OLD | NEW |
---|---|
1 /* | 1 /* |
2 * Copyright (C) 2011 Google, Inc. All rights reserved. | 2 * Copyright (C) 2011 Google, Inc. All rights reserved. |
3 * | 3 * |
4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
5 * modification, are permitted provided that the following conditions | 5 * modification, are permitted provided that the following conditions |
6 * are met: | 6 * are met: |
7 * 1. Redistributions of source code must retain the above copyright | 7 * 1. Redistributions of source code must retain the above copyright |
8 * notice, this list of conditions and the following disclaimer. | 8 * notice, this list of conditions and the following disclaimer. |
9 * 2. Redistributions in binary form must reproduce the above copyright | 9 * 2. Redistributions in binary form must reproduce the above copyright |
10 * notice, this list of conditions and the following disclaimer in the | 10 * notice, this list of conditions and the following disclaimer in the |
(...skipping 13 matching lines...) Expand all Loading... | |
24 */ | 24 */ |
25 | 25 |
26 #include "core/frame/csp/ContentSecurityPolicy.h" | 26 #include "core/frame/csp/ContentSecurityPolicy.h" |
27 | 27 |
28 #include "bindings/core/v8/ScriptCallStack.h" | 28 #include "bindings/core/v8/ScriptCallStack.h" |
29 #include "bindings/core/v8/ScriptController.h" | 29 #include "bindings/core/v8/ScriptController.h" |
30 #include "core/dom/DOMStringList.h" | 30 #include "core/dom/DOMStringList.h" |
31 #include "core/dom/Document.h" | 31 #include "core/dom/Document.h" |
32 #include "core/dom/SandboxFlags.h" | 32 #include "core/dom/SandboxFlags.h" |
33 #include "core/events/SecurityPolicyViolationEvent.h" | 33 #include "core/events/SecurityPolicyViolationEvent.h" |
34 #include "core/frame/FrameClient.h" | |
34 #include "core/frame/LocalDOMWindow.h" | 35 #include "core/frame/LocalDOMWindow.h" |
35 #include "core/frame/LocalFrame.h" | 36 #include "core/frame/LocalFrame.h" |
36 #include "core/frame/UseCounter.h" | 37 #include "core/frame/UseCounter.h" |
37 #include "core/frame/csp/CSPDirectiveList.h" | 38 #include "core/frame/csp/CSPDirectiveList.h" |
38 #include "core/frame/csp/CSPSource.h" | 39 #include "core/frame/csp/CSPSource.h" |
39 #include "core/frame/csp/CSPSourceList.h" | 40 #include "core/frame/csp/CSPSourceList.h" |
40 #include "core/frame/csp/MediaListDirective.h" | 41 #include "core/frame/csp/MediaListDirective.h" |
41 #include "core/frame/csp/SourceListDirective.h" | 42 #include "core/frame/csp/SourceListDirective.h" |
42 #include "core/inspector/ConsoleMessage.h" | 43 #include "core/inspector/ConsoleMessage.h" |
43 #include "core/inspector/InspectorInstrumentation.h" | 44 #include "core/inspector/InspectorInstrumentation.h" |
44 #include "core/loader/DocumentLoader.h" | 45 #include "core/loader/DocumentLoader.h" |
46 #include "core/loader/FrameLoaderClient.h" | |
45 #include "core/loader/PingLoader.h" | 47 #include "core/loader/PingLoader.h" |
46 #include "platform/JSONValues.h" | 48 #include "platform/JSONValues.h" |
47 #include "platform/ParsingUtilities.h" | 49 #include "platform/ParsingUtilities.h" |
48 #include "platform/RuntimeEnabledFeatures.h" | 50 #include "platform/RuntimeEnabledFeatures.h" |
49 #include "platform/network/ContentSecurityPolicyParsers.h" | 51 #include "platform/network/ContentSecurityPolicyParsers.h" |
50 #include "platform/network/ContentSecurityPolicyResponseHeaders.h" | 52 #include "platform/network/ContentSecurityPolicyResponseHeaders.h" |
51 #include "platform/network/EncodedFormData.h" | 53 #include "platform/network/EncodedFormData.h" |
52 #include "platform/network/ResourceRequest.h" | 54 #include "platform/network/ResourceRequest.h" |
53 #include "platform/network/ResourceResponse.h" | 55 #include "platform/network/ResourceResponse.h" |
54 #include "platform/weborigin/KURL.h" | 56 #include "platform/weborigin/KURL.h" |
(...skipping 95 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
150 , m_insecureRequestsPolicy(SecurityContext::InsecureRequestsDoNotUpgrade) | 152 , m_insecureRequestsPolicy(SecurityContext::InsecureRequestsDoNotUpgrade) |
151 { | 153 { |
152 } | 154 } |
153 | 155 |
154 void ContentSecurityPolicy::bindToExecutionContext(ExecutionContext* executionCo ntext) | 156 void ContentSecurityPolicy::bindToExecutionContext(ExecutionContext* executionCo ntext) |
