OLD | NEW |
---|---|
1 /* | 1 /* |
2 * Copyright (C) 2011 Google, Inc. All rights reserved. | 2 * Copyright (C) 2011 Google, Inc. All rights reserved. |
3 * | 3 * |
4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
5 * modification, are permitted provided that the following conditions | 5 * modification, are permitted provided that the following conditions |
6 * are met: | 6 * are met: |
7 * 1. Redistributions of source code must retain the above copyright | 7 * 1. Redistributions of source code must retain the above copyright |
8 * notice, this list of conditions and the following disclaimer. | 8 * notice, this list of conditions and the following disclaimer. |
9 * 2. Redistributions in binary form must reproduce the above copyright | 9 * 2. Redistributions in binary form must reproduce the above copyright |
10 * notice, this list of conditions and the following disclaimer in the | 10 * notice, this list of conditions and the following disclaimer in the |
(...skipping 13 matching lines...) Expand all Loading... | |
24 */ | 24 */ |
25 | 25 |
26 #include "core/frame/csp/ContentSecurityPolicy.h" | 26 #include "core/frame/csp/ContentSecurityPolicy.h" |
27 | 27 |
28 #include "bindings/core/v8/ScriptCallStack.h" | 28 #include "bindings/core/v8/ScriptCallStack.h" |
29 #include "bindings/core/v8/ScriptController.h" | 29 #include "bindings/core/v8/ScriptController.h" |
30 #include "core/dom/DOMStringList.h" | 30 #include "core/dom/DOMStringList.h" |
31 #include "core/dom/Document.h" | 31 #include "core/dom/Document.h" |
32 #include "core/dom/SandboxFlags.h" | 32 #include "core/dom/SandboxFlags.h" |
33 #include "core/events/SecurityPolicyViolationEvent.h" | 33 #include "core/events/SecurityPolicyViolationEvent.h" |
34 #include "core/frame/FrameClient.h" | |
34 #include "core/frame/LocalDOMWindow.h" | 35 #include "core/frame/LocalDOMWindow.h" |
35 #include "core/frame/LocalFrame.h" | 36 #include "core/frame/LocalFrame.h" |
36 #include "core/frame/UseCounter.h" | 37 #include "core/frame/UseCounter.h" |
37 #include "core/frame/csp/CSPDirectiveList.h" | 38 #include "core/frame/csp/CSPDirectiveList.h" |
38 #include "core/frame/csp/CSPSource.h" | 39 #include "core/frame/csp/CSPSource.h" |
39 #include "core/frame/csp/CSPSourceList.h" | 40 #include "core/frame/csp/CSPSourceList.h" |
40 #include "core/frame/csp/MediaListDirective.h" | 41 #include "core/frame/csp/MediaListDirective.h" |
41 #include "core/frame/csp/SourceListDirective.h" | 42 #include "core/frame/csp/SourceListDirective.h" |
42 #include "core/inspector/ConsoleMessage.h" | 43 #include "core/inspector/ConsoleMessage.h" |
43 #include "core/inspector/InspectorInstrumentation.h" | 44 #include "core/inspector/InspectorInstrumentation.h" |
44 #include "core/loader/DocumentLoader.h" | 45 #include "core/loader/DocumentLoader.h" |
46 #include "core/loader/FrameLoaderClient.h" | |
45 #include "core/loader/PingLoader.h" | 47 #include "core/loader/PingLoader.h" |
46 #include "platform/JSONValues.h" | 48 #include "platform/JSONValues.h" |
47 #include "platform/ParsingUtilities.h" | 49 #include "platform/ParsingUtilities.h" |
48 #include "platform/RuntimeEnabledFeatures.h" | 50 #include "platform/RuntimeEnabledFeatures.h" |
49 #include "platform/network/ContentSecurityPolicyParsers.h" | 51 #include "platform/network/ContentSecurityPolicyParsers.h" |
