| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2011 Google, Inc. All rights reserved. | 2 * Copyright (C) 2011 Google, Inc. All rights reserved. |
| 3 * | 3 * |
| 4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
| 5 * modification, are permitted provided that the following conditions | 5 * modification, are permitted provided that the following conditions |
| 6 * are met: | 6 * are met: |
| 7 * 1. Redistributions of source code must retain the above copyright | 7 * 1. Redistributions of source code must retain the above copyright |
| 8 * notice, this list of conditions and the following disclaimer. | 8 * notice, this list of conditions and the following disclaimer. |
| 9 * 2. Redistributions in binary form must reproduce the above copyright | 9 * 2. Redistributions in binary form must reproduce the above copyright |
| 10 * notice, this list of conditions and the following disclaimer in the | 10 * notice, this list of conditions and the following disclaimer in the |
| (...skipping 82 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 93 // https://w3c.github.io/webappsec/specs/mixedcontent/#strict-mode | 93 // https://w3c.github.io/webappsec/specs/mixedcontent/#strict-mode |
| 94 const char ContentSecurityPolicy::BlockAllMixedContent[] = "block-all-mixed-cont
ent"; | 94 const char ContentSecurityPolicy::BlockAllMixedContent[] = "block-all-mixed-cont
ent"; |
| 95 | 95 |
| 96 // https://w3c.github.io/webappsec/specs/upgrade/ | 96 // https://w3c.github.io/webappsec/specs/upgrade/ |
| 97 const char ContentSecurityPolicy::UpgradeInsecureRequests[] = "upgrade-insecure-
requests"; | 97 const char ContentSecurityPolicy::UpgradeInsecureRequests[] = "upgrade-insecure-
requests"; |
| 98 | 98 |
| 99 // Suborigin Directive | 99 // Suborigin Directive |
| 100 // https://metromoxie.github.io/webappsec/specs/suborigins/index.html | 100 // https://metromoxie.github.io/webappsec/specs/suborigins/index.html |
| 101 const char ContentSecurityPolicy::Suborigin[] = "suborigin"; | 101 const char ContentSecurityPolicy::Suborigin[] = "suborigin"; |
| 102 | 102 |
| 103 // https://mikewest.github.io/cors-rfc1918/#csp |
| 104 const char ContentSecurityPolicy::TreatAsPublicAddress[] = "treat-as-public-addr
ess"; |
| 105 |
| 103 bool ContentSecurityPolicy::isDirectiveName(const String& name) | 106 bool ContentSecurityPolicy::isDirectiveName(const String& name) |
| 104 { | 107 { |
| 105 return (equalIgnoringCase(name, ConnectSrc) | 108 return (equalIgnoringCase(name, ConnectSrc) |
| 106 || equalIgnoringCase(name, DefaultSrc) | 109 || equalIgnoringCase(name, DefaultSrc) |
| 107 || equalIgnoringCase(name, FontSrc) | 110 || equalIgnoringCase(name, FontSrc) |
| 108 || equalIgnoringCase(name, FrameSrc) | 111 || equalIgnoringCase(name, FrameSrc) |
| 109 || equalIgnoringCase(name, ImgSrc) | 112 || equalIgnoringCase(name, ImgSrc) |
| 110 || equalIgnoringCase(name, MediaSrc) | 113 || equalIgnoringCase(name, MediaSrc) |
| 111 || equalIgnoringCase(name, ObjectSrc) | 114 || equalIgnoringCase(name, ObjectSrc) |
| 112 || equalIgnoringCase(name, ReportURI) | 115 || equalIgnoringCase(name, ReportURI) |
| 113 || equalIgnoringCase(name, Sandbox) | 116 || equalIgnoringCase(name, Sandbox) |
| 114 || equalIgnoringCase(name, Suborigin) | 117 || equalIgnoringCase(name, Suborigin) |
| 115 || equalIgnoringCase(name, ScriptSrc) | 118 || equalIgnoringCase(name, ScriptSrc) |
| 116 || equalIgnoringCase(name, StyleSrc) | 119 || equalIgnoringCase(name, StyleSrc) |
| 117 || equalIgnoringCase(name, BaseURI) | 120 || equalIgnoringCase(name, BaseURI) |
| 118 || equalIgnoringCase(name, ChildSrc) | 121 || equalIgnoringCase(name, ChildSrc) |
| 119 || equalIgnoringCase(name, FormAction) | 122 || equalIgnoringCase(name, FormAction) |
| 120 || equalIgnoringCase(name, FrameAncestors) | 123 || equalIgnoringCase(name, FrameAncestors) |
| 121 || equalIgnoringCase(name, PluginTypes) | 124 || equalIgnoringCase(name, PluginTypes) |
