Index: third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp |
diff --git a/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp b/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp |
index 950512fc3bd9385c4a1d926f40470d5a51b68772..a9c76664873b4674660b761ec155825b675088b8 100644 |
--- a/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp |
+++ b/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp |
@@ -31,6 +31,7 @@ |
#include "core/dom/Document.h" |
#include "core/dom/SandboxFlags.h" |
#include "core/events/SecurityPolicyViolationEvent.h" |
+#include "core/frame/FrameClient.h" |
#include "core/frame/LocalDOMWindow.h" |
#include "core/frame/LocalFrame.h" |
#include "core/frame/UseCounter.h" |
@@ -42,6 +43,7 @@ |
#include "core/inspector/ConsoleMessage.h" |
#include "core/inspector/InspectorInstrumentation.h" |
#include "core/loader/DocumentLoader.h" |
+#include "core/loader/FrameLoaderClient.h" |
#include "core/loader/PingLoader.h" |
#include "platform/JSONValues.h" |
#include "platform/ParsingUtilities.h" |
@@ -157,13 +159,20 @@ void ContentSecurityPolicy::bindToExecutionContext(ExecutionContext* executionCo |
applyPolicySideEffectsToExecutionContext(); |
} |
+void ContentSecurityPolicy::bindToSecurityOrigin(const SecurityOrigin& securityOrigin) |
Mike West
2016/05/11 06:21:04
Nit: Now about naming this something like `setupSe
Łukasz Anforowicz
2016/05/11 23:14:48
Good point - this name wasn't quite right. Done.
|
+{ |
+ // Ensure that 'self' processes correctly. |
+ m_selfProtocol = securityOrigin.protocol(); |
+ m_selfSource = new CSPSource(this, m_selfProtocol, securityOrigin.host(), securityOrigin.port(), String(), CSPSource::NoWildcard, CSPSource::NoWildcard); |
+} |
+ |
void ContentSecurityPolicy::applyPolicySideEffectsToExecutionContext() |
{ |
ASSERT(m_executionContext); |
- ASSERT(getSecurityOrigin()); |
- // Ensure that 'self' processes correctly. |
- m_selfProtocol = getSecurityOrigin()->protocol(); |
- m_selfSource = new CSPSource(this, m_selfProtocol, getSecurityOrigin()->host(), getSecurityOrigin()->port(), String(), CSPSource::NoWildcard, CSPSource::NoWildcard); |
+ |
+ SecurityOrigin* securityOrigin = m_executionContext->securityContext().getSecurityOrigin(); |
+ ASSERT(securityOrigin); |
+ bindToSecurityOrigin(*securityOrigin); |
if (didSetReferrerPolicy()) |
m_executionContext->setReferrerPolicy(m_referrerPolicy); |
@@ -182,8 +191,8 @@ void ContentSecurityPolicy::applyPolicySideEffectsToExecutionContext() |
if (m_insecureRequestsPolicy == SecurityContext::InsecureRequestsUpgrade) { |
UseCounter::count(document, UseCounter::UpgradeInsecureRequestsEnabled); |
document->setInsecureRequestsPolicy(m_insecureRequestsPolicy); |
- if (!getSecurityOrigin()->host().isNull()) |
- document->addInsecureNavigationUpgrade(getSecurityOrigin()->host().impl()->hash()); |
+ if (!securityOrigin->host().isNull()) |
+ document->addInsecureNavigationUpgrade(securityOrigin->host().impl()->hash()); |
} |
for (const auto& consoleMessage : m_consoleMessages) |
@@ -255,7 +264,15 @@ void ContentSecurityPolicy::didReceiveHeader(const String& header, ContentSecuri |
applyPolicySideEffectsToExecutionContext(); |
} |
-void ContentSecurityPolicy::addPolicyFromHeaderValue(const String& header, ContentSecurityPolicyHeaderType type, ContentSecurityPolicyHeaderSource source) |
+void ContentSecurityPolicy::replicateHeader(const String& header, ContentSecurityPolicyHeaderType type, ContentSecurityPolicyHeaderSource source) |
+{ |
+ // Replication should only happen for remote frames. |
+ ASSERT(!m_executionContext); |
Mike West
2016/05/11 06:21:04
We create CSP without an execution context for loc
Łukasz Anforowicz
2016/05/11 23:14:48
I've just removed the assert.