50 #include "platform/network/ContentSecurityPolicyResponseHeaders.h" | 52 #include "platform/network/ContentSecurityPolicyResponseHeaders.h" |
51 #include "platform/network/EncodedFormData.h" | 53 #include "platform/network/EncodedFormData.h" |
52 #include "platform/network/ResourceRequest.h" | 54 #include "platform/network/ResourceRequest.h" |
53 #include "platform/network/ResourceResponse.h" | 55 #include "platform/network/ResourceResponse.h" |
54 #include "platform/weborigin/KURL.h" | 56 #include "platform/weborigin/KURL.h" |
(...skipping 95 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
150 , m_insecureRequestsPolicy(SecurityContext::InsecureRequestsDoNotUpgrade) | 152 , m_insecureRequestsPolicy(SecurityContext::InsecureRequestsDoNotUpgrade) |
151 { | 153 { |
152 } | 154 } |
153 | 155 |
154 void ContentSecurityPolicy::bindToExecutionContext(ExecutionContext* executionCo ntext) | 156 void ContentSecurityPolicy::bindToExecutionContext(ExecutionContext* executionCo ntext) |
155 { | 157 { |
156 m_executionContext = executionContext; | 158 m_executionContext = executionContext; |
157 applyPolicySideEffectsToExecutionContext(); | 159 applyPolicySideEffectsToExecutionContext(); |
158 } | 160 } |
159 | 161 |
162 void ContentSecurityPolicy::bindToSecurityOrigin(const SecurityOrigin& securityO rigin) | |
Mike West
2016/05/11 06:21:04
Nit: Now about naming this something like `setupSe
Łukasz Anforowicz
2016/05/11 23:14:48
Good point - this name wasn't quite right. Done.
| |
163 { | |
164 // Ensure that 'self' processes correctly. | |
165 m_selfProtocol = securityOrigin.protocol(); | |
166 m_selfSource = new CSPSource(this, m_selfProtocol, securityOrigin.host(), se curityOrigin.port(), String(), CSPSource::NoWildcard, CSPSource::NoWildcard); | |
167 } | |
168 | |
160 void ContentSecurityPolicy::applyPolicySideEffectsToExecutionContext() | 169 void ContentSecurityPolicy::applyPolicySideEffectsToExecutionContext() |
161 { | 170 { |
162 ASSERT(m_executionContext); | 171 ASSERT(m_executionContext); |
163 ASSERT(getSecurityOrigin()); | 172 |
164 // Ensure that 'self' processes correctly. | 173 SecurityOrigin* securityOrigin = m_executionContext->securityContext().getSe curityOrigin(); |
165 m_selfProtocol = getSecurityOrigin()->protocol(); | 174 ASSERT(securityOrigin); |
166 m_selfSource = new CSPSource(this, m_selfProtocol, getSecurityOrigin()->host (), getSecurityOrigin()->port(), String(), CSPSource::NoWildcard, CSPSource::NoW ildcard); | 175 bindToSecurityOrigin(*securityOrigin); |
167 | 176 |
168 if (didSetReferrerPolicy()) | 177 if (didSetReferrerPolicy()) |
169 m_executionContext->setReferrerPolicy(m_referrerPolicy); | 178 m_executionContext->setReferrerPolicy(m_referrerPolicy); |
170 | 179 |
171 // If we're in a Document, set mixed content checking and sandbox | 180 // If we're in a Document, set mixed content checking and sandbox |
172 // flags, then dump all the parsing error messages, then poke at histograms. | 181 // flags, then dump all the parsing error messages, then poke at histograms. |
173 if (Document* document = this->document()) { | 182 if (Document* document = this->document()) { |
174 if (m_sandboxMask != SandboxNone) { | 183 if (m_sandboxMask != SandboxNone) { |
175 UseCounter::count(document, UseCounter::SandboxViaCSP); | 184 UseCounter::count(document, UseCounter::SandboxViaCSP); |
176 document->enforceSandboxFlags(m_sandboxMask); | 185 document->enforceSandboxFlags(m_sandboxMask); |
