OLD | NEW |
---|---|
1 /* | 1 /* |
2 * Copyright (C) 2011 Google, Inc. All rights reserved. | 2 * Copyright (C) 2011 Google, Inc. All rights reserved. |
3 * | 3 * |
4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
5 * modification, are permitted provided that the following conditions | 5 * modification, are permitted provided that the following conditions |
6 * are met: | 6 * are met: |
7 * 1. Redistributions of source code must retain the above copyright | 7 * 1. Redistributions of source code must retain the above copyright |
8 * notice, this list of conditions and the following disclaimer. | 8 * notice, this list of conditions and the following disclaimer. |
9 * 2. Redistributions in binary form must reproduce the above copyright | 9 * 2. Redistributions in binary form must reproduce the above copyright |
10 * notice, this list of conditions and the following disclaimer in the | 10 * notice, this list of conditions and the following disclaimer in the |
(...skipping 13 matching lines...) Expand all Loading... | |
24 */ | 24 */ |
25 | 25 |
26 #include "core/frame/csp/ContentSecurityPolicy.h" | 26 #include "core/frame/csp/ContentSecurityPolicy.h" |
27 | 27 |
28 #include "bindings/core/v8/ScriptCallStack.h" | 28 #include "bindings/core/v8/ScriptCallStack.h" |
29 #include "bindings/core/v8/ScriptController.h" | 29 #include "bindings/core/v8/ScriptController.h" |
30 #include "core/dom/DOMStringList.h" | 30 #include "core/dom/DOMStringList.h" |
31 #include "core/dom/Document.h" | 31 #include "core/dom/Document.h" |
32 #include "core/dom/SandboxFlags.h" | 32 #include "core/dom/SandboxFlags.h" |
33 #include "core/events/SecurityPolicyViolationEvent.h" | 33 #include "core/events/SecurityPolicyViolationEvent.h" |
34 #include "core/frame/FrameClient.h" | |
34 #include "core/frame/LocalDOMWindow.h" | 35 #include "core/frame/LocalDOMWindow.h" |
35 #include "core/frame/LocalFrame.h" | 36 #include "core/frame/LocalFrame.h" |
36 #include "core/frame/UseCounter.h" | 37 #include "core/frame/UseCounter.h" |
37 #include "core/frame/csp/CSPDirectiveList.h" | 38 #include "core/frame/csp/CSPDirectiveList.h" |
38 #include "core/frame/csp/CSPSource.h" | 39 #include "core/frame/csp/CSPSource.h" |
39 #include "core/frame/csp/CSPSourceList.h" | 40 #include "core/frame/csp/CSPSourceList.h" |
40 #include "core/frame/csp/MediaListDirective.h" | 41 #include "core/frame/csp/MediaListDirective.h" |
41 #include "core/frame/csp/SourceListDirective.h" | 42 #include "core/frame/csp/SourceListDirective.h" |
42 #include "core/inspector/ConsoleMessage.h" | 43 #include "core/inspector/ConsoleMessage.h" |
43 #include "core/inspector/InspectorInstrumentation.h" | 44 #include "core/inspector/InspectorInstrumentation.h" |
44 #include "core/loader/DocumentLoader.h" | 45 #include "core/loader/DocumentLoader.h" |
46 #include "core/loader/FrameLoaderClient.h" | |
45 #include "core/loader/PingLoader.h" | 47 #include "core/loader/PingLoader.h" |
46 #include "platform/JSONValues.h" | 48 #include "platform/JSONValues.h" |
47 #include "platform/ParsingUtilities.h" | 49 #include "platform/ParsingUtilities.h" |
48 #include "platform/RuntimeEnabledFeatures.h" | 50 #include "platform/RuntimeEnabledFeatures.h" |
49 #include "platform/network/ContentSecurityPolicyParsers.h" | 51 #include "platform/network/ContentSecurityPolicyParsers.h" |
50 #include "platform/network/ContentSecurityPolicyResponseHeaders.h" | 52 #include "platform/network/ContentSecurityPolicyResponseHeaders.h" |
51 #include "platform/network/EncodedFormData.h" | 53 #include "platform/network/EncodedFormData.h" |
