Chromium Code Reviews Chromium Code Reviews
Issue 1957783002:
Replicate Content-Security-Policy into remote frame proxies. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2011 Google, Inc. All rights reserved. | 2 * Copyright (C) 2011 Google, Inc. All rights reserved. |
| 3 * | 3 * |
| 4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
| 5 * modification, are permitted provided that the following conditions | 5 * modification, are permitted provided that the following conditions |
| 6 * are met: | 6 * are met: |
| 7 * 1. Redistributions of source code must retain the above copyright | 7 * 1. Redistributions of source code must retain the above copyright |
| 8 * notice, this list of conditions and the following disclaimer. | 8 * notice, this list of conditions and the following disclaimer. |
| 9 * 2. Redistributions in binary form must reproduce the above copyright | 9 * 2. Redistributions in binary form must reproduce the above copyright |
| 10 * notice, this list of conditions and the following disclaimer in the | 10 * notice, this list of conditions and the following disclaimer in the |
| (...skipping 13 matching lines...) Expand all Loading... | |
| 24 */ | 24 */ |
| 25 | 25 |
| 26 #include "core/frame/csp/ContentSecurityPolicy.h" | 26 #include "core/frame/csp/ContentSecurityPolicy.h" |
| 27 | 27 |
| 28 #include "bindings/core/v8/ScriptCallStack.h" | 28 #include "bindings/core/v8/ScriptCallStack.h" |
| 29 #include "bindings/core/v8/ScriptController.h" | 29 #include "bindings/core/v8/ScriptController.h" |
| 30 #include "core/dom/DOMStringList.h" | 30 #include "core/dom/DOMStringList.h" |
| 31 #include "core/dom/Document.h" | 31 #include "core/dom/Document.h" |
| 32 #include "core/dom/SandboxFlags.h" | 32 #include "core/dom/SandboxFlags.h" |
| 33 #include "core/events/SecurityPolicyViolationEvent.h" | 33 #include "core/events/SecurityPolicyViolationEvent.h" |
| 34 #include "core/frame/FrameClient.h" | |
| 34 #include "core/frame/LocalDOMWindow.h" | 35 #include "core/frame/LocalDOMWindow.h" |
| 35 #include "core/frame/LocalFrame.h" | 36 #include "core/frame/LocalFrame.h" |
| 36 #include "core/frame/UseCounter.h" | 37 #include "core/frame/UseCounter.h" |
| 37 #include "core/frame/csp/CSPDirectiveList.h" | 38 #include "core/frame/csp/CSPDirectiveList.h" |
| 38 #include "core/frame/csp/CSPSource.h" | 39 #include "core/frame/csp/CSPSource.h" |
| 39 #include "core/frame/csp/CSPSourceList.h" | 40 #include "core/frame/csp/CSPSourceList.h" |
| 40 #include "core/frame/csp/MediaListDirective.h" | 41 #include "core/frame/csp/MediaListDirective.h" |
| 41 #include "core/frame/csp/SourceListDirective.h" | 42 #include "core/frame/csp/SourceListDirective.h" |
| 42 #include "core/inspector/ConsoleMessage.h" | 43 #include "core/inspector/ConsoleMessage.h" |
| 43 #include "core/inspector/InspectorInstrumentation.h" | 44 #include "core/inspector/InspectorInstrumentation.h" |
| 44 #include "core/loader/DocumentLoader.h" | 45 #include "core/loader/DocumentLoader.h" |
| 46 #include "core/loader/FrameLoaderClient.h" | |
| 45 #include "core/loader/PingLoader.h" | 47 #include "core/loader/PingLoader.h" |
| 46 #include "platform/JSONValues.h" | 48 #include "platform/JSONValues.h" |
| 47 #include "platform/ParsingUtilities.h" | 49 #include "platform/ParsingUtilities.h" |
| 48 #include "platform/RuntimeEnabledFeatures.h" | 50 #include "platform/RuntimeEnabledFeatures.h" |
| 49 #include "platform/network/ContentSecurityPolicyParsers.h" | 51 #include "platform/network/ContentSecurityPolicyParsers.h" |
| 50 #include "platform/network/ContentSecurityPolicyResponseHeaders.h" | 52 #include "platform/network/ContentSecurityPolicyResponseHeaders.h" |
| 51 #include "platform/network/EncodedFormData.h" | 53 #include "platform/network/EncodedFormData.h" |
| 52 #include "platform/network/ResourceRequest.h" | 54 #include "platform/network/ResourceRequest.h" |
| 53 #include "platform/network/ResourceResponse.h" | 55 #include "platform/network/ResourceResponse.h" |
| 54 #include "platform/weborigin/KURL.h" | 56 #include "platform/weborigin/KURL.h" |
| (...skipping 95 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 150 , m_insecureRequestsPolicy(SecurityContext::InsecureRequestsDoNotUpgrade) | 152 , m_insecureRequestsPolicy(SecurityContext::InsecureRequestsDoNotUpgrade) |
| 151 { | 153 { |
| 152 } | 154 } |
| 153 | 155 |
| 154 void ContentSecurityPolicy::bindToExecutionContext(ExecutionContext* executionCo ntext) | 156 void ContentSecurityPolicy::bindToExecutionContext(ExecutionContext* executionCo ntext) |
| 155 { | 157 { |
| 156 m_executionContext = executionContext; | 158 m_executionContext = executionContext; |
| 157 applyPolicySideEffectsToExecutionContext(); | 159 applyPolicySideEffectsToExecutionContext(); |
| 158 } | 160 } |
| 159 | 161 |
| 162 void ContentSecurityPolicy::setupSelf(const SecurityOrigin& securityOrigin) | |
| 163 { | |
| 164 // Ensure that 'self' processes correctly. | |
| 165 m_selfProtocol = securityOrigin.protocol(); | |
| 166 m_selfSource = new CSPSource(this, m_selfProtocol, securityOrigin.host(), se curityOrigin.port(), String(), CSPSource::NoWildcard, CSPSource::NoWildcard); | |
| 167 } | |
| 168 | |
| 160 void ContentSecurityPolicy::applyPolicySideEffectsToExecutionContext() | 169 void ContentSecurityPolicy::applyPolicySideEffectsToExecutionContext() |
| 161 { | 170 { |
| 162 ASSERT(m_executionContext); | 171 ASSERT(m_executionContext); |
| 163 ASSERT(getSecurityOrigin()); | 172 |
| 164 // Ensure that 'self' processes correctly. | 173 SecurityOrigin* securityOrigin = m_executionContext->securityContext().getSe curityOrigin(); |
| 165 m_selfProtocol = getSecurityOrigin()->protocol(); | 174 ASSERT(securityOrigin); |
| 166 m_selfSource = new CSPSource(this, m_selfProtocol, getSecurityOrigin()->host (), getSecurityOrigin()->port(), String(), CSPSource::NoWildcard, CSPSource::NoW ildcard); | 175 setupSelf(*securityOrigin); |
| 167 | 176 |
| 168 if (didSetReferrerPolicy()) | 177 if (didSetReferrerPolicy()) |
| 169 m_executionContext->setReferrerPolicy(m_referrerPolicy); | 178 m_executionContext->setReferrerPolicy(m_referrerPolicy); |
| 170 | 179 |
| 171 // If we're in a Document, set mixed content checking and sandbox | 180 // If we're in a Document, set mixed content checking and sandbox |
| 172 // flags, then dump all the parsing error messages, then poke at histograms. | 181 // flags, then dump all the parsing error messages, then poke at histograms. |
| 173 if (Document* document = this->document()) { | 182 if (Document* document = this->document()) { |
| 174 if (m_sandboxMask != SandboxNone) { | 183 if (m_sandboxMask != SandboxNone) { |
| 175 UseCounter::count(document, UseCounter::SandboxViaCSP); | 184 UseCounter::count(document, UseCounter::SandboxViaCSP); |
| 176 document->enforceSandboxFlags(m_sandboxMask); | 185 document->enforceSandboxFlags(m_sandboxMask); |
| 177 } | 186 } |
| 178 if (m_enforceStrictMixedContentChecking) | 187 if (m_enforceStrictMixedContentChecking) |
| 179 document->enforceStrictMixedContentChecking(); | 188 document->enforceStrictMixedContentChecking(); |
| 180 if (m_treatAsPublicAddress) | 189 if (m_treatAsPublicAddress) |
| 181 document->setAddressSpace(WebAddressSpacePublic); | 190 document->setAddressSpace(WebAddressSpacePublic); |
| 182 if (m_insecureRequestsPolicy == SecurityContext::InsecureRequestsUpgrade ) { | 191 if (m_insecureRequestsPolicy == SecurityContext::InsecureRequestsUpgrade ) { |
| 183 UseCounter::count(document, UseCounter::UpgradeInsecureRequestsEnabl ed); | 192 UseCounter::count(document, UseCounter::UpgradeInsecureRequestsEnabl ed); |
| 184 document->setInsecureRequestsPolicy(m_insecureRequestsPolicy); | 193 document->setInsecureRequestsPolicy(m_insecureRequestsPolicy); |
| 185 if (!getSecurityOrigin()->host().isNull()) | 194 if (!securityOrigin->host().isNull()) |
| 186 document->addInsecureNavigationUpgrade(getSecurityOrigin()->host ().impl()->hash()); | 195 document->addInsecureNavigationUpgrade(securityOrigin->host().im pl()->hash()); |
| 187 } | 196 } |
| 188 | 197 |
| 189 for (const auto& consoleMessage : m_consoleMessages) | 198 for (const auto& consoleMessage : m_consoleMessages) |
| 190 m_executionContext->addConsoleMessage(consoleMessage); | 199 m_executionContext->addConsoleMessage(consoleMessage); |
| 191 m_consoleMessages.clear(); | 200 m_consoleMessages.clear(); |
| 192 | 201 |
| 193 for (const auto& policy : m_policies) | 202 for (const auto& policy : m_policies) |
| 194 UseCounter::count(*document, getUseCounterType(policy->headerType()) ); | 203 UseCounter::count(*document, getUseCounterType(policy->headerType()) ); |
| 195 | 204 |
| 196 if (allowDynamic()) | 205 if (allowDynamic()) |
| (...skipping 51 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 248 void ContentSecurityPolicy::didReceiveHeader(const String& header, ContentSecuri tyPolicyHeaderType type, ContentSecurityPolicyHeaderSource source) | 257 void ContentSecurityPolicy::didReceiveHeader(const String& header, ContentSecuri tyPolicyHeaderType type, ContentSecurityPolicyHeaderSource source) |
| 249 { | 258 { |
| 250 addPolicyFromHeaderValue(header, type, source); | 259 addPolicyFromHeaderValue(header, type, source); |
| 251 | 260 |
| 252 // This might be called after we've been bound to an execution context. For example, a <meta> | 261 // This might be called after we've been bound to an execution context. For example, a <meta> |
| 253 // element might be injected after page load. | 262 // element might be injected after page load. |
| 254 if (m_executionContext) | 263 if (m_executionContext) |
| 255 applyPolicySideEffectsToExecutionContext(); | 264 applyPolicySideEffectsToExecutionContext(); |
| 256 } | 265 } |
| 257 | 266 |
| 258 void ContentSecurityPolicy::addPolicyFromHeaderValue(const String& header, Conte ntSecurityPolicyHeaderType type, ContentSecurityPolicyHeaderSource source) | 267 void ContentSecurityPolicy::replicateHeader(const String& header, ContentSecurit yPolicyHeaderType type, ContentSecurityPolicyHeaderSource source) |
| 268 { | |
| 269 addPolicyFromHeaderValue(header, type, source, DontNotifyFrameLoaderClient); | |
| 270 } | |
| 271 | |
| 272 void ContentSecurityPolicy::addPolicyFromHeaderValue(const String& header, Conte ntSecurityPolicyHeaderType type, ContentSecurityPolicyHeaderSource source, Frame LoaderClientNotificationStatus notificationStatus) | |
|
alexmos
2016/05/12 22:37:25
nit: maybe "action" instead of "status"?
Łukasz Anforowicz
2016/05/13 17:29:15
Done.
| |
| 259 { | 273 { |
| 260 // If this is a report-only header inside a <meta> element, bail out. | 274 // If this is a report-only header inside a <meta> element, bail out. |
| 261 if (source == ContentSecurityPolicyHeaderSourceMeta && type == ContentSecuri tyPolicyHeaderTypeReport) { | 275 if (source == ContentSecurityPolicyHeaderSourceMeta && type == ContentSecuri tyPolicyHeaderTypeReport) { |
| 262 reportReportOnlyInMeta(header); | 276 reportReportOnlyInMeta(header); |
| 263 return; | 277 return; |
| 264 } | 278 } |
| 265 | 279 |
| 280 // Notify about the new header, so that it can be reported back to the | |
| 281 // browser process. This is needed in order to: | |
| 282 // 1) replicate CSP directives (i.e. frame-src) to OOPIFs (only for now / sh ort-term). | |
| 283 // 2) enforce CSP in the browser (not yet / long-term - see https://crbug.co m/376522). | |
|
alexmos
2016/05/12 22:37:25
nit: s/browser/browser process/
Łukasz Anforowicz
2016/05/13 17:29:15
Done.
| |
| 284 if (notificationStatus == NotifyFrameLoaderClient && document() && document( )->frame()) { | |
| 285 static_cast<FrameLoaderClient*>(document()->frame()->client()) | |
| 286 ->didAddContentSecurityPolicy(header, type, source); | |
| 287 } | |
| 288 | |
| 266 Vector<UChar> characters; | 289 Vector<UChar> characters; |
| 267 header.appendTo(characters); | 290 header.appendTo(characters); |
| 268 | 291 |
| 269 const UChar* begin = characters.data(); | 292 const UChar* begin = characters.data(); |
| 270 const UChar* end = begin + characters.size(); | 293 const UChar* end = begin + characters.size(); |
| 271 | 294 |
| 272 // RFC2616, section 4.2 specifies that headers appearing multiple times can | 295 // RFC2616, section 4.2 specifies that headers appearing multiple times can |
| 273 // be combined with a comma. Walk the header string, and parse each comma | 296 // be combined with a comma. Walk the header string, and parse each comma |
| 274 // separated chunk as a separate header. | 297 // separated chunk as a separate header. |
| 275 const UChar* position = begin; | 298 const UChar* position = begin; |
| (...skipping 427 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 703 | 726 |
| 704 bool ContentSecurityPolicy::didSetReferrerPolicy() const | 727 bool ContentSecurityPolicy::didSetReferrerPolicy() const |
| 705 { | 728 { |
| 706 for (const auto& policy : m_policies) { | 729 for (const auto& policy : m_policies) { |
| 707 if (policy->didSetReferrerPolicy()) | 730 if (policy->didSetReferrerPolicy()) |
| 708 return true; | 731 return true; |
| 709 } | 732 } |
| 710 return false; | 733 return false; |
| 711 } | 734 } |
| 712 | 735 |
| 713 SecurityOrigin* ContentSecurityPolicy::getSecurityOrigin() const | |
| 714 { | |
| 715 return m_executionContext->securityContext().getSecurityOrigin(); | |
| 716 } | |
| 717 | |
| 718 const KURL ContentSecurityPolicy::url() const | 736 const KURL ContentSecurityPolicy::url() const |
| 719 { | 737 { |
| 720 return m_executionContext->contextURL(); | 738 return m_executionContext->contextURL(); |
| 721 } | 739 } |
| 722 | 740 |
| 723 KURL ContentSecurityPolicy::completeURL(const String& url) const | 741 KURL ContentSecurityPolicy::completeURL(const String& url) const |
| 724 { | 742 { |
| 725 return m_executionContext->contextCompleteURL(url); | 743 return m_executionContext->contextCompleteURL(url); |
| 726 } | 744 } |
| 727 | 745 |
| (...skipping 61 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 789 KURL source = KURL(ParsedURLString, stack->topSourceURL()); | 807 KURL source = KURL(ParsedURLString, stack->topSourceURL()); |
| 790 init.setSourceFile(stripURLForUseInReport(document, source)); | 808 init.setSourceFile(stripURLForUseInReport(document, source)); |
| 791 init.setLineNumber(stack->topLineNumber()); | 809 init.setLineNumber(stack->topLineNumber()); |
| 792 init.setColumnNumber(stack->topColumnNumber()); | 810 init.setColumnNumber(stack->topColumnNumber()); |
| 793 } | 811 } |
| 794 } | 812 } |
| 795 | 813 |
| 796 void ContentSecurityPolicy::reportViolation(const String& directiveText, const S tring& effectiveDirective, const String& consoleMessage, const KURL& blockedURL, const Vector<String>& reportEndpoints, const String& header, ViolationType viol ationType, LocalFrame* contextFrame) | 814 void ContentSecurityPolicy::reportViolation(const String& directiveText, const S tring& effectiveDirective, const String& consoleMessage, const KURL& blockedURL, const Vector<String>& reportEndpoints, const String& header, ViolationType viol ationType, LocalFrame* contextFrame) |
| 797 { | 815 { |
| 798 ASSERT(violationType == URLViolation || blockedURL.isEmpty()); | 816 ASSERT(violationType == URLViolation || blockedURL.isEmpty()); |
| 817 | |
| 818 // TODO(lukasza): Support sending reports from OOPIFs - https://crbug.com/61 1232 | |
| 819 // (or move CSP child-src and frame-src checks to the browser - https://crbu g.com/376522). | |
|
alexmos
2016/05/12 22:37:24
nit: s/browser/browser process/
Łukasz Anforowicz
2016/05/13 17:29:15
Done.
| |
| 820 if (!m_executionContext && !contextFrame) { | |
| 821 ASSERT(equalIgnoringCase(effectiveDirective, ContentSecurityPolicy::Chil dSrc) | |
| 822 || equalIgnoringCase(effectiveDirective, ContentSecurityPolicy::Fram eSrc)); | |
| 823 return; | |
| 824 } | |
| 825 | |
| 799 ASSERT((m_executionContext && !contextFrame) || (equalIgnoringCase(effective Directive, ContentSecurityPolicy::FrameAncestors) && contextFrame)); | 826 ASSERT((m_executionContext && !contextFrame) || (equalIgnoringCase(effective Directive, ContentSecurityPolicy::FrameAncestors) && contextFrame)); |
| 800 | 827 |
| 801 // FIXME: Support sending reports from worker. | 828 // FIXME: Support sending reports from worker. |
| 802 Document* document = contextFrame ? contextFrame->document() : this->documen t(); | 829 Document* document = contextFrame ? contextFrame->document() : this->documen t(); |
| 803 if (!document) | 830 if (!document) |
| 804 return; | 831 return; |
| 805 | 832 |
| 806 LocalFrame* frame = document->frame(); | 833 LocalFrame* frame = document->frame(); |
| 807 if (!frame) | 834 if (!frame) |
| 808 return; | 835 return; |
| (...skipping 258 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1067 // Collisions have no security impact, so we can save space by storing only the string's hash rather than the whole report. | 1094 // Collisions have no security impact, so we can save space by storing only the string's hash rather than the whole report. |
| 1068 return !m_violationReportsSent.contains(report.impl()->hash()); | 1095 return !m_violationReportsSent.contains(report.impl()->hash()); |
| 1069 } | 1096 } |
| 1070 | 1097 |
| 1071 void ContentSecurityPolicy::didSendViolationReport(const String& report) | 1098 void ContentSecurityPolicy::didSendViolationReport(const String& report) |
| 1072 { | 1099 { |
| 1073 m_violationReportsSent.add(report.impl()->hash()); | 1100 m_violationReportsSent.add(report.impl()->hash()); |
| 1074 } | 1101 } |
| 1075 | 1102 |
| 1076 } // namespace blink | 1103 } // namespace blink |
| OLD | NEW |
