CSP3: Implement 'worker-src'.

third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.cpp

Index: third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.cpp
diff --git a/third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.cpp b/third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.cpp
index 9d232e97209af2b0bad868196100c62db1373da9..7bff50bf199ad41365aa54ebd573c39480a1448a 100644
--- a/third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.cpp
+++ b/third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.cpp
@@ -433,8 +433,8 @@ bool CSPDirectiveList::checkSourceAndReportViolation(
   String prefix;
   if (ContentSecurityPolicy::BaseURI == effectiveDirective)
     prefix = "Refused to set the document's base URI to '";
-  else if (ContentSecurityPolicy::ChildSrc == effectiveDirective)
-    prefix = "Refused to create a child context containing '";
+  else if (ContentSecurityPolicy::WorkerSrc == effectiveDirective)

[estark, 2016/11/09 06:16:32]

Are you intentionally not handling child-src here? Not obvious to me why.

[Mike West, 2016/11/09 08:37:21]

Yes. There's now no case in which `child-src` would be the effective directive,
as `frame-src` is the effective directive for nested contexts, and `worker-src`
is the effective directive for workers.

[estark, 2016/11/09 16:48:05]

Ah, gotcha, thanks for the explanation. In that case, I'll optionally nit that
you could add a DCHECK_NE(ChildSrc, effectiveDirective).

+    prefix = "Refused to create a worker from '";
   else if (ContentSecurityPolicy::ConnectSrc == effectiveDirective)
     prefix = "Refