Index: third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp |
diff --git a/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp b/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp |
index 5fc1f26b03d2a81e38c925eed063f05814562469..9124dca4eb42c3e740b9a5983b1ec8e17ecd3fba 100644 |
--- a/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp |
+++ b/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp |
@@ -31,6 +31,7 @@ |
#include "core/dom/Document.h" |
#include "core/dom/SandboxFlags.h" |
#include "core/events/SecurityPolicyViolationEvent.h" |
+#include "core/frame/FrameClient.h" |
#include "core/frame/LocalDOMWindow.h" |
#include "core/frame/LocalFrame.h" |
#include "core/frame/UseCounter.h" |
@@ -42,6 +43,7 @@ |
#include "core/inspector/ConsoleMessage.h" |
#include "core/inspector/InspectorInstrumentation.h" |
#include "core/loader/DocumentLoader.h" |
+#include "core/loader/FrameLoaderClient.h" |
#include "core/loader/PingLoader.h" |
#include "platform/JSONValues.h" |
#include "platform/ParsingUtilities.h" |
@@ -157,13 +159,20 @@ void ContentSecurityPolicy::bindToExecutionContext(ExecutionContext* executionCo |
applyPolicySideEffectsToExecutionContext(); |
} |
+void ContentSecurityPolicy::setupSelf(const SecurityOrigin& securityOrigin) |
+{ |
+ // Ensure that 'self' processes correctly. |
+ m_selfProtocol = securityOrigin.protocol(); |
+ m_selfSource = new CSPSource(this, m_selfProtocol, securityOrigin.host(), securityOrigin.port(), String(), CSPSource::NoWildcard, CSPSource::NoWildcard); |
+} |
+ |
void ContentSecurityPolicy::applyPolicySideEffectsToExecutionContext() |
{ |
ASSERT(m_executionContext); |
- ASSERT(getSecurityOrigin()); |
- // Ensure that 'self' processes correctly. |
- m_selfProtocol = getSecurityOrigin()->protocol(); |
- m_selfSource = new CSPSource(this, m_selfProtocol, getSecurityOrigin()->host(), getSecurityOrigin()->port(), String(), CSPSource::NoWildcard, CSPSource::NoWildcard); |
+ |
+ SecurityOrigin* securityOrigin = m_executionContext->securityContext().getSecurityOrigin(); |
+ DCHECK(securityOrigin); |
+ setupSelf(*securityOrigin); |
if (didSetReferrerPolicy()) |
m_executionContext->setReferrerPolicy(m_referrerPolicy); |
@@ -182,8 +191,8 @@ void ContentSecurityPolicy::applyPolicySideEffectsToExecutionContext() |
if (m_insecureRequestsPolicy == SecurityContext::InsecureRequestsUpgrade) { |
UseCounter::count(document, UseCounter::UpgradeInsecureRequestsEnabled); |
document->setInsecureRequestsPolicy(m_insecureRequestsPolicy); |
- if (!getSecurityOrigin()->host().isNull()) |
- document->addInsecureNavigationUpgrade(getSecurityOrigin()->host().impl()->hash()); |
+ if (!securityOrigin->host().isNull()) |
+ document->addInsecureNavigationUpgrade(securityOrigin->host().impl()->hash()); |
} |
for (const auto& consoleMessage : m_consoleMessages) |
@@ -255,7 +264,36 @@ void ContentSecurityPolicy::didReceiveHeader(const String& header, ContentSecuri |
applyPolicySideEffectsToExecutionContext(); |
} |
-void ContentSecurityPolicy::addPolicyFromHeaderValue(const String& header, ContentSecurityPolicyHeaderType type, ContentSecurityPolicyHeaderSource source) |
+void ContentSecurityPolicy::replicateHeader(const String& header, ContentSecurityPolicyHeaderType type, ContentSecurityPolicyHeaderSource source) |
+{ |
+ addPolicyFromHeaderValue(header, type, source, DontNotifyFrameLoaderClient); |
+} |
+ |
+void ContentSecurityPolicy::reportAccumulatedHeaders(FrameLoaderClient* client) const |
+{ |
+ // Notify the embedder about headers that have accumulated before the |
+ // navigation got committed. See comments in addPolicyFromHeaderValue for |
+ // more details and context. |
+ DCHECK(client); |
+ for (const auto& policy : m_policies) { |
+ client->didAddContentSecurityPolicy( |
+ policy->header(), policy->headerType(), policy->headerSource()); |
+ } |
+} |
+ |
+FrameLoaderClient* ContentSecurityPolicy::frameLoaderClient() const |
+{ |
+ if (document() && document()->frame()) { |
+ // The frame will always be a LocalFrame, which means that the client |
+ // will always be a FrameLoaderClient. |
+ DCHECK(document()->frame()->isLocalFrame()); |
+ return static_cast<FrameLoaderClient*>(document()->frame()->client()); |
dcheng
2016/05/17 05:57:15
Just make LocalFrame::client() return a FrameLoade
Łukasz Anforowicz
2016/05/17 17:01:23
Good idea. Done.