52 #include "platform/network/ResourceRequest.h" | 54 #include "platform/network/ResourceRequest.h" |
53 #include "platform/network/ResourceResponse.h" | 55 #include "platform/network/ResourceResponse.h" |
54 #include "platform/weborigin/KURL.h" | 56 #include "platform/weborigin/KURL.h" |
(...skipping 95 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
150 , m_insecureRequestsPolicy(SecurityContext::InsecureRequestsDoNotUpgrade) | 152 , m_insecureRequestsPolicy(SecurityContext::InsecureRequestsDoNotUpgrade) |
151 { | 153 { |
152 } | 154 } |
153 | 155 |
154 void ContentSecurityPolicy::bindToExecutionContext(ExecutionContext* executionCo ntext) | 156 void ContentSecurityPolicy::bindToExecutionContext(ExecutionContext* executionCo ntext) |
155 { | 157 { |
156 m_executionContext = executionContext; | 158 m_executionContext = executionContext; |
157 applyPolicySideEffectsToExecutionContext(); | 159 applyPolicySideEffectsToExecutionContext(); |
158 } | 160 } |
159 | 161 |
162 void ContentSecurityPolicy::setupSelf(const SecurityOrigin& securityOrigin) | |
163 { | |
164 // Ensure that 'self' processes correctly. | |
165 m_selfProtocol = securityOrigin.protocol(); | |
166 m_selfSource = new CSPSource(this, m_selfProtocol, securityOrigin.host(), se curityOrigin.port(), String(), CSPSource::NoWildcard, CSPSource::NoWildcard); | |
167 } | |
168 | |
160 void ContentSecurityPolicy::applyPolicySideEffectsToExecutionContext() | 169 void ContentSecurityPolicy::applyPolicySideEffectsToExecutionContext() |
161 { | 170 { |
162 ASSERT(m_executionContext); | 171 ASSERT(m_executionContext); |
163 ASSERT(getSecurityOrigin()); | 172 |
164 // Ensure that 'self' processes correctly. | 173 SecurityOrigin* securityOrigin = m_executionContext->securityContext().getSe curityOrigin(); |
165 m_selfProtocol = getSecurityOrigin()->protocol(); | 174 DCHECK(securityOrigin); |
166 m_selfSource = new CSPSource(this, m_selfProtocol, getSecurityOrigin()->host (), getSecurityOrigin()->port(), String(), CSPSource::NoWildcard, CSPSource::NoW ildcard); | 175 setupSelf(*securityOrigin); |
167 | 176 |
168 if (didSetReferrerPolicy()) | 177 if (didSetReferrerPolicy()) |
169 m_executionContext->setReferrerPolicy(m_referrerPolicy); | 178 m_executionContext->setReferrerPolicy(m_referrerPolicy); |
170 | 179 |
171 // If we're in a Document, set mixed content checking and sandbox | 180 // If we're in a Document, set mixed content checking and sandbox |
172 // flags, then dump all the parsing error messages, then poke at histograms. | 181 // flags, then dump all the parsing error messages, then poke at histograms. |
173 if (Document* document = this->document()) { | 182 if (Document* document = this->document()) { |
174 if (m_sandboxMask != SandboxNone) { | 183 if (m_sandboxMask != SandboxNone) { |
175 UseCounter::count(document, UseCounter::SandboxViaCSP); | 184 UseCounter::count(document, UseCounter::SandboxViaCSP); |
176 document->enforceSandboxFlags(m_sandboxMask); | 185 document->enforceSandboxFlags(m_sandboxMask); |
177 } | 186 } |
178 if (m_enforceStrictMixedContentChecking) | 187 if (m_enforceStrictMixedContentChecking) |
179 document->enforceStrictMixedContentChecking(); | 188 document->enforceStrictMixedContentChecking(); |
180 if (m_treatAsPublicAddress) | 189 if (m_treatAsPublicAddress) |
181 document->setAddressSpace(WebAddressSpacePublic); | 190 document->setAddressSpace(WebAddressSpacePublic); |
182 if (m_insecureRequestsPolicy == SecurityContext::InsecureRequestsUpgrade ) { | 191 if (m_insecureRequestsPolicy == SecurityContext::InsecureRequestsUpgrade ) { |
