| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "modules/beacon/NavigatorBeacon.h" | 5 #include "modules/beacon/NavigatorBeacon.h" |
| 6 | 6 |
| 7 #include "bindings/core/v8/ExceptionState.h" | 7 #include "bindings/core/v8/ExceptionState.h" |
| 8 #include "bindings/modules/v8/ArrayBufferViewOrBlobOrStringOrFormData.h" | 8 #include "bindings/modules/v8/ArrayBufferViewOrBlobOrStringOrFormData.h" |
| 9 #include "core/dom/DOMArrayBufferView.h" | 9 #include "core/dom/DOMArrayBufferView.h" |
| 10 #include "core/dom/ExceptionCode.h" | 10 #include "core/dom/ExceptionCode.h" |
| (...skipping 40 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 51 exceptionState.throwDOMException( | 51 exceptionState.throwDOMException( |
| 52 SyntaxError, "The URL argument is ill-formed or unsupported."); | 52 SyntaxError, "The URL argument is ill-formed or unsupported."); |
| 53 return false; | 53 return false; |
| 54 } | 54 } |
| 55 // For now, only support HTTP and related. | 55 // For now, only support HTTP and related. |
| 56 if (!url.protocolIsInHTTPFamily()) { | 56 if (!url.protocolIsInHTTPFamily()) { |
| 57 exceptionState.throwDOMException( | 57 exceptionState.throwDOMException( |
| 58 SyntaxError, "Beacons are only supported over HTTP(S)."); | 58 SyntaxError, "Beacons are only supported over HTTP(S)."); |
| 59 return false; | 59 return false; |
| 60 } | 60 } |
| 61 // FIXME: CSP is not enforced on redirects, crbug.com/372197 | |
| 62 if (!ContentSecurityPolicy::shouldBypassMainWorld(context) && | |
| 63 !context->contentSecurityPolicy()->allowConnectToSource(url)) { | |
| 64 // We can safely expose the URL to JavaScript, as these checks happen | |
| 65 // synchronously before redirection. JavaScript receives no new information. | |
| 66 exceptionState.throwSecurityError( | |
| 67 "Refused to send beacon to '" + url.elidedString() + | |
| 68 "' because it violates the document's Content Security Policy."); | |
| 69 return false; | |
| 70 } | |
| 71 | 61 |
| 72 // If detached from frame, do not allow sending a Beacon. | 62 // If detached from frame, do not allow sending a Beacon. |
| 73 if (!frame() || !frame()->client()) | 63 if (!frame() || !frame()->client()) |
| 74 return false; | 64 return false; |
| 75 | 65 |
| 76 return true; | 66 return true; |
| 77 } | 67 } |
| 78 | 68 |
| 79 int NavigatorBeacon::maxAllowance() const { | 69 int NavigatorBeacon::maxAllowance() const { |
| 80 DCHECK(frame()); | 70 DCHECK(frame()); |
| (...skipping 60 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 141 if (allowed) { | 131 if (allowed) { |
| 142 impl.addTransmittedBytes(bytes); | 132 impl.addTransmittedBytes(bytes); |
| 143 return true; | 133 return true; |
| 144 } | 134 } |
| 145 | 135 |
| 146 UseCounter::count(context, UseCounter::SendBeaconQuotaExceeded); | 136 UseCounter::count(context, UseCounter::SendBeaconQuotaExceeded); |
| 147 return false; | 137 return false; |
| 148 } | 138 } |
| 149 | 139 |
| 150 } // namespace blink | 140 } // namespace blink |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2456013002:
CSP: 'connect-src' should not cause exceptions. (Closed)