155 { | 157 { |
156 m_executionContext = executionContext; | 158 m_executionContext = executionContext; |
157 applyPolicySideEffectsToExecutionContext(); | 159 applyPolicySideEffectsToExecutionContext(); |
158 } | 160 } |
159 | 161 |
162 void ContentSecurityPolicy::setupSelf(const SecurityOrigin& securityOrigin) | |
163 { | |
164 // Ensure that 'self' processes correctly. | |
165 m_selfProtocol = securityOrigin.protocol(); | |
166 m_selfSource = new CSPSource(this, m_selfProtocol, securityOrigin.host(), se curityOrigin.port(), String(), CSPSource::NoWildcard, CSPSource::NoWildcard); | |
167 } | |
168 | |
160 void ContentSecurityPolicy::applyPolicySideEffectsToExecutionContext() | 169 void ContentSecurityPolicy::applyPolicySideEffectsToExecutionContext() |
161 { | 170 { |
162 ASSERT(m_executionContext); | 171 ASSERT(m_executionContext); |
163 ASSERT(getSecurityOrigin()); | 172 |
164 // Ensure that 'self' processes correctly. | 173 SecurityOrigin* securityOrigin = m_executionContext->securityContext().getSe curityOrigin(); |
165 m_selfProtocol = getSecurityOrigin()->protocol(); | 174 ASSERT(securityOrigin); |
166 m_selfSource = new CSPSource(this, m_selfProtocol, getSecurityOrigin()->host (), getSecurityOrigin()->port(), String(), CSPSource::NoWildcard, CSPSource::NoW ildcard); | 175 setupSelf(*securityOrigin); |
167 | 176 |
168 if (didSetReferrerPolicy()) | 177 if (didSetReferrerPolicy()) |
169 m_executionContext->setReferrerPolicy(m_referrerPolicy); | 178 m_executionContext->setReferrerPolicy(m_referrerPolicy); |
170 | 179 |
171 // If we're in a Document, set mixed content checking and sandbox | 180 // If we're in a Document, set mixed content checking and sandbox |
172 // flags, then dump all the parsing error messages, then poke at histograms. | 181 // flags, then dump all the parsing error messages, then poke at histograms. |
173 if (Document* document = this->document()) { | 182 if (Document* document = this->document()) { |
174 if (m_sandboxMask != SandboxNone) { | 183 if (m_sandboxMask != SandboxNone) { |
175 UseCounter::count(document, UseCounter::SandboxViaCSP); | 184 UseCounter::count(document, UseCounter::SandboxViaCSP); |
176 document->enforceSandboxFlags(m_sandboxMask); | 185 document->enforceSandboxFlags(m_sandboxMask); |
177 } | 186 } |
178 if (m_enforceStrictMixedContentChecking) | 187 if (m_enforceStrictMixedContentChecking) |
179 document->enforceStrictMixedContentChecking(); | 188 document->enforceStrictMixedContentChecking(); |
180 if (m_treatAsPublicAddress) | 189 if (m_treatAsPublicAddress) |
181 document->setAddressSpace(WebAddressSpacePublic); | 190 document->setAddressSpace(WebAddressSpacePublic); |
182 if (m_insecureRequestsPolicy == SecurityContext::InsecureRequestsUpgrade ) { | 191 if (m_insecureRequestsPolicy == SecurityContext::InsecureRequestsUpgrade ) { |
183 UseCounter::count(document, UseCounter::UpgradeInsecureRequestsEnabl ed); | 192 UseCounter::count(document, UseCounter::UpgradeInsecureRequestsEnabl ed); |
184 document->setInsecureRequestsPolicy(m_insecureRequestsPolicy); | 193 document->setInsecureRequestsPolicy(m_insecureRequestsPolicy); |
185 if (!getSecurityOrigin()->host().isNull()) | 194 if (!securityOrigin->host().isNull()) |
186 document->addInsecureNavigationUpgrade(getSecurityOrigin()->host ().impl()->hash()); | 195 document->addInsecureNavigationUpgrade(securityOrigin->host().im pl()->hash()); |
187 } | 196 } |
188 | 197 |
189 for (const auto& consoleMessage : m_consoleMessages) | 198 for (const auto& consoleMessage : m_consoleMessages) |
190 m_executionContext->addConsoleMessage(consoleMessage); | 199 m_executionContext->addConsoleMessage(consoleMessage); |
191 m_consoleMessages.clear(); | 200 m_consoleMessages.clear(); |
192 | 201 |
193 for (const auto& policy : m_policies) | 202 for (const auto& policy : m_policies) |
194 UseCounter::count(*document, getUseCounterType(policy->headerType()) ); | 203 UseCounter::count(*document, getUseCounterType(policy->headerType()) ); |
195 | 204 |
196 if (allowDynamic()) | 205 if (allowDynamic()) |
(...skipping 51 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
