Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(96)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: third_party/WebKit/Source/web/WebLocalFrameImpl.cpp

Issue 2190183002: Forward CSP violation reporting from RenderFrameProxy to RenderFrameImpl. Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Remove no longer applicable TODO and early exit from reportViolation method. Created 4 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« third_party/WebKit/Source/core/frame/csp/RemoteContentSecurityPolicy.h ('K') | « third_party/WebKit/Source/web/WebLocalFrameImpl.h ('k') | third_party/WebKit/public/web/WebContentSecurityPolicy.h » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: third_party/WebKit/Source/web/WebLocalFrameImpl.cpp
diff --git a/third_party/WebKit/Source/web/WebLocalFrameImpl.cpp b/third_party/WebKit/Source/web/WebLocalFrameImpl.cpp
index 6fc3d8e910afe2a966227225e9592acd23fa483b..21232330efa6b513f3b2a3c55fbe32956dc8869c 100644
--- a/third_party/WebKit/Source/web/WebLocalFrameImpl.cpp
+++ b/third_party/WebKit/Source/web/WebLocalFrameImpl.cpp
@@ -2160,4 +2160,41 @@ void WebLocalFrameImpl::clearActiveFindMatch()
ensureTextFinder().clearActiveFindMatch();
}
+void WebLocalFrameImpl::reportContentSecurityPolicyViolation(
+ const WebString& directiveText,
+ const WebString& effectiveDirective,
+ const WebString& consoleMessage,
+ const WebURL& blockedURL,
+ const WebVector<WebString>& reportEndpoints,
+ const WebString& header,
+ WebContentSecurityPolicyViolationType violationType,
+ bool followedRedirect)
+{
+ Vector<String> coreReportEndpoints;
+ coreReportEndpoints.reserveInitialCapacity(reportEndpoints.size());
+ for (const WebString& reportEndpoint : reportEndpoints)
+ coreReportEndpoints.append(reportEndpoint);
+
+ auto redirectStatus = followedRedirect
+ ? ResourceRequest::RedirectStatus::FollowedRedirect
+ : ResourceRequest::RedirectStatus::NoRedirect;
+
+ ContentSecurityPolicy* policy = m_frame->securityContext()->contentSecurityPolicy();
+ policy->logToConsole(ConsoleMessage::create(
+ SecurityMessageSource,
+ ErrorMessageLevel,
+ consoleMessage));
+ policy->reportViolation(
+ directiveText,
+ effectiveDirective,
+ consoleMessage,
+ blockedURL,
+ coreReportEndpoints,
+ header,
+ static_cast<ContentSecurityPolicy::ViolationType>(violationType),
+ nullptr, // contextFrame
alexmos 2016/08/09 18:01:20 Looking at when reportViolation uses |contextFrame
Łukasz Anforowicz 2016/08/09 22:23:20 I am not sure. I don't think so. I am not sure h
alexmos 2016/08/10 20:34:33 Acknowledged.
+ redirectStatus,
+ 0); // contextLine
alexmos 2016/08/09 18:01:20 nit: maybe a comment explaining why we don't have/
Łukasz Anforowicz 2016/08/09 22:23:20 Done.
+}
+
} // namespace blink
« third_party/WebKit/Source/core/frame/csp/RemoteContentSecurityPolicy.h ('K') | « third_party/WebKit/Source/web/WebLocalFrameImpl.h ('k') | third_party/WebKit/public/web/WebContentSecurityPolicy.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698