OLD | NEW |
---|---|
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "config.h" | 5 #include "config.h" |
6 #include "core/frame/csp/CSPDirectiveList.h" | 6 #include "core/frame/csp/CSPDirectiveList.h" |
7 | 7 |
8 #include "core/dom/Document.h" | 8 #include "core/dom/Document.h" |
9 #include "core/dom/SecurityContext.h" | 9 #include "core/dom/SecurityContext.h" |
10 #include "core/frame/LocalFrame.h" | 10 #include "core/frame/LocalFrame.h" |
(...skipping 396 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
407 { | 407 { |
408 return checkHash(operativeDirective(m_styleSrc.get()), hashValue); | 408 return checkHash(operativeDirective(m_styleSrc.get()), hashValue); |
409 } | 409 } |
410 | 410 |
411 const String& CSPDirectiveList::pluginTypesText() const | 411 const String& CSPDirectiveList::pluginTypesText() const |
412 { | 412 { |
413 ASSERT(hasPluginTypes()); | 413 ASSERT(hasPluginTypes()); |
414 return m_pluginTypes->text(); | 414 return m_pluginTypes->text(); |
415 } | 415 } |
416 | 416 |
417 bool CSPDirectiveList::shouldSendCSPHeader(Resource::Type type) const | |
418 { | |
419 switch (type) { | |
420 case Resource::XSLStyleSheet: | |
421 ASSERT(RuntimeEnabledFeatures::xsltEnabled()); | |
422 return !!operativeDirective(m_scriptSrc.get()); | |
423 case Resource::Script: | |
424 case Resource::ImportResource: | |
425 return !!operativeDirective(m_scriptSrc.get()); | |
426 case Resource::CSSStyleSheet: | |
427 return !!operativeDirective(m_styleSrc.get()); | |
428 case Resource::SVGDocument: | |
429 case Resource::Image: | |
430 return !!operativeDirective(m_imgSrc.get()); | |
431 case Resource::Font: | |
432 return !!operativeDirective(m_fontSrc.get()); | |
433 case Resource::Media: | |
434 case Resource::TextTrack: | |
435 return !!operativeDirective(m_mediaSrc.get()); | |
436 case Resource::Raw: | |
437 // This request could be for a plugin, a child frame, a worker, or | |
438 // something else. If there any potentially relevant policies, | |
439 // send the CSP header; sending it unnecessarily can't hurt. | |
440 return !!operativeDirective(m_objectSrc.get()) || !!m_pluginTypes.get() || !!operativeDirective(m_childSrc.get()) || !!operativeDirective(m_frameSrc.get ()) || !!operativeDirective(m_connectSrc.get()) || !!operativeDirective(m_manife stSrc.get()) || !!m_formAction.get(); | |
estark
2015/03/17 18:27:34
This is sort of the catch-all where we send a CSP
Mike West
2015/03/20 14:53:54
This is fine for now. Eventually, I'd like to see
estark
2015/03/20 20:27:52
Sure, I'll take a look!
| |
441 case Resource::MainResource: | |
442 case Resource::LinkPrefetch: | |
443 case Resource::LinkSubresource: | |
444 return false; | |
445 } | |
446 ASSERT_NOT_REACHED(); | |
447 } | |
448 | |
417 // policy = directive-list | 449 // policy = directive-list |
418 // directive-list = [ directive *( ";" [ directive ] ) ] | 450 // directive-list = [ directive *( ";" [ directive ] ) ] |
419 // | 451 // |
420 void CSPDirectiveList::parse(const UChar* begin, const UChar* end) | 452 void CSPDirectiveList::parse(const UChar* begin, const UChar* end) |
421 { | 453 { |
422 m_header = String(begin, end - begin); | 454 m_header = String(begin, end - begin); |
423 | 455 |
424 if (begin == end) | 456 if (begin == end) |
425 return; | 457 return; |
426 | 458 |
(...skipping 309 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
736 enableInsecureRequestsUpgrade(name, value); | 768 enableInsecureRequestsUpgrade(name, value); |
737 else | 769 else |
738 m_policy->reportUnsupportedDirective(name); | 770 m_policy->reportUnsupportedDirective(name); |
739 } else { | 771 } else { |
740 m_policy->reportUnsupportedDirective(name); | 772 m_policy->reportUnsupportedDirective(name); |
741 } | 773 } |
742 } | 774 } |
743 | 775 |
744 | 776 |
745 } // namespace blink | 777 } // namespace blink |
OLD | NEW |