Index: third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.cpp |
diff --git a/third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.cpp b/third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.cpp |
index ea4ffe40346258b946f66a33cc375fdf4d5f744a..388b15957e97b544619b1acc68a299fd3bd56b53 100644 |
--- a/third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.cpp |
+++ b/third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.cpp |
@@ -78,28 +78,64 @@ CSPDirectiveList* CSPDirectiveList::create(ContentSecurityPolicy* policy, const |
void CSPDirectiveList::reportViolation(const String& directiveText, const String& effectiveDirective, const String& consoleMessage, const KURL& blockedURL, ResourceRequest::RedirectStatus redirectStatus) const |
{ |
- String message = m_reportOnly ? "[Report Only] " + consoleMessage : consoleMessage; |
+ String message; |
+ ContentSecurityPolicy::DispositionType dispositionType; |
Mike West
2016/09/14 13:03:01
If you move to `ContentSecurityPolicyHeaderType`,
Sergey Shekyan
2016/09/16 05:36:45
It is confusing to me. I can refactor in another P
|
+ if (m_reportOnly) { |
+ message = "[Report Only] " + consoleMessage; |
+ dispositionType = ContentSecurityPolicy::Report; |
+ } else { |
+ message = consoleMessage; |
+ dispositionType = ContentSecurityPolicy::Enforce; |
+ } |
+ |
m_policy->logToConsole(ConsoleMessage::create(SecurityMessageSource, ErrorMessageLevel, message)); |
- m_policy->reportViolation(directiveText, effectiveDirective, message, blockedURL, m_reportEndpoints, m_header, ContentSecurityPolicy::URLViolation, nullptr, redirectStatus); |
+ m_policy->reportViolation(directiveText, dispositionType, effectiveDirective, message, blockedURL, m_reportEndpoints, m_header, ContentSecurityPolicy::URLViolation, nullptr, redirectStatus); |
} |
void CSPDirectiveList::reportViolationWithFrame(const String& directiveText, const String& effectiveDirective, const String& consoleMessage, const KURL& blockedURL, LocalFrame* frame) const |
{ |
- String message = m_reportOnly ? "[Report Only] " + consoleMessage : consoleMessage; |
+ String message; |
+ ContentSecurityPolicy::DispositionType dispositionType; |
+ if (m_reportOnly) { |
+ message = "[Report Only] " + consoleMessage; |
+ dispositionType = ContentSecurityPolicy::Report; |
+ } else { |
+ message = consoleMessage; |
+ dispositionType = ContentSecurityPolicy::Enforce; |
+ } |
+ |
m_policy->logToConsole(ConsoleMessage::create(SecurityMessageSource, ErrorMessageLevel, message), frame); |
- m_policy->reportViolation(directiveText, effectiveDirective, message, blockedURL, m_reportEndpoints, m_header, ContentSecurityPolicy::URLViolation, frame); |
+ m_policy->reportViolation(directiveText, dispositionType, effectiveDirective, message, blockedURL, m_reportEndpoints, m_header, ContentSecurityPolicy::URLViolation, frame); |
} |
void CSPDirectiveList::reportViolationWithLocation(const String& directiveText, const String& effectiveDirective, const String& consoleMessage, const KURL& blockedURL, const String& contextURL, const WTF::OrdinalNumber& contextLine) const |
{ |
- String message = m_reportOnly ? "[Report Only] " + consoleMessage : consoleMessage; |
+ String message; |
+ ContentSecurityPolicy::DispositionType dispositionType; |
+ if (m_reportOnly) { |
+ message = "[Report Only] " + consoleMessage; |
+ dispositionType = ContentSecurityPolicy::Report; |
+ } else { |
+ message = consoleMessage; |
+ dispositionType = ContentSecurityPolicy::Enforce; |
+ } |
+ |
m_policy->logToConsole(ConsoleMessage::create(SecurityMessageSource, ErrorMessageLevel, message, SourceLocation::capture(contextURL, contextLine.oneBasedInt(), 0))); |
- m_policy->reportViolation(directiveText, effectiveDirective, message, blockedURL, m_reportEndpoints, m_header, ContentSecurityPolicy::InlineViolation, nullptr, RedirectStatus::NoRedirect, contextLine.oneBasedInt()); |
+ m_policy->reportViolation(directiveText, dispositionType, effectiveDirective, message, blockedURL, m_reportEndpoints, m_header, ContentSecurityPolicy::InlineViolation, nullptr, RedirectStatus::NoRedirect, contextLine.oneBasedInt()); |
} |
void CSPDirectiveList::reportViolationWithState(const String& directiveText, const String& effectiveDirective, const String& message, const KURL& blockedURL, ScriptState* scriptState, const ContentSecurityPolicy::ExceptionStatus exceptionStatus) const |
{ |
- String reportMessage = m_reportOnly ? "[Report Only] " + message : message; |
+ String reportMessage; |
+ ContentSecurityPolicy::DispositionType dispositionType; |
+ if (m_reportOnly) { |
+ reportMessage = "[Report Only] " + message; |
+ dispositionType = ContentSecurityPolicy::Report; |
+ } else { |
+ reportMessage = message; |
+ dispositionType = ContentSecurityPolicy::Enforce; |
+ } |
+ |
// Print a console message if it won't be redundant with a |
// JavaScript exception that the caller will throw. (Exceptions will |
// never get thrown in report-only mode because the caller won't see |
@@ -108,7 +144,7 @@ void CSPDirectiveList::reportViolationWithState(const String& directiveText, con |
ConsoleMessage* consoleMessage = ConsoleMessage::create(SecurityMessageSource, ErrorMessageLevel, reportMessage); |
m_policy->logToConsole(consoleMessage); |
} |
- m_policy->reportViolation(directiveText, effectiveDirective, message, blockedURL, m_reportEndpoints, m_header, ContentSecurityPolicy::EvalViolation); |
+ m_policy->reportViolation(directiveText, dispositionType, effectiveDirective, message, blockedURL, m_reportEndpoints, m_header, ContentSecurityPolicy::EvalViolation); |
} |
bool CSPDirectiveList::checkEval(SourceListDirective* directive) const |
@@ -144,7 +180,7 @@ bool CSPDirectiveList::checkDynamic(SourceListDirective* directive) const |
void CSPDirectiveList::reportMixedContent(const KURL& mixedURL, ResourceRequest::RedirectStatus redirectStatus) const |
{ |
if (strictMixedContentChecking()) |
- m_policy->reportViolation(ContentSecurityPolicy::BlockAllMixedContent, ContentSecurityPolicy::BlockAllMixedContent, String(), mixedURL, m_reportEndpoints, m_header, ContentSecurityPolicy::URLViolation, nullptr, redirectStatus); |
+ m_policy->reportViolation(ContentSecurityPolicy::BlockAllMixedContent, m_reportOnly ? ContentSecurityPolicy::Report : ContentSecurityPolicy::Enforce, ContentSecurityPolicy::BlockAllMixedContent, String(), mixedURL, m_reportEndpoints, m_header, ContentSecurityPolicy::URLViolation, nullptr, redirectStatus); |
} |
bool CSPDirectiveList::checkSource(SourceListDirective* directive, const KURL& url, ResourceRequest::RedirectStatus redirectStatus) const |