Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(703)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: Source/core/page/ContentSecurityPolicy.cpp

Issue 14320022: Warn developers about deprecated features only once per page-load. (Closed) Base URL: svn://svn.chromium.org/blink/trunk
Patch Set: Created 7 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « Source/core/page/ContentSecurityPolicy.h ('k') | Source/core/page/DeprecationAgent.h » ('j') | Source/core/page/DeprecationAgent.h » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 2011 Google, Inc. All rights reserved. 2 * Copyright (C) 2011 Google, Inc. All rights reserved.
3 * 3 *
4 * Redistribution and use in source and binary forms, with or without 4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions 5 * modification, are permitted provided that the following conditions
6 * are met: 6 * are met:
7 * 1. Redistributions of source code must retain the above copyright 7 * 1. Redistributions of source code must retain the above copyright
8 * notice, this list of conditions and the following disclaimer. 8 * notice, this list of conditions and the following disclaimer.
9 * 2. Redistributions in binary form must reproduce the above copyright 9 * 2. Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the 10 * notice, this list of conditions and the following disclaimer in the
(...skipping 11 matching lines...) Expand all
22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
23 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 23 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24 */ 24 */
25 25
26 #include "config.h" 26 #include "config.h"
27 #include "ContentSecurityPolicy.h" 27 #include "ContentSecurityPolicy.h"
28 28
29 #include "Console.h" 29 #include "Console.h"
30 #include "DOMStringList.h" 30 #include "DOMStringList.h"
31 #include "Document.h" 31 #include "Document.h"
32 #include "DeprecationAgent.h"
32 #include "UseCounter.h" 33 #include "UseCounter.h"
33 #include "FormData.h" 34 #include "FormData.h"
34 #include "FormDataList.h" 35 #include "FormDataList.h"
35 #include "Frame.h" 36 #include "Frame.h"
36 #include "InspectorInstrumentation.h" 37 #include "InspectorInstrumentation.h"
37 #include "InspectorValues.h" 38 #include "InspectorValues.h"
38 #include "KURL.h" 39 #include "KURL.h"
39 #include "PingLoader.h" 40 #include "PingLoader.h"
40 #include "RuntimeEnabledFeatures.h" 41 #include "RuntimeEnabledFeatures.h"
41 #include "SchemeRegistry.h" 42 #include "SchemeRegistry.h"
(...skipping 1408 matching lines...) Expand 10 before | Expand all | Expand 10 after
1450 { 1451 {
1451 ASSERT(m_policies.isEmpty()); 1452 ASSERT(m_policies.isEmpty());
1452 for (CSPDirectiveListVector::const_iterator iter = other->m_policies.begin() ; iter != other->m_policies.end(); ++iter) 1453 for (CSPDirectiveListVector::const_iterator iter = other->m_policies.begin() ; iter != other->m_policies.end(); ++iter)
1453 didReceiveHeader((*iter)->header(), (*iter)->headerType()); 1454 didReceiveHeader((*iter)->header(), (*iter)->headerType());
1454 } 1455 }
1455 1456
1456 void ContentSecurityPolicy::didReceiveHeader(const String& header, HeaderType ty pe) 1457 void ContentSecurityPolicy::didReceiveHeader(const String& header, HeaderType ty pe)
1457 { 1458 {
1458 if (m_scriptExecutionContext->isDocument()) { 1459 if (m_scriptExecutionContext->isDocument()) {
1459 Document* document = toDocument(m_scriptExecutionContext); 1460 Document* document = toDocument(m_scriptExecutionContext);
1460 if (document->domWindow()) 1461 UseCounter::observe(document, getUseCounterType(type));
1461 UseCounter::observe(document->domWindow(), getUseCounterType(type)); 1462
1463 if (type == PrefixedReport || type == PrefixedEnforce)
1464 DeprecationAgent::notify(document, DeprecationAgent::PrefixedContent SecurityPolicyHeader);
1462 } 1465 }
1463 1466
1464 if (type == PrefixedReport || type == PrefixedEnforce)
1465 reportDeprecatedHeader(type);
1466
1467 // RFC2616, section 4.2 specifies that headers appearing multiple times can 1467 // RFC2616, section 4.2 specifies that headers appearing multiple times can
1468 // be combined with a comma. Walk the header string, and parse each comma 1468 // be combined with a comma. Walk the header string, and parse each comma
1469 // separated chunk as a separate header. 1469 // separated chunk as a separate header.
