third_party/WebKit/Source/core/loader/DocumentLoader.cpp - Issue 2404373003: Experimental Feature: Allow-CSP-From header - Code Review

Chromium Code Reviews

chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out

(588)

My Issues | Starred Open | Closed | All

Unified Diff: third_party/WebKit/Source/core/loader/DocumentLoader.cpp

Issue 2404373003: Experimental Feature: Allow-CSP-From header (Closed)

Patch Set: Changing to parentSecurityOrigin Created 4 years, 2 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

« third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp ('K') | « third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp ('k') | third_party/WebKit/Source/platform/network/HTTPNames.in » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: third_party/WebKit/Source/core/loader/DocumentLoader.cpp

diff --git a/third_party/WebKit/Source/core/loader/DocumentLoader.cpp b/third_party/WebKit/Source/core/loader/DocumentLoader.cpp

index 7f689758f73ce58cb90169608e096f5f9c89130e..565ff8dc71a03b1b7fe28e4f901b018251ff20c2 100644

--- a/third_party/WebKit/Source/core/loader/DocumentLoader.cpp

+++ b/third_party/WebKit/Source/core/loader/DocumentLoader.cpp

@@ -448,6 +448,21 @@ void DocumentLoader::responseReceived(

}

}

+ if (RuntimeEnabledFeatures::embedderCSPEnforcementEnabled() &&

+ !frameLoader()->requiredCSP().isEmpty()) {

+ SecurityOrigin* parentSecurityOrigin =

+ frame()->tree().parent()->securityContext()->getSecurityOrigin();

+ if (ContentSecurityPolicy::shouldEnforceEmbeddersPolicy(

+ response, parentSecurityOrigin)) {

+ m_contentSecurityPolicy->addPolicyFromHeaderValue(

+ frameLoader()->requiredCSP(), ContentSecurityPolicyHeaderTypeEnforce,

+ ContentSecurityPolicyHeaderSourceHTTP);

+ } else {

+ cancelLoadAfterXFrameOptionsOrCSPDenied(response);

+ return;

+ }

+ }

+

DCHECK(!m_frame->page()->defersLoading());

m_response = response;

« third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp ('K') | « third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp ('k') | third_party/WebKit/Source/platform/network/HTTPNames.in » ('j') | no next file with comments »

Powered by Google App Engine

This is Rietveld 408576698