OLD | NEW |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "core/frame/csp/CSPDirectiveList.h" | 5 #include "core/frame/csp/CSPDirectiveList.h" |
6 | 6 |
7 #include "core/dom/Document.h" | 7 #include "core/dom/Document.h" |
8 #include "core/dom/SecurityContext.h" | 8 #include "core/dom/SecurityContext.h" |
9 #include "core/dom/SpaceSplitString.h" | 9 #include "core/dom/SpaceSplitString.h" |
10 #include "core/frame/LocalFrame.h" | 10 #include "core/frame/LocalFrame.h" |
(...skipping 111 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
122 bool CSPDirectiveList::checkNonce(SourceListDirective* directive, const String&
nonce) const | 122 bool CSPDirectiveList::checkNonce(SourceListDirective* directive, const String&
nonce) const |
123 { | 123 { |
124 return !directive || directive->allowNonce(nonce); | 124 return !directive || directive->allowNonce(nonce); |
125 } | 125 } |
126 | 126 |
127 bool CSPDirectiveList::checkHash(SourceListDirective* directive, const CSPHashVa
lue& hashValue) const | 127 bool CSPDirectiveList::checkHash(SourceListDirective* directive, const CSPHashVa
lue& hashValue) const |
128 { | 128 { |
129 return !directive || directive->allowHash(hashValue); | 129 return !directive || directive->allowHash(hashValue); |
130 } | 130 } |
131 | 131 |
| 132 bool CSPDirectiveList::checkDynamic(SourceListDirective* directive) const |
| 133 { |
| 134 return !directive || directive->allowDynamic(); |
| 135 } |
| 136 |
132 bool CSPDirectiveList::checkSource(SourceListDirective* directive, const KURL& u
rl, ContentSecurityPolicy::RedirectStatus redirectStatus) const | 137 bool CSPDirectiveList::checkSource(SourceListDirective* directive, const KURL& u
rl, ContentSecurityPolicy::RedirectStatus redirectStatus) const |
133 { | 138 { |
134 return !directive || directive->allows(url, redirectStatus); | 139 return !directive || directive->allows(url, redirectStatus); |
135 } | 140 } |
136 | 141 |
137 bool CSPDirectiveList::checkAncestors(SourceListDirective* directive, LocalFrame
* frame) const | 142 bool CSPDirectiveList::checkAncestors(SourceListDirective* directive, LocalFrame
* frame) const |
138 { | 143 { |
139 if (!frame || !directive) | 144 if (!frame || !directive) |
140 return true; | 145 return true; |
141 | 146 |
(...skipping 263 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
405 bool CSPDirectiveList::allowScriptHash(const CSPHashValue& hashValue) const | 410 bool CSPDirectiveList::allowScriptHash(const CSPHashValue& hashValue) const |
406 { | 411 { |
407 return checkHash(operativeDirective(m_scriptSrc.get()), hashValue); | 412 return checkHash(operativeDirective(m_scriptSrc.get()), hashValue); |
408 } | 413 } |
409 | 414 |
410 bool CSPDirectiveList::allowStyleHash(const CSPHashValue& hashValue) const | 415 bool CSPDirectiveList::allowStyleHash(const CSPHashValue& hashValue) const |
411 { | 416 { |
412 return checkHash(operativeDirective(m_styleSrc.get()), hashValue); | 417 return checkHash(operativeDirective(m_styleSrc.get()), hashValue); |
413 } | 418 } |
414 | 419 |
| 420 bool CSPDirectiveList::allowDynamic() const |
| 421 { |
| 422 return checkDynamic(operativeDirective(m_scriptSrc.get())); |
| 423 } |
| 424 |
415 const String& CSPDirectiveList::pluginTypesText() const | 425 const String& CSPDirectiveList::pluginTypesText() const |
416 { | 426 { |
417 ASSERT(hasPluginTypes()); | 427 ASSERT(hasPluginTypes()); |
418 return m_pluginTypes->text(); | 428 return m_pluginTypes->text(); |
419 } | 429 } |
420 | 430 |
421 bool CSPDirectiveList::shouldSendCSPHeader(Resource::Type type) const | 431 bool CSPDirectiveList::shouldSendCSPHeader(Resource::Type type) const |
422 { | 432 { |
423 // TODO(mkwst): Revisit this once the CORS prefetch issue with the 'CSP' | 433 // TODO(mkwst): Revisit this once the CORS prefetch issue with the 'CSP' |
424 // header is worked out, one way or another: | 434 // header is worked out, one way or another: |
(...skipping 369 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
794 setCSPDirective<SourceListDirective>(name, value, m_manifestSrc); | 804 setCSPDirective<SourceListDirective>(name, value, m_manifestSrc); |
795 } else if (RuntimeEnabledFeatures::suboriginsEnabled() && equalIgnoringCase(
name, ContentSecurityPolicy::Suborigin)) { | 805 } else if (RuntimeEnabledFeatures::suboriginsEnabled() && equalIgnoringCase(
name, ContentSecurityPolicy::Suborigin)) { |
796 applySuboriginPolicy(name, value); | 806 applySuboriginPolicy(name, value); |
797 } else { | 807 } else { |
798 m_policy->reportUnsupportedDirective(name); | 808 m_policy->reportUnsupportedDirective(name); |
799 } | 809 } |
800 } | 810 } |
801 | 811 |
802 | 812 |
803 } // namespace blink | 813 } // namespace blink |
OLD | NEW |