Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(62)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: Source/core/frame/csp/CSPDirectiveList.cpp

Issue 220343005: CSP: Ship hash and nonce expressions, and the 'frame-ancestors' directive. (Closed) Base URL: svn://svn.chromium.org/blink/trunk
Patch Set: Created 6 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « no previous file | Source/core/frame/csp/CSPSourceList.cpp » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "config.h" 5 #include "config.h"
6 #include "core/frame/csp/CSPDirectiveList.h" 6 #include "core/frame/csp/CSPDirectiveList.h"
7 7
8 #include "core/frame/LocalFrame.h" 8 #include "core/frame/LocalFrame.h"
9 #include "platform/ParsingUtilities.h" 9 #include "platform/ParsingUtilities.h"
10 #include "platform/weborigin/KURL.h" 10 #include "platform/weborigin/KURL.h"
(...skipping 617 matching lines...) Expand 10 before | Expand all | Expand 10 after
628 { 628 {
629 ASSERT(!name.isEmpty()); 629 ASSERT(!name.isEmpty());
630 630
631 if (equalIgnoringCase(name, ContentSecurityPolicy::DefaultSrc)) { 631 if (equalIgnoringCase(name, ContentSecurityPolicy::DefaultSrc)) {
632 setCSPDirective<SourceListDirective>(name, value, m_defaultSrc); 632 setCSPDirective<SourceListDirective>(name, value, m_defaultSrc);
633 } else if (equalIgnoringCase(name, ContentSecurityPolicy::ScriptSrc)) { 633 } else if (equalIgnoringCase(name, ContentSecurityPolicy::ScriptSrc)) {
634 setCSPDirective<SourceListDirective>(name, value, m_scriptSrc); 634 setCSPDirective<SourceListDirective>(name, value, m_scriptSrc);
635 m_policy->usesScriptHashAlgorithms(m_scriptSrc->hashAlgorithmsUsed()); 635 m_policy->usesScriptHashAlgorithms(m_scriptSrc->hashAlgorithmsUsed());
636 } else if (equalIgnoringCase(name, ContentSecurityPolicy::ObjectSrc)) { 636 } else if (equalIgnoringCase(name, ContentSecurityPolicy::ObjectSrc)) {
637 setCSPDirective<SourceListDirective>(name, value, m_objectSrc); 637 setCSPDirective<SourceListDirective>(name, value, m_objectSrc);
638 } else if (equalIgnoringCase(name, ContentSecurityPolicy::FrameAncestors)) {
639 setCSPDirective<SourceListDirective>(name, value, m_frameAncestors);
638 } else if (equalIgnoringCase(name, ContentSecurityPolicy::FrameSrc)) { 640 } else if (equalIgnoringCase(name, ContentSecurityPolicy::FrameSrc)) {
639 setCSPDirective<SourceListDirective>(name, value, m_frameSrc); 641 setCSPDirective<SourceListDirective>(name, value, m_frameSrc);
640 } else if (equalIgnoringCase(name, ContentSecurityPolicy::ImgSrc)) { 642 } else if (equalIgnoringCase(name, ContentSecurityPolicy::ImgSrc)) {
641 setCSPDirective<SourceListDirective>(name, value, m_imgSrc); 643 setCSPDirective<SourceListDirective>(name, value, m_imgSrc);
642 } else if (equalIgnoringCase(name, ContentSecurityPolicy::StyleSrc)) { 644 } else if (equalIgnoringCase(name, ContentSecurityPolicy::StyleSrc)) {
643 setCSPDirective<SourceListDirective>(name, value, m_styleSrc); 645 setCSPDirective<SourceListDirective>(name, value, m_styleSrc);
644 m_policy->usesStyleHashAlgorithms(m_styleSrc->hashAlgorithmsUsed()); 646 m_policy->usesStyleHashAlgorithms(m_styleSrc->hashAlgorithmsUsed());
645 } else if (equalIgnoringCase(name, ContentSecurityPolicy::FontSrc)) { 647 } else if (equalIgnoringCase(name, ContentSecurityPolicy::FontSrc)) {
646 setCSPDirective<SourceListDirective>(name, value, m_fontSrc); 648 setCSPDirective<SourceListDirective>(name, value, m_fontSrc);
647 } else if (equalIgnoringCase(name, ContentSecurityPolicy::MediaSrc)) { 649 } else if (equalIgnoringCase(name, ContentSecurityPolicy::MediaSrc)) {
648 setCSPDirective<SourceListDirective>(name, value, m_mediaSrc); 650 setCSPDirective<SourceListDirective>(name, value, m_mediaSrc);
649 } else if (equalIgnoringCase(name, ContentSecurityPolicy::ConnectSrc)) { 651 } else if (equalIgnoringCase(name, ContentSecurityPolicy::ConnectSrc)) {
650 setCSPDirective<SourceListDirective>(name, value, m_connectSrc); 652 setCSPDirective<SourceListDirective>(name, value, m_connectSrc);
651 } else if (equalIgnoringCase(name, ContentSecurityPolicy::Sandbox)) { 653 } else if (equalIgnoringCase(name, ContentSecurityPolicy::Sandbox)) {
652 applySandboxPolicy(name, value); 654 applySandboxPolicy(name, value);
653 } else if (equalIgnoringCase(name, ContentSecurityPolicy::ReportURI)) { 655 } else if (equalIgnoringCase(name, ContentSecurityPolicy::ReportURI)) {
654 parseReportURI(name, value); 656 parseReportURI(name, value);
655 } else if (m_policy->experimentalFeaturesEnabled()) { 657 } else if (m_policy->experimentalFeaturesEnabled()) {
656 if (equalIgnoringCase(name, ContentSecurityPolicy::BaseURI)) 658 if (equalIgnoringCase(name, ContentSecurityPolicy::BaseURI))
657 setCSPDirective<SourceListDirective>(name, value, m_baseURI); 659 setCSPDirective<SourceListDirective>(name, value, m_baseURI);
658 else if (equalIgnoringCase(name, ContentSecurityPolicy::ChildSrc)) 660 else if (equalIgnoringCase(name, ContentSecurityPolicy::ChildSrc))
659 setCSPDirective<SourceListDirective>(name, value, m_childSrc); 661 setCSPDirective<SourceListDirective>(name, value, m_childSrc);
660 else if (equalIgnoringCase(name, ContentSecurityPolicy::FormAction)) 662 else if (equalIgnoringCase(name, ContentSecurityPolicy::FormAction))
661 setCSPDirective<SourceListDirective>(name, value, m_formAction); 663 setCSPDirective<SourceListDirective>(name, value, m_formAction);
662 else if (equalIgnoringCase(name, ContentSecurityPolicy::FrameAncestors))
663 setCSPDirective<SourceListDirective>(name, value, m_frameAncestors);
664 else if (equalIgnoringCase(name, ContentSecurityPolicy::PluginTypes)) 664 else if (equalIgnoringCase(name, ContentSecurityPolicy::PluginTypes))
665 setCSPDirective<MediaListDirective>(name, value, m_pluginTypes); 665 setCSPDirective<MediaListDirective>(name, value, m_pluginTypes);
666 else if (equalIgnoringCase(name, ContentSecurityPolicy::ReflectedXSS)) 666 else if (equalIgnoringCase(name, ContentSecurityPolicy::ReflectedXSS))
667 parseReflectedXSS(name, value); 667 parseReflectedXSS(name, value);
668 else if (equalIgnoringCase(name, ContentSecurityPolicy::Referrer)) 668 else if (equalIgnoringCase(name, ContentSecurityPolicy::Referrer))
669 parseReferrer(name, value); 669 parseReferrer(name, value);
670 else 670 else
671 m_policy->reportUnsupportedDirective(name); 671 m_policy->reportUnsupportedDirective(name);
672 } else { 672 } else {
673 m_policy->reportUnsupportedDirective(name); 673 m_policy->reportUnsupportedDirective(name);
674 } 674 }
675 } 675 }
676 676
677 677
678 } // namespace WebCore 678 } // namespace WebCore
679 679
OLDNEW
« no previous file with comments | « no previous file | Source/core/frame/csp/CSPSourceList.cpp » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698