Source/core/page/ContentSecurityPolicy.cpp - Issue 19940002: [HTML Import] Respect Content Security Policy Model

Unified Diff: Source/core/page/ContentSecurityPolicy.cpp

Issue 19940002: [HTML Import] Respect Content Security Policy Model (Closed) Base URL: svn://svn.chromium.org/blink/trunk

Patch Set: Fix Mac build failure Created 7 years, 5 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: Source/core/page/ContentSecurityPolicy.cpp

diff --git a/Source/core/page/ContentSecurityPolicy.cpp b/Source/core/page/ContentSecurityPolicy.cpp

index 5d8e20422eab1918c170d6eab2b847b9cc4f1d1f..607011a3cb655486ff90f794fb76ffa0facd8945 100644

--- a/Source/core/page/ContentSecurityPolicy.cpp

+++ b/Source/core/page/ContentSecurityPolicy.cpp

@@ -41,6 +41,7 @@

#include "core/page/UseCounter.h"

#include "core/platform/JSONValues.h"

#include "core/platform/network/FormData.h"

+#include "core/platform/network/ResourceResponse.h"

#include "weborigin/KURL.h"

#include "weborigin/KnownPorts.h"

#include "weborigin/SchemeRegistry.h"

@@ -163,6 +164,14 @@ UseCounter::Feature getUseCounterType(ContentSecurityPolicy::HeaderType type)

} // namespace

+ContentSecurityPolicyResponseHeaders::ContentSecurityPolicyResponseHeaders(const ResourceResponse& response)

+ : m_contentSecuitryPolicy(response.httpHeaderField("Content-Security-Policy"))

+ , m_contentSecurityPolicyReportOnly(response.httpHeaderField("Content-Security-Policy-Report-Only"))

+ , m_xWebKitCSP(response.httpHeaderField("X-WebKit-CSP"))

+ , m_xWebKitCSPReportOnly(response.httpHeaderField("X-WebKit-CSP-Report-Only"))

static bool skipExactly(const UChar*& position, const UChar* end, UChar delimiter)

{

if (position < end && *position == delimiter) {

@@ -1416,11 +1425,28 @@ void ContentSecurityPolicy::copyStateFrom(const ContentSecurityPolicy* other)

{

ASSERT(m_policies.isEmpty());

for (CSPDirectiveListVector::const_iterator iter = other->m_policies.begin(); iter != other->m_policies.end(); ++iter)

- didReceiveHeader((*iter)->header(), (*iter)->headerType());

+ addPolicyFromHeaderValue((*iter)->header(), (*iter)->headerType());

+void ContentSecurityPolicy::didReceiveHeaders(const ContentSecurityPolicyResponseHeaders& headers)

+ if (!headers.contentSecurityPolicy().isEmpty())

+ didReceiveHeader(headers.contentSecurityPolicy(), ContentSecurityPolicy::Enforce);

+ if (!headers.contentSecurityPolicyReportOnly().isEmpty())

+ didReceiveHeader(headers.contentSecurityPolicyReportOnly(), ContentSecurityPolicy::Report);

+ if (!headers.xWebKitCSP().isEmpty())

+ didReceiveHeader(headers.xWebKitCSP(), ContentSecurityPolicy::PrefixedEnforce);

+ if (!headers.xWebKitCSPReportOnly().isEmpty())

+ didReceiveHeader(headers.xWebKitCSPReportOnly(), ContentSecurityPolicy::PrefixedReport);

}

void ContentSecurityPolicy::didReceiveHeader(const String& header, HeaderType type)

{

+ addPolicyFromHeaderValue(header, type);

+void ContentSecurityPolicy::addPolicyFromHeaderValue(const String& header, HeaderType type)

if (m_scriptExecutionContext->isDocument()) {

Document* document = toDocument(m_scriptExecutionContext);

if (type == PrefixedReport || type == PrefixedEnforce)

« no previous file with comments | « Source/core/page/ContentSecurityPolicy.h ('k') | no next file » | no next file with comments »