OLD | NEW |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "config.h" | 5 #include "config.h" |
6 #include "core/frame/csp/CSPSource.h" | 6 #include "core/frame/csp/CSPSource.h" |
7 | 7 |
| 8 #include "core/frame/UseCounter.h" |
8 #include "core/frame/csp/ContentSecurityPolicy.h" | 9 #include "core/frame/csp/ContentSecurityPolicy.h" |
9 #include "platform/weborigin/KURL.h" | 10 #include "platform/weborigin/KURL.h" |
10 #include "platform/weborigin/KnownPorts.h" | 11 #include "platform/weborigin/KnownPorts.h" |
11 #include "platform/weborigin/SecurityOrigin.h" | 12 #include "platform/weborigin/SecurityOrigin.h" |
12 #include "wtf/text/WTFString.h" | 13 #include "wtf/text/WTFString.h" |
13 | 14 |
14 namespace blink { | 15 namespace blink { |
15 | 16 |
16 CSPSource::CSPSource(ContentSecurityPolicy* policy, const String& scheme, const
String& host, int port, const String& path, WildcardDisposition hostWildcard, Wi
ldcardDisposition portWildcard) | 17 CSPSource::CSPSource(ContentSecurityPolicy* policy, const String& scheme, const
String& host, int port, const String& path, WildcardDisposition hostWildcard, Wi
ldcardDisposition portWildcard) |
17 : m_policy(policy) | 18 : m_policy(policy) |
(...skipping 19 matching lines...) Expand all Loading... |
37 bool CSPSource::schemeMatches(const KURL& url) const | 38 bool CSPSource::schemeMatches(const KURL& url) const |
38 { | 39 { |
39 if (m_scheme.isEmpty()) | 40 if (m_scheme.isEmpty()) |
40 return m_policy->protocolMatchesSelf(url); | 41 return m_policy->protocolMatchesSelf(url); |
41 return equalIgnoringCase(url.protocol(), m_scheme); | 42 return equalIgnoringCase(url.protocol(), m_scheme); |
42 } | 43 } |
43 | 44 |
44 bool CSPSource::hostMatches(const KURL& url) const | 45 bool CSPSource::hostMatches(const KURL& url) const |
45 { | 46 { |
46 const String& host = url.host(); | 47 const String& host = url.host(); |
47 if (equalIgnoringCase(host, m_host)) | 48 Document* document = m_policy->document(); |
48 return true; | 49 bool match; |
49 return m_hostWildcard == HasWildcard && host.endsWith("." + m_host, TextCase
Insensitive); | |
50 | 50 |
| 51 bool equalHosts = equalIgnoringCase(host, m_host); |
| 52 if (m_hostWildcard == HasWildcard) { |
| 53 match = host.endsWith("." + m_host, TextCaseInsensitive); |
| 54 |
| 55 // Chrome used to, incorrectly, match *.x.y to x.y. This was fixed, but |
| 56 // the following count measures when a match fails that would have |
| 57 // passed the old, incorrect style, in case a lot of sites were |
| 58 // relying on that behavior. |
| 59 if (document && equalHosts) |
| 60 UseCounter::count(*document, UseCounter::CSPSourceWildcardWouldMatch
ExactHost); |
| 61 } else { |
| 62 match = equalHosts; |
| 63 } |
| 64 |
| 65 return match; |
51 } | 66 } |
52 | 67 |
53 bool CSPSource::pathMatches(const KURL& url) const | 68 bool CSPSource::pathMatches(const KURL& url) const |
54 { | 69 { |
55 if (m_path.isEmpty()) | 70 if (m_path.isEmpty()) |
56 return true; | 71 return true; |
57 | 72 |
58 String path = decodeURLEscapeSequences(url.path()); | 73 String path = decodeURLEscapeSequences(url.path()); |
59 | 74 |
60 if (m_path.endsWith("/")) | 75 if (m_path.endsWith("/")) |
(...skipping 20 matching lines...) Expand all Loading... |
81 | 96 |
82 return false; | 97 return false; |
83 } | 98 } |
84 | 99 |
85 bool CSPSource::isSchemeOnly() const | 100 bool CSPSource::isSchemeOnly() const |
86 { | 101 { |
87 return m_host.isEmpty(); | 102 return m_host.isEmpty(); |
88 } | 103 } |
89 | 104 |
90 } // namespace | 105 } // namespace |
OLD | NEW |