third_party/WebKit/Source/core/dom/RemoteSecurityContext.cpp - Issue 2190183002: Forward CSP violation reporting from RenderFrameProxy to RenderFrameImpl.

Side by Side Diff: third_party/WebKit/Source/core/dom/RemoteSecurityContext.cpp

Issue 2190183002: Forward CSP violation reporting from RenderFrameProxy to RenderFrameImpl. Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Remove no longer applicable TODO and early exit from reportViolation method. Created 4 years, 4 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

« third_party/WebKit/Source/core/dom/RemoteSecurityContext.h ('K') | « third_party/WebKit/Source/core/dom/RemoteSecurityContext.h ('k') | third_party/WebKit/Source/core/frame/RemoteFrame.cpp » ('j') | third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
1 // Copyright 2014 The Chromium Authors. All rights reserved.	1 // Copyright 2014 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "core/dom/RemoteSecurityContext.h"	5 #include "core/dom/RemoteSecurityContext.h"

6	6

7 #include "core/frame/csp/ContentSecurityPolicy.h"	7 #include "core/frame/RemoteFrameClient.h"

	8 #include "core/frame/csp/RemoteContentSecurityPolicy.h"

8 #include "platform/weborigin/SecurityOrigin.h"	9 #include "platform/weborigin/SecurityOrigin.h"

9 #include "wtf/Assertions.h"	10 #include "wtf/Assertions.h"

10	11

11 namespace blink {	12 namespace blink {

12	13

13 RemoteSecurityContext::RemoteSecurityContext()	14 RemoteSecurityContext::RemoteSecurityContext(RemoteFrameClient* remoteFrameClien t)

14 : SecurityContext()	15 : SecurityContext()

	16 , m_remoteFrameClient(remoteFrameClient)

15 {	17 {

16 // RemoteSecurityContext's origin is expected to stay uninitialized until	18 // RemoteSecurityContext's origin is expected to stay uninitialized until

17 // we set it using replicated origin data from the browser process.	19 // we set it using replicated origin data from the browser process.

18 DCHECK(!getSecurityOrigin());	20 DCHECK(!getSecurityOrigin());

19	21

	22 // Caller needs to pass a non-null \|remoteFrameClient\|.

	23 DCHECK(remoteFrameClient);

	24

20 // Start with a clean slate.	25 // Start with a clean slate.

21 setContentSecurityPolicy(ContentSecurityPolicy::create());	26 setContentSecurityPolicy(RemoteContentSecurityPolicy::create(m_remoteFrameCl ient));

22	27

23 // FIXME: Document::initSecurityContext has a few other things we may	28 // FIXME: Document::initSecurityContext has a few other things we may

24 // eventually want here, such as enforcing a setting to	29 // eventually want here, such as enforcing a setting to

25 // grantUniversalAccess().	30 // grantUniversalAccess().

26 }	31 }

27	32

28 RemoteSecurityContext* RemoteSecurityContext::create()	33 RemoteSecurityContext* RemoteSecurityContext::create(RemoteFrameClient* remoteFr ameClient)

29 {	34 {

30 return new RemoteSecurityContext();	35 return new RemoteSecurityContext(remoteFrameClient);

31 }	36 }

32	37

33 DEFINE_TRACE(RemoteSecurityContext)	38 DEFINE_TRACE(RemoteSecurityContext)

34 {	39 {

	40 visitor->trace(m_remoteFrameClient);

35 SecurityContext::trace(visitor);	41 SecurityContext::trace(visitor);

36 }	42 }

37	43

38 void RemoteSecurityContext::setReplicatedOrigin(PassRefPtr<SecurityOrigin> origi n)	44 void RemoteSecurityContext::setReplicatedOrigin(PassRefPtr<SecurityOrigin> origi n)

39 {	45 {

40 DCHECK(origin);	46 DCHECK(origin);

41 setSecurityOrigin(origin);	47 setSecurityOrigin(origin);

42 contentSecurityPolicy()->setupSelf(*getSecurityOrigin());	48 contentSecurityPolicy()->setupSelf(*getSecurityOrigin());

43 }	49 }

44	50

45 void RemoteSecurityContext::resetReplicatedContentSecurityPolicy()	51 void RemoteSecurityContext::resetReplicatedContentSecurityPolicy()

46 {	52 {

47 DCHECK(getSecurityOrigin());	53 DCHECK(getSecurityOrigin());

48 setContentSecurityPolicy(ContentSecurityPolicy::create());	54 setContentSecurityPolicy(RemoteContentSecurityPolicy::create(m_remoteFrameCl ient));
	alexmos 2016/08/09 18:01:19 It's unfortunate that we need to store m_remoteFra It's unfortunate that we need to store m_remoteFrameClient here in addition to remote CSP just for this, but the alternatives I'm thinking about are probably worse, so this seems fine. :) Łukasz Anforowicz 2016/08/09 22:23:20 Acknowledged. Show quoted text On 2016/08/09 18:01:19, alexmos wrote: > It's unfortunate that we need to store m_remoteFrameClient here in addition to > remote CSP just for this, but the alternatives I'm thinking about are probably > worse, so this seems fine. :) Acknowledged.
49 contentSecurityPolicy()->setupSelf(*getSecurityOrigin());	55 contentSecurityPolicy()->setupSelf(*getSecurityOrigin());

50 }	56 }

51	57

52 } // namespace blink	58 } // namespace blink

OLD	NEW