OLD | NEW |
1 /* | 1 /* |
2 * Copyright (C) 2011 Google, Inc. All rights reserved. | 2 * Copyright (C) 2011 Google, Inc. All rights reserved. |
3 * | 3 * |
4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
5 * modification, are permitted provided that the following conditions | 5 * modification, are permitted provided that the following conditions |
6 * are met: | 6 * are met: |
7 * 1. Redistributions of source code must retain the above copyright | 7 * 1. Redistributions of source code must retain the above copyright |
8 * notice, this list of conditions and the following disclaimer. | 8 * notice, this list of conditions and the following disclaimer. |
9 * 2. Redistributions in binary form must reproduce the above copyright | 9 * 2. Redistributions in binary form must reproduce the above copyright |
10 * notice, this list of conditions and the following disclaimer in the | 10 * notice, this list of conditions and the following disclaimer in the |
(...skipping 897 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
908 // its URL with the blocked document's URL. | 908 // its URL with the blocked document's URL. |
909 ASSERT(!contextFrame || !m_executionContext); | 909 ASSERT(!contextFrame || !m_executionContext); |
910 ASSERT(!contextFrame || equalIgnoringCase(effectiveDirective, FrameAnces
tors)); | 910 ASSERT(!contextFrame || equalIgnoringCase(effectiveDirective, FrameAnces
tors)); |
911 KURL url = contextFrame ? frame->document()->completeURLWithOverride(end
point, blockedURL) : completeURL(endpoint); | 911 KURL url = contextFrame ? frame->document()->completeURLWithOverride(end
point, blockedURL) : completeURL(endpoint); |
912 PingLoader::sendViolationReport(frame, url, report, PingLoader::ContentS
ecurityPolicyViolationReport); | 912 PingLoader::sendViolationReport(frame, url, report, PingLoader::ContentS
ecurityPolicyViolationReport); |
913 } | 913 } |
914 | 914 |
915 didSendViolationReport(stringifiedReport); | 915 didSendViolationReport(stringifiedReport); |
916 } | 916 } |
917 | 917 |
| 918 void ContentSecurityPolicy::reportMixedContent(const KURL& mixedURL) |
| 919 { |
| 920 for (const auto& policy : m_policies) |
| 921 policy->reportMixedContent(mixedURL); |
| 922 } |
| 923 |
918 void ContentSecurityPolicy::reportInvalidReferrer(const String& invalidValue) | 924 void ContentSecurityPolicy::reportInvalidReferrer(const String& invalidValue) |
919 { | 925 { |
920 logToConsole("The 'referrer' Content Security Policy directive has the inval
id value \"" + invalidValue + "\". Valid values are \"no-referrer\", \"no-referr
er-when-downgrade\", \"origin\", \"origin-when-cross-origin\", and \"unsafe-url\
"."); | 926 logToConsole("The 'referrer' Content Security Policy directive has the inval
id value \"" + invalidValue + "\". Valid values are \"no-referrer\", \"no-referr
er-when-downgrade\", \"origin\", \"origin-when-cross-origin\", and \"unsafe-url\
"."); |
921 } | 927 } |
922 | 928 |
923 void ContentSecurityPolicy::reportReportOnlyInMeta(const String& header) | 929 void ContentSecurityPolicy::reportReportOnlyInMeta(const String& header) |
924 { | 930 { |
925 logToConsole("The report-only Content Security Policy '" + header + "' was d
elivered via a <meta> element, which is disallowed. The policy has been ignored.
"); | 931 logToConsole("The report-only Content Security Policy '" + header + "' was d
elivered via a <meta> element, which is disallowed. The policy has been ignored.
"); |
926 } | 932 } |
927 | 933 |
(...skipping 176 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1104 // Collisions have no security impact, so we can save space by storing only
the string's hash rather than the whole report. | 1110 // Collisions have no security impact, so we can save space by storing only
the string's hash rather than the whole report. |
1105 return !m_violationReportsSent.contains(report.impl()->hash()); | 1111 return !m_violationReportsSent.contains(report.impl()->hash()); |
1106 } | 1112 } |
1107 | 1113 |
1108 void ContentSecurityPolicy::didSendViolationReport(const String& report) | 1114 void ContentSecurityPolicy::didSendViolationReport(const String& report) |
1109 { | 1115 { |
1110 m_violationReportsSent.add(report.impl()->hash()); | 1116 m_violationReportsSent.add(report.impl()->hash()); |
1111 } | 1117 } |
1112 | 1118 |
1113 } // namespace blink | 1119 } // namespace blink |
OLD | NEW |