OLD | NEW |
1 /* | 1 /* |
2 * Copyright (C) 2011 Google, Inc. All rights reserved. | 2 * Copyright (C) 2011 Google, Inc. All rights reserved. |
3 * | 3 * |
4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
5 * modification, are permitted provided that the following conditions | 5 * modification, are permitted provided that the following conditions |
6 * are met: | 6 * are met: |
7 * 1. Redistributions of source code must retain the above copyright | 7 * 1. Redistributions of source code must retain the above copyright |
8 * notice, this list of conditions and the following disclaimer. | 8 * notice, this list of conditions and the following disclaimer. |
9 * 2. Redistributions in binary form must reproduce the above copyright | 9 * 2. Redistributions in binary form must reproduce the above copyright |
10 * notice, this list of conditions and the following disclaimer in the | 10 * notice, this list of conditions and the following disclaimer in the |
(...skipping 823 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
834 KURL source = KURL(ParsedURLString, location->url()); | 834 KURL source = KURL(ParsedURLString, location->url()); |
835 init.setSourceFile(stripURLForUseInReport(document, source, redirectStat
us)); | 835 init.setSourceFile(stripURLForUseInReport(document, source, redirectStat
us)); |
836 init.setLineNumber(location->lineNumber()); | 836 init.setLineNumber(location->lineNumber()); |
837 init.setColumnNumber(location->columnNumber()); | 837 init.setColumnNumber(location->columnNumber()); |
838 } | 838 } |
839 } | 839 } |
840 | 840 |
841 void ContentSecurityPolicy::reportViolation(const String& directiveText, const S
tring& effectiveDirective, const String& consoleMessage, const KURL& blockedURL,
const Vector<String>& reportEndpoints, const String& header, ViolationType viol
ationType, LocalFrame* contextFrame, RedirectStatus redirectStatus, int contextL
ine) | 841 void ContentSecurityPolicy::reportViolation(const String& directiveText, const S
tring& effectiveDirective, const String& consoleMessage, const KURL& blockedURL,
const Vector<String>& reportEndpoints, const String& header, ViolationType viol
ationType, LocalFrame* contextFrame, RedirectStatus redirectStatus, int contextL
ine) |
842 { | 842 { |
843 ASSERT(violationType == URLViolation || blockedURL.isEmpty()); | 843 ASSERT(violationType == URLViolation || blockedURL.isEmpty()); |
844 | |
845 // TODO(lukasza): Support sending reports from OOPIFs - https://crbug.com/61
1232 | |
846 // (or move CSP child-src and frame-src checks to the browser process - see | |
847 // https://crbug.com/376522). | |
848 if (!m_executionContext && !contextFrame) { | |
849 DCHECK(equalIgnoringCase(effectiveDirective, ContentSecurityPolicy::Chil
dSrc) | |
850 || equalIgnoringCase(effectiveDirective, ContentSecurityPolicy::Fram
eSrc)); | |
851 return; | |
852 } | |
853 | |
854 ASSERT((m_executionContext && !contextFrame) || (equalIgnoringCase(effective
Directive, ContentSecurityPolicy::FrameAncestors) && contextFrame)); | 844 ASSERT((m_executionContext && !contextFrame) || (equalIgnoringCase(effective
Directive, ContentSecurityPolicy::FrameAncestors) && contextFrame)); |
855 | 845 |
856 // FIXME: Support sending reports from worker. | 846 // FIXME: Support sending reports from worker. |
857 Document* document = contextFrame ? contextFrame->document() : this->documen
t(); | 847 Document* document = contextFrame ? contextFrame->document() : this->documen
t(); |
858 if (!document) | 848 if (!document) |
859 return; | 849 return; |
860 | 850 |
861 SecurityPolicyViolationEventInit violationData; | 851 SecurityPolicyViolationEventInit violationData; |
862 gatherSecurityPolicyViolationEventData(violationData, document, directiveTex
t, effectiveDirective, blockedURL, header, redirectStatus, violationType, contex
tLine); | 852 gatherSecurityPolicyViolationEventData(violationData, document, directiveTex
t, effectiveDirective, blockedURL, header, redirectStatus, violationType, contex
tLine); |
863 | 853 |
(...skipping 254 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1118 { | 1108 { |
1119 // Collisions have no security impact, so we can save space by storing only
the string's hash rather than the whole report. | 1109 // Collisions have no security impact, so we can save space by storing only
the string's hash rather than the whole report. |
1120 return !m_violationReportsSent.contains(report.impl()->hash()); | 1110 return !m_violationReportsSent.contains(report.impl()->hash()); |
1121 } | 1111 } |
1122 | 1112 |
1123 void ContentSecurityPolicy::didSendViolationReport(const String& report) | 1113 void ContentSecurityPolicy::didSendViolationReport(const String& report) |
1124 { | 1114 { |
1125 m_violationReportsSent.add(report.impl()->hash()); | 1115 m_violationReportsSent.add(report.impl()->hash()); |
1126 } | 1116 } |
1127 | 1117 |
| 1118 bool ContentSecurityPolicy::coversReportEndpoint(const String& reportEndpointToV
erify) |
| 1119 { |
| 1120 for (const auto& policyList : m_policies) { |
| 1121 for (const String& actualReportEndpoint : policyList->reportEndpoints())
{ |
| 1122 if (actualReportEndpoint == reportEndpointToVerify) |
| 1123 return true; |
| 1124 } |
| 1125 } |
| 1126 return false; |
| 1127 } |
| 1128 |
1128 } // namespace blink | 1129 } // namespace blink |
OLD | NEW |