177 } | 186 } |
178 if (m_enforceStrictMixedContentChecking) | 187 if (m_enforceStrictMixedContentChecking) |
179 document->enforceStrictMixedContentChecking(); | 188 document->enforceStrictMixedContentChecking(); |
180 if (m_treatAsPublicAddress) | 189 if (m_treatAsPublicAddress) |
181 document->setAddressSpace(WebAddressSpacePublic); | 190 document->setAddressSpace(WebAddressSpacePublic); |
182 if (m_insecureRequestsPolicy == SecurityContext::InsecureRequestsUpgrade ) { | 191 if (m_insecureRequestsPolicy == SecurityContext::InsecureRequestsUpgrade ) { |
183 UseCounter::count(document, UseCounter::UpgradeInsecureRequestsEnabl ed); | 192 UseCounter::count(document, UseCounter::UpgradeInsecureRequestsEnabl ed); |
184 document->setInsecureRequestsPolicy(m_insecureRequestsPolicy); | 193 document->setInsecureRequestsPolicy(m_insecureRequestsPolicy); |
185 if (!getSecurityOrigin()->host().isNull()) | 194 if (!securityOrigin->host().isNull()) |
186 document->addInsecureNavigationUpgrade(getSecurityOrigin()->host ().impl()->hash()); | 195 document->addInsecureNavigationUpgrade(securityOrigin->host().im pl()->hash()); |
187 } | 196 } |
188 | 197 |
189 for (const auto& consoleMessage : m_consoleMessages) | 198 for (const auto& consoleMessage : m_consoleMessages) |
190 m_executionContext->addConsoleMessage(consoleMessage); | 199 m_executionContext->addConsoleMessage(consoleMessage); |
191 m_consoleMessages.clear(); | 200 m_consoleMessages.clear(); |
192 | 201 |
193 for (const auto& policy : m_policies) | 202 for (const auto& policy : m_policies) |
194 UseCounter::count(*document, getUseCounterType(policy->headerType()) ); | 203 UseCounter::count(*document, getUseCounterType(policy->headerType()) ); |
195 | 204 |
196 if (allowDynamic()) | 205 if (allowDynamic()) |
(...skipping 51 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
248 void ContentSecurityPolicy::didReceiveHeader(const String& header, ContentSecuri tyPolicyHeaderType type, ContentSecurityPolicyHeaderSource source) | 257 void ContentSecurityPolicy::didReceiveHeader(const String& header, ContentSecuri tyPolicyHeaderType type, ContentSecurityPolicyHeaderSource source) |
249 { | 258 { |
250 addPolicyFromHeaderValue(header, type, source); | 259 addPolicyFromHeaderValue(header, type, source); |
251 | 260 |
252 // This might be called after we've been bound to an execution context. For example, a <meta> | 261 // This might be called after we've been bound to an execution context. For example, a <meta> |
253 // element might be injected after page load. | 262 // element might be injected after page load. |
254 if (m_executionContext) | 263 if (m_executionContext) |
255 applyPolicySideEffectsToExecutionContext(); | 264 applyPolicySideEffectsToExecutionContext(); |
256 } | 265 } |
257 | 266 |
258 void ContentSecurityPolicy::addPolicyFromHeaderValue(const String& header, Conte ntSecurityPolicyHeaderType type, ContentSecurityPolicyHeaderSource source) | 267 void ContentSecurityPolicy::replicateHeader(const String& header, ContentSecurit yPolicyHeaderType type, ContentSecurityPolicyHeaderSource source) |
268 { | |
269 // Replication should only happen for remote frames. | |
270 ASSERT(!m_executionContext); | |
Mike West
2016/05/11 06:21:04
We create CSP without an execution context for loc
Łukasz Anforowicz
2016/05/11 23:14:48
I've just removed the assert.
