| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "config.h" | 5 #include "config.h" |
| 6 #include "core/frame/csp/CSPDirectiveList.h" | 6 #include "core/frame/csp/CSPDirectiveList.h" |
| 7 | 7 |
| 8 #include "core/dom/Document.h" | 8 #include "core/dom/Document.h" |
| 9 #include "core/dom/SecurityContext.h" | 9 #include "core/dom/SecurityContext.h" |
| 10 #include "core/dom/SpaceSplitString.h" | 10 #include "core/dom/SpaceSplitString.h" |
| (...skipping 14 matching lines...) Expand all Loading... |
| 25 | 25 |
| 26 String getSha256String(const String& content) | 26 String getSha256String(const String& content) |
| 27 { | 27 { |
| 28 DigestValue digest; | 28 DigestValue digest; |
| 29 StringUTF8Adaptor normalizedContent = normalizeSource(content); | 29 StringUTF8Adaptor normalizedContent = normalizeSource(content); |
| 30 bool digestSuccess = computeDigest(HashAlgorithmSha256, normalizedContent.da
ta(), normalizedContent.length(), digest); | 30 bool digestSuccess = computeDigest(HashAlgorithmSha256, normalizedContent.da
ta(), normalizedContent.length(), digest); |
| 31 if (!digestSuccess) { | 31 if (!digestSuccess) { |
| 32 return "sha256-..."; | 32 return "sha256-..."; |
| 33 } | 33 } |
| 34 | 34 |
| 35 // For consistency with Subresource Integrity, we output base64url encoded | 35 return "sha256-" + base64Encode(reinterpret_cast<char*>(digest.data()), dige
st.size(), Base64DoNotInsertLFs); |
| 36 // data in error messages. | |
| 37 return "sha256-" + base64URLEncode(reinterpret_cast<char*>(digest.data()), d
igest.size(), Base64DoNotInsertLFs); | |
| 38 } | 36 } |
| 39 | 37 |
| 40 } | 38 } |
| 41 | 39 |
| 42 CSPDirectiveList::CSPDirectiveList(ContentSecurityPolicy* policy, ContentSecurit
yPolicyHeaderType type, ContentSecurityPolicyHeaderSource source) | 40 CSPDirectiveList::CSPDirectiveList(ContentSecurityPolicy* policy, ContentSecurit
yPolicyHeaderType type, ContentSecurityPolicyHeaderSource source) |
| 43 : m_policy(policy) | 41 : m_policy(policy) |
| 44 , m_headerType(type) | 42 , m_headerType(type) |
| 45 , m_headerSource(source) | 43 , m_headerSource(source) |
| 46 , m_reportOnly(false) | 44 , m_reportOnly(false) |
| 47 , m_hasSandboxPolicy(false) | 45 , m_hasSandboxPolicy(false) |
| (...skipping 746 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 794 setCSPDirective<SourceListDirective>(name, value, m_manifestSrc); | 792 setCSPDirective<SourceListDirective>(name, value, m_manifestSrc); |
| 795 } else if (RuntimeEnabledFeatures::suboriginsEnabled() && equalIgnoringCase(
name, ContentSecurityPolicy::Suborigin)) { | 793 } else if (RuntimeEnabledFeatures::suboriginsEnabled() && equalIgnoringCase(
name, ContentSecurityPolicy::Suborigin)) { |
| 796 applySuboriginPolicy(name, value); | 794 applySuboriginPolicy(name, value); |
| 797 } else { | 795 } else { |
| 798 m_policy->reportUnsupportedDirective(name); | 796 m_policy->reportUnsupportedDirective(name); |
| 799 } | 797 } |
| 800 } | 798 } |
| 801 | 799 |
| 802 | 800 |
| 803 } // namespace blink | 801 } // namespace blink |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1274713004:
Modify SRI and CSP console messages to base64 hashes, not base64url. (Closed)
Base URL: https://chromium.googlesource.com/chromium/blink.git@master