else if (equalIgnoringCase(name, ContentSecurityPolicy::FormAction)) {
     setCSPDirective<SourceListDirective>(name, value, m_formAction);