Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(469)

Side by Side Diff: third_party/WebKit/Source/core/dom/RemoteSecurityContext.cpp

Issue 1957783002: Replicate Content-Security-Policy into remote frame proxies. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Addressed CR feedback from dcheng@. Created 4 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "core/dom/RemoteSecurityContext.h" 5 #include "core/dom/RemoteSecurityContext.h"
6 6
7 #include "core/frame/csp/ContentSecurityPolicy.h" 7 #include "core/frame/csp/ContentSecurityPolicy.h"
8 #include "platform/weborigin/SecurityOrigin.h" 8 #include "platform/weborigin/SecurityOrigin.h"
9 #include "wtf/Assertions.h"
9 10
10 namespace blink { 11 namespace blink {
11 12
12 RemoteSecurityContext::RemoteSecurityContext() 13 RemoteSecurityContext::RemoteSecurityContext()
13 : SecurityContext() 14 : SecurityContext()
14 { 15 {
15 // RemoteSecurityContext's origin is expected to stay uninitialized until 16 // RemoteSecurityContext's origin is expected to stay uninitialized until
16 // we set it using replicated origin data from the browser process. 17 // we set it using replicated origin data from the browser process.
17 DCHECK(!getSecurityOrigin()); 18 DCHECK(!getSecurityOrigin());
18 19
19 // CSP will not be replicated for RemoteSecurityContexts, as it is moving 20 // Start with a clean slate.
20 // to the browser process. For now, initialize CSP to a default
21 // locked-down policy.
22 setContentSecurityPolicy(ContentSecurityPolicy::create()); 21 setContentSecurityPolicy(ContentSecurityPolicy::create());
23 22
24 // FIXME: Document::initSecurityContext has a few other things we may 23 // FIXME: Document::initSecurityContext has a few other things we may
25 // eventually want here, such as enforcing a setting to 24 // eventually want here, such as enforcing a setting to
26 // grantUniversalAccess(). 25 // grantUniversalAccess().
27 } 26 }
28 27
29 RemoteSecurityContext* RemoteSecurityContext::create() 28 RemoteSecurityContext* RemoteSecurityContext::create()
30 { 29 {
31 return new RemoteSecurityContext(); 30 return new RemoteSecurityContext();
32 } 31 }
33 32
34 DEFINE_TRACE(RemoteSecurityContext) 33 DEFINE_TRACE(RemoteSecurityContext)
35 { 34 {
36 SecurityContext::trace(visitor); 35 SecurityContext::trace(visitor);
37 } 36 }
38 37
39 void RemoteSecurityContext::setReplicatedOrigin(PassRefPtr<SecurityOrigin> origi n) 38 void RemoteSecurityContext::setReplicatedOrigin(PassRefPtr<SecurityOrigin> origi n)
40 { 39 {
40 DCHECK(origin);
41 setSecurityOrigin(origin); 41 setSecurityOrigin(origin);
42 contentSecurityPolicy()->setupSelf(*getSecurityOrigin());
42 } 43 }
43 44
45 void RemoteSecurityContext::resetReplicatedContentSecurityPolicy()
46 {
47 DCHECK(getSecurityOrigin());
48 setContentSecurityPolicy(ContentSecurityPolicy::create());
49 contentSecurityPolicy()->setupSelf(*getSecurityOrigin());
50 }
44 51
45 } // namespace blink 52 } // namespace blink
OLDNEW
« no previous file with comments | « third_party/WebKit/Source/core/dom/RemoteSecurityContext.h ('k') | third_party/WebKit/Source/core/frame/LocalFrame.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698