Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(820)

Side by Side Diff: Source/core/fetch/ResourceFetcher.cpp

Issue 1009583003: Add CSP header for resources with an active policy (Closed) Base URL: https://chromium.googlesource.com/chromium/blink.git@master
Patch Set: test tweaks Created 5 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
OLDNEW
1 /* 1 /*
2 Copyright (C) 1998 Lars Knoll (knoll@mpi-hd.mpg.de) 2 Copyright (C) 1998 Lars Knoll (knoll@mpi-hd.mpg.de)
3 Copyright (C) 2001 Dirk Mueller (mueller@kde.org) 3 Copyright (C) 2001 Dirk Mueller (mueller@kde.org)
4 Copyright (C) 2002 Waldo Bastian (bastian@kde.org) 4 Copyright (C) 2002 Waldo Bastian (bastian@kde.org)
5 Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All rights reserved. 5 Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All rights reserved.
6 Copyright (C) 2009 Torch Mobile Inc. http://www.torchmobile.com/ 6 Copyright (C) 2009 Torch Mobile Inc. http://www.torchmobile.com/
7 7
8 This library is free software; you can redistribute it and/or 8 This library is free software; you can redistribute it and/or
9 modify it under the terms of the GNU Library General Public 9 modify it under the terms of the GNU Library General Public
10 License as published by the Free Software Foundation; either 10 License as published by the Free Software Foundation; either
(...skipping 667 matching lines...) Expand 10 before | Expand all | Expand 10 after
678 m_validatedURLs.add(request.resourceRequest().url()); 678 m_validatedURLs.add(request.resourceRequest().url());
679 } 679 }
680 680
681 ResourcePtr<Resource> ResourceFetcher::requestResource(Resource::Type type, Fetc hRequest& request) 681 ResourcePtr<Resource> ResourceFetcher::requestResource(Resource::Type type, Fetc hRequest& request)
682 { 682 {
683 ASSERT(request.options().synchronousPolicy == RequestAsynchronously || type == Resource::Raw); 683 ASSERT(request.options().synchronousPolicy == RequestAsynchronously || type == Resource::Raw);
684 684
685 TRACE_EVENT0("blink", "ResourceFetcher::requestResource"); 685 TRACE_EVENT0("blink", "ResourceFetcher::requestResource");
686 686
687 upgradeInsecureRequest(request); 687 upgradeInsecureRequest(request);
688 addClientHintsIfNeccessary(request); 688 addClientHintsIfNecessary(request);
689 addCSPHeaderIfNecessary(type, request);
689 690
690 KURL url = request.resourceRequest().url(); 691 KURL url = request.resourceRequest().url();
691 692
692 WTF_LOG(ResourceLoading, "ResourceFetcher::requestResource '%s', charset '%s ', priority=%d, forPreload=%u, type=%s", url.elidedString().latin1().data(), req uest.charset().latin1().data(), request.priority(), request.forPreload(), Resour ceTypeName(type)); 693 WTF_LOG(ResourceLoading, "ResourceFetcher::requestResource '%s', charset '%s ', priority=%d, forPreload=%u, type=%s", url.elidedString().latin1().data(), req uest.charset().latin1().data(), request.priority(), request.forPreload(), Resour ceTypeName(type));
693 694
694 // If only the fragment identifiers differ, it is the same resource. 695 // If only the fragment identifiers differ, it is the same resource.
695 url = MemoryCache::removeFragmentIdentifierIfNeeded(url); 696 url = MemoryCache::removeFragmentIdentifierIfNeeded(url);
696 697
697 if (!url.isValid()) 698 if (!url.isValid())
698 return nullptr; 699 return nullptr;
(...skipping 153 matching lines...) Expand 10 before | Expand all | Expand 10 after
852 || url.host() == document()->securityOrigin()->host()) 853 || url.host() == document()->securityOrigin()->host())
853 { 854 {
854 url.setProtocol("https"); 855 url.setProtocol("https");
855 if (url.port() == 80) 856 if (url.port() == 80)
856 url.setPort(443); 857 url.setPort(443);
857 fetchRequest.mutableResourceRequest().setURL(url); 858 fetchRequest.mutableResourceRequest().setURL(url);
858 } 859 }
859 } 860 }
860 } 861 }
861 862
862 void ResourceFetcher::addClientHintsIfNeccessary(FetchRequest& fetchRequest) 863 void ResourceFetcher::addClientHintsIfNecessary(FetchRequest& fetchRequest)
863 { 864 {
864 if (!RuntimeEnabledFeatures::clientHintsEnabled() || !document() || !frame() ) 865 if (!RuntimeEnabledFeatures::clientHintsEnabled() || !document() || !frame() )
