OOPIF support for 'plugin-types' Content Security Policy.

third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp

 /*
  * Copyright (C) 2011 Google, Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
@@ skipping 523 matching lines @@
 {
     if (document.contentSecurityPolicy() && !document.contentSecurityPolicy()->allowPluginType(type, typeAttribute, url))
         return false;
 
     // CSP says that a plugin document in a nested browsing context should
     // inherit the plugin-types of its parent.
     //
     // FIXME: The plugin-types directive should be pushed down into the
     // current document instead of reaching up to the parent for it here.
     LocalFrame* frame = document.frame();
-    if (frame && frame->tree().parent() && frame->tree().parent()->isLocalFrame() && document.isPluginDocument()) {
-        ContentSecurityPolicy* parentCSP = toLocalFrame(frame->tree().parent())->document()->contentSecurityPolicy();
+    if (frame && frame->tree().parent() && document.isPluginDocument()) {
+        ContentSecurityPolicy* parentCSP =
+            frame->tree().parent()->securityContext()->contentSecurityPolicy();
         if (parentCSP && !parentCSP->allowPluginType(type, typeAttribute, url))
             return false;
     }
 
     return true;
 }
 
 bool ContentSecurityPolicy::allowScriptFromSource(const KURL& url, const String& nonce, RedirectStatus redirectStatus, ContentSecurityPolicy::ReportingStatus reportingStatus) const
 {
     return isAllowedByAllWithURLWithNonce<&CSPDirectiveList::allowScriptFromSource>(m_policies, url, nonce, redirectStatus, reportingStatus);
@@ skipping 284 matching lines @@
 
 void ContentSecurityPolicy::reportViolation(const String& directiveText, const String& effectiveDirective, const String& consoleMessage, const KURL& blockedURL, const Vector<String>& reportEndpoints, const String& header, ViolationType violationType, LocalFrame* contextFrame, RedirectStatus redirectStatus, int contextLine)
 {
     ASSERT(violationType == URLViolation || blockedURL.isEmpty());
 
     // TODO(lukasza): Support sending reports from OOPIFs - https://crbug.com/611232
     // (or move CSP child-src and frame-src checks to the browser process - see
     // https://crbug.com/376522).
     if (!m_executionContext && !contextFrame) {
         DCHECK(equalIgnoringCase(effectiveDirective, ContentSecurityPolicy::ChildSrc)
-            || equalIgnoringCase(effectiveDirective, ContentSecurityPolicy::FrameSrc));
+            || equalIgnoringCase(effectiveDirective, ContentSecurityPolicy::FrameSrc)
+            || equalIgnoringCase(effectiveDirective, ContentSecurityPolicy::PluginTypes));
         return;
     }
 
     ASSERT((m_executionContext && !contextFrame) || (equalIgnoringCase(effectiveDirective, ContentSecurityPolicy::FrameAncestors) && contextFrame));
 
     // FIXME: Support sending reports from worker.
     Document* document = contextFrame ? contextFrame->document() : this->document();
     if (!document)
         return;
 
@@ skipping 258 matching lines @@
     // Collisions have no security impact, so we can save space by storing only the string's hash rather than the whole report.
     return !m_violationReportsSent.contains(report.impl()->hash());
 }
 
 void ContentSecurityPolicy::didSendViolationReport(const String& report)
 {
     m_violationReportsSent.add(report.impl()->hash());
 }
 
 } // namespace blink