| 122 || equalIgnoringCase(name, ReflectedXSS) | 125 || equalIgnoringCase(name, ReflectedXSS) |
| 123 || equalIgnoringCase(name, Referrer) | 126 || equalIgnoringCase(name, Referrer) |
| 124 || equalIgnoringCase(name, ManifestSrc) | 127 || equalIgnoringCase(name, ManifestSrc) |
| 125 || equalIgnoringCase(name, BlockAllMixedContent) | 128 || equalIgnoringCase(name, BlockAllMixedContent) |
| 126 || equalIgnoringCase(name, UpgradeInsecureRequests)); | 129 || equalIgnoringCase(name, UpgradeInsecureRequests) |
| 130 || equalIgnoringCase(name, TreatAsPublicAddress)); |
| 127 } | 131 } |
| 128 | 132 |
| 129 static UseCounter::Feature getUseCounterType(ContentSecurityPolicyHeaderType typ
e) | 133 static UseCounter::Feature getUseCounterType(ContentSecurityPolicyHeaderType typ
e) |
| 130 { | 134 { |
| 131 switch (type) { | 135 switch (type) { |
| 132 case ContentSecurityPolicyHeaderTypeEnforce: | 136 case ContentSecurityPolicyHeaderTypeEnforce: |
| 133 return UseCounter::ContentSecurityPolicy; | 137 return UseCounter::ContentSecurityPolicy; |
| 134 case ContentSecurityPolicyHeaderTypeReport: | 138 case ContentSecurityPolicyHeaderTypeReport: |
| 135 return UseCounter::ContentSecurityPolicyReportOnly; | 139 return UseCounter::ContentSecurityPolicyReportOnly; |
| 136 } | 140 } |
| 137 ASSERT_NOT_REACHED(); | 141 ASSERT_NOT_REACHED(); |
| 138 return UseCounter::NumberOfFeatures; | 142 return UseCounter::NumberOfFeatures; |
| 139 } | 143 } |
| 140 | 144 |
| 141 ContentSecurityPolicy::ContentSecurityPolicy() | 145 ContentSecurityPolicy::ContentSecurityPolicy() |
| 142 : m_executionContext(nullptr) | 146 : m_executionContext(nullptr) |
| 143 , m_overrideInlineStyleAllowed(false) | 147 , m_overrideInlineStyleAllowed(false) |
| 144 , m_scriptHashAlgorithmsUsed(ContentSecurityPolicyHashAlgorithmNone) | 148 , m_scriptHashAlgorithmsUsed(ContentSecurityPolicyHashAlgorithmNone) |
| 145 , m_styleHashAlgorithmsUsed(ContentSecurityPolicyHashAlgorithmNone) | 149 , m_styleHashAlgorithmsUsed(ContentSecurityPolicyHashAlgorithmNone) |
| 146 , m_sandboxMask(0) | 150 , m_sandboxMask(0) |
| 147 , m_suboriginName(String()) | 151 , m_suboriginName(String()) |
| 148 , m_enforceStrictMixedContentChecking(false) | 152 , m_enforceStrictMixedContentChecking(false) |
| 149 , m_referrerPolicy(ReferrerPolicyDefault) | 153 , m_referrerPolicy(ReferrerPolicyDefault) |
| 154 , m_treatAsPublicAddress(false) |
| 150 , m_insecureRequestsPolicy(SecurityContext::InsecureRequestsDoNotUpgrade) | 155 , m_insecureRequestsPolicy(SecurityContext::InsecureRequestsDoNotUpgrade) |
| 151 { | 156 { |
| 152 } | 157 } |
| 153 | 158 |
| 154 void ContentSecurityPolicy::bindToExecutionContext(ExecutionContext* executionCo
ntext) | 159 void ContentSecurityPolicy::bindToExecutionContext(ExecutionContext* executionCo
ntext) |
| 155 { | 160 { |
| 156 m_executionContext = executionContext; | 161 m_executionContext = executionContext; |
| 157 applyPolicySideEffectsToExecutionContext(); | 162 applyPolicySideEffectsToExecutionContext(); |
| 158 } | 163 } |
| 159 | 164 |
| (...skipping 10 matching lines...) Expand all Loading... |
| 170 | 175 |
| 171 // If we're in a Document, set mixed content checking and sandbox | 176 // If we're in a Document, set mixed content checking and sandbox |
| 172 // flags, then dump all the parsing error messages, then poke at histograms. | 177 // flags, then dump all the parsing error messages, then poke at histograms. |
| 173 if (Document* document = this->document()) { | 178 if (Document* document = this->document()) { |
| 174 if (m_sandboxMask != SandboxNone) { | 179 if (m_sandboxMask != SandboxNone) { |
| 175 UseCounter::count(document, UseCounter::SandboxViaCSP); | 180 UseCounter::count(document, UseCounter::SandboxViaCSP); |
| 176 document->enforceSandboxFlags(m_sandboxMask); | 181 document->enforceSandboxFlags(m_sandboxMask); |
| 177 } | 182 } |
