OLD | NEW |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "config.h" | 5 #include "config.h" |
6 #include "core/frame/csp/CSPDirectiveList.h" | 6 #include "core/frame/csp/CSPDirectiveList.h" |
7 | 7 |
8 #include "core/dom/Document.h" | 8 #include "core/dom/Document.h" |
9 #include "core/dom/SecurityContext.h" | 9 #include "core/dom/SecurityContext.h" |
10 #include "core/frame/LocalFrame.h" | 10 #include "core/frame/LocalFrame.h" |
(...skipping 398 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
409 } | 409 } |
410 | 410 |
411 const String& CSPDirectiveList::pluginTypesText() const | 411 const String& CSPDirectiveList::pluginTypesText() const |
412 { | 412 { |
413 ASSERT(hasPluginTypes()); | 413 ASSERT(hasPluginTypes()); |
414 return m_pluginTypes->text(); | 414 return m_pluginTypes->text(); |
415 } | 415 } |
416 | 416 |
417 bool CSPDirectiveList::shouldSendCSPHeader(Resource::Type type) const | 417 bool CSPDirectiveList::shouldSendCSPHeader(Resource::Type type) const |
418 { | 418 { |
419 switch (type) { | 419 // TODO(mkwst): Revisit this once the CORS prefetch issue with the 'CSP' |
420 case Resource::XSLStyleSheet: | 420 // header is worked out, one way or another: |
421 ASSERT(RuntimeEnabledFeatures::xsltEnabled()); | 421 // https://github.com/whatwg/fetch/issues/52 |
422 return !!operativeDirective(m_scriptSrc.get()); | |
423 case Resource::Script: | |
424 case Resource::ImportResource: | |
425 return !!operativeDirective(m_scriptSrc.get()); | |
426 case Resource::CSSStyleSheet: | |
427 return !!operativeDirective(m_styleSrc.get()); | |
428 case Resource::SVGDocument: | |
429 case Resource::Image: | |
430 return !!operativeDirective(m_imgSrc.get()); | |
431 case Resource::Font: | |
432 return !!operativeDirective(m_fontSrc.get()); | |
433 case Resource::Media: | |
434 case Resource::TextTrack: | |
435 return !!operativeDirective(m_mediaSrc.get()); | |
436 case Resource::Raw: | |
437 // This request could be for a plugin, a child frame, a worker, or | |
438 // something else. If there any potentially relevant policies, | |
439 // send the CSP header; sending it unnecessarily can't hurt. | |
440 return !!operativeDirective(m_objectSrc.get()) || !!m_pluginTypes.get()
|| !!operativeDirective(m_childSrc.get()) || !!operativeDirective(m_frameSrc.get
()) || !!operativeDirective(m_connectSrc.get()) || !!operativeDirective(m_manife
stSrc.get()) || !!m_formAction.get(); | |
441 case Resource::MainResource: | |
442 case Resource::LinkPrefetch: | |
443 case Resource::LinkSubresource: | |
444 return false; | |
445 } | |
446 ASSERT_NOT_REACHED(); | |
447 return false; | 422 return false; |
448 } | 423 } |
449 | 424 |
450 // policy = directive-list | 425 // policy = directive-list |
451 // directive-list = [ directive *( ";" [ directive ] ) ] | 426 // directive-list = [ directive *( ";" [ directive ] ) ] |
452 // | 427 // |
453 void CSPDirectiveList::parse(const UChar* begin, const UChar* end) | 428 void CSPDirectiveList::parse(const UChar* begin, const UChar* end) |
454 { | 429 { |
455 m_header = String(begin, end - begin); | 430 m_header = String(begin, end - begin); |
456 | 431 |
(...skipping 310 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
767 setCSPDirective<SourceListDirective>(name, value, m_manifestSrc); | 742 setCSPDirective<SourceListDirective>(name, value, m_manifestSrc); |
768 else | 743 else |
769 m_policy->reportUnsupportedDirective(name); | 744 m_policy->reportUnsupportedDirective(name); |
770 } else { | 745 } else { |
771 m_policy->reportUnsupportedDirective(name); | 746 m_policy->reportUnsupportedDirective(name); |
772 } | 747 } |
773 } | 748 } |
774 | 749 |
775 | 750 |
776 } // namespace blink | 751 } // namespace blink |
OLD | NEW |