OLD | NEW |
1 /* | 1 /* |
2 * Copyright (C) 2009 Google Inc. All rights reserved. | 2 * Copyright (C) 2009 Google Inc. All rights reserved. |
3 * | 3 * |
4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
5 * modification, are permitted provided that the following conditions are | 5 * modification, are permitted provided that the following conditions are |
6 * met: | 6 * met: |
7 * | 7 * |
8 * * Redistributions of source code must retain the above copyright | 8 * * Redistributions of source code must retain the above copyright |
9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
10 * * Redistributions in binary form must reproduce the above | 10 * * Redistributions in binary form must reproduce the above |
(...skipping 2228 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2239 } else if (metric == "npnNegotiatedProtocol") { | 2239 } else if (metric == "npnNegotiatedProtocol") { |
2240 feature = UseCounter::ChromeLoadTimesNpnNegotiatedProtocol; | 2240 feature = UseCounter::ChromeLoadTimesNpnNegotiatedProtocol; |
2241 } else if (metric == "wasAlternateProtocolAvailable") { | 2241 } else if (metric == "wasAlternateProtocolAvailable") { |
2242 feature = UseCounter::ChromeLoadTimesWasAlternateProtocolAvailable; | 2242 feature = UseCounter::ChromeLoadTimesWasAlternateProtocolAvailable; |
2243 } else if (metric == "connectionInfo") { | 2243 } else if (metric == "connectionInfo") { |
2244 feature = UseCounter::ChromeLoadTimesConnectionInfo; | 2244 feature = UseCounter::ChromeLoadTimesConnectionInfo; |
2245 } | 2245 } |
2246 UseCounter::count(frame(), feature); | 2246 UseCounter::count(frame(), feature); |
2247 } | 2247 } |
2248 | 2248 |
| 2249 void WebLocalFrameImpl::reportContentSecurityPolicyViolation( |
| 2250 const WebString& directiveText, |
| 2251 const WebString& effectiveDirective, |
| 2252 const WebString& consoleMessage, |
| 2253 const WebURL& blockedURL, |
| 2254 const WebVector<WebString>& reportEndpoints, |
| 2255 const WebString& header, |
| 2256 WebContentSecurityPolicyViolationType violationType, |
| 2257 bool followedRedirect) |
| 2258 { |
| 2259 ContentSecurityPolicy* policy = m_frame->securityContext()->contentSecurityP
olicy(); |
| 2260 |
| 2261 Vector<String> coreReportEndpoints; |
| 2262 coreReportEndpoints.reserveInitialCapacity(reportEndpoints.size()); |
| 2263 for (const WebString& reportEndpoint : reportEndpoints) { |
| 2264 // |reportEndpoints| comes from another renderer process - restrict it |
| 2265 // to endpoints actually covered by our Content Security Policy. |
| 2266 if (policy->coversReportEndpoint(reportEndpoint)) |
| 2267 coreReportEndpoints.append(reportEndpoint); |
| 2268 } |
| 2269 |
| 2270 auto redirectStatus = followedRedirect |
| 2271 ? ResourceRequest::RedirectStatus::FollowedRedirect |
| 2272 : ResourceRequest::RedirectStatus::NoRedirect; |
| 2273 |
| 2274 // This method has no |contextLine| parameter, because source information |
| 2275 // should not be disclosed cross-site and therefore caller of this method |
| 2276 // (by design) does not have access to the line number associated with this |
| 2277 // Content Security Policy violation. |
| 2278 int contextLine = 0; |
| 2279 |
| 2280 policy->logToConsole(ConsoleMessage::create( |
| 2281 SecurityMessageSource, |
| 2282 ErrorMessageLevel, |
| 2283 consoleMessage)); |
| 2284 policy->reportViolation( |
| 2285 directiveText, |
| 2286 effectiveDirective, |
| 2287 consoleMessage, |
| 2288 blockedURL, |
| 2289 coreReportEndpoints, |
| 2290 header, |
| 2291 static_cast<ContentSecurityPolicy::ViolationType>(violationType), |
| 2292 nullptr, // contextFrame |
| 2293 redirectStatus, |
| 2294 contextLine); |
| 2295 } |
| 2296 |
2249 } // namespace blink | 2297 } // namespace blink |
OLD | NEW |