Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(26)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/WebKit/Source/core/frame/csp/CSPSource.cpp

Issue 1455973003: CSP: Source expressions can no longer lock sites into insecurity. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 5 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | third_party/WebKit/Source/core/frame/csp/CSPSourceListTest.cpp » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "config.h" 5 #include "config.h"
6 #include "core/frame/csp/CSPSource.h" 6 #include "core/frame/csp/CSPSource.h"
7 7
8 #include "core/frame/UseCounter.h" 8 #include "core/frame/UseCounter.h"
9 #include "core/frame/csp/ContentSecurityPolicy.h" 9 #include "core/frame/csp/ContentSecurityPolicy.h"
10 #include "platform/weborigin/KURL.h" 10 #include "platform/weborigin/KURL.h"
(...skipping 21 matching lines...) Expand all
32 if (isSchemeOnly()) 32 if (isSchemeOnly())
33 return true; 33 return true;
34 bool pathsMatch = (redirectStatus == ContentSecurityPolicy::DidRedirect) || pathMatches(url); 34 bool pathsMatch = (redirectStatus == ContentSecurityPolicy::DidRedirect) || pathMatches(url);
35 return hostMatches(url) && portMatches(url) && pathsMatch; 35 return hostMatches(url) && portMatches(url) && pathsMatch;
36 } 36 }
37 37
38 bool CSPSource::schemeMatches(const KURL& url) const 38 bool CSPSource::schemeMatches(const KURL& url) const
39 { 39 {
40 if (m_scheme.isEmpty()) 40 if (m_scheme.isEmpty())
41 return m_policy->protocolMatchesSelf(url); 41 return m_policy->protocolMatchesSelf(url);
42 if (equalIgnoringCase(m_scheme, "http"))
43 return equalIgnoringCase(url.protocol(), "http") || equalIgnoringCase(ur l.protocol(), "https");
44 if (equalIgnoringCase(m_scheme, "ws"))
45 return equalIgnoringCase(url.protocol(), "ws") || equalIgnoringCase(url. protocol(), "wss");
42 return equalIgnoringCase(url.protocol(), m_scheme); 46 return equalIgnoringCase(url.protocol(), m_scheme);
43 } 47 }
44 48
45 bool CSPSource::hostMatches(const KURL& url) const 49 bool CSPSource::hostMatches(const KURL& url) const
46 { 50 {
47 const String& host = url.host(); 51 const String& host = url.host();
48 Document* document = m_policy->document(); 52 Document* document = m_policy->document();
49 bool match; 53 bool match;
50 54
51 bool equalHosts = equalIgnoringCase(host, m_host); 55 bool equalHosts = equalIgnoringCase(host, m_host);
(...skipping 44 matching lines...) Expand 10 before | Expand all | Expand 10 after
96 100
97 return false; 101 return false;
98 } 102 }
99 103
100 bool CSPSource::isSchemeOnly() const 104 bool CSPSource::isSchemeOnly() const
101 { 105 {
102 return m_host.isEmpty(); 106 return m_host.isEmpty();
103 } 107 }
104 108
105 } // namespace 109 } // namespace
OLDNEW
« no previous file with comments | « no previous file | third_party/WebKit/Source/core/frame/csp/CSPSourceListTest.cpp » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698