OLD | NEW |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "config.h" | 5 #include "config.h" |
6 #include "core/frame/csp/CSPDirectiveList.h" | 6 #include "core/frame/csp/CSPDirectiveList.h" |
7 | 7 |
8 #include "core/dom/Document.h" | 8 #include "core/dom/Document.h" |
9 #include "core/dom/SecurityContext.h" | 9 #include "core/dom/SecurityContext.h" |
10 #include "core/frame/LocalFrame.h" | 10 #include "core/frame/LocalFrame.h" |
(...skipping 396 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
407 { | 407 { |
408 return checkHash(operativeDirective(m_styleSrc.get()), hashValue); | 408 return checkHash(operativeDirective(m_styleSrc.get()), hashValue); |
409 } | 409 } |
410 | 410 |
411 const String& CSPDirectiveList::pluginTypesText() const | 411 const String& CSPDirectiveList::pluginTypesText() const |
412 { | 412 { |
413 ASSERT(hasPluginTypes()); | 413 ASSERT(hasPluginTypes()); |
414 return m_pluginTypes->text(); | 414 return m_pluginTypes->text(); |
415 } | 415 } |
416 | 416 |
| 417 bool CSPDirectiveList::shouldSendCSPHeader(Resource::Type type) const |
| 418 { |
| 419 switch (type) { |
| 420 case Resource::XSLStyleSheet: |
| 421 ASSERT(RuntimeEnabledFeatures::xsltEnabled()); |
| 422 return !!operativeDirective(m_scriptSrc.get()); |
| 423 case Resource::Script: |
| 424 case Resource::ImportResource: |
| 425 return !!operativeDirective(m_scriptSrc.get()); |
| 426 case Resource::CSSStyleSheet: |
| 427 return !!operativeDirective(m_styleSrc.get()); |
| 428 case Resource::SVGDocument: |
| 429 case Resource::Image: |
| 430 return !!operativeDirective(m_imgSrc.get()); |
| 431 case Resource::Font: |
| 432 return !!operativeDirective(m_fontSrc.get()); |
| 433 case Resource::Media: |
| 434 case Resource::TextTrack: |
| 435 return !!operativeDirective(m_mediaSrc.get()); |
| 436 case Resource::Raw: |
| 437 // This request could be for a plugin, a child frame, a worker, or |
| 438 // something else. If there any potentially relevant policies, |
| 439 // send the CSP header; sending it unnecessarily can't hurt. |
| 440 return !!operativeDirective(m_objectSrc.get()) || !!m_pluginTypes.get()
|| !!operativeDirective(m_childSrc.get()) || !!operativeDirective(m_frameSrc.get
()) || !!operativeDirective(m_connectSrc.get()) || !!operativeDirective(m_manife
stSrc.get()) || !!m_formAction.get(); |
| 441 case Resource::MainResource: |
| 442 case Resource::LinkPrefetch: |
| 443 case Resource::LinkSubresource: |
| 444 return false; |
| 445 } |
| 446 ASSERT_NOT_REACHED(); |
| 447 return false; |
| 448 } |
| 449 |
417 // policy = directive-list | 450 // policy = directive-list |
418 // directive-list = [ directive *( ";" [ directive ] ) ] | 451 // directive-list = [ directive *( ";" [ directive ] ) ] |
419 // | 452 // |
420 void CSPDirectiveList::parse(const UChar* begin, const UChar* end) | 453 void CSPDirectiveList::parse(const UChar* begin, const UChar* end) |
421 { | 454 { |
422 m_header = String(begin, end - begin); | 455 m_header = String(begin, end - begin); |
423 | 456 |
424 if (begin == end) | 457 if (begin == end) |
425 return; | 458 return; |
426 | 459 |
(...skipping 309 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
736 enableInsecureRequestsUpgrade(name, value); | 769 enableInsecureRequestsUpgrade(name, value); |
737 else | 770 else |
738 m_policy->reportUnsupportedDirective(name); | 771 m_policy->reportUnsupportedDirective(name); |
739 } else { | 772 } else { |
740 m_policy->reportUnsupportedDirective(name); | 773 m_policy->reportUnsupportedDirective(name); |
741 } | 774 } |
742 } | 775 } |
743 | 776 |
744 | 777 |
745 } // namespace blink | 778 } // namespace blink |
OLD | NEW |