|
+ } |
+ |
+ return nullptr; |
+} |
+ |
+void ContentSecurityPolicy::addPolicyFromHeaderValue(const String& header, ContentSecurityPolicyHeaderType type, ContentSecurityPolicyHeaderSource source, FrameLoaderClientNotificationAction notificationAction) |
{ |
// If this is a report-only header inside a <meta> element, bail out. |
if (source == ContentSecurityPolicyHeaderSourceMeta && type == ContentSecurityPolicyHeaderTypeReport) { |
@@ -263,6 +301,13 @@ void ContentSecurityPolicy::addPolicyFromHeaderValue(const String& header, Conte |
return; |
} |
+ // Notify about the new header, so that it can be reported back to the |
+ // browser process. This is needed in order to: |
+ // 1) replicate CSP directives (i.e. frame-src) to OOPIFs (only for now / short-term). |
+ // 2) enforce CSP in the browser process (not yet / long-term - see https://crbug.com/376522). |
+ if (notificationAction == NotifyFrameLoaderClient && frameLoaderClient()) |
+ frameLoaderClient()->didAddContentSecurityPolicy(header, type, source); |
+ |
Vector<UChar> characters; |
header.appendTo(characters); |
@@ -702,11 +747,6 @@ bool ContentSecurityPolicy::didSetReferrerPolicy() const |
return false; |
} |
-SecurityOrigin* ContentSecurityPolicy::getSecurityOrigin() const |
-{ |
- return m_executionContext->securityContext().getSecurityOrigin(); |
-} |
- |
const KURL ContentSecurityPolicy::url() const |
{ |
return m_executionContext->contextURL(); |
@@ -788,6 +828,16 @@ static void gatherSecurityPolicyViolationEventData(SecurityPolicyViolationEventI |
void ContentSecurityPolicy::reportViolation(const String& directiveText, const String& effectiveDirective, const String& consoleMessage, const KURL& blockedURL, const Vector<String>& reportEndpoints, const String& header, ViolationType violationType, LocalFrame* contextFrame) |
{ |
ASSERT(violationType == URLViolation || blockedURL.isEmpty()); |
+ |
+ // TODO(lukasza): Support sending reports from OOPIFs - https://crbug.com/611232 |
+ // (or move CSP child-src and frame-src checks to the browser process - see |
+ // https://crbug.com/376522). |
+ if (!m_executionContext && !contextFrame) { |
+ DCHECK(equalIgnoringCase(effectiveDirective, ContentSecurityPolicy::ChildSrc) |
+ || equalIgnoringCase(effectiveDirective, ContentSecurityPolicy::FrameSrc)); |
+ return; |
+ } |
+ |
ASSERT((m_executionContext && !contextFrame) || (equalIgnoringCase(effectiveDirective, ContentSecurityPolicy::FrameAncestors) && contextFrame)); |
// FIXME: Support sending reports from worker. |