Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(133)

Side by Side Diff: third_party/WebKit/Source/core/dom/RemoteSecurityContext.cpp

Issue 1957783002: Replicate Content-Security-Policy into remote frame proxies. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 4 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "core/dom/RemoteSecurityContext.h" 5 #include "core/dom/RemoteSecurityContext.h"
6 6
7 #include "core/frame/csp/ContentSecurityPolicy.h" 7 #include "core/frame/csp/ContentSecurityPolicy.h"
8 #include "platform/weborigin/SecurityOrigin.h" 8 #include "platform/weborigin/SecurityOrigin.h"
9 9
10 namespace blink { 10 namespace blink {
11 11
12 RemoteSecurityContext::RemoteSecurityContext() 12 RemoteSecurityContext::RemoteSecurityContext()
13 : SecurityContext() 13 : SecurityContext()
14 { 14 {
15 // RemoteSecurityContext's origin is expected to stay uninitialized until 15 // RemoteSecurityContext's origin is expected to stay uninitialized until
16 // we set it using replicated origin data from the browser process. 16 // we set it using replicated origin data from the browser process.
17 DCHECK(!getSecurityOrigin()); 17 DCHECK(!getSecurityOrigin());
18 18
19 // CSP will not be replicated for RemoteSecurityContexts, as it is moving 19 // Start with a clean slate.
20 // to the browser process. For now, initialize CSP to a default 20 resetReplicatedContentSecurityPolicy();
21 // locked-down policy.
22 setContentSecurityPolicy(ContentSecurityPolicy::create());
23 21
24 // FIXME: Document::initSecurityContext has a few other things we may 22 // FIXME: Document::initSecurityContext has a few other things we may
25 // eventually want here, such as enforcing a setting to 23 // eventually want here, such as enforcing a setting to
26 // grantUniversalAccess(). 24 // grantUniversalAccess().
27 } 25 }
28 26
29 RemoteSecurityContext* RemoteSecurityContext::create() 27 RemoteSecurityContext* RemoteSecurityContext::create()
30 { 28 {
31 return new RemoteSecurityContext(); 29 return new RemoteSecurityContext();
32 } 30 }
33 31
34 DEFINE_TRACE(RemoteSecurityContext) 32 DEFINE_TRACE(RemoteSecurityContext)
35 { 33 {
36 SecurityContext::trace(visitor); 34 SecurityContext::trace(visitor);
37 } 35 }
38 36
39 void RemoteSecurityContext::setReplicatedOrigin(PassRefPtr<SecurityOrigin> origi n) 37 void RemoteSecurityContext::setReplicatedOrigin(PassRefPtr<SecurityOrigin> origi n)
40 { 38 {
41 setSecurityOrigin(origin); 39 setSecurityOrigin(origin);
40 if (getSecurityOrigin())
dcheng 2016/05/11 20:15:07 Is this ever actually null? it seems broken if it
Łukasz Anforowicz 2016/05/11 23:14:48 Done.
41 contentSecurityPolicy()->bindToSecurityOrigin(*getSecurityOrigin());
42 } 42 }
43 43
44 void RemoteSecurityContext::resetReplicatedContentSecurityPolicy()
45 {
46 setContentSecurityPolicy(ContentSecurityPolicy::create());
47 if (getSecurityOrigin())
48 contentSecurityPolicy()->bindToSecurityOrigin(*getSecurityOrigin());
49 }
44 50
45 } // namespace blink 51 } // namespace blink
OLDNEW

Powered by Google App Engine
This is Rietveld 408576698