Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(415)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: Source/core/frame/SubresourceIntegrity.cpp

Issue 1166003004: SRI fail open on ineligible resources. (Closed) Base URL: https://chromium.googlesource.com/chromium/blink.git@master
Patch Set: Remove a bunch of -expected.txt files Created 5 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « LayoutTests/http/tests/security/subresourceIntegrity/subresource-integrity-unknown-hash-allowed-expected.txt ('k') | Source/core/frame/SubresourceIntegrityTest.cpp » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "config.h" 5 #include "config.h"
6 #include "core/frame/SubresourceIntegrity.h" 6 #include "core/frame/SubresourceIntegrity.h"
7 7
8 #include "core/HTMLNames.h" 8 #include "core/HTMLNames.h"
9 #include "core/dom/Document.h" 9 #include "core/dom/Document.h"
10 #include "core/dom/Element.h" 10 #include "core/dom/Element.h"
(...skipping 96 matching lines...) Expand 10 before | Expand all | Expand 10 after
107 { 107 {
108 if (!RuntimeEnabledFeatures::subresourceIntegrityEnabled()) 108 if (!RuntimeEnabledFeatures::subresourceIntegrityEnabled())
109 return true; 109 return true;
110 110
111 Document& document = element.document(); 111 Document& document = element.document();
112 String attribute = element.fastGetAttribute(HTMLNames::integrityAttr); 112 String attribute = element.fastGetAttribute(HTMLNames::integrityAttr);
113 if (attribute.isEmpty()) 113 if (attribute.isEmpty())
114 return true; 114 return true;
115 115
116 if (!resource.isEligibleForIntegrityCheck(document.securityOrigin())) { 116 if (!resource.isEligibleForIntegrityCheck(document.securityOrigin())) {
117 logErrorToConsole("Subresource Integrity: The resource '" + resourceUrl. elidedString() + "' has an integrity attribute, but the resource requires CORS t o be enabled to check the integrity, and it is not. The resource has been blocke d.", document); 117 logErrorToConsole("Subresource Integrity: The resource '" + resourceUrl. elidedString() + "' has an integrity attribute, but the resource requires the re quest to be CORS enabled to check the integrity, and it is not. The resource has not been blocked, but no integrity check occurred.", document);
118 return false; 118 return true;
119 } 119 }
120 120
121 WTF::Vector<IntegrityMetadata> metadataList; 121 WTF::Vector<IntegrityMetadata> metadataList;
122 IntegrityParseResult integrityParseResult = parseIntegrityAttribute(attribut e, metadataList, document); 122 IntegrityParseResult integrityParseResult = parseIntegrityAttribute(attribut e, metadataList, document);
123 // On failed parsing, there's no need to log an error here, as
124 // parseIntegrityAttribute() will output an appropriate console message.
123 if (integrityParseResult != IntegrityParseValidResult) 125 if (integrityParseResult != IntegrityParseValidResult)
124 return false; 126 return true;
125 127
126 StringUTF8Adaptor normalizedSource(source, StringUTF8Adaptor::Normalize, WTF ::EntitiesForUnencodables); 128 StringUTF8Adaptor normalizedSource(source, StringUTF8Adaptor::Normalize, WTF ::EntitiesForUnencodables);
127 129
128 if (!metadataList.size()) 130 if (!metadataList.size())
129 return true; 131 return true;
130 132
131 HashAlgorithm strongestAlgorithm = HashAlgorithmSha256; 133 HashAlgorithm strongestAlgorithm = HashAlgorithmSha256;
132 for (const IntegrityMetadata& metadata : metadataList) 134 for (const IntegrityMetadata& metadata : metadataList)
133 strongestAlgorithm = getPrioritizedHashFunction(metadata.algorithm, stro ngestAlgorithm); 135 strongestAlgorithm = getPrioritizedHashFunction(metadata.algorithm, stro ngestAlgorithm);
134 136
(...skipping 184 matching lines...) Expand 10 before | Expand all | Expand 10 after
319 metadataList.append(integrityMetadata); 321 metadataList.append(integrityMetadata);
320 } 322 }
321 323
322 if (metadataList.size() == 0 && error) 324 if (metadataList.size() == 0 && error)
323 return IntegrityParseNoValidResult; 325 return IntegrityParseNoValidResult;
324 326
325 return IntegrityParseValidResult; 327 return IntegrityParseValidResult;
326 } 328 }
327 329
328 } // namespace blink 330 } // namespace blink
OLDNEW
« no previous file with comments | « LayoutTests/http/tests/security/subresourceIntegrity/subresource-integrity-unknown-hash-allowed-expected.txt ('k') | Source/core/frame/SubresourceIntegrityTest.cpp » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698