| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2011 Google, Inc. All rights reserved. | 2 * Copyright (C) 2011 Google, Inc. All rights reserved. |
| 3 * | 3 * |
| 4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
| 5 * modification, are permitted provided that the following conditions | 5 * modification, are permitted provided that the following conditions |
| 6 * are met: | 6 * are met: |
| 7 * 1. Redistributions of source code must retain the above copyright | 7 * 1. Redistributions of source code must retain the above copyright |
| 8 * notice, this list of conditions and the following disclaimer. | 8 * notice, this list of conditions and the following disclaimer. |
| 9 * 2. Redistributions in binary form must reproduce the above copyright | 9 * 2. Redistributions in binary form must reproduce the above copyright |
| 10 * notice, this list of conditions and the following disclaimer in the | 10 * notice, this list of conditions and the following disclaimer in the |
| (...skipping 819 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 830 if (canSafelyExposeURL) { | 830 if (canSafelyExposeURL) { |
| 831 // 'KURL::strippedForUseAsReferrer()' dumps 'String()' for non-webby URL
s. | 831 // 'KURL::strippedForUseAsReferrer()' dumps 'String()' for non-webby URL
s. |
| 832 // It's better for developers if we return the origin of those URLs rath
er | 832 // It's better for developers if we return the origin of those URLs rath
er |
| 833 // than nothing. | 833 // than nothing. |
| 834 if (url.protocolIsInHTTPFamily()) | 834 if (url.protocolIsInHTTPFamily()) |
| 835 return url.strippedForUseAsReferrer(); | 835 return url.strippedForUseAsReferrer(); |
| 836 } | 836 } |
| 837 return SecurityOrigin::create(url)->toString(); | 837 return SecurityOrigin::create(url)->toString(); |
| 838 } | 838 } |
| 839 | 839 |
| 840 static void gatherSecurityPolicyViolationEventData(SecurityPolicyViolationEventI
nit& init, Document* document, const String& directiveText, const String& effect
iveDirective, const KURL& blockedURL, const String& header, RedirectStatus redir
ectStatus, ContentSecurityPolicy::ViolationType violationType, int contextLine) | 840 static void gatherSecurityPolicyViolationEventData(SecurityPolicyViolationEventI
nit& init, Document* document, const String& directiveText, const String& effect
iveDirective, const KURL& blockedURL, const String& header, RedirectStatus redir
ectStatus, ContentSecurityPolicyHeaderType headerType, ContentSecurityPolicy::Vi
olationType violationType, int contextLine) |
| 841 { | 841 { |
| 842 if (equalIgnoringCase(effectiveDirective, ContentSecurityPolicy::FrameAncest
ors)) { | 842 if (equalIgnoringCase(effectiveDirective, ContentSecurityPolicy::FrameAncest
ors)) { |
| 843 // If this load was blocked via 'frame-ancestors', then the URL of |docu
ment| has not yet | 843 // If this load was blocked via 'frame-ancestors', then the URL of |docu
ment| has not yet |
| 844 // been initialized. In this case, we'll set both 'documentURI' and 'blo
ckedURI' to the | 844 // been initialized. In this case, we'll set both 'documentURI' and 'blo
ckedURI' to the |
| 845 // blocked document's URL. | 845 // blocked document's URL. |
| 846 init.setDocumentURI(blockedURL.getString()); | 846 init.setDocumentURI(blockedURL.getString()); |
| 847 init.setBlockedURI(blockedURL.getString()); | 847 init.setBlockedURI(blockedURL.getString()); |
| 848 } else { | 848 } else { |
| 849 init.setDocumentURI(document->url().getString()); | 849 init.setDocumentURI(document->url().getString()); |
| 850 switch (violationType) { | 850 switch (violationType) { |
| 851 case ContentSecurityPolicy::InlineViolation: | 851 case ContentSecurityPolicy::InlineViolation: |
| 852 init.setBlockedURI("inline"); | 852 init.setBlockedURI("inline"); |
| 853 break; | 853 break; |
| 854 case ContentSecurityPolicy::EvalViolation: | 854 case ContentSecurityPolicy::EvalViolation: |
| 855 init.setBlockedURI("eval"); | 855 init.setBlockedURI("eval"); |
| 856 break; | 856 break; |
| 857 case ContentSecurityPolicy::URLViolation: | 857 case ContentSecurityPolicy::URLViolation: |
| 858 init.setBlockedURI(stripURLForUseInReport(document, blockedURL, redi
rectStatus, effectiveDirective)); | 858 init.setBlockedURI(stripURLForUseInReport(document, blockedURL, redi
rectStatus, effectiveDirective)); |
| 859 break; | 859 break; |
| 860 } | 860 } |
| 861 } | 861 } |
| 862 init.setReferrer(document->referrer()); | 862 init.setReferrer(document->referrer()); |
| 863 init.setViolatedDirective(directiveText); | 863 init.setViolatedDirective(directiveText); |
| 864 init.setEffectiveDirective(effectiveDirective); | 864 init.setEffectiveDirective(effectiveDirective); |
| 865 init.setOriginalPolicy(header); | 865 init.setOriginalPolicy(header); |
| 866 init.setDisposition(headerType == ContentSecurityPolicyHeaderTypeEnforce ? "
enforce" : "report"); |
| 866 init.setSourceFile(String()); | 867 init.setSourceFile(String()); |
| 867 init.setLineNumber(contextLine); | 868 init.setLineNumber(contextLine); |
| 868 init.setColumnNumber(0); | 869 init.setColumnNumber(0); |
| 869 init.setStatusCode(0); | 870 init.setStatusCode(0); |
| 870 | 871 |
| 871 if (!SecurityOrigin::isSecure(document->url()) && document->loader()) | 872 if (!SecurityOrigin::isSecure(document->url()) && document->loader()) |
| 872 init.setStatusCode(document->loader()->response().httpStatusCode()); | 873 init.setStatusCode(document->loader()->response().httpStatusCode()); |
| 873 | 874 |
| 874 std::unique_ptr<SourceLocation> location = SourceLocation::capture(document)
; | 875 std::unique_ptr<SourceLocation> location = SourceLocation::capture(document)
; |
| 875 if (location->lineNumber()) { | 876 if (location->lineNumber()) { |
| 876 KURL source = KURL(ParsedURLString, location->url()); | 877 KURL source = KURL(ParsedURLString, location->url()); |
| 877 init.setSourceFile(stripURLForUseInReport(document, source, redirectStat
us, effectiveDirective)); | 878 init.setSourceFile(stripURLForUseInReport(document, source, redirectStat
us, effectiveDirective)); |
| 878 init.setLineNumber(location->lineNumber()); | 879 init.setLineNumber(location->lineNumber()); |
| 879 init.setColumnNumber(location->columnNumber()); | 880 init.setColumnNumber(location->columnNumber()); |
| 880 } | 881 } |
| 881 } | 882 } |
| 882 | 883 |
| 883 void ContentSecurityPolicy::reportViolation(const String& directiveText, const S
tring& effectiveDirective, const String& consoleMessage, const KURL& blockedURL,
const Vector<String>& reportEndpoints, const String& header, ViolationType viol
ationType, LocalFrame* contextFrame, RedirectStatus redirectStatus, int contextL
ine) | 884 void ContentSecurityPolicy::reportViolation(const String& directiveText, const S
tring& effectiveDirective, const String& consoleMessage, const KURL& blockedURL,
const Vector<String>& reportEndpoints, const String& header, ContentSecurityPol
icyHeaderType headerType, ViolationType violationType, LocalFrame* contextFrame,
RedirectStatus redirectStatus, int contextLine) |
| 884 { | 885 { |
| 885 ASSERT(violationType == URLViolation || blockedURL.isEmpty()); | 886 ASSERT(violationType == URLViolation || blockedURL.isEmpty()); |
| 886 | 887 |
| 887 // TODO(lukasza): Support sending reports from OOPIFs - https://crbug.com/61
1232 | 888 // TODO(lukasza): Support sending reports from OOPIFs - https://crbug.com/61
1232 |
| 888 // (or move CSP child-src and frame-src checks to the browser process - see | 889 // (or move CSP child-src and frame-src checks to the browser process - see |
| 889 // https://crbug.com/376522). | 890 // https://crbug.com/376522). |
| 890 if (!m_executionContext && !contextFrame) { | 891 if (!m_executionContext && !contextFrame) { |
| 891 DCHECK(equalIgnoringCase(effectiveDirective, ContentSecurityPolicy::Chil
dSrc) | 892 DCHECK(equalIgnoringCase(effectiveDirective, ContentSecurityPolicy::Chil
dSrc) |
| 892 || equalIgnoringCase(effectiveDirective, ContentSecurityPolicy::Fram
eSrc) | 893 || equalIgnoringCase(effectiveDirective, ContentSecurityPolicy::Fram
eSrc) |
| 893 || equalIgnoringCase(effectiveDirective, ContentSecurityPolicy::Plug
inTypes)); | 894 || equalIgnoringCase(effectiveDirective, ContentSecurityPolicy::Plug
inTypes)); |
| 894 return; | 895 return; |
| 895 } | 896 } |
| 896 | 897 |
| 897 ASSERT((m_executionContext && !contextFrame) || (equalIgnoringCase(effective
Directive, ContentSecurityPolicy::FrameAncestors) && contextFrame)); | 898 ASSERT((m_executionContext && !contextFrame) || (equalIgnoringCase(effective
Directive, ContentSecurityPolicy::FrameAncestors) && contextFrame)); |
| 898 | 899 |
| 899 // FIXME: Support sending reports from worker. | 900 // FIXME: Support sending reports from worker. |
| 900 Document* document = contextFrame ? contextFrame->document() : this->documen
t(); | 901 Document* document = contextFrame ? contextFrame->document() : this->documen
t(); |
| 901 if (!document) | 902 if (!document) |
| 902 return; | 903 return; |
| 903 | 904 |
| 904 SecurityPolicyViolationEventInit violationData; | 905 SecurityPolicyViolationEventInit violationData; |
| 905 gatherSecurityPolicyViolationEventData(violationData, document, directiveTex
t, effectiveDirective, blockedURL, header, redirectStatus, violationType, contex
tLine); | 906 gatherSecurityPolicyViolationEventData(violationData, document, directiveTex
t, effectiveDirective, blockedURL, header, redirectStatus, headerType, violation
Type, contextLine); |
| 906 | 907 |
| 907 // TODO(mkwst): Obviously, we shouldn't hit this check, as extension-loaded | 908 // TODO(mkwst): Obviously, we shouldn't hit this check, as extension-loaded |
| 908 // resources should be allowed regardless. We apparently do, however, so | 909 // resources should be allowed regardless. We apparently do, however, so |
| 909 // we should at least stop spamming reporting endpoints. See | 910 // we should at least stop spamming reporting endpoints. See |
| 910 // https://crbug.com/524356 for detail. | 911 // https://crbug.com/524356 for detail. |
| 911 if (!violationData.sourceFile().isEmpty() && SchemeRegistry::schemeShouldByp
assContentSecurityPolicy(KURL(ParsedURLString, violationData.sourceFile()).proto
col())) | 912 if (!violationData.sourceFile().isEmpty() && SchemeRegistry::schemeShouldByp
assContentSecurityPolicy(KURL(ParsedURLString, violationData.sourceFile()).proto
col())) |
| 912 return; | 913 return; |
| 913 | 914 |
| 914 // We need to be careful here when deciding what information to send to the | 915 // We need to be careful here when deciding what information to send to the |
| 915 // report-uri. Currently, we send only the current document's URL and the | 916 // report-uri. Currently, we send only the current document's URL and the |
| 916 // directive that was violated. The document's URL is safe to send because | 917 // directive that was violated. The document's URL is safe to send because |
| 917 // it's the document itself that's requesting that it be sent. You could | 918 // it's the document itself that's requesting that it be sent. You could |
| 918 // make an argument that we shouldn't send HTTPS document URLs to HTTP | 919 // make an argument that we shouldn't send HTTPS document URLs to HTTP |
| 919 // report-uris (for the same reasons that we supress the Referer in that | 920 // report-uris (for the same reasons that we supress the Referer in that |
| 920 // case), but the Referer is sent implicitly whereas this request is only | 921 // case), but the Referer is sent implicitly whereas this request is only |
| 921 // sent explicitly. As for which directive was violated, that's pretty | 922 // sent explicitly. As for which directive was violated, that's pretty |
| 922 // harmless information. | 923 // harmless information. |
| 923 | 924 |
| 924 std::unique_ptr<JSONObject> cspReport = JSONObject::create(); | 925 std::unique_ptr<JSONObject> cspReport = JSONObject::create(); |
| 925 cspReport->setString("document-uri", violationData.documentURI()); | 926 cspReport->setString("document-uri", violationData.documentURI()); |
| 926 cspReport->setString("referrer", violationData.referrer()); | 927 cspReport->setString("referrer", violationData.referrer()); |
| 927 cspReport->setString("violated-directive", violationData.violatedDirective()
); | 928 cspReport->setString("violated-directive", violationData.violatedDirective()
); |
| 928 cspReport->setString("effective-directive", violationData.effectiveDirective
()); | 929 cspReport->setString("effective-directive", violationData.effectiveDirective
()); |
| 929 cspReport->setString("original-policy", violationData.originalPolicy()); | 930 cspReport->setString("original-policy", violationData.originalPolicy()); |
| 931 cspReport->setString("disposition", violationData.disposition()); |
| 930 cspReport->setString("blocked-uri", violationData.blockedURI()); | 932 cspReport->setString("blocked-uri", violationData.blockedURI()); |
| 931 if (violationData.lineNumber()) | 933 if (violationData.lineNumber()) |
| 932 cspReport->setInteger("line-number", violationData.lineNumber()); | 934 cspReport->setInteger("line-number", violationData.lineNumber()); |
| 933 if (violationData.columnNumber()) | 935 if (violationData.columnNumber()) |
| 934 cspReport->setInteger("column-number", violationData.columnNumber()); | 936 cspReport->setInteger("column-number", violationData.columnNumber()); |
| 935 if (!violationData.sourceFile().isEmpty()) | 937 if (!violationData.sourceFile().isEmpty()) |
| 936 cspReport->setString("source-file", violationData.sourceFile()); | 938 cspReport->setString("source-file", violationData.sourceFile()); |
| 937 cspReport->setInteger("status-code", violationData.statusCode()); | 939 cspReport->setInteger("status-code", violationData.statusCode()); |
| 938 | 940 |
| 939 std::unique_ptr<JSONObject> reportObject = JSONObject::create(); | 941 std::unique_ptr<JSONObject> reportObject = JSONObject::create(); |
| (...skipping 222 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1162 // Collisions have no security impact, so we can save space by storing only
the string's hash rather than the whole report. | 1164 // Collisions have no security impact, so we can save space by storing only
the string's hash rather than the whole report. |
| 1163 return !m_violationReportsSent.contains(report.impl()->hash()); | 1165 return !m_violationReportsSent.contains(report.impl()->hash()); |
| 1164 } | 1166 } |
| 1165 | 1167 |
| 1166 void ContentSecurityPolicy::didSendViolationReport(const String& report) | 1168 void ContentSecurityPolicy::didSendViolationReport(const String& report) |
| 1167 { | 1169 { |
| 1168 m_violationReportsSent.add(report.impl()->hash()); | 1170 m_violationReportsSent.add(report.impl()->hash()); |
| 1169 } | 1171 } |
| 1170 | 1172 |
| 1171 } // namespace blink | 1173 } // namespace blink |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2331213002:
Add `disposition` to SecurityPolicyViolationEvent (Closed)
