| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2011 Google, Inc. All rights reserved. | 2 * Copyright (C) 2011 Google, Inc. All rights reserved. |
| 3 * | 3 * |
| 4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
| 5 * modification, are permitted provided that the following conditions | 5 * modification, are permitted provided that the following conditions |
| 6 * are met: | 6 * are met: |
| 7 * 1. Redistributions of source code must retain the above copyright | 7 * 1. Redistributions of source code must retain the above copyright |
| 8 * notice, this list of conditions and the following disclaimer. | 8 * notice, this list of conditions and the following disclaimer. |
| 9 * 2. Redistributions in binary form must reproduce the above copyright | 9 * 2. Redistributions in binary form must reproduce the above copyright |
| 10 * notice, this list of conditions and the following disclaimer in the | 10 * notice, this list of conditions and the following disclaimer in the |
| (...skipping 143 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 154 | 154 |
| 155 void ContentSecurityPolicy::bindToExecutionContext(ExecutionContext* executionCo
ntext) | 155 void ContentSecurityPolicy::bindToExecutionContext(ExecutionContext* executionCo
ntext) |
| 156 { | 156 { |
| 157 m_executionContext = executionContext; | 157 m_executionContext = executionContext; |
| 158 applyPolicySideEffectsToExecutionContext(); | 158 applyPolicySideEffectsToExecutionContext(); |
| 159 } | 159 } |
| 160 | 160 |
| 161 void ContentSecurityPolicy::applyPolicySideEffectsToExecutionContext() | 161 void ContentSecurityPolicy::applyPolicySideEffectsToExecutionContext() |
| 162 { | 162 { |
| 163 ASSERT(m_executionContext); | 163 ASSERT(m_executionContext); |
| 164 ASSERT(securityOrigin()); |
| 164 // Ensure that 'self' processes correctly. | 165 // Ensure that 'self' processes correctly. |
| 165 m_selfProtocol = securityOrigin()->protocol(); | 166 m_selfProtocol = securityOrigin()->protocol(); |
| 166 m_selfSource = adoptPtr(new CSPSource(this, m_selfProtocol, securityOrigin()
->host(), securityOrigin()->port(), String(), CSPSource::NoWildcard, CSPSource::
NoWildcard)); | 167 m_selfSource = adoptPtr(new CSPSource(this, m_selfProtocol, securityOrigin()
->host(), securityOrigin()->port(), String(), CSPSource::NoWildcard, CSPSource::
NoWildcard)); |
| 167 | 168 |
| 168 // If we're in a Document, set the referrer policy, mixed content checking,
and sandbox | 169 // If we're in a Document, set the referrer policy, mixed content checking,
and sandbox |
| 169 // flags, then dump all the parsing error messages, then poke at histograms. | 170 // flags, then dump all the parsing error messages, then poke at histograms. |
| 170 if (Document* document = this->document()) { | 171 if (Document* document = this->document()) { |
| 171 if (m_sandboxMask != SandboxNone) { | 172 if (m_sandboxMask != SandboxNone) { |
| 172 UseCounter::count(document, UseCounter::SandboxViaCSP); | 173 UseCounter::count(document, UseCounter::SandboxViaCSP); |
| 173 document->enforceSandboxFlags(m_sandboxMask); | 174 document->enforceSandboxFlags(m_sandboxMask); |
| 174 } | 175 } |
| 175 if (m_enforceStrictMixedContentChecking) | 176 if (m_enforceStrictMixedContentChecking) |
| 176 document->enforceStrictMixedContentChecking(); | 177 document->enforceStrictMixedContentChecking(); |
| 177 if (didSetReferrerPolicy()) | 178 if (didSetReferrerPolicy()) |
| 178 document->setReferrerPolicy(m_referrerPolicy); | 179 document->setReferrerPolicy(m_referrerPolicy); |
| 179 if (m_insecureRequestsPolicy > document->insecureRequestsPolicy()) | 180 if (m_insecureRequestsPolicy > document->insecureRequestsPolicy()) { |
| 180 document->setInsecureRequestsPolicy(m_insecureRequestsPolicy); | 181 document->setInsecureRequestsPolicy(m_insecureRequestsPolicy); |
| 182 if (!securityOrigin()->host().isNull()) |
| 183 document->addInsecureNavigationUpgrade(securityOrigin()->host().
impl()->hash()); |
| 184 } |
| 181 | 185 |
| 182 for (const auto& consoleMessage : m_consoleMessages) | 186 for (const auto& consoleMessage : m_consoleMessages) |
| 183 m_executionContext->addConsoleMessage(consoleMessage); | 187 m_executionContext->addConsoleMessage(consoleMessage); |
| 184 m_consoleMessages.clear(); | 188 m_consoleMessages.clear(); |
| 185 | 189 |
| 186 for (const auto& policy : m_policies) | 190 for (const auto& policy : m_policies) |
| 187 UseCounter::count(*document, getUseCounterType(policy->headerType())
); | 191 UseCounter::count(*document, getUseCounterType(policy->headerType())
); |
| 188 } | 192 } |
| 189 | 193 |
| 190 // We disable 'eval()' even in the case of report-only policies, and rely on
the check in the | 194 // We disable 'eval()' even in the case of report-only policies, and rely on
the check in the |
| (...skipping 736 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 927 // Collisions have no security impact, so we can save space by storing only
the string's hash rather than the whole report. | 931 // Collisions have no security impact, so we can save space by storing only
the string's hash rather than the whole report. |
| 928 return !m_violationReportsSent.contains(report.impl()->hash()); | 932 return !m_violationReportsSent.contains(report.impl()->hash()); |
| 929 } | 933 } |
| 930 | 934 |
| 931 void ContentSecurityPolicy::didSendViolationReport(const String& report) | 935 void ContentSecurityPolicy::didSendViolationReport(const String& report) |
| 932 { | 936 { |
| 933 m_violationReportsSent.add(report.impl()->hash()); | 937 m_violationReportsSent.add(report.impl()->hash()); |
| 934 } | 938 } |
| 935 | 939 |
| 936 } // namespace blink | 940 } // namespace blink |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1010893003:
Upgrade insecure requests: Pipe navigational hosts down into nested documents. (Closed)
Base URL: svn://svn.chromium.org/blink/trunk