1470 const UChar* begin = header.characters(); 1470 const UChar* begin = header.characters();
1471 const UChar* position = begin; 1471 const UChar* position = begin;
1472 const UChar* end = begin + header.length(); 1472 const UChar* end = begin + header.length();
1473 while (position < end) { 1473 while (position < end) {
1474 skipUntil(position, end, ','); 1474 skipUntil(position, end, ',');
1475 1475
1476 // header1,header2 OR header1 1476 // header1,header2 OR header1
(...skipping 320 matching lines...) Expand 10 before | Expand all | Expand 10 after
1797 if (equalIgnoringCase(name, allow)) 1797 if (equalIgnoringCase(name, allow))
1798 message = allowMessage; 1798 message = allowMessage;
1799 else if (equalIgnoringCase(name, options)) 1799 else if (equalIgnoringCase(name, options))
1800 message = optionsMessage; 1800 message = optionsMessage;
1801 else if (equalIgnoringCase(name, policyURI)) 1801 else if (equalIgnoringCase(name, policyURI))
1802 message = policyURIMessage; 1802 message = policyURIMessage;
1803 1803
1804 logToConsole(message); 1804 logToConsole(message);
1805 } 1805 }
1806 1806
1807 void ContentSecurityPolicy::reportDeprecatedHeader(HeaderType type) const
1808 {
1809 ASSERT(type == PrefixedEnforce || type == PrefixedReport);
1810 logToConsole(makeString("The '", type == PrefixedEnforce ? "X-WebKit-CSP" : "X-WebKit-CSP-Report-Only", "' header is deprecated. Please consider using the u nprefixed '", type == PrefixedEnforce ? "Content-Security-Policy" : "Content-Sec urity-Policy-Report-Only", "' header instead."));
1811 }
1812
1813 void ContentSecurityPolicy::reportDirectiveAsSourceExpression(const String& dire ctiveName, const String& sourceExpression) const 1807 void ContentSecurityPolicy::reportDirectiveAsSourceExpression(const String& dire ctiveName, const String& sourceExpression) const
1814 { 1808 {
1815 String message = "The Content Security Policy directive '" + directiveName + "' contains '" + sourceExpression + "' as a source expression. Did you mean '" + directiveName + " ...; " + sourceExpression + "...' (note the semicolon)?"; 1809 String message = "The Content Security Policy directive '" + directiveName + "' contains '" + sourceExpression + "' as a source expression. Did you mean '" + directiveName + " ...; " + sourceExpression + "...' (note the semicolon)?";
1816 logToConsole(message); 1810 logToConsole(message);
1817 } 1811 }
1818 1812
1819 void ContentSecurityPolicy::reportDuplicateDirective(const String& name) const 1813 void ContentSecurityPolicy::reportDuplicateDirective(const String& name) const
1820 { 1814 {
1821 String message = makeString("Ignoring duplicate Content-Security-Policy dire ctive '", name, "'.\n"); 1815 String message = makeString("Ignoring duplicate Content-Security-Policy dire ctive '", name, "'.\n");
1822 logToConsole(message); 1816 logToConsole(message);
(...skipping 64 matching lines...) Expand 10 before | Expand all | Expand 10 after
1887 { 1881 {
1888 InspectorInstrumentation::scriptExecutionBlockedByCSP(m_scriptExecutionConte xt, directiveText); 1882 InspectorInstrumentation::scriptExecutionBlockedByCSP(m_scriptExecutionConte xt, directiveText);
1889 } 1883 }
1890 1884
1891 bool ContentSecurityPolicy::experimentalFeaturesEnabled() const 1885 bool ContentSecurityPolicy::experimentalFeaturesEnabled() const
1892 { 1886 {
1893 return RuntimeEnabledFeatures::experimentalContentSecurityPolicyFeaturesEnab led(); 1887 return RuntimeEnabledFeatures::experimentalContentSecurityPolicyFeaturesEnab led();
1894 } 1888 }
1895 1889
1896 } 1890 }
OLDNEW
« no previous file with comments | « Source/core/page/ContentSecurityPolicy.h ('k') | Source/core/page/DeprecationAgent.h » ('j') | Source/core/page/DeprecationAgent.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698