183 UseCounter::count(document, UseCounter::UpgradeInsecureRequestsEnabl ed); | 192 UseCounter::count(document, UseCounter::UpgradeInsecureRequestsEnabl ed); |
184 document->setInsecureRequestsPolicy(m_insecureRequestsPolicy); | 193 document->setInsecureRequestsPolicy(m_insecureRequestsPolicy); |
185 if (!getSecurityOrigin()->host().isNull()) | 194 if (!securityOrigin->host().isNull()) |
186 document->addInsecureNavigationUpgrade(getSecurityOrigin()->host ().impl()->hash()); | 195 document->addInsecureNavigationUpgrade(securityOrigin->host().im pl()->hash()); |
187 } | 196 } |
188 | 197 |
189 for (const auto& consoleMessage : m_consoleMessages) | 198 for (const auto& consoleMessage : m_consoleMessages) |
190 m_executionContext->addConsoleMessage(consoleMessage); | 199 m_executionContext->addConsoleMessage(consoleMessage); |
191 m_consoleMessages.clear(); | 200 m_consoleMessages.clear(); |
192 | 201 |
193 for (const auto& policy : m_policies) | 202 for (const auto& policy : m_policies) |
194 UseCounter::count(*document, getUseCounterType(policy->headerType()) ); | 203 UseCounter::count(*document, getUseCounterType(policy->headerType()) ); |
195 | 204 |
196 if (allowDynamic()) | 205 if (allowDynamic()) |
(...skipping 51 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
248 void ContentSecurityPolicy::didReceiveHeader(const String& header, ContentSecuri tyPolicyHeaderType type, ContentSecurityPolicyHeaderSource source) | 257 void ContentSecurityPolicy::didReceiveHeader(const String& header, ContentSecuri tyPolicyHeaderType type, ContentSecurityPolicyHeaderSource source) |
249 { | 258 { |
250 addPolicyFromHeaderValue(header, type, source); | 259 addPolicyFromHeaderValue(header, type, source); |
251 | 260 |
252 // This might be called after we've been bound to an execution context. For example, a <meta> | 261 // This might be called after we've been bound to an execution context. For example, a <meta> |
253 // element might be injected after page load. | 262 // element might be injected after page load. |
254 if (m_executionContext) | 263 if (m_executionContext) |
255 applyPolicySideEffectsToExecutionContext(); | 264 applyPolicySideEffectsToExecutionContext(); |
256 } | 265 } |
257 | 266 |
258 void ContentSecurityPolicy::addPolicyFromHeaderValue(const String& header, Conte ntSecurityPolicyHeaderType type, ContentSecurityPolicyHeaderSource source) | 267 void ContentSecurityPolicy::replicateHeader(const String& header, ContentSecurit yPolicyHeaderType type, ContentSecurityPolicyHeaderSource source) |
268 { | |
269 addPolicyFromHeaderValue(header, type, source, DontNotifyFrameLoaderClient); | |
270 } | |
271 | |
272 void ContentSecurityPolicy::reportAccumulatedHeaders(FrameLoaderClient* client) const | |
273 { | |
274 // Notify the embedder about headers that have accumulated before the | |
275 // navigation got committed. See comments in addPolicyFromHeaderValue for | |
276 // more details and context. | |
277 DCHECK(client); | |
278 for (const auto& policy : m_policies) { | |
279 client->didAddContentSecurityPolicy( | |
280 policy->header(), policy->headerType(), policy->headerSource()); | |
281 } | |
282 } | |
283 | |
284 FrameLoaderClient* ContentSecurityPolicy::frameLoaderClient() const | |
285 { | |
286 if (document() && document()->frame()) { | |
287 // The frame will always be a LocalFrame, which means that the client | |
288 // will always be a FrameLoaderClient. | |
289 DCHECK(document()->frame()->isLocalFrame()); | |
290 return static_cast<FrameLoaderClient*>(document()->frame()->client()); | |
dcheng
2016/05/17 05:57:15
Just make LocalFrame::client() return a FrameLoade
Łukasz Anforowicz
2016/05/17 17:01:23
Good idea. Done.
