| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/ui/webui/interstitials/interstitial_ui.h" | 5 #include "chrome/browser/ui/webui/interstitials/interstitial_ui.h" |
| 6 | 6 |
| 7 #include "base/macros.h" | 7 #include "base/macros.h" |
| 8 #include "base/strings/string_number_conversions.h" | 8 #include "base/strings/string_number_conversions.h" |
| 9 #include "base/strings/string_util.h" | 9 #include "base/strings/string_util.h" |
| 10 #include "chrome/browser/browser_process.h" | 10 #include "chrome/browser/browser_process.h" |
| (...skipping 28 matching lines...) Expand all Loading... |
| 39 // Implementation of chrome://interstitials demonstration pages. This code is | 39 // Implementation of chrome://interstitials demonstration pages. This code is |
| 40 // not used in displaying any real interstitials. | 40 // not used in displaying any real interstitials. |
| 41 class InterstitialHTMLSource : public content::URLDataSource { | 41 class InterstitialHTMLSource : public content::URLDataSource { |
| 42 public: | 42 public: |
| 43 explicit InterstitialHTMLSource(content::WebContents* web_contents); | 43 explicit InterstitialHTMLSource(content::WebContents* web_contents); |
| 44 ~InterstitialHTMLSource() override; | 44 ~InterstitialHTMLSource() override; |
| 45 | 45 |
| 46 // content::URLDataSource: | 46 // content::URLDataSource: |
| 47 std::string GetMimeType(const std::string& mime_type) const override; | 47 std::string GetMimeType(const std::string& mime_type) const override; |
| 48 std::string GetSource() const override; | 48 std::string GetSource() const override; |
| 49 bool ShouldAddContentSecurityPolicy() const override; | 49 std::string GetContentSecurityPolicyScriptSrc() const override; |
| 50 std::string GetContentSecurityPolicyStyleSrc() const override; |
| 51 std::string GetContentSecurityPolicyImgSrc() const override; |
| 50 void StartDataRequest( | 52 void StartDataRequest( |
| 51 const std::string& path, | 53 const std::string& path, |
| 52 int render_process_id, | 54 int render_process_id, |
| 53 int render_frame_id, | 55 int render_frame_id, |
| 54 const content::URLDataSource::GotDataCallback& callback) override; | 56 const content::URLDataSource::GotDataCallback& callback) override; |
| 55 | 57 |
| 56 private: | 58 private: |
| 57 content::WebContents* web_contents_; | 59 content::WebContents* web_contents_; |
| 58 DISALLOW_COPY_AND_ASSIGN(InterstitialHTMLSource); | 60 DISALLOW_COPY_AND_ASSIGN(InterstitialHTMLSource); |
| 59 }; | 61 }; |
| (...skipping 241 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 301 | 303 |
| 302 std::string InterstitialHTMLSource::GetMimeType( | 304 std::string InterstitialHTMLSource::GetMimeType( |
| 303 const std::string& mime_type) const { | 305 const std::string& mime_type) const { |
| 304 return "text/html"; | 306 return "text/html"; |
| 305 } | 307 } |
| 306 | 308 |
| 307 std::string InterstitialHTMLSource::GetSource() const { | 309 std::string InterstitialHTMLSource::GetSource() const { |
| 308 return chrome::kChromeUIInterstitialHost; | 310 return chrome::kChromeUIInterstitialHost; |
| 309 } | 311 } |
| 310 | 312 |
| 311 bool InterstitialHTMLSource::ShouldAddContentSecurityPolicy() | 313 std::string InterstitialHTMLSource::GetContentSecurityPolicyScriptSrc() const { |
| 312 const { | 314 // 'unsafe-inline' is added to script-src. |
| 313 return false; | 315 return "script-src chrome://resources 'self' 'unsafe-eval' 'unsafe-inline';"; |
| 316 } |
| 317 |
| 318 std::string InterstitialHTMLSource::GetContentSecurityPolicyStyleSrc() const { |
| 319 return "style-src 'self' 'unsafe-inline';"; |
| 320 } |
| 321 |
| 322 std::string InterstitialHTMLSource::GetContentSecurityPolicyImgSrc() const { |
| 323 return "img-src data:;"; |
| 314 } | 324 } |
| 315 | 325 |
| 316 void InterstitialHTMLSource::StartDataRequest( | 326 void InterstitialHTMLSource::StartDataRequest( |
| 317 const std::string& path, | 327 const std::string& path, |
| 318 int render_process_id, | 328 int render_process_id, |
| 319 int render_frame_id, | 329 int render_frame_id, |
| 320 const content::URLDataSource::GotDataCallback& callback) { | 330 const content::URLDataSource::GotDataCallback& callback) { |
| 321 std::unique_ptr<content::InterstitialPageDelegate> interstitial_delegate; | 331 std::unique_ptr<content::InterstitialPageDelegate> interstitial_delegate; |
| 322 if (base::StartsWith(path, "ssl", base::CompareCase::SENSITIVE)) { | 332 if (base::StartsWith(path, "ssl", base::CompareCase::SENSITIVE)) { |
| 323 interstitial_delegate.reset(CreateSSLBlockingPage(web_contents_)); | 333 interstitial_delegate.reset(CreateSSLBlockingPage(web_contents_)); |
| (...skipping 15 matching lines...) Expand all Loading... |
| 339 html = interstitial_delegate.get()->GetHTMLContents(); | 349 html = interstitial_delegate.get()->GetHTMLContents(); |
| 340 } else { | 350 } else { |
| 341 html = ResourceBundle::GetSharedInstance() | 351 html = ResourceBundle::GetSharedInstance() |
| 342 .GetRawDataResource(IDR_SECURITY_INTERSTITIAL_UI_HTML) | 352 .GetRawDataResource(IDR_SECURITY_INTERSTITIAL_UI_HTML) |
| 343 .as_string(); | 353 .as_string(); |
| 344 } | 354 } |
| 345 scoped_refptr<base::RefCountedString> html_bytes = new base::RefCountedString; | 355 scoped_refptr<base::RefCountedString> html_bytes = new base::RefCountedString; |
| 346 html_bytes->data().assign(html.begin(), html.end()); | 356 html_bytes->data().assign(html.begin(), html.end()); |
| 347 callback.Run(html_bytes.get()); | 357 callback.Run(html_bytes.get()); |
| 348 } | 358 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2003963004:
Enable CSP on more WebUI pages (Closed)
Base URL: https://chromium.googlesource.com/a/chromium/src.git@master