Add CSP header for resources with an active policy

Source/core/fetch/ResourceFetcher.cpp

 /*
     Copyright (C) 1998 Lars Knoll (knoll@mpi-hd.mpg.de)
     Copyright (C) 2001 Dirk Mueller (mueller@kde.org)
     Copyright (C) 2002 Waldo Bastian (bastian@kde.org)
     Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All rights reserved.
     Copyright (C) 2009 Torch Mobile Inc. http://www.torchmobile.com/
 
     This library is free software; you can redistribute it and/or
     modify it under the terms of the GNU Library General Public
     License as published by the Free Software Foundation; either
@@ skipping 667 matching lines @@
     m_validatedURLs.add(request.resourceRequest().url());
 }
 
 ResourcePtr<Resource> ResourceFetcher::requestResource(Resource::Type type, FetchRequest& request)
 {
     ASSERT(request.options().synchronousPolicy == RequestAsynchronously || type == Resource::Raw);
 
     TRACE_EVENT0("blink", "ResourceFetcher::requestResource");
 
     upgradeInsecureRequest(request);
-    addClientHintsIfNeccessary(request);
+    addClientHintsIfNecessary(request);
+    addCSPHeaderIfNecessary(type, request);
 
     KURL url = request.resourceRequest().url();
 
     WTF_LOG(ResourceLoading, "ResourceFetcher::requestResource '%s', charset '%s', priority=%d, forPreload=%u, type=%s", url.elidedString().latin1().data(), request.charset().latin1().data(), request.priority(), request.forPreload(), ResourceTypeName(type));
 
     // If only the fragment identifiers differ, it is the same resource.
     url = MemoryCache::removeFragmentIdentifierIfNeeded(url);
 
     if (!url.isValid())
         return nullptr;
@@ skipping 153 matching lines @@
             || url.host() == document()->securityOrigin()->host())
         {
             url.setProtocol("https");
             if (url.port() == 80)
                 url.setPort(443);
             fetchRequest.mutableResourceRequest().setURL(url);
         }
     }
 }
 
-void ResourceFetcher::addClientHintsIfNeccessary(FetchRequest& fetchRequest)
+void ResourceFetcher::addClientHintsIfNecessary(FetchRequest& fetchRequest)
 {
     if (!RuntimeEnabledFeatures::clientHintsEnabled() || !document() || !frame())
         return;
 
     if (frame()->shouldSendDPRHint())
         fetchRequest.mutableResourceRequest().addHTTPHeaderField("DPR", AtomicString(String::number(document()->devicePixelRatio())));
 
     // FIXME: Send the RW hint based on the actual resource width, when we have it.
     if (frame()->shouldSendRWHint() && frame()->view())
         fetchRequest.mutableResourceRequest().addHTTPHeaderField("RW", AtomicString(String::number(frame()->view()->viewportWidth())));
 }
 
+void ResourceFetcher::addCSPHeaderIfNecessary(Resource::Type type, FetchRequest& fetchRequest)

[Mike West, 2015/03/16 10:39:10]

japhet@ has been refactoring things; I think this will need to move to
'/core/loader/FrameFetchContext.*' (either already, or in the very near future).

[estark, 2015/03/17 18:27:34]

Done.

+{
+    if (!document() || !frame())
+        return;
+
+    const ContentSecurityPolicy* csp = document()->contentSecurityPolicy();
+
+    switch (type) {
+    case Resource::XSLStyleSheet:
+        ASSERT(RuntimeEnabledFeatures::xsltEnabled());
+        if (!csp->hasScriptPolicy())
+            return;
+        break;
+    case Resource::Script:
+    case Resource::ImportResource:
+        if (!csp->hasScriptPolicy())
+            return;
+        break;
+    case Resource::CSSStyleSheet:
+        if (!csp->hasStylePolicy())
+            return;
+        break;
+    case Resource::SVGDocument:
+    case Resource::Image:
+        if (!csp->hasImagePolicy())
+            return;
+        break;
+    case Resource::Font:
+        if (!csp->hasFontPolicy())
+            return;
+        break;
+    case Resource::Media:
+    case Resource::TextTrack:
+        if (!csp->hasMediaPolicy())
+            return;
+        break;
+    case Resource::Raw:
+        // As long as there is a plugin policy in effect, send the CSP
+        // header. This request might not be for a plugin, but sending it
+        // on non-plugin elements can't hurt.
+        if (!csp->hasPluginPolicy())
+            return;
+        break;
+    case Resource::MainResource:
+    case Resource::LinkPrefetch:
+    case Resource::LinkSubresource:
+        return;
+    }

[Mike West, 2015/03/16 10:39:10]

I'd suggest moving this switch into CSP, basically asking "Hey, is a policy
active for this FetchRequest?". That seems clearer than hard-coding
relationships into ResourceFetcher, and adding one-off methods to CSP's public
interface.

[estark, 2015/03/17 18:27:34]

Done. I made the method called |shouldSendCSPHeader| instead of something like
|hasActivePolicy| because that seemed to more accurately reflect the question
that the method is answering (e.g. the method should be allowed to return true
even if there isn't an active policy), but I'm not sure if that makes sense or
not.

+
+    fetchRequest.mutableResourceRequest().addHTTPHeaderField("CSP", "active");
+}
+
 ResourcePtr<Resource> ResourceFetcher::createResourceForRevalidation(const FetchRequest& request, Resource* resource)
 {
     ASSERT(resource);
     ASSERT(memoryCache()->contains(resource));
     ASSERT(resource->isLoaded());
     ASSERT(resource->canUseCacheValidator());
     ASSERT(!resource->resourceToRevalidate());
     ASSERT(!isControlledByServiceWorker());
 
     ResourceRequest revalidatingRequest(resource->resourceRequest());
@@ skipping 703 matching lines @@
     ResourceLoaderHost::trace(visitor);
 }
 
 ResourceFetcher* ResourceFetcher::toResourceFetcher(ResourceLoaderHost* host)
 {
     ASSERT(host->objectType() == ResourceLoaderHost::ResourceFetcherType);
     return static_cast<ResourceFetcher*>(host);
 }
 
 }