OLD | NEW |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "config.h" | 5 #include "config.h" |
6 #include "core/frame/csp/CSPDirectiveList.h" | 6 #include "core/frame/csp/CSPDirectiveList.h" |
7 | 7 |
8 #include "core/dom/Document.h" | 8 #include "core/dom/Document.h" |
9 #include "core/dom/SecurityContext.h" | 9 #include "core/dom/SecurityContext.h" |
10 #include "core/dom/SpaceSplitString.h" | 10 #include "core/dom/SpaceSplitString.h" |
(...skipping 730 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
741 | 741 |
742 return String(begin, length); | 742 return String(begin, length); |
743 } | 743 } |
744 | 744 |
745 void CSPDirectiveList::addDirective(const String& name, const String& value) | 745 void CSPDirectiveList::addDirective(const String& name, const String& value) |
746 { | 746 { |
747 ASSERT(!name.isEmpty()); | 747 ASSERT(!name.isEmpty()); |
748 | 748 |
749 if (equalIgnoringCase(name, ContentSecurityPolicy::DefaultSrc)) { | 749 if (equalIgnoringCase(name, ContentSecurityPolicy::DefaultSrc)) { |
750 setCSPDirective<SourceListDirective>(name, value, m_defaultSrc); | 750 setCSPDirective<SourceListDirective>(name, value, m_defaultSrc); |
| 751 // TODO(mkwst) It seems unlikely that developers would use different |
| 752 // algorithms for scripts and styles. We may want to combine the |
| 753 // usesScriptHashAlgorithms() and usesStyleHashAlgorithms. |
| 754 m_policy->usesScriptHashAlgorithms(m_defaultSrc->hashAlgorithmsUsed()); |
| 755 m_policy->usesStyleHashAlgorithms(m_defaultSrc->hashAlgorithmsUsed()); |
751 } else if (equalIgnoringCase(name, ContentSecurityPolicy::ScriptSrc)) { | 756 } else if (equalIgnoringCase(name, ContentSecurityPolicy::ScriptSrc)) { |
752 setCSPDirective<SourceListDirective>(name, value, m_scriptSrc); | 757 setCSPDirective<SourceListDirective>(name, value, m_scriptSrc); |
753 m_policy->usesScriptHashAlgorithms(m_scriptSrc->hashAlgorithmsUsed()); | 758 m_policy->usesScriptHashAlgorithms(m_scriptSrc->hashAlgorithmsUsed()); |
754 } else if (equalIgnoringCase(name, ContentSecurityPolicy::ObjectSrc)) { | 759 } else if (equalIgnoringCase(name, ContentSecurityPolicy::ObjectSrc)) { |
755 setCSPDirective<SourceListDirective>(name, value, m_objectSrc); | 760 setCSPDirective<SourceListDirective>(name, value, m_objectSrc); |
756 } else if (equalIgnoringCase(name, ContentSecurityPolicy::FrameAncestors)) { | 761 } else if (equalIgnoringCase(name, ContentSecurityPolicy::FrameAncestors)) { |
757 setCSPDirective<SourceListDirective>(name, value, m_frameAncestors); | 762 setCSPDirective<SourceListDirective>(name, value, m_frameAncestors); |
758 } else if (equalIgnoringCase(name, ContentSecurityPolicy::FrameSrc)) { | 763 } else if (equalIgnoringCase(name, ContentSecurityPolicy::FrameSrc)) { |
759 setCSPDirective<SourceListDirective>(name, value, m_frameSrc); | 764 setCSPDirective<SourceListDirective>(name, value, m_frameSrc); |
760 } else if (equalIgnoringCase(name, ContentSecurityPolicy::ImgSrc)) { | 765 } else if (equalIgnoringCase(name, ContentSecurityPolicy::ImgSrc)) { |
(...skipping 31 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
792 setCSPDirective<SourceListDirective>(name, value, m_manifestSrc); | 797 setCSPDirective<SourceListDirective>(name, value, m_manifestSrc); |
793 } else if (RuntimeEnabledFeatures::suboriginsEnabled() && equalIgnoringCase(
name, ContentSecurityPolicy::Suborigin)) { | 798 } else if (RuntimeEnabledFeatures::suboriginsEnabled() && equalIgnoringCase(
name, ContentSecurityPolicy::Suborigin)) { |
794 applySuboriginPolicy(name, value); | 799 applySuboriginPolicy(name, value); |
795 } else { | 800 } else { |
796 m_policy->reportUnsupportedDirective(name); | 801 m_policy->reportUnsupportedDirective(name); |
797 } | 802 } |
798 } | 803 } |
799 | 804 |
800 | 805 |
801 } // namespace blink | 806 } // namespace blink |
OLD | NEW |