|
+ |
+ addPolicyFromHeaderValue(header, type, source, false); |
+} |
+ |
+void ContentSecurityPolicy::addPolicyFromHeaderValue(const String& header, ContentSecurityPolicyHeaderType type, ContentSecurityPolicyHeaderSource source, bool notifyFrameLoaderClient) |
{ |
// If this is a report-only header inside a <meta> element, bail out. |
if (source == ContentSecurityPolicyHeaderSourceMeta && type == ContentSecurityPolicyHeaderTypeReport) { |
@@ -263,6 +280,15 @@ void ContentSecurityPolicy::addPolicyFromHeaderValue(const String& header, Conte |
return; |
} |
+ // Notify about the new header, so that it can be reported back to the |
+ // browser process. This is needed in order to: |
+ // 1) now / short-term: replicate CSP directives (i.e. frame-src) to OOPIFs. |
+ // 2) not-yet / long-term: CSP can be enforced by the browser. |
alexmos
2016/05/11 19:46:41
Might be good to add a link to the bug for moving
Łukasz Anforowicz
2016/05/11 23:14:48
Done.
I am having second thoughts about this comm
|
+ if (notifyFrameLoaderClient && document() && document()->frame()) { |
+ static_cast<FrameLoaderClient*>(document()->frame()->client()) |
+ ->didAddContentSecurityPolicy(header, type, source); |
alexmos
2016/05/11 19:46:41
Does this also work with pending navigations that
Łukasz Anforowicz
2016/05/13 17:29:15
This is a great question - thanks for raising this
Łukasz Anforowicz
2016/05/13 23:31:43
Nick / Charlie - could you please also look at Ale
|
+ } |
+ |
Vector<UChar> characters; |
header.appendTo(characters); |
@@ -710,11 +736,6 @@ bool ContentSecurityPolicy::didSetReferrerPolicy() const |
return false; |
} |
-SecurityOrigin* ContentSecurityPolicy::getSecurityOrigin() const |
-{ |
- return m_executionContext->securityContext().getSecurityOrigin(); |
-} |
- |
const KURL ContentSecurityPolicy::url() const |
{ |
return m_executionContext->contextURL(); |
@@ -796,6 +817,15 @@ static void gatherSecurityPolicyViolationEventData(SecurityPolicyViolationEventI |
void ContentSecurityPolicy::reportViolation(const String& directiveText, const String& effectiveDirective, const String& consoleMessage, const KURL& blockedURL, const Vector<String>& reportEndpoints, const String& header, ViolationType violationType, LocalFrame* contextFrame) |
{ |
ASSERT(violationType == URLViolation || blockedURL.isEmpty()); |
+ |
+ // FIXME: Support sending reports from OOPIFs (or move CSP child-src and |
+ // frame-src checks to the browser). |
Mike West
2016/05/11 06:21:04
Nit: Prefer `TODO(...)` to FIXME.
Nit: Can you po
Łukasz Anforowicz
2016/05/11 23:14:48
Done.
|
+ if (!m_executionContext && !contextFrame) { |
+ ASSERT(equalIgnoringCase(effectiveDirective, ContentSecurityPolicy::ChildSrc) |
+ || equalIgnoringCase(effectiveDirective, ContentSecurityPolicy::FrameSrc)); |
+ return; |
+ } |
+ |
ASSERT((m_executionContext && !contextFrame) || (equalIgnoringCase(effectiveDirective, ContentSecurityPolicy::FrameAncestors) && contextFrame)); |
// FIXME: Support sending reports from worker. |