248 void ContentSecurityPolicy::didReceiveHeader(const String& header, ContentSecuri tyPolicyHeaderType type, ContentSecurityPolicyHeaderSource source) | 257 void ContentSecurityPolicy::didReceiveHeader(const String& header, ContentSecuri tyPolicyHeaderType type, ContentSecurityPolicyHeaderSource source) |
249 { | 258 { |
250 addPolicyFromHeaderValue(header, type, source); | 259 addPolicyFromHeaderValue(header, type, source); |
251 | 260 |
252 // This might be called after we've been bound to an execution context. For example, a <meta> | 261 // This might be called after we've been bound to an execution context. For example, a <meta> |
253 // element might be injected after page load. | 262 // element might be injected after page load. |
254 if (m_executionContext) | 263 if (m_executionContext) |
255 applyPolicySideEffectsToExecutionContext(); | 264 applyPolicySideEffectsToExecutionContext(); |
256 } | 265 } |
257 | 266 |
258 void ContentSecurityPolicy::addPolicyFromHeaderValue(const String& header, Conte ntSecurityPolicyHeaderType type, ContentSecurityPolicyHeaderSource source) | 267 void ContentSecurityPolicy::replicateHeader(const String& header, ContentSecurit yPolicyHeaderType type, ContentSecurityPolicyHeaderSource source) |
268 { | |
269 addPolicyFromHeaderValue(header, type, source, DontNotifyFrameLoaderClient); | |
270 } | |
271 | |
272 void ContentSecurityPolicy::addPolicyFromHeaderValue(const String& header, Conte ntSecurityPolicyHeaderType type, ContentSecurityPolicyHeaderSource source, Frame LoaderClientNotificationStatus notificationStatus) | |
alexmos
2016/05/12 22:37:25
nit: maybe "action" instead of "status"?
Łukasz Anforowicz
2016/05/13 17:29:15
Done.
| |
259 { | 273 { |
260 // If this is a report-only header inside a <meta> element, bail out. | 274 // If this is a report-only header inside a <meta> element, bail out. |
261 if (source == ContentSecurityPolicyHeaderSourceMeta && type == ContentSecuri tyPolicyHeaderTypeReport) { | 275 if (source == ContentSecurityPolicyHeaderSourceMeta && type == ContentSecuri tyPolicyHeaderTypeReport) { |
262 reportReportOnlyInMeta(header); | 276 reportReportOnlyInMeta(header); |
263 return; | 277 return; |
264 } | 278 } |
265 | 279 |
280 // Notify about the new header, so that it can be reported back to the | |
281 // browser process. This is needed in order to: | |
282 // 1) replicate CSP directives (i.e. frame-src) to OOPIFs (only for now / sh ort-term). | |
283 // 2) enforce CSP in the browser (not yet / long-term - see https://crbug.co m/376522). | |
alexmos
2016/05/12 22:37:25
nit: s/browser/browser process/
Łukasz Anforowicz
2016/05/13 17:29:15
Done.
| |
284 if (notificationStatus == NotifyFrameLoaderClient && document() && document( )->frame()) { | |
285 static_cast<FrameLoaderClient*>(document()->frame()->client()) | |
286 ->didAddContentSecurityPolicy(header, type, source); | |
287 } | |
288 | |
266 Vector<UChar> characters; | 289 Vector<UChar> characters; |
267 header.appendTo(characters); | 290 header.appendTo(characters); |
268 | 291 |
269 const UChar* begin = characters.data(); | 292 const UChar* begin = characters.data(); |
270 const UChar* end = begin + characters.size(); | 293 const UChar* end = begin + characters.size(); |
271 | 294 |
272 // RFC2616, section 4.2 specifies that headers appearing multiple times can | 295 // RFC2616, section 4.2 specifies that headers appearing multiple times can |
273 // be combined with a comma. Walk the header string, and parse each comma | 296 // be combined with a comma. Walk the header string, and parse each comma |
274 // separated chunk as a separate header. | 297 // separated chunk as a separate header. |
275 const UChar* position = begin; | 298 const UChar* position = begin; |
(...skipping 427 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
703 | 726 |
704 bool ContentSecurityPolicy::didSetReferrerPolicy() const | 727 bool ContentSecurityPolicy::didSetReferrerPolicy() const |
705 { | 728 { |
706 for (const auto& policy : m_policies) { | 729 for (const auto& policy : m_policies) { |
707 if (policy->didSetReferrerPolicy()) | 730 if (policy->didSetReferrerPolicy()) |
708 return true; | 731 return true; |
709 } | 732 } |
710 return false; | 733 return false; |
711 } | 734 } |
712 | 735 |
713 SecurityOrigin* ContentSecurityPolicy::getSecurityOrigin() const | |
