Skip to content
Commit 96125940 authored by Christian Flach's avatar Christian Flach Committed by Chromium LUCI CQ
Browse files

iwa: Add `wss:` to `connect-src` of the baseline Content Security Policy 

It looks like an oversight that we only allowed https: requests, and not
also wss: requests. Without this change, Web Sockets are not usable in
Isolated Web Apps. This change makes secure Web Socket communication
from IWAs possible.

Corresponding update of the explainer:
https://github.com/WICG/isolated-web-apps/pull/18

Bug: 1447468
Change-Id: I7a41fab8b4a19077d2df1c0fd65186e03b0b6fa6
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4565635


Reviewed-by: default avatarReilly Grant <reillyg@chromium.org>
Commit-Queue: Alex Moshchuk <alexmos@chromium.org>
Reviewed-by: default avatarAlex Moshchuk <alexmos@chromium.org>
Auto-Submit: Christian Flach <cmfcmf@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1149443}
parent 497c919b
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment