third_party/WebKit/Source/core/loader/DocumentLoader.cpp - Issue 2404373003: Experimental Feature: Allow-CSP-From header

Side by Side Diff: third_party/WebKit/Source/core/loader/DocumentLoader.cpp

Issue 2404373003: Experimental Feature: Allow-CSP-From header (Closed)

Patch Set: Adding console message, moving to testharness tests, adding CSPTest Created 4 years, 2 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

« third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicyTest.cpp ('K') | « third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicyTest.cpp ('k') | third_party/WebKit/Source/platform/network/HTTPNames.in » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
1 /*	1 /*

2 * Copyright (C) 2006, 2007, 2008 Apple Inc. All rights reserved.	2 * Copyright (C) 2006, 2007, 2008 Apple Inc. All rights reserved.

3 * Copyright (C) 2011 Google Inc. All rights reserved.	3 * Copyright (C) 2011 Google Inc. All rights reserved.

4 *	4 *

5 * Redistribution and use in source and binary forms, with or without	5 * Redistribution and use in source and binary forms, with or without

6 * modification, are permitted provided that the following conditions	6 * modification, are permitted provided that the following conditions

7 * are met:	7 * are met:

8 *	8 *

9 * 1. Redistributions of source code must retain the above copyright	9 * 1. Redistributions of source code must retain the above copyright

10 * notice, this list of conditions and the following disclaimer.	10 * notice, this list of conditions and the following disclaimer.

(...skipping 430 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
441 SecurityMessageSource, ErrorMessageLevel, message, response.url(),	441 SecurityMessageSource, ErrorMessageLevel, message, response.url(),

442 mainResourceIdentifier());	442 mainResourceIdentifier());

443 frame()->document()->addConsoleMessage(consoleMessage);	443 frame()->document()->addConsoleMessage(consoleMessage);

444	444

445 cancelLoadAfterXFrameOptionsOrCSPDenied(response);	445 cancelLoadAfterXFrameOptionsOrCSPDenied(response);

446 return;	446 return;

447 }	447 }

448 }	448 }

449 }	449 }

450	450

	451 if (RuntimeEnabledFeatures::embedderCSPEnforcementEnabled() &&

	452 !frameLoader()->requiredCSP().isEmpty()) {

	453 SecurityOrigin* parentSecurityOrigin =

	454 frame()->tree().parent()->securityContext()->getSecurityOrigin();

	455 if (ContentSecurityPolicy::shouldEnforceEmbeddersPolicy(

	456 response, parentSecurityOrigin)) {

	457 m_contentSecurityPolicy->addPolicyFromHeaderValue(

	458 frameLoader()->requiredCSP(), ContentSecurityPolicyHeaderTypeEnforce,

	459 ContentSecurityPolicyHeaderSourceHTTP);

	460 } else {

	461 String message = "Refused to display '" + response.url().elidedString() +

	462 "' because CSP does not satisfy Embedding-CSP: " +
	amalika 2016/10/17 13:21:53 Not sure what would be a good message? Not sure what would be a good message? Mike West 2016/10/17 14:54:28 Perhaps "' because it has not opted-into the follo Show quoted text On 2016/10/17 at 13:21:53, amalika wrote: > Not sure what would be a good message? Perhaps "' because it has not opted-into the following policy required by its embedder: '"?
	463 frameLoader()->requiredCSP() + "'.";

	464 ConsoleMessage* consoleMessage = ConsoleMessage::createForRequest(

	465 SecurityMessageSource, ErrorMessageLevel, message, response.url(),

	466 mainResourceIdentifier());

	467 frame()->document()->addConsoleMessage(consoleMessage);

	468 cancelLoadAfterXFrameOptionsOrCSPDenied(response);

	469 return;

	470 }

	471 }

	472

451 DCHECK(!m_frame->page()->defersLoading());	473 DCHECK(!m_frame->page()->defersLoading());

452	474

453 m_response = response;	475 m_response = response;

454	476

455 if (isArchiveMIMEType(m_response.mimeType()) &&	477 if (isArchiveMIMEType(m_response.mimeType()) &&

456 m_mainResource->getDataBufferingPolicy() != BufferData)	478 m_mainResource->getDataBufferingPolicy() != BufferData)

457 m_mainResource->setDataBufferingPolicy(BufferData);	479 m_mainResource->setDataBufferingPolicy(BufferData);

458	480

459 if (!shouldContinueForResponse()) {	481 if (!shouldContinueForResponse()) {

460 InspectorInstrumentation::continueWithPolicyIgnore(	482 InspectorInstrumentation::continueWithPolicyIgnore(

(...skipping 300 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
761 m_writer ? m_writer->encoding() : emptyAtom, true,	783 m_writer ? m_writer->encoding() : emptyAtom, true,

762 ForceSynchronousParsing);	784 ForceSynchronousParsing);

763 if (!source.isNull())	785 if (!source.isNull())

764 m_writer->appendReplacingData(source);	786 m_writer->appendReplacingData(source);

765 endWriting(m_writer.get());	787 endWriting(m_writer.get());

766 }	788 }

767	789

768 DEFINE_WEAK_IDENTIFIER_MAP(DocumentLoader);	790 DEFINE_WEAK_IDENTIFIER_MAP(DocumentLoader);

769	791

770 } // namespace blink	792 } // namespace blink

OLD	NEW