| |
271 | |
272 addPolicyFromHeaderValue(header, type, source, false); | |
273 } | |
274 | |
275 void ContentSecurityPolicy::addPolicyFromHeaderValue(const String& header, Conte ntSecurityPolicyHeaderType type, ContentSecurityPolicyHeaderSource source, bool notifyFrameLoaderClient) | |
259 { | 276 { |
260 // If this is a report-only header inside a <meta> element, bail out. | 277 // If this is a report-only header inside a <meta> element, bail out. |
261 if (source == ContentSecurityPolicyHeaderSourceMeta && type == ContentSecuri tyPolicyHeaderTypeReport) { | 278 if (source == ContentSecurityPolicyHeaderSourceMeta && type == ContentSecuri tyPolicyHeaderTypeReport) { |
262 reportReportOnlyInMeta(header); | 279 reportReportOnlyInMeta(header); |
263 return; | 280 return; |
264 } | 281 } |
265 | 282 |
283 // Notify about the new header, so that it can be reported back to the | |
284 // browser process. This is needed in order to: | |
285 // 1) now / short-term: replicate CSP directives (i.e. frame-src) to OOPIFs. | |
286 // 2) not-yet / long-term: CSP can be enforced by the browser. | |
alexmos
2016/05/11 19:46:41
Might be good to add a link to the bug for moving
Łukasz Anforowicz
2016/05/11 23:14:48
Done.
I am having second thoughts about this comm
| |
287 if (notifyFrameLoaderClient && document() && document()->frame()) { | |
288 static_cast<FrameLoaderClient*>(document()->frame()->client()) | |
289 ->didAddContentSecurityPolicy(header, type, source); | |
alexmos
2016/05/11 19:46:41
Does this also work with pending navigations that
Łukasz Anforowicz
2016/05/13 17:29:15
This is a great question - thanks for raising this
Łukasz Anforowicz
2016/05/13 23:31:43
Nick / Charlie - could you please also look at Ale
| |
290 } | |
291 | |
266 Vector<UChar> characters; | 292 Vector<UChar> characters; |
267 header.appendTo(characters); | 293 header.appendTo(characters); |
268 | 294 |
269 const UChar* begin = characters.data(); | 295 const UChar* begin = characters.data(); |
270 const UChar* end = begin + characters.size(); | 296 const UChar* end = begin + characters.size(); |
271 | 297 |
272 // RFC2616, section 4.2 specifies that headers appearing multiple times can | 298 // RFC2616, section 4.2 specifies that headers appearing multiple times can |
273 // be combined with a comma. Walk the header string, and parse each comma | 299 // be combined with a comma. Walk the header string, and parse each comma |
274 // separated chunk as a separate header. | 300 // separated chunk as a separate header. |
275 const UChar* position = begin; | 301 const UChar* position = begin; |
(...skipping 427 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
703 | 729 |
704 bool ContentSecurityPolicy::didSetReferrerPolicy() const | 730 bool ContentSecurityPolicy::didSetReferrerPolicy() const |
705 { | 731 { |
706 for (const auto& policy : m_policies) { | 732 for (const auto& policy : m_policies) { |
707 if (policy->didSetReferrerPolicy()) | 733 if (policy->didSetReferrerPolicy()) |
708 return true; | 734 return true; |
709 } | 735 } |
710 return false; | 736 return false; |
711 } | 737 } |
712 | 738 |
713 SecurityOrigin* ContentSecurityPolicy::getSecurityOrigin() const | |
714 { | |
715 return m_executionContext->securityContext().getSecurityOrigin(); | |
716 } | |
717 | |
718 const KURL ContentSecurityPolicy::url() const | 739 const KURL ContentSecurityPolicy::url() const |
719 { | 740 { |
720 return m_executionContext->contextURL(); | 741 return m_executionContext->contextURL(); |
721 } | 742 } |
722 | 743 |
723 KURL ContentSecurityPolicy::completeURL(const String& url) const | 744 KURL ContentSecurityPolicy::completeURL(const String& url) const |
724 { | 745 { |
725 return m_executionContext->contextCompleteURL(url); | 746 return m_executionContext->contextCompleteURL(url); |
726 } | 747 } |
727 | 748 |
(...skipping 61 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
789 KURL source = KURL(ParsedURLString, stack->topSourceURL()); | 810 KURL source = KURL(ParsedURLString, stack->topSourceURL()); |
790 init.setSourceFile(stripURLForUseInReport(document, source)); | 811 init.setSourceFile(stripURLForUseInReport(document, source)); |
791 init.setLineNumber(stack->topLineNumber()); | 812 init.setLineNumber(stack->topLineNumber()); |
792 init.setColumnNumber(stack->topColumnNumber()); | 813 init.setColumnNumber(stack->topColumnNumber()); |
793 } | 814 } |
794 } | 815 } |
795 | 816 |
796 void ContentSecurityPolicy::reportViolation(const String& directiveText, const S tring& effectiveDirective, const String& consoleMessage, const KURL& blockedURL, const Vector<String>& reportEndpoints, const String& header, ViolationType viol ationType, LocalFrame* contextFrame) | 817 void ContentSecurityPolicy::reportViolation(const String& directiveText, const S tring& effectiveDirective, const String& consoleMessage, const KURL& blockedURL, const Vector<String>& reportEndpoints, const String& header, ViolationType viol ationType, LocalFrame* contextFrame) |
797 { | 818 { |
798 ASSERT(violationType == URLViolation || blockedURL.isEmpty()); | 819 ASSERT(violationType == URLViolation || blockedURL.isEmpty()); |
820 | |
821 // FIXME: Support sending reports from OOPIFs (or move CSP child-src and | |
822 // frame-src checks to the browser). | |
Mike West
2016/05/11 06:21:04
Nit: Prefer `TODO(...)` to FIXME.
Nit: Can you po
Łukasz Anforowicz
2016/05/11 23:14:48
Done.
| |
823 if (!m_executionContext && !contextFrame) { | |
824 ASSERT(equalIgnoringCase(effectiveDirective, ContentSecurityPolicy::Chil dSrc) | |
825 || equalIgnoringCase(effectiveDirective, ContentSecurityPolicy::Fram eSrc)); | |
826 return; | |
827 } | |
828 | |
799 ASSERT((m_executionContext && !contextFrame) || (equalIgnoringCase(effective Directive, ContentSecurityPolicy::FrameAncestors) && contextFrame)); | 829 ASSERT((m_executionContext && !contextFrame) || (equalIgnoringCase(effective Directive, ContentSecurityPolicy::FrameAncestors) && contextFrame)); |
800 | 830 |
801 // FIXME: Support sending reports from worker. | 831 // FIXME: Support sending reports from worker. |
802 Document* document = contextFrame ? contextFrame->document() : this->documen t(); | 832 Document* document = contextFrame ? contextFrame->document() : this->documen t(); |
803 if (!document) | 833 if (!document) |
804 return; | 834 return; |
805 | 835 |
806 LocalFrame* frame = document->frame(); | 836 LocalFrame* frame = document->frame(); |
807 if (!frame) | 837 if (!frame) |
808 return; | 838 return; |
(...skipping 258 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1067 // Collisions have no security impact, so we can save space by storing only the string's hash rather than the whole report. | 1097 // Collisions have no security impact, so we can save space by storing only the string's hash rather than the whole report. |
1068 return !m_violationReportsSent.contains(report.impl()->hash()); | 1098 return !m_violationReportsSent.contains(report.impl()->hash()); |
1069 } | 1099 } |
1070 | 1100 |
1071 void ContentSecurityPolicy::didSendViolationReport(const String& report) | 1101 void ContentSecurityPolicy::didSendViolationReport(const String& report) |
1072 { | 1102 { |
1073 m_violationReportsSent.add(report.impl()->hash()); | 1103 m_violationReportsSent.add(report.impl()->hash()); |
1074 } | 1104 } |
1075 | 1105 |
1076 } // namespace blink | 1106 } // namespace blink |
OLD | NEW |