865 return; 866 return;
866 867
867 if (frame()->shouldSendDPRHint()) 868 if (frame()->shouldSendDPRHint())
868 fetchRequest.mutableResourceRequest().addHTTPHeaderField("DPR", AtomicSt ring(String::number(document()->devicePixelRatio()))); 869 fetchRequest.mutableResourceRequest().addHTTPHeaderField("DPR", AtomicSt ring(String::number(document()->devicePixelRatio())));
869 870
870 // FIXME: Send the RW hint based on the actual resource width, when we have it. 871 // FIXME: Send the RW hint based on the actual resource width, when we have it.
871 if (frame()->shouldSendRWHint() && frame()->view()) 872 if (frame()->shouldSendRWHint() && frame()->view())
872 fetchRequest.mutableResourceRequest().addHTTPHeaderField("RW", AtomicStr ing(String::number(frame()->view()->viewportWidth()))); 873 fetchRequest.mutableResourceRequest().addHTTPHeaderField("RW", AtomicStr ing(String::number(frame()->view()->viewportWidth())));
873 } 874 }
874 875
876 void ResourceFetcher::addCSPHeaderIfNecessary(Resource::Type type, FetchRequest& fetchRequest)
Mike West 2015/03/16 10:39:10 japhet@ has been refactoring things; I think this
estark 2015/03/17 18:27:34 Done.
877 {
878 if (!document() || !frame())
879 return;
880
881 const ContentSecurityPolicy* csp = document()->contentSecurityPolicy();
882
883 switch (type) {
884 case Resource::XSLStyleSheet:
885 ASSERT(RuntimeEnabledFeatures::xsltEnabled());
886 if (!csp->hasScriptPolicy())
887 return;
888 break;
889 case Resource::Script:
890 case Resource::ImportResource:
891 if (!csp->hasScriptPolicy())
892 return;
893 break;
894 case Resource::CSSStyleSheet:
895 if (!csp->hasStylePolicy())
896 return;
897 break;
898 case Resource::SVGDocument:
899 case Resource::Image:
900 if (!csp->hasImagePolicy())
901 return;
902 break;
903 case Resource::Font:
904 if (!csp->hasFontPolicy())
905 return;
906 break;
907 case Resource::Media:
908 case Resource::TextTrack:
909 if (!csp->hasMediaPolicy())
910 return;
911 break;
912 case Resource::Raw:
913 // As long as there is a plugin policy in effect, send the CSP
914 // header. This request might not be for a plugin, but sending it
915 // on non-plugin elements can't hurt.
916 if (!csp->hasPluginPolicy())
917 return;
918 break;
919 case Resource::MainResource:
920 case Resource::LinkPrefetch:
921 case Resource::LinkSubresource:
922 return;
923 }
Mike West 2015/03/16 10:39:10 I'd suggest moving this switch into CSP, basically
estark 2015/03/17 18:27:34 Done. I made the method called |shouldSendCSPHeade
924
925 fetchRequest.mutableResourceRequest().addHTTPHeaderField("CSP", "active");
926 }
927
875 ResourcePtr<Resource> ResourceFetcher::createResourceForRevalidation(const Fetch Request& request, Resource* resource) 928 ResourcePtr<Resource> ResourceFetcher::createResourceForRevalidation(const Fetch Request& request, Resource* resource)
876 { 929 {
877 ASSERT(resource); 930 ASSERT(resource);
878 ASSERT(memoryCache()->contains(resource)); 931 ASSERT(memoryCache()->contains(resource));
879 ASSERT(resource->isLoaded()); 932 ASSERT(resource->isLoaded());
880 ASSERT(resource->canUseCacheValidator()); 933 ASSERT(resource->canUseCacheValidator());
881 ASSERT(!resource->resourceToRevalidate()); 934 ASSERT(!resource->resourceToRevalidate());
882 ASSERT(!isControlledByServiceWorker()); 935 ASSERT(!isControlledByServiceWorker());
883 936
884 ResourceRequest revalidatingRequest(resource->resourceRequest()); 937 ResourceRequest revalidatingRequest(resource->resourceRequest());
(...skipping 703 matching lines...) Expand 10 before | Expand all | Expand 10 after
1588 ResourceLoaderHost::trace(visitor); 1641 ResourceLoaderHost::trace(visitor);
1589 } 1642 }
1590 1643
1591 ResourceFetcher* ResourceFetcher::toResourceFetcher(ResourceLoaderHost* host) 1644 ResourceFetcher* ResourceFetcher::toResourceFetcher(ResourceLoaderHost* host)
1592 { 1645 {
1593 ASSERT(host->objectType() == ResourceLoaderHost::ResourceFetcherType); 1646 ASSERT(host->objectType() == ResourceLoaderHost::ResourceFetcherType);
1594 return static_cast<ResourceFetcher*>(host); 1647 return static_cast<ResourceFetcher*>(host);
1595 } 1648 }
1596 1649
1597 } 1650 }
OLDNEW

Powered by Google App Engine
This is Rietveld 408576698