Chromium Code Reviews Chromium Code Reviews
Issue 1957783002:
Replicate Content-Security-Policy into remote frame proxies. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| Index: third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp |
| diff --git a/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp b/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp |
| index 5fc1f26b03d2a81e38c925eed063f05814562469..9124dca4eb42c3e740b9a5983b1ec8e17ecd3fba 100644 |
| --- a/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp |
| +++ b/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp |
| @@ -31,6 +31,7 @@ |
| #include "core/dom/Document.h" |
| #include "core/dom/SandboxFlags.h" |
| #include "core/events/SecurityPolicyViolationEvent.h" |
| +#include "core/frame/FrameClient.h" |
| #include "core/frame/LocalDOMWindow.h" |
| #include "core/frame/LocalFrame.h" |
| #include "core/frame/UseCounter.h" |
| @@ -42,6 +43,7 @@ |
| #include "core/inspector/ConsoleMessage.h" |
| #include "core/inspector/InspectorInstrumentation.h" |
| #include "core/loader/DocumentLoader.h" |
| +#include "core/loader/FrameLoaderClient.h" |
| #include "core/loader/PingLoader.h" |
| #include "platform/JSONValues.h" |
| #include "platform/ParsingUtilities.h" |
| @@ -157,13 +159,20 @@ void ContentSecurityPolicy::bindToExecutionContext(ExecutionContext* executionCo |
| applyPolicySideEffectsToExecutionContext(); |
| } |
| +void ContentSecurityPolicy::setupSelf(const SecurityOrigin& securityOrigin) |
| +{ |
| + // Ensure that 'self' processes correctly. |
| + m_selfProtocol = securityOrigin.protocol(); |
| + m_selfSource = new CSPSource(this, m_selfProtocol, securityOrigin.host(), securityOrigin.port(), String(), CSPSource::NoWildcard, CSPSource::NoWildcard); |
| +} |
| + |
| void ContentSecurityPolicy::applyPolicySideEffectsToExecutionContext() |
| { |
| ASSERT(m_executionContext); |
| - ASSERT(getSecurityOrigin()); |
| - // Ensure that 'self' processes correctly. |
| - m_selfProtocol = getSecurityOrigin()->protocol(); |
| - m_selfSource = new CSPSource(this, m_selfProtocol, getSecurityOrigin()->host(), getSecurityOrigin()->port(), String(), CSPSource::NoWildcard, CSPSource::NoWildcard); |
| + |
| + SecurityOrigin* securityOrigin = m_executionContext->securityContext().getSecurityOrigin(); |
| + DCHECK(securityOrigin); |
| + setupSelf(*securityOrigin); |
| if (didSetReferrerPolicy()) |
| m_executionContext->setReferrerPolicy(m_referrerPolicy); |
| @@ -182,8 +191,8 @@ void ContentSecurityPolicy::applyPolicySideEffectsToExecutionContext() |
| if (m_insecureRequestsPolicy == SecurityContext::InsecureRequestsUpgrade) { |
| UseCounter::count(document, UseCounter::UpgradeInsecureRequestsEnabled); |
| document->setInsecureRequestsPolicy(m_insecureRequestsPolicy); |
| - if (!getSecurityOrigin()->host().isNull()) |
| - document->addInsecureNavigationUpgrade(getSecurityOrigin()->host().impl()->hash()); |
| + if (!securityOrigin->host().isNull()) |
| + document->addInsecureNavigationUpgrade(securityOrigin->host().impl()->hash()); |
| } |
| for (const auto& consoleMessage : m_consoleMessages) |
| @@ -255,7 +264,36 @@ void ContentSecurityPolicy::didReceiveHeader(const String& header, ContentSecuri |
| applyPolicySideEffectsToExecutionContext(); |
| } |
| -void ContentSecurityPolicy::addPolicyFromHeaderValue(const String& header, ContentSecurityPolicyHeaderType type, ContentSecurityPolicyHeaderSource source) |
| +void ContentSecurityPolicy::replicateHeader(const String& header, ContentSecurityPolicyHeaderType type, ContentSecurityPolicyHeaderSource source) |
| +{ |
| + addPolicyFromHeaderValue(header, type, source, DontNotifyFrameLoaderClient); |
| +} |
| + |
| +void ContentSecurityPolicy::reportAccumulatedHeaders(FrameLoaderClient* client) const |
| +{ |
| + // Notify the embedder about headers that have accumulated before the |
| + // navigation got committed. See comments in addPolicyFromHeaderValue for |
| + // more details and context. |
| + DCHECK(client); |
| + for (const auto& policy : m_policies) { |
| + client->didAddContentSecurityPolicy( |
| + policy->header(), policy->headerType(), policy->headerSource()); |
| + } |
| +} |
| + |
| +FrameLoaderClient* ContentSecurityPolicy::frameLoaderClient() const |
| +{ |
| + if (document() && document()->frame()) { |
| + // The frame will always be a LocalFrame, which means that the client |
| + // will always be a FrameLoaderClient. |
| + DCHECK(document()->frame()->isLocalFrame()); |
| + return static_cast<FrameLoaderClient*>(document()->frame()->client()); |
|
dcheng
2016/05/17 05:57:15
Just make LocalFrame::client() return a FrameLoade
Łukasz Anforowicz
2016/05/17 17:01:23
Good idea. Done.
|
| + } |
| + |
| + return nullptr; |
| +} |
| + |
| +void ContentSecurityPolicy::addPolicyFromHeaderValue(const String& header, ContentSecurityPolicyHeaderType type, ContentSecurityPolicyHeaderSource source, FrameLoaderClientNotificationAction notificationAction) |
| { |
| // If this is a report-only header inside a <meta> element, bail out. |
| if (source == ContentSecurityPolicyHeaderSourceMeta && type == ContentSecurityPolicyHeaderTypeReport) { |
| @@ -263,6 +301,13 @@ void ContentSecurityPolicy::addPolicyFromHeaderValue(const String& header, Conte |
| return; |
| } |
| + // Notify about the new header, so that it can be reported back to the |
| + // browser process. This is needed in order to: |
| + // 1) replicate CSP directives (i.e. frame-src) to OOPIFs (only for now / short-term). |
| + // 2) enforce CSP in the browser process (not yet / long-term - see https://crbug.com/376522). |
| + if (notificationAction == NotifyFrameLoaderClient && frameLoaderClient()) |
| + frameLoaderClient()->didAddContentSecurityPolicy(header, type, source); |
| + |
| Vector<UChar> characters; |
| header.appendTo(characters); |
| @@ -702,11 +747,6 @@ bool ContentSecurityPolicy::didSetReferrerPolicy() const |
| return false; |
| } |
| -SecurityOrigin* ContentSecurityPolicy::getSecurityOrigin() const |
| -{ |
| - return m_executionContext->securityContext().getSecurityOrigin(); |
| -} |
| - |
| const KURL ContentSecurityPolicy::url() const |
| { |
| return m_executionContext->contextURL(); |
| @@ -788,6 +828,16 @@ static void gatherSecurityPolicyViolationEventData(SecurityPolicyViolationEventI |
| void ContentSecurityPolicy::reportViolation(const String& directiveText, const String& effectiveDirective, const String& consoleMessage, const KURL& blockedURL, const Vector<String>& reportEndpoints, const String& header, ViolationType violationType, LocalFrame* contextFrame) |
| { |
| ASSERT(violationType == URLViolation || blockedURL.isEmpty()); |
| + |
| + // TODO(lukasza): Support sending reports from OOPIFs - https://crbug.com/611232 |
| + // (or move CSP child-src and frame-src checks to the browser process - see |
| + // https://crbug.com/376522). |
| + if (!m_executionContext && !contextFrame) { |
| + DCHECK(equalIgnoringCase(effectiveDirective, ContentSecurityPolicy::ChildSrc) |
| + || equalIgnoringCase(effectiveDirective, ContentSecurityPolicy::FrameSrc)); |
| + return; |
| + } |
| + |
| ASSERT((m_executionContext && !contextFrame) || (equalIgnoringCase(effectiveDirective, ContentSecurityPolicy::FrameAncestors) && contextFrame)); |
| // FIXME: Support sending reports from worker. |
