OLD | NEW |
1 /* | 1 /* |
2 * Copyright (C) 2011 Google, Inc. All rights reserved. | 2 * Copyright (C) 2011 Google, Inc. All rights reserved. |
3 * | 3 * |
4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
5 * modification, are permitted provided that the following conditions | 5 * modification, are permitted provided that the following conditions |
6 * are met: | 6 * are met: |
7 * 1. Redistributions of source code must retain the above copyright | 7 * 1. Redistributions of source code must retain the above copyright |
8 * notice, this list of conditions and the following disclaimer. | 8 * notice, this list of conditions and the following disclaimer. |
9 * 2. Redistributions in binary form must reproduce the above copyright | 9 * 2. Redistributions in binary form must reproduce the above copyright |
10 * notice, this list of conditions and the following disclaimer in the | 10 * notice, this list of conditions and the following disclaimer in the |
(...skipping 900 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
911 // its URL with the blocked document's URL. | 911 // its URL with the blocked document's URL. |
912 ASSERT(!contextFrame || !m_executionContext); | 912 ASSERT(!contextFrame || !m_executionContext); |
913 ASSERT(!contextFrame || equalIgnoringCase(effectiveDirective, FrameAnces
tors)); | 913 ASSERT(!contextFrame || equalIgnoringCase(effectiveDirective, FrameAnces
tors)); |
914 KURL url = contextFrame ? frame->document()->completeURLWithOverride(end
point, blockedURL) : completeURL(endpoint); | 914 KURL url = contextFrame ? frame->document()->completeURLWithOverride(end
point, blockedURL) : completeURL(endpoint); |
915 PingLoader::sendViolationReport(frame, url, report, PingLoader::ContentS
ecurityPolicyViolationReport); | 915 PingLoader::sendViolationReport(frame, url, report, PingLoader::ContentS
ecurityPolicyViolationReport); |
916 } | 916 } |
917 | 917 |
918 didSendViolationReport(stringifiedReport); | 918 didSendViolationReport(stringifiedReport); |
919 } | 919 } |
920 | 920 |
| 921 void ContentSecurityPolicy::reportMixedContent(const KURL& mixedURL) |
| 922 { |
| 923 for (const auto& policy : m_policies) |
| 924 policy->reportMixedContent(mixedURL); |
| 925 } |
| 926 |
921 void ContentSecurityPolicy::reportInvalidReferrer(const String& invalidValue) | 927 void ContentSecurityPolicy::reportInvalidReferrer(const String& invalidValue) |
922 { | 928 { |
923 logToConsole("The 'referrer' Content Security Policy directive has the inval
id value \"" + invalidValue + "\". Valid values are \"no-referrer\", \"no-referr
er-when-downgrade\", \"origin\", \"origin-when-cross-origin\", and \"unsafe-url\
"."); | 929 logToConsole("The 'referrer' Content Security Policy directive has the inval
id value \"" + invalidValue + "\". Valid values are \"no-referrer\", \"no-referr
er-when-downgrade\", \"origin\", \"origin-when-cross-origin\", and \"unsafe-url\
"."); |
924 } | 930 } |
925 | 931 |
926 void ContentSecurityPolicy::reportReportOnlyInMeta(const String& header) | 932 void ContentSecurityPolicy::reportReportOnlyInMeta(const String& header) |
927 { | 933 { |
928 logToConsole("The report-only Content Security Policy '" + header + "' was d
elivered via a <meta> element, which is disallowed. The policy has been ignored.
"); | 934 logToConsole("The report-only Content Security Policy '" + header + "' was d
elivered via a <meta> element, which is disallowed. The policy has been ignored.
"); |
929 } | 935 } |
930 | 936 |
(...skipping 176 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1107 // Collisions have no security impact, so we can save space by storing only
the string's hash rather than the whole report. | 1113 // Collisions have no security impact, so we can save space by storing only
the string's hash rather than the whole report. |
1108 return !m_violationReportsSent.contains(report.impl()->hash()); | 1114 return !m_violationReportsSent.contains(report.impl()->hash()); |
1109 } | 1115 } |
1110 | 1116 |
1111 void ContentSecurityPolicy::didSendViolationReport(const String& report) | 1117 void ContentSecurityPolicy::didSendViolationReport(const String& report) |
1112 { | 1118 { |
1113 m_violationReportsSent.add(report.impl()->hash()); | 1119 m_violationReportsSent.add(report.impl()->hash()); |
1114 } | 1120 } |
1115 | 1121 |
1116 } // namespace blink | 1122 } // namespace blink |
OLD | NEW |