| 178 if (m_enforceStrictMixedContentChecking) | 183 if (m_enforceStrictMixedContentChecking) |
| 179 document->enforceStrictMixedContentChecking(); | 184 document->enforceStrictMixedContentChecking(); |
| 185 if (m_treatAsPublicAddress) |
| 186 document->setHostedInReservedIPRange(false); |
| 180 if (RuntimeEnabledFeatures::suboriginsEnabled()) { | 187 if (RuntimeEnabledFeatures::suboriginsEnabled()) { |
| 181 document->enforceSuborigin(m_suboriginName); | 188 document->enforceSuborigin(m_suboriginName); |
| 182 } | 189 } |
| 183 if (m_insecureRequestsPolicy == SecurityContext::InsecureRequestsUpgrade
) { | 190 if (m_insecureRequestsPolicy == SecurityContext::InsecureRequestsUpgrade
) { |
| 184 UseCounter::count(document, UseCounter::UpgradeInsecureRequestsEnabl
ed); | 191 UseCounter::count(document, UseCounter::UpgradeInsecureRequestsEnabl
ed); |
| 185 document->setInsecureRequestsPolicy(m_insecureRequestsPolicy); | 192 document->setInsecureRequestsPolicy(m_insecureRequestsPolicy); |
| 186 if (!securityOrigin()->host().isNull()) | 193 if (!securityOrigin()->host().isNull()) |
| 187 document->addInsecureNavigationUpgrade(securityOrigin()->host().
impl()->hash()); | 194 document->addInsecureNavigationUpgrade(securityOrigin()->host().
impl()->hash()); |
| 188 } | 195 } |
| 189 | 196 |
| (...skipping 532 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 722 void ContentSecurityPolicy::enforceSandboxFlags(SandboxFlags mask) | 729 void ContentSecurityPolicy::enforceSandboxFlags(SandboxFlags mask) |
| 723 { | 730 { |
| 724 m_sandboxMask |= mask; | 731 m_sandboxMask |= mask; |
| 725 } | 732 } |
| 726 | 733 |
| 727 void ContentSecurityPolicy::enforceStrictMixedContentChecking() | 734 void ContentSecurityPolicy::enforceStrictMixedContentChecking() |
| 728 { | 735 { |
| 729 m_enforceStrictMixedContentChecking = true; | 736 m_enforceStrictMixedContentChecking = true; |
| 730 } | 737 } |
| 731 | 738 |
| 739 void ContentSecurityPolicy::treatAsPublicAddress() |
| 740 { |
| 741 if (!RuntimeEnabledFeatures::corsRFC1918Enabled()) |
| 742 return; |
| 743 m_treatAsPublicAddress = true; |
| 744 } |
| 745 |
| 732 void ContentSecurityPolicy::setInsecureRequestsPolicy(SecurityContext::InsecureR
equestsPolicy policy) | 746 void ContentSecurityPolicy::setInsecureRequestsPolicy(SecurityContext::InsecureR
equestsPolicy policy) |
| 733 { | 747 { |
| 734 if (policy > m_insecureRequestsPolicy) | 748 if (policy > m_insecureRequestsPolicy) |
| 735 m_insecureRequestsPolicy = policy; | 749 m_insecureRequestsPolicy = policy; |
| 736 } | 750 } |
| 737 | 751 |
| 738 void ContentSecurityPolicy::enforceSuborigin(const String& name) | 752 void ContentSecurityPolicy::enforceSuborigin(const String& name) |
| 739 { | 753 { |
| 740 m_suboriginName = name; | 754 m_suboriginName = name; |
| 741 } | 755 } |
| (...skipping 347 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1089 // Collisions have no security impact, so we can save space by storing only
the string's hash rather than the whole report. | 1103 // Collisions have no security impact, so we can save space by storing only
the string's hash rather than the whole report. |
| 1090 return !m_violationReportsSent.contains(report.impl()->hash()); | 1104 return !m_violationReportsSent.contains(report.impl()->hash()); |
| 1091 } | 1105 } |
| 1092 | 1106 |
| 1093 void ContentSecurityPolicy::didSendViolationReport(const String& report) | 1107 void ContentSecurityPolicy::didSendViolationReport(const String& report) |
| 1094 { | 1108 { |
| 1095 m_violationReportsSent.add(report.impl()->hash()); | 1109 m_violationReportsSent.add(report.impl()->hash()); |
| 1096 } | 1110 } |
| 1097 | 1111 |
| 1098 } // namespace blink | 1112 } // namespace blink |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1747263002:
CORS-RFC1918: Introduce 'treat-as-public-address' CSP directive (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@iprange