| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2011 Google, Inc. All rights reserved. | 2 * Copyright (C) 2011 Google, Inc. All rights reserved. |
| 3 * | 3 * |
| 4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
| 5 * modification, are permitted provided that the following conditions | 5 * modification, are permitted provided that the following conditions |
| 6 * are met: | 6 * are met: |
| 7 * 1. Redistributions of source code must retain the above copyright | 7 * 1. Redistributions of source code must retain the above copyright |
| 8 * notice, this list of conditions and the following disclaimer. | 8 * notice, this list of conditions and the following disclaimer. |
| 9 * 2. Redistributions in binary form must reproduce the above copyright | 9 * 2. Redistributions in binary form must reproduce the above copyright |
| 10 * notice, this list of conditions and the following disclaimer in the | 10 * notice, this list of conditions and the following disclaimer in the |
| (...skipping 823 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 834 KURL source = KURL(ParsedURLString, location->url()); | 834 KURL source = KURL(ParsedURLString, location->url()); |
| 835 init.setSourceFile(stripURLForUseInReport(document, source, redirectStat
us)); | 835 init.setSourceFile(stripURLForUseInReport(document, source, redirectStat
us)); |
| 836 init.setLineNumber(location->lineNumber()); | 836 init.setLineNumber(location->lineNumber()); |
| 837 init.setColumnNumber(location->columnNumber()); | 837 init.setColumnNumber(location->columnNumber()); |
| 838 } | 838 } |
| 839 } | 839 } |
| 840 | 840 |
| 841 void ContentSecurityPolicy::reportViolation(const String& directiveText, const S
tring& effectiveDirective, const String& consoleMessage, const KURL& blockedURL,
const Vector<String>& reportEndpoints, const String& header, ViolationType viol
ationType, LocalFrame* contextFrame, RedirectStatus redirectStatus, int contextL
ine) | 841 void ContentSecurityPolicy::reportViolation(const String& directiveText, const S
tring& effectiveDirective, const String& consoleMessage, const KURL& blockedURL,
const Vector<String>& reportEndpoints, const String& header, ViolationType viol
ationType, LocalFrame* contextFrame, RedirectStatus redirectStatus, int contextL
ine) |
| 842 { | 842 { |
| 843 ASSERT(violationType == URLViolation || blockedURL.isEmpty()); | 843 ASSERT(violationType == URLViolation || blockedURL.isEmpty()); |
| 844 | |
| 845 // TODO(lukasza): Support sending reports from OOPIFs - https://crbug.com/61
1232 | |
| 846 // (or move CSP child-src and frame-src checks to the browser process - see | |
| 847 // https://crbug.com/376522). | |
| 848 if (!m_executionContext && !contextFrame) { | |
| 849 DCHECK(equalIgnoringCase(effectiveDirective, ContentSecurityPolicy::Chil
dSrc) | |
| 850 || equalIgnoringCase(effectiveDirective, ContentSecurityPolicy::Fram
eSrc)); | |
| 851 return; | |
| 852 } | |
| 853 | |
| 854 ASSERT((m_executionContext && !contextFrame) || (equalIgnoringCase(effective
Directive, ContentSecurityPolicy::FrameAncestors) && contextFrame)); | 844 ASSERT((m_executionContext && !contextFrame) || (equalIgnoringCase(effective
Directive, ContentSecurityPolicy::FrameAncestors) && contextFrame)); |
| 855 | 845 |
| 856 // FIXME: Support sending reports from worker. | 846 // FIXME: Support sending reports from worker. |
| 857 Document* document = contextFrame ? contextFrame->document() : this->documen
t(); | 847 Document* document = contextFrame ? contextFrame->document() : this->documen
t(); |
| 858 if (!document) | 848 if (!document) |
| 859 return; | 849 return; |
| 860 | 850 |
| 861 SecurityPolicyViolationEventInit violationData; | 851 SecurityPolicyViolationEventInit violationData; |
| 862 gatherSecurityPolicyViolationEventData(violationData, document, directiveTex
t, effectiveDirective, blockedURL, header, redirectStatus, violationType, contex
tLine); | 852 gatherSecurityPolicyViolationEventData(violationData, document, directiveTex
t, effectiveDirective, blockedURL, header, redirectStatus, violationType, contex
tLine); |
| 863 | 853 |
| (...skipping 254 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1118 { | 1108 { |
| 1119 // Collisions have no security impact, so we can save space by storing only
the string's hash rather than the whole report. | 1109 // Collisions have no security impact, so we can save space by storing only
the string's hash rather than the whole report. |
| 1120 return !m_violationReportsSent.contains(report.impl()->hash()); | 1110 return !m_violationReportsSent.contains(report.impl()->hash()); |
| 1121 } | 1111 } |
| 1122 | 1112 |
| 1123 void ContentSecurityPolicy::didSendViolationReport(const String& report) | 1113 void ContentSecurityPolicy::didSendViolationReport(const String& report) |
| 1124 { | 1114 { |
| 1125 m_violationReportsSent.add(report.impl()->hash()); | 1115 m_violationReportsSent.add(report.impl()->hash()); |
| 1126 } | 1116 } |
| 1127 | 1117 |
| 1118 bool ContentSecurityPolicy::coversReportEndpoint(const String& reportEndpointToV
erify) |
| 1119 { |
| 1120 for (const auto& policyList : m_policies) { |
| 1121 for (const String& actualReportEndpoint : policyList->reportEndpoints())
{ |
| 1122 if (actualReportEndpoint == reportEndpointToVerify) |
| 1123 return true; |
| 1124 } |
| 1125 } |
| 1126 return false; |
| 1127 } |
| 1128 |
| 1128 } // namespace blink | 1129 } // namespace blink |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2190183002:
Forward CSP violation reporting from RenderFrameProxy to RenderFrameImpl.
Base URL: https://chromium.googlesource.com/chromium/src.git@master