OLD | NEW |
---|---|
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "core/frame/csp/CSPDirectiveList.h" | 5 #include "core/frame/csp/CSPDirectiveList.h" |
6 | 6 |
7 #include "bindings/core/v8/SourceLocation.h" | 7 #include "bindings/core/v8/SourceLocation.h" |
8 #include "core/dom/Document.h" | 8 #include "core/dom/Document.h" |
9 #include "core/dom/SecurityContext.h" | 9 #include "core/dom/SecurityContext.h" |
10 #include "core/dom/SpaceSplitString.h" | 10 #include "core/dom/SpaceSplitString.h" |
(...skipping 415 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
426 if (!directive) | 426 if (!directive) |
427 return true; | 427 return true; |
428 | 428 |
429 // We ignore URL-based whitelists if we're allowing dynamic script injection. | 429 // We ignore URL-based whitelists if we're allowing dynamic script injection. |
430 if (checkSource(directive, url, redirectStatus) && !checkDynamic(directive)) | 430 if (checkSource(directive, url, redirectStatus) && !checkDynamic(directive)) |
431 return true; | 431 return true; |
432 | 432 |
433 String prefix; | 433 String prefix; |
434 if (ContentSecurityPolicy::BaseURI == effectiveDirective) | 434 if (ContentSecurityPolicy::BaseURI == effectiveDirective) |
435 prefix = "Refused to set the document's base URI to '"; | 435 prefix = "Refused to set the document's base URI to '"; |
436 else if (ContentSecurityPolicy::ChildSrc == effectiveDirective) | 436 else if (ContentSecurityPolicy::WorkerSrc == effectiveDirective) |
estark
2016/11/09 06:16:32
Are you intentionally not handling child-src here?
Mike West
2016/11/09 08:37:21
Yes. There's now no case in which `child-src` woul
estark
2016/11/09 16:48:05
Ah, gotcha, thanks for the explanation. In that ca
| |
437 prefix = "Refused to create a child context containing '"; | 437 prefix = "Refused to create a worker from '"; |
438 else if (ContentSecurityPolicy::ConnectSrc == effectiveDirective) | 438 else if (ContentSecurityPolicy::ConnectSrc == effectiveDirective) |
439 prefix = "Refused to connect to '"; | 439 prefix = "Refused to connect to '"; |
440 else if (ContentSecurityPolicy::FontSrc == effectiveDirective) | 440 else if (ContentSecurityPolicy::FontSrc == effectiveDirective) |
441 prefix = "Refused to load the font '"; | 441 prefix = "Refused to load the font '"; |
442 else if (ContentSecurityPolicy::FormAction == effectiveDirective) | 442 else if (ContentSecurityPolicy::FormAction == effectiveDirective) |
443 prefix = "Refused to send form data to '"; | 443 prefix = "Refused to send form data to '"; |
444 else if (ContentSecurityPolicy::FrameSrc == effectiveDirective) | 444 else if (ContentSecurityPolicy::FrameSrc == effectiveDirective) |
445 prefix = "Refused to frame '"; | 445 prefix = "Refused to frame '"; |
446 else if (ContentSecurityPolicy::ImgSrc == effectiveDirective) | 446 else if (ContentSecurityPolicy::ImgSrc == effectiveDirective) |
447 prefix = "Refused to load the image '"; | 447 prefix = "Refused to load the image '"; |
(...skipping 171 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
619 if (url.protocolIsAbout()) | 619 if (url.protocolIsAbout()) |
620 return true; | 620 return true; |
621 return reportingStatus == ContentSecurityPolicy::SendReport | 621 return reportingStatus == ContentSecurityPolicy::SendReport |
622 ? checkSourceAndReportViolation( | 622 ? checkSourceAndReportViolation( |
623 operativeDirective(m_objectSrc.get()), url, | 623 operativeDirective(m_objectSrc.get()), url, |
624 ContentSecurityPolicy::ObjectSrc, redirectStatus) | 624 ContentSecurityPolicy::ObjectSrc, redirectStatus) |
625 : checkSource(operativeDirective(m_objectSrc.get()), url, | 625 : checkSource(operativeDirective(m_objectSrc.get()), url, |
626 redirectStatus); | 626 redirectStatus); |
627 } | 627 } |
628 | 628 |
629 bool CSPDirectiveList::allowChildFrameFromSource( | 629 bool CSPDirectiveList::allowFrameFromSource( |
630 const KURL& url, | 630 const KURL& url, |
631 ResourceRequest::RedirectStatus redirectStatus, | 631 ResourceRequest::RedirectStatus redirectStatus, |
632 ContentSecurityPolicy::ReportingStatus reportingStatus) const { | 632 ContentSecurityPolicy::ReportingStatus reportingStatus) const { |
633 if (url.protocolIsAbout()) | 633 if (url.protocolIsAbout()) |
634 return true; | 634 return true; |
635 | 635 |
636 // 'frame-src' is the only directive which overrides something other than the | 636 // 'frame-src' overrides 'child-src', which overrides the default |
637 // default sources. It overrides 'child-src', which overrides the default | |
638 // sources. So, we do this nested set of calls to 'operativeDirective()' to | 637 // sources. So, we do this nested set of calls to 'operativeDirective()' to |
639 // grab 'frame-src' if it exists, 'child-src' if it doesn't, and 'defaut-src' | 638 // grab 'frame-src' if it exists, 'child-src' if it doesn't, and 'defaut-src' |
640 // if neither are available. | 639 // if neither are available. |
641 SourceListDirective* whichDirective = operativeDirective( | 640 SourceListDirective* whichDirective = operativeDirective( |
642 m_frameSrc.get(), operativeDirective(m_childSrc.get())); | 641 m_frameSrc.get(), operativeDirective(m_childSrc.get())); |
643 | 642 |
644 return reportingStatus == ContentSecurityPolicy::SendReport | 643 return reportingStatus == ContentSecurityPolicy::SendReport |
645 ? checkSourceAndReportViolation(whichDirective, url, | 644 ? checkSourceAndReportViolation(whichDirective, url, |
646 ContentSecurityPolicy::FrameSrc, | 645 ContentSecurityPolicy::FrameSrc, |
647 redirectStatus) | 646 redirectStatus) |
(...skipping 90 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
738 const KURL& url, | 737 const KURL& url, |
739 ResourceRequest::RedirectStatus redirectStatus, | 738 ResourceRequest::RedirectStatus redirectStatus, |
740 ContentSecurityPolicy::ReportingStatus reportingStatus) const { | 739 ContentSecurityPolicy::ReportingStatus reportingStatus) const { |
741 return reportingStatus == ContentSecurityPolicy::SendReport | 740 return reportingStatus == ContentSecurityPolicy::SendReport |
742 ? checkSourceAndReportViolation(m_baseURI.get(), url, | 741 ? checkSourceAndReportViolation(m_baseURI.get(), url, |
743 ContentSecurityPolicy::BaseURI, | 742 ContentSecurityPolicy::BaseURI, |
744 redirectStatus) | 743 redirectStatus) |
745 : checkSource(m_baseURI.get(), url, redirectStatus); | 744 : checkSource(m_baseURI.get(), url, redirectStatus); |
746 } | 745 } |
747 | 746 |
748 bool CSPDirectiveList::allowChildContextFromSource( | 747 bool CSPDirectiveList::allowWorkerFromSource( |
749 const KURL& url, | 748 const KURL& url, |
750 ResourceRequest::RedirectStatus redirectStatus, | 749 ResourceRequest::RedirectStatus redirectStatus, |
751 ContentSecurityPolicy::ReportingStatus reportingStatus) const { | 750 ContentSecurityPolicy::ReportingStatus reportingStatus) const { |
751 if (url.protocolIsAbout()) | |
estark
2016/11/09 16:48:05
Is this necessary? I see why we need it for allowF
| |
752 return true; | |
753 | |
754 // 'worker-src' overrides 'child-src', which overrides the default | |
755 // sources. So, we do this nested set of calls to 'operativeDirective()' to | |
756 // grab 'worker-src' if it exists, 'child-src' if it doesn't, and 'defaut-src' | |
757 // if neither are available. | |
758 SourceListDirective* whichDirective = operativeDirective( | |
759 m_workerSrc.get(), operativeDirective(m_childSrc.get())); | |
760 | |
752 return reportingStatus == ContentSecurityPolicy::SendReport | 761 return reportingStatus == ContentSecurityPolicy::SendReport |
753 ? checkSourceAndReportViolation( | 762 ? checkSourceAndReportViolation(whichDirective, url, |
754 operativeDirective(m_childSrc.get()), url, | 763 ContentSecurityPolicy::WorkerSrc, |
755 ContentSecurityPolicy::ChildSrc, redirectStatus) | 764 redirectStatus) |
756 : checkSource(operativeDirective(m_childSrc.get()), url, | 765 : checkSource(whichDirective, url, redirectStatus); |
757 redirectStatus); | |
758 } | 766 } |
759 | 767 |
760 bool CSPDirectiveList::allowAncestors( | 768 bool CSPDirectiveList::allowAncestors( |
761 LocalFrame* frame, | 769 LocalFrame* frame, |
762 const KURL& url, | 770 const KURL& url, |
763 ContentSecurityPolicy::ReportingStatus reportingStatus) const { | 771 ContentSecurityPolicy::ReportingStatus reportingStatus) const { |
764 return reportingStatus == ContentSecurityPolicy::SendReport | 772 return reportingStatus == ContentSecurityPolicy::SendReport |
765 ? checkAncestorsAndReportViolation(m_frameAncestors.get(), frame, | 773 ? checkAncestorsAndReportViolation(m_frameAncestors.get(), frame, |
766 url) | 774 url) |
767 : checkAncestors(m_frameAncestors.get(), frame); | 775 : checkAncestors(m_frameAncestors.get(), frame); |
(...skipping 331 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1099 } else if (equalIgnoringCase(name, ContentSecurityPolicy::ConnectSrc)) { | 1107 } else if (equalIgnoringCase(name, ContentSecurityPolicy::ConnectSrc)) { |
1100 setCSPDirective<SourceListDirective>(name, value, m_connectSrc); | 1108 setCSPDirective<SourceListDirective>(name, value, m_connectSrc); |
1101 } else if (equalIgnoringCase(name, ContentSecurityPolicy::Sandbox)) { | 1109 } else if (equalIgnoringCase(name, ContentSecurityPolicy::Sandbox)) { |
1102 applySandboxPolicy(name, value); | 1110 applySandboxPolicy(name, value); |
1103 } else if (equalIgnoringCase(name, ContentSecurityPolicy::ReportURI)) { | 1111 } else if (equalIgnoringCase(name, ContentSecurityPolicy::ReportURI)) { |
1104 parseReportURI(name, value); | 1112 parseReportURI(name, value); |
1105 } else if (equalIgnoringCase(name, ContentSecurityPolicy::BaseURI)) { | 1113 } else if (equalIgnoringCase(name, ContentSecurityPolicy::BaseURI)) { |
1106 setCSPDirective<SourceListDirective>(name, value, m_baseURI); | 1114 setCSPDirective<SourceListDirective>(name, value, m_baseURI); |
1107 } else if (equalIgnoringCase(name, ContentSecurityPolicy::ChildSrc)) { | 1115 } else if (equalIgnoringCase(name, ContentSecurityPolicy::ChildSrc)) { |
1108 setCSPDirective<SourceListDirective>(name, value, m_childSrc); | 1116 setCSPDirective<SourceListDirective>(name, value, m_childSrc); |
1117 } else if (equalIgnoringCase(name, ContentSecurityPolicy::WorkerSrc)) { | |
1118 setCSPDirective<SourceListDirective>(name, value, m_workerSrc); | |
1109 } else if (equalIgnoringCase(name, ContentSecurityPolicy::FormAction)) { | 1119 } else if (equalIgnoringCase(name, ContentSecurityPolicy::FormAction)) { |
1110 setCSPDirective<SourceListDirective>(name, value, m_formAction); | 1120 setCSPDirective<SourceListDirective>(name, value, m_formAction); |
1111 } else if (equalIgnoringCase(name, ContentSecurityPolicy::PluginTypes)) { | 1121 } else if (equalIgnoringCase(name, ContentSecurityPolicy::PluginTypes)) { |
1112 setCSPDirective<MediaListDirective>(name, value, m_pluginTypes); | 1122 setCSPDirective<MediaListDirective>(name, value, m_pluginTypes); |
1113 } else if (equalIgnoringCase( | 1123 } else if (equalIgnoringCase( |
1114 name, ContentSecurityPolicy::UpgradeInsecureRequests)) { | 1124 name, ContentSecurityPolicy::UpgradeInsecureRequests)) { |
1115 enableInsecureRequestsUpgrade(name, value); | 1125 enableInsecureRequestsUpgrade(name, value); |
1116 } else if (equalIgnoringCase(name, | 1126 } else if (equalIgnoringCase(name, |
1117 ContentSecurityPolicy::BlockAllMixedContent)) { | 1127 ContentSecurityPolicy::BlockAllMixedContent)) { |
1118 enforceStrictMixedContentChecking(name, value); | 1128 enforceStrictMixedContentChecking(name, value); |
(...skipping 20 matching lines...) Expand all Loading... | |
1139 visitor->trace(m_fontSrc); | 1149 visitor->trace(m_fontSrc); |
1140 visitor->trace(m_formAction); | 1150 visitor->trace(m_formAction); |
1141 visitor->trace(m_frameAncestors); | 1151 visitor->trace(m_frameAncestors); |
1142 visitor->trace(m_frameSrc); | 1152 visitor->trace(m_frameSrc); |
1143 visitor->trace(m_imgSrc); | 1153 visitor->trace(m_imgSrc); |
1144 visitor->trace(m_mediaSrc); | 1154 visitor->trace(m_mediaSrc); |
1145 visitor->trace(m_manifestSrc); | 1155 visitor->trace(m_manifestSrc); |
1146 visitor->trace(m_objectSrc); | 1156 visitor->trace(m_objectSrc); |
1147 visitor->trace(m_scriptSrc); | 1157 visitor->trace(m_scriptSrc); |
1148 visitor->trace(m_styleSrc); | 1158 visitor->trace(m_styleSrc); |
1159 visitor->trace(m_workerSrc); | |
1149 } | 1160 } |
1150 | 1161 |
1151 } // namespace blink | 1162 } // namespace blink |
OLD | NEW |