OLD | NEW |
1 /* | 1 /* |
2 * Copyright (C) 2011 Google, Inc. All rights reserved. | 2 * Copyright (C) 2011 Google, Inc. All rights reserved. |
3 * | 3 * |
4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
5 * modification, are permitted provided that the following conditions | 5 * modification, are permitted provided that the following conditions |
6 * are met: | 6 * are met: |
7 * 1. Redistributions of source code must retain the above copyright | 7 * 1. Redistributions of source code must retain the above copyright |
8 * notice, this list of conditions and the following disclaimer. | 8 * notice, this list of conditions and the following disclaimer. |
9 * 2. Redistributions in binary form must reproduce the above copyright | 9 * 2. Redistributions in binary form must reproduce the above copyright |
10 * notice, this list of conditions and the following disclaimer in the | 10 * notice, this list of conditions and the following disclaimer in the |
(...skipping 23 matching lines...) Expand all Loading... |
34 #include "core/dom/Document.h" | 34 #include "core/dom/Document.h" |
35 #include "core/dom/SecurityPolicyViolationEvent.h" | 35 #include "core/dom/SecurityPolicyViolationEvent.h" |
36 #include "core/inspector/InspectorInstrumentation.h" | 36 #include "core/inspector/InspectorInstrumentation.h" |
37 #include "core/inspector/ScriptCallStack.h" | 37 #include "core/inspector/ScriptCallStack.h" |
38 #include "core/loader/DocumentLoader.h" | 38 #include "core/loader/DocumentLoader.h" |
39 #include "core/loader/PingLoader.h" | 39 #include "core/loader/PingLoader.h" |
40 #include "core/page/Frame.h" | 40 #include "core/page/Frame.h" |
41 #include "core/page/UseCounter.h" | 41 #include "core/page/UseCounter.h" |
42 #include "core/platform/JSONValues.h" | 42 #include "core/platform/JSONValues.h" |
43 #include "core/platform/network/FormData.h" | 43 #include "core/platform/network/FormData.h" |
| 44 #include "core/platform/network/ResourceResponse.h" |
44 #include "weborigin/KURL.h" | 45 #include "weborigin/KURL.h" |
45 #include "weborigin/KnownPorts.h" | 46 #include "weborigin/KnownPorts.h" |
46 #include "weborigin/SchemeRegistry.h" | 47 #include "weborigin/SchemeRegistry.h" |
47 #include "weborigin/SecurityOrigin.h" | 48 #include "weborigin/SecurityOrigin.h" |
48 #include "wtf/HashSet.h" | 49 #include "wtf/HashSet.h" |
49 #include "wtf/text/TextPosition.h" | 50 #include "wtf/text/TextPosition.h" |
50 #include "wtf/text/WTFString.h" | 51 #include "wtf/text/WTFString.h" |
51 | 52 |
52 namespace WebCore { | 53 namespace WebCore { |
53 | 54 |
(...skipping 102 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
156 return UseCounter::PrefixedContentSecurityPolicyReportOnly; | 157 return UseCounter::PrefixedContentSecurityPolicyReportOnly; |
157 case ContentSecurityPolicy::Report: | 158 case ContentSecurityPolicy::Report: |
158 return UseCounter::ContentSecurityPolicyReportOnly; | 159 return UseCounter::ContentSecurityPolicyReportOnly; |
159 } | 160 } |
160 ASSERT_NOT_REACHED(); | 161 ASSERT_NOT_REACHED(); |
161 return UseCounter::NumberOfFeatures; | 162 return UseCounter::NumberOfFeatures; |
162 } | 163 } |
163 | 164 |
164 } // namespace | 165 } // namespace |
165 | 166 |
| 167 ContentSecurityPolicyResponseHeaders::ContentSecurityPolicyResponseHeaders(const
ResourceResponse& response) |
| 168 : m_contentSecuitryPolicy(response.httpHeaderField("Content-Security-Policy"
)) |
| 169 , m_contentSecurityPolicyReportOnly(response.httpHeaderField("Content-Securi
ty-Policy-Report-Only")) |
| 170 , m_xWebKitCSP(response.httpHeaderField("X-WebKit-CSP")) |
| 171 , m_xWebKitCSPReportOnly(response.httpHeaderField("X-WebKit-CSP-Report-Only"
)) |
| 172 { |
| 173 } |
| 174 |
166 static bool skipExactly(const UChar*& position, const UChar* end, UChar delimite
r) | 175 static bool skipExactly(const UChar*& position, const UChar* end, UChar delimite
r) |
167 { | 176 { |
168 if (position < end && *position == delimiter) { | 177 if (position < end && *position == delimiter) { |
169 ++position; | 178 ++position; |
170 return true; | 179 return true; |
171 } | 180 } |
172 return false; | 181 return false; |
173 } | 182 } |
174 | 183 |
175 template<bool characterPredicate(UChar)> | 184 template<bool characterPredicate(UChar)> |
(...skipping 1233 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1409 } | 1418 } |
1410 | 1419 |
1411 ContentSecurityPolicy::~ContentSecurityPolicy() | 1420 ContentSecurityPolicy::~ContentSecurityPolicy() |
1412 { | 1421 { |
1413 } | 1422 } |
1414 | 1423 |
1415 void ContentSecurityPolicy::copyStateFrom(const ContentSecurityPolicy* other) | 1424 void ContentSecurityPolicy::copyStateFrom(const ContentSecurityPolicy* other) |
1416 { | 1425 { |
1417 ASSERT(m_policies.isEmpty()); | 1426 ASSERT(m_policies.isEmpty()); |
1418 for (CSPDirectiveListVector::const_iterator iter = other->m_policies.begin()
; iter != other->m_policies.end(); ++iter) | 1427 for (CSPDirectiveListVector::const_iterator iter = other->m_policies.begin()
; iter != other->m_policies.end(); ++iter) |
1419 didReceiveHeader((*iter)->header(), (*iter)->headerType()); | 1428 addPolicyFromHeaderValue((*iter)->header(), (*iter)->headerType()); |
| 1429 } |
| 1430 |
| 1431 void ContentSecurityPolicy::didReceiveHeaders(const ContentSecurityPolicyRespons
eHeaders& headers) |
| 1432 { |
| 1433 if (!headers.contentSecurityPolicy().isEmpty()) |
| 1434 didReceiveHeader(headers.contentSecurityPolicy(), ContentSecurityPolicy:
:Enforce); |
| 1435 if (!headers.contentSecurityPolicyReportOnly().isEmpty()) |
| 1436 didReceiveHeader(headers.contentSecurityPolicyReportOnly(), ContentSecur
ityPolicy::Report); |
| 1437 if (!headers.xWebKitCSP().isEmpty()) |
| 1438 didReceiveHeader(headers.xWebKitCSP(), ContentSecurityPolicy::PrefixedEn
force); |
| 1439 if (!headers.xWebKitCSPReportOnly().isEmpty()) |
| 1440 didReceiveHeader(headers.xWebKitCSPReportOnly(), ContentSecurityPolicy::
PrefixedReport); |
1420 } | 1441 } |
1421 | 1442 |
1422 void ContentSecurityPolicy::didReceiveHeader(const String& header, HeaderType ty
pe) | 1443 void ContentSecurityPolicy::didReceiveHeader(const String& header, HeaderType ty
pe) |
1423 { | 1444 { |
| 1445 addPolicyFromHeaderValue(header, type); |
| 1446 } |
| 1447 |
| 1448 void ContentSecurityPolicy::addPolicyFromHeaderValue(const String& header, Heade
rType type) |
| 1449 { |
1424 if (m_scriptExecutionContext->isDocument()) { | 1450 if (m_scriptExecutionContext->isDocument()) { |
1425 Document* document = toDocument(m_scriptExecutionContext); | 1451 Document* document = toDocument(m_scriptExecutionContext); |
1426 if (type == PrefixedReport || type == PrefixedEnforce) | 1452 if (type == PrefixedReport || type == PrefixedEnforce) |
1427 UseCounter::countDeprecation(document, getUseCounterType(type)); | 1453 UseCounter::countDeprecation(document, getUseCounterType(type)); |
1428 else | 1454 else |
1429 UseCounter::count(document, getUseCounterType(type)); | 1455 UseCounter::count(document, getUseCounterType(type)); |
1430 } | 1456 } |
1431 | 1457 |
1432 Vector<UChar> characters; | 1458 Vector<UChar> characters; |
1433 header.appendTo(characters); | 1459 header.appendTo(characters); |
(...skipping 433 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1867 { | 1893 { |
1868 if (context && context->isDocument()) { | 1894 if (context && context->isDocument()) { |
1869 Document* document = toDocument(context); | 1895 Document* document = toDocument(context); |
1870 if (document->frame()) | 1896 if (document->frame()) |
1871 return document->frame()->script()->shouldBypassMainWorldContentSecu
rityPolicy(); | 1897 return document->frame()->script()->shouldBypassMainWorldContentSecu
rityPolicy(); |
1872 } | 1898 } |
1873 return false; | 1899 return false; |
1874 } | 1900 } |
1875 | 1901 |
1876 } | 1902 } |
OLD | NEW |