714 { | |
715 return m_executionContext->securityContext().getSecurityOrigin(); | |
716 } | |
717 | |
718 const KURL ContentSecurityPolicy::url() const | 736 const KURL ContentSecurityPolicy::url() const |
719 { | 737 { |
720 return m_executionContext->contextURL(); | 738 return m_executionContext->contextURL(); |
721 } | 739 } |
722 | 740 |
723 KURL ContentSecurityPolicy::completeURL(const String& url) const | 741 KURL ContentSecurityPolicy::completeURL(const String& url) const |
724 { | 742 { |
725 return m_executionContext->contextCompleteURL(url); | 743 return m_executionContext->contextCompleteURL(url); |
726 } | 744 } |
727 | 745 |
(...skipping 61 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
789 KURL source = KURL(ParsedURLString, stack->topSourceURL()); | 807 KURL source = KURL(ParsedURLString, stack->topSourceURL()); |
790 init.setSourceFile(stripURLForUseInReport(document, source)); | 808 init.setSourceFile(stripURLForUseInReport(document, source)); |
791 init.setLineNumber(stack->topLineNumber()); | 809 init.setLineNumber(stack->topLineNumber()); |
792 init.setColumnNumber(stack->topColumnNumber()); | 810 init.setColumnNumber(stack->topColumnNumber()); |
793 } | 811 } |
794 } | 812 } |
795 | 813 |
796 void ContentSecurityPolicy::reportViolation(const String& directiveText, const S tring& effectiveDirective, const String& consoleMessage, const KURL& blockedURL, const Vector<String>& reportEndpoints, const String& header, ViolationType viol ationType, LocalFrame* contextFrame) | 814 void ContentSecurityPolicy::reportViolation(const String& directiveText, const S tring& effectiveDirective, const String& consoleMessage, const KURL& blockedURL, const Vector<String>& reportEndpoints, const String& header, ViolationType viol ationType, LocalFrame* contextFrame) |
797 { | 815 { |
798 ASSERT(violationType == URLViolation || blockedURL.isEmpty()); | 816 ASSERT(violationType == URLViolation || blockedURL.isEmpty()); |
817 | |
818 // TODO(lukasza): Support sending reports from OOPIFs - https://crbug.com/61 1232 | |
819 // (or move CSP child-src and frame-src checks to the browser - https://crbu g.com/376522). | |
alexmos
2016/05/12 22:37:24
nit: s/browser/browser process/
Łukasz Anforowicz
2016/05/13 17:29:15
Done.
| |
820 if (!m_executionContext && !contextFrame) { | |
821 ASSERT(equalIgnoringCase(effectiveDirective, ContentSecurityPolicy::Chil dSrc) | |
822 || equalIgnoringCase(effectiveDirective, ContentSecurityPolicy::Fram eSrc)); | |
823 return; | |
824 } | |
825 | |
799 ASSERT((m_executionContext && !contextFrame) || (equalIgnoringCase(effective Directive, ContentSecurityPolicy::FrameAncestors) && contextFrame)); | 826 ASSERT((m_executionContext && !contextFrame) || (equalIgnoringCase(effective Directive, ContentSecurityPolicy::FrameAncestors) && contextFrame)); |
800 | 827 |
801 // FIXME: Support sending reports from worker. | 828 // FIXME: Support sending reports from worker. |
802 Document* document = contextFrame ? contextFrame->document() : this->documen t(); | 829 Document* document = contextFrame ? contextFrame->document() : this->documen t(); |
803 if (!document) | 830 if (!document) |
804 return; | 831 return; |
805 | 832 |
806 LocalFrame* frame = document->frame(); | 833 LocalFrame* frame = document->frame(); |
807 if (!frame) | 834 if (!frame) |
808 return; | 835 return; |
(...skipping 258 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1067 // Collisions have no security impact, so we can save space by storing only the string's hash rather than the whole report. | 1094 // Collisions have no security impact, so we can save space by storing only the string's hash rather than the whole report. |
1068 return !m_violationReportsSent.contains(report.impl()->hash()); | 1095 return !m_violationReportsSent.contains(report.impl()->hash()); |
1069 } | 1096 } |
1070 | 1097 |
1071 void ContentSecurityPolicy::didSendViolationReport(const String& report) | 1098 void ContentSecurityPolicy::didSendViolationReport(const String& report) |
1072 { | 1099 { |
1073 m_violationReportsSent.add(report.impl()->hash()); | 1100 m_violationReportsSent.add(report.impl()->hash()); |
1074 } | 1101 } |
1075 | 1102 |
1076 } // namespace blink | 1103 } // namespace blink |
OLD | NEW |