| Index: third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp
|
| diff --git a/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp b/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp
|
| index 5fc1f26b03d2a81e38c925eed063f05814562469..9124dca4eb42c3e740b9a5983b1ec8e17ecd3fba 100644
|
| --- a/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp
|
| +++ b/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp
|
| @@ -31,6 +31,7 @@
|
| #include "core/dom/Document.h"
|
| #include "core/dom/SandboxFlags.h"
|
| #include "core/events/SecurityPolicyViolationEvent.h"
|
| +#include "core/frame/FrameClient.h"
|
| #include "core/frame/LocalDOMWindow.h"
|
| #include "core/frame/LocalFrame.h"
|
| #include "core/frame/UseCounter.h"
|
| @@ -42,6 +43,7 @@
|
| #include "core/inspector/ConsoleMessage.h"
|
| #include "core/inspector/InspectorInstrumentation.h"
|
| #include "core/loader/DocumentLoader.h"
|
| +#include "core/loader/FrameLoaderClient.h"
|
| #include "core/loader/PingLoader.h"
|
| #include "platform/JSONValues.h"
|
| #include "platform/ParsingUtilities.h"
|
| @@ -157,13 +159,20 @@ void ContentSecurityPolicy::bindToExecutionContext(ExecutionContext* executionCo
|
| applyPolicySideEffectsToExecutionContext();
|
| }
|
|
|
| +void ContentSecurityPolicy::setupSelf(const SecurityOrigin& securityOrigin)
|
| +{
|
| + // Ensure that 'self' processes correctly.
|
| + m_selfProtocol = securityOrigin.protocol();
|
| + m_selfSource = new CSPSource(this, m_selfProtocol, securityOrigin.host(), securityOrigin.port(), String(), CSPSource::NoWildcard, CSPSource::NoWildcard);
|
| +}
|
| +
|
| void ContentSecurityPolicy::applyPolicySideEffectsToExecutionContext()
|
| {
|
| ASSERT(m_executionContext);
|
| - ASSERT(getSecurityOrigin());
|
| - // Ensure that 'self' processes correctly.
|
| - m_selfProtocol = getSecurityOrigin()->protocol();
|
| - m_selfSource = new CSPSource(this, m_selfProtocol, getSecurityOrigin()->host(), getSecurityOrigin()->port(), String(), CSPSource::NoWildcard, CSPSource::NoWildcard);
|
| +
|
| + SecurityOrigin* securityOrigin = m_executionContext->securityContext().getSecurityOrigin();
|
| + DCHECK(securityOrigin);
|
| + setupSelf(*securityOrigin);
|
|
|
| if (didSetReferrerPolicy())
|
| m_executionContext->setReferrerPolicy(m_referrerPolicy);
|
| @@ -182,8 +191,8 @@ void ContentSecurityPolicy::applyPolicySideEffectsToExecutionContext()
|
| if (m_insecureRequestsPolicy == SecurityContext::InsecureRequestsUpgrade) {
|
| UseCounter::count(document, UseCounter::UpgradeInsecureRequestsEnabled);
|
| document->setInsecureRequestsPolicy(m_insecureRequestsPolicy);
|
| - if (!getSecurityOrigin()->host().isNull())
|
| - document->addInsecureNavigationUpgrade(getSecurityOrigin()->host().impl()->hash());
|
| + if (!securityOrigin->host().isNull())
|
| + document->addInsecureNavigationUpgrade(securityOrigin->host().impl()->hash());
|
| }
|
|
|
| for (const auto& consoleMessage : m_consoleMessages)
|
| @@ -255,7 +264,36 @@ void ContentSecurityPolicy::didReceiveHeader(const String& header, ContentSecuri
|
| applyPolicySideEffectsToExecutionContext();
|
| }
|
|
|
| -void ContentSecurityPolicy::addPolicyFromHeaderValue(const String& header, ContentSecurityPolicyHeaderType type, ContentSecurityPolicyHeaderSource source)
|
| +void ContentSecurityPolicy::replicateHeader(const String& header, ContentSecurityPolicyHeaderType type, ContentSecurityPolicyHeaderSource source)
|
| +{
|
| + addPolicyFromHeaderValue(header, type, source, DontNotifyFrameLoaderClient);
|
| +}
|
| +
|
| +void ContentSecurityPolicy::reportAccumulatedHeaders(FrameLoaderClient* client) const
|
| +{
|
| + // Notify the embedder about headers that have accumulated before the
|
| + // navigation got committed. See comments in addPolicyFromHeaderValue for
|
| + // more details and context.
|
| + DCHECK(client);
|
| + for (const auto& policy : m_policies) {
|
| + client->didAddContentSecurityPolicy(
|
| + policy->header(), policy->headerType(), policy->headerSource());
|
| + }
|
| +}
|
| +
|
| +FrameLoaderClient* ContentSecurityPolicy::frameLoaderClient() const
|
| +{
|
| + if (document() && document()->frame()) {
|
| + // The frame will always be a LocalFrame, which means that the client
|
| + // will always be a FrameLoaderClient.
|
| + DCHECK(document()->frame()->isLocalFrame());
|
| + return static_cast<FrameLoaderClient*>(document()->frame()->client());
|
| + }
|
| +
|
| + return nullptr;
|
| +}
|
| +
|
| +void ContentSecurityPolicy::addPolicyFromHeaderValue(const String& header, ContentSecurityPolicyHeaderType type, ContentSecurityPolicyHeaderSource source, FrameLoaderClientNotificationAction notificationAction)
|
| {
|
| // If this is a report-only header inside a <meta> element, bail out.
|
| if (source == ContentSecurityPolicyHeaderSourceMeta && type == ContentSecurityPolicyHeaderTypeReport) {
|
| @@ -263,6 +301,13 @@ void ContentSecurityPolicy::addPolicyFromHeaderValue(const String& header, Conte
|
| return;
|
| }
|
|
|
| + // Notify about the new header, so that it can be reported back to the
|
| + // browser process. This is needed in order to:
|
| + // 1) replicate CSP directives (i.e. frame-src) to OOPIFs (only for now / short-term).
|
| + // 2) enforce CSP in the browser process (not yet / long-term - see https://crbug.com/376522).
|
| + if (notificationAction == NotifyFrameLoaderClient && frameLoaderClient())
|
| + frameLoaderClient()->didAddContentSecurityPolicy(header, type, source);
|
| +
|
| Vector<UChar> characters;
|
| header.appendTo(characters);
|
|
|
| @@ -702,11 +747,6 @@ bool ContentSecurityPolicy::didSetReferrerPolicy() const
|
| return false;
|
| }
|
|
|
| -SecurityOrigin* ContentSecurityPolicy::getSecurityOrigin() const
|
| -{
|
| - return m_executionContext->securityContext().getSecurityOrigin();
|
| -}
|
| -
|
| const KURL ContentSecurityPolicy::url() const
|
| {
|
| return m_executionContext->contextURL();
|
| @@ -788,6 +828,16 @@ static void gatherSecurityPolicyViolationEventData(SecurityPolicyViolationEventI
|
| void ContentSecurityPolicy::reportViolation(const String& directiveText, const String& effectiveDirective, const String& consoleMessage, const KURL& blockedURL, const Vector<String>& reportEndpoints, const String& header, ViolationType violationType, LocalFrame* contextFrame)
|
| {
|
| ASSERT(violationType == URLViolation || blockedURL.isEmpty());
|
| +
|
| + // TODO(lukasza): Support sending reports from OOPIFs - https://crbug.com/611232
|
| + // (or move CSP child-src and frame-src checks to the browser process - see
|
| + // https://crbug.com/376522).
|
| + if (!m_executionContext && !contextFrame) {
|
| + DCHECK(equalIgnoringCase(effectiveDirective, ContentSecurityPolicy::ChildSrc)
|
| + || equalIgnoringCase(effectiveDirective, ContentSecurityPolicy::FrameSrc));
|
| + return;
|
| + }
|
| +
|
| ASSERT((m_executionContext && !contextFrame) || (equalIgnoringCase(effectiveDirective, ContentSecurityPolicy::FrameAncestors) && contextFrame));
|
|
|
| // FIXME: Support sending reports from worker.
|
|
|
Chromium Code Reviews
Issue 1957783002:
Replicate Content-Security-Policy into remote frame proxies. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master