| |
291 } | |
292 | |
293 return nullptr; | |
294 } | |
295 | |
296 void ContentSecurityPolicy::addPolicyFromHeaderValue(const String& header, Conte ntSecurityPolicyHeaderType type, ContentSecurityPolicyHeaderSource source, Frame LoaderClientNotificationAction notificationAction) | |
259 { | 297 { |
260 // If this is a report-only header inside a <meta> element, bail out. | 298 // If this is a report-only header inside a <meta> element, bail out. |
261 if (source == ContentSecurityPolicyHeaderSourceMeta && type == ContentSecuri tyPolicyHeaderTypeReport) { | 299 if (source == ContentSecurityPolicyHeaderSourceMeta && type == ContentSecuri tyPolicyHeaderTypeReport) { |
262 reportReportOnlyInMeta(header); | 300 reportReportOnlyInMeta(header); |
263 return; | 301 return; |
264 } | 302 } |
265 | 303 |
304 // Notify about the new header, so that it can be reported back to the | |
305 // browser process. This is needed in order to: | |
306 // 1) replicate CSP directives (i.e. frame-src) to OOPIFs (only for now / sh ort-term). | |
307 // 2) enforce CSP in the browser process (not yet / long-term - see https:// crbug.com/376522). | |
308 if (notificationAction == NotifyFrameLoaderClient && frameLoaderClient()) | |
309 frameLoaderClient()->didAddContentSecurityPolicy(header, type, source); | |
310 | |
266 Vector<UChar> characters; | 311 Vector<UChar> characters; |
267 header.appendTo(characters); | 312 header.appendTo(characters); |
268 | 313 |
269 const UChar* begin = characters.data(); | 314 const UChar* begin = characters.data(); |
270 const UChar* end = begin + characters.size(); | 315 const UChar* end = begin + characters.size(); |
271 | 316 |
272 // RFC2616, section 4.2 specifies that headers appearing multiple times can | 317 // RFC2616, section 4.2 specifies that headers appearing multiple times can |
273 // be combined with a comma. Walk the header string, and parse each comma | 318 // be combined with a comma. Walk the header string, and parse each comma |
274 // separated chunk as a separate header. | 319 // separated chunk as a separate header. |
275 const UChar* position = begin; | 320 const UChar* position = begin; |
(...skipping 419 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
695 | 740 |
696 bool ContentSecurityPolicy::didSetReferrerPolicy() const | 741 bool ContentSecurityPolicy::didSetReferrerPolicy() const |
697 { | 742 { |
698 for (const auto& policy : m_policies) { | 743 for (const auto& policy : m_policies) { |
699 if (policy->didSetReferrerPolicy()) | 744 if (policy->didSetReferrerPolicy()) |
700 return true; | 745 return true; |
701 } | 746 } |
702 return false; | 747 return false; |
703 } | 748 } |
704 | 749 |
705 SecurityOrigin* ContentSecurityPolicy::getSecurityOrigin() const | |
706 { | |
707 return m_executionContext->securityContext().getSecurityOrigin(); | |
708 } | |
709 | |
710 const KURL ContentSecurityPolicy::url() const | 750 const KURL ContentSecurityPolicy::url() const |
711 { | 751 { |
712 return m_executionContext->contextURL(); | 752 return m_executionContext->contextURL(); |
713 } | 753 } |
714 | 754 |
715 KURL ContentSecurityPolicy::completeURL(const String& url) const | 755 KURL ContentSecurityPolicy::completeURL(const String& url) const |
716 { | 756 { |
717 return m_executionContext->contextCompleteURL(url); | 757 return m_executionContext->contextCompleteURL(url); |
718 } | 758 } |
719 | 759 |
(...skipping 61 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
