| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "core/frame/csp/CSPSource.h" | 5 #include "core/frame/csp/CSPSource.h" |
| 6 | 6 |
| 7 #include "core/frame/UseCounter.h" | 7 #include "core/frame/UseCounter.h" |
| 8 #include "core/frame/csp/ContentSecurityPolicy.h" | 8 #include "core/frame/csp/ContentSecurityPolicy.h" |
| 9 #include "platform/weborigin/KURL.h" | 9 #include "platform/weborigin/KURL.h" |
| 10 #include "platform/weborigin/KnownPorts.h" | 10 #include "platform/weborigin/KnownPorts.h" |
| 11 #include "platform/weborigin/SecurityOrigin.h" | 11 #include "platform/weborigin/SecurityOrigin.h" |
| 12 #include "wtf/text/WTFString.h" | 12 #include "wtf/text/WTFString.h" |
| 13 | 13 |
| 14 namespace blink { | 14 namespace blink { |
| 15 | 15 |
| 16 CSPSource::CSPSource(ContentSecurityPolicy* policy, | 16 CSPSource::CSPSource(ContentSecurityPolicy* policy, |
| 17 const String& scheme, | 17 const String& scheme, |
| 18 const String& host, | 18 const String& host, |
| 19 int port, | 19 int port, |
| 20 const String& path, | 20 const String& path, |
| 21 WildcardDisposition hostWildcard, | 21 WildcardDisposition hostWildcard, |
| 22 WildcardDisposition portWildcard) | 22 WildcardDisposition portWildcard) |
| 23 : m_policy(policy), | 23 : m_policy(policy), |
| 24 m_scheme(scheme), | 24 m_scheme(scheme.lower()), |
| 25 m_host(host), | 25 m_host(host), |
| 26 m_port(port), | 26 m_port(port), |
| 27 m_path(path), | 27 m_path(path), |
| 28 m_hostWildcard(hostWildcard), | 28 m_hostWildcard(hostWildcard), |
| 29 m_portWildcard(portWildcard) {} | 29 m_portWildcard(portWildcard) {} |
| 30 | 30 |
| 31 bool CSPSource::matches(const KURL& url, | 31 bool CSPSource::matches(const KURL& url, |
| 32 ResourceRequest::RedirectStatus redirectStatus) const { | 32 ResourceRequest::RedirectStatus redirectStatus) const { |
| 33 if (!schemeMatches(url)) | 33 bool schemesMatch = m_scheme.isEmpty() ? m_policy->protocolMatchesSelf(url) |
| 34 : schemeMatches(url.protocol()); |
| 35 if (!schemesMatch) |
| 34 return false; | 36 return false; |
| 35 if (isSchemeOnly()) | 37 if (isSchemeOnly()) |
| 36 return true; | 38 return true; |
| 37 bool pathsMatch = | 39 bool pathsMatch = (redirectStatus == RedirectStatus::FollowedRedirect) || |
| 38 (redirectStatus == RedirectStatus::FollowedRedirect) || pathMatches(url); | 40 pathMatches(url.path()); |
| 39 return hostMatches(url) && portMatches(url) && pathsMatch; | 41 return hostMatches(url.host()) && portMatches(url.port(), url.protocol()) && |
| 42 pathsMatch; |
| 40 } | 43 } |
| 41 | 44 |
| 42 bool CSPSource::schemeMatches(const KURL& url) const { | 45 bool CSPSource::schemeMatches(const String& protocol) const { |
| 43 if (m_scheme.isEmpty()) | 46 DCHECK_EQ(protocol, protocol.lower()); |
| 44 return m_policy->protocolMatchesSelf(url); | 47 if (m_scheme == "http") |
| 45 if (equalIgnoringCase(m_scheme, "http")) | 48 return protocol == "http" || protocol == "https"; |
| 46 return equalIgnoringCase(url.protocol(), "http") || | 49 if (m_scheme == "ws") |
| 47 equalIgnoringCase(url.protocol(), "https"); | 50 return protocol == "ws" || protocol == "wss"; |
| 48 if (equalIgnoringCase(m_scheme, "ws")) | 51 return protocol == m_scheme; |
| 49 return equalIgnoringCase(url.protocol(), "ws") || | |
| 50 equalIgnoringCase(url.protocol(), "wss"); | |
| 51 return equalIgnoringCase(url.protocol(), m_scheme); | |
| 52 } | 52 } |
| 53 | 53 |
| 54 bool CSPSource::hostMatches(const KURL& url) const { | 54 bool CSPSource::hostMatches(const String& host) const { |
| 55 const String& host = url.host(); | |
| 56 Document* document = m_policy->document(); | 55 Document* document = m_policy->document(); |
| 57 bool match; | 56 bool match; |
| 58 | 57 |
| 59 bool equalHosts = equalIgnoringCase(host, m_host); | 58 bool equalHosts = m_host == host; |
| 60 if (m_hostWildcard == HasWildcard) { | 59 if (m_hostWildcard == HasWildcard) { |
| 61 match = host.endsWith(String("." + m_host), TextCaseInsensitive); | 60 match = host.endsWith(String("." + m_host), TextCaseInsensitive); |
| 62 | 61 |
| 63 // Chrome used to, incorrectly, match *.x.y to x.y. This was fixed, but | 62 // Chrome used to, incorrectly, match *.x.y to x.y. This was fixed, but |
| 64 // the following count measures when a match fails that would have | 63 // the following count measures when a match fails that would have |
| 65 // passed the old, incorrect style, in case a lot of sites were | 64 // passed the old, incorrect style, in case a lot of sites were |
| 66 // relying on that behavior. | 65 // relying on that behavior. |
| 67 if (document && equalHosts) | 66 if (document && equalHosts) |
| 68 UseCounter::count(*document, | 67 UseCounter::count(*document, |
| 69 UseCounter::CSPSourceWildcardWouldMatchExactHost); | 68 UseCounter::CSPSourceWildcardWouldMatchExactHost); |
| 70 } else { | 69 } else { |
| 71 match = equalHosts; | 70 match = equalHosts; |
| 72 } | 71 } |
| 73 | 72 |
| 74 return match; | 73 return match; |
| 75 } | 74 } |
| 76 | 75 |
| 77 bool CSPSource::pathMatches(const KURL& url) const { | 76 bool CSPSource::pathMatches(const String& urlPath) const { |
| 78 if (m_path.isEmpty()) | 77 if (m_path.isEmpty()) |
| 79 return true; | 78 return true; |
| 80 | 79 |
| 81 String path = decodeURLEscapeSequences(url.path()); | 80 String path = decodeURLEscapeSequences(urlPath); |
| 82 | 81 |
| 83 if (m_path.endsWith("/")) | 82 if (m_path.endsWith("/")) |
| 84 return path.startsWith(m_path); | 83 return path.startsWith(m_path); |
| 85 | 84 |
| 86 return path == m_path; | 85 return path == m_path; |
| 87 } | 86 } |
| 88 | 87 |
| 89 bool CSPSource::portMatches(const KURL& url) const { | 88 bool CSPSource::portMatches(int port, const String& protocol) const { |
| 90 if (m_portWildcard == HasWildcard) | 89 if (m_portWildcard == HasWildcard) |
| 91 return true; | 90 return true; |
| 92 | 91 |
| 93 int port = url.port(); | |
| 94 | |
| 95 if (port == m_port) | 92 if (port == m_port) |
| 96 return true; | 93 return true; |
| 97 | 94 |
| 98 if (m_port == 80 && | 95 if (m_port == 80 && |
| 99 (port == 443 || | 96 (port == 443 || (port == 0 && defaultPortForProtocol(protocol) == 443))) |
| 100 (port == 0 && defaultPortForProtocol(url.protocol()) == 443))) | |
| 101 return true; | 97 return true; |
| 102 | 98 |
| 103 if (!port) | 99 if (!port) |
| 104 return isDefaultPortForProtocol(m_port, url.protocol()); | 100 return isDefaultPortForProtocol(m_port, protocol); |
| 105 | 101 |
| 106 if (!m_port) | 102 if (!m_port) |
| 107 return isDefaultPortForProtocol(port, url.protocol()); | 103 return isDefaultPortForProtocol(port, protocol); |
| 108 | 104 |
| 109 return false; | 105 return false; |
| 110 } | 106 } |
| 111 | 107 |
| 112 bool CSPSource::isSchemeOnly() const { | 108 bool CSPSource::isSchemeOnly() const { |
| 113 return m_host.isEmpty(); | 109 return m_host.isEmpty(); |
| 114 } | 110 } |
| 115 | 111 |
| 116 DEFINE_TRACE(CSPSource) { | 112 DEFINE_TRACE(CSPSource) { |
| 117 visitor->trace(m_policy); | 113 visitor->trace(m_policy); |
| 118 } | 114 } |
| 119 | 115 |
| 120 } // namespace blink | 116 } // namespace blink |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2456493002:
Splitting *Matches functions in CSPSource (Closed)