781 KURL source = KURL(ParsedURLString, stack->topSourceURL()); | 821 KURL source = KURL(ParsedURLString, stack->topSourceURL()); |
782 init.setSourceFile(stripURLForUseInReport(document, source)); | 822 init.setSourceFile(stripURLForUseInReport(document, source)); |
783 init.setLineNumber(stack->topLineNumber()); | 823 init.setLineNumber(stack->topLineNumber()); |
784 init.setColumnNumber(stack->topColumnNumber()); | 824 init.setColumnNumber(stack->topColumnNumber()); |
785 } | 825 } |
786 } | 826 } |
787 | 827 |
788 void ContentSecurityPolicy::reportViolation(const String& directiveText, const S tring& effectiveDirective, const String& consoleMessage, const KURL& blockedURL, const Vector<String>& reportEndpoints, const String& header, ViolationType viol ationType, LocalFrame* contextFrame) | 828 void ContentSecurityPolicy::reportViolation(const String& directiveText, const S tring& effectiveDirective, const String& consoleMessage, const KURL& blockedURL, const Vector<String>& reportEndpoints, const String& header, ViolationType viol ationType, LocalFrame* contextFrame) |
789 { | 829 { |
790 ASSERT(violationType == URLViolation || blockedURL.isEmpty()); | 830 ASSERT(violationType == URLViolation || blockedURL.isEmpty()); |
831 | |
832 // TODO(lukasza): Support sending reports from OOPIFs - https://crbug.com/61 1232 | |
833 // (or move CSP child-src and frame-src checks to the browser process - see | |
834 // https://crbug.com/376522). | |
835 if (!m_executionContext && !contextFrame) { | |
836 DCHECK(equalIgnoringCase(effectiveDirective, ContentSecurityPolicy::Chil dSrc) | |
837 || equalIgnoringCase(effectiveDirective, ContentSecurityPolicy::Fram eSrc)); | |
838 return; | |
839 } | |
840 | |
791 ASSERT((m_executionContext && !contextFrame) || (equalIgnoringCase(effective Directive, ContentSecurityPolicy::FrameAncestors) && contextFrame)); | 841 ASSERT((m_executionContext && !contextFrame) || (equalIgnoringCase(effective Directive, ContentSecurityPolicy::FrameAncestors) && contextFrame)); |
792 | 842 |
793 // FIXME: Support sending reports from worker. | 843 // FIXME: Support sending reports from worker. |
794 Document* document = contextFrame ? contextFrame->document() : this->documen t(); | 844 Document* document = contextFrame ? contextFrame->document() : this->documen t(); |
795 if (!document) | 845 if (!document) |
796 return; | 846 return; |
797 | 847 |
798 LocalFrame* frame = document->frame(); | 848 LocalFrame* frame = document->frame(); |
799 if (!frame) | 849 if (!frame) |
800 return; | 850 return; |
(...skipping 258 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1059 // Collisions have no security impact, so we can save space by storing only the string's hash rather than the whole report. | 1109 // Collisions have no security impact, so we can save space by storing only the string's hash rather than the whole report. |
1060 return !m_violationReportsSent.contains(report.impl()->hash()); | 1110 return !m_violationReportsSent.contains(report.impl()->hash()); |
1061 } | 1111 } |
1062 | 1112 |
1063 void ContentSecurityPolicy::didSendViolationReport(const String& report) | 1113 void ContentSecurityPolicy::didSendViolationReport(const String& report) |
1064 { | 1114 { |
1065 m_violationReportsSent.add(report.impl()->hash()); | 1115 m_violationReportsSent.add(report.impl()->hash()); |
1066 } | 1116 } |
1067 | 1117 |
1068 } // namespace blink | 1118 } // namespace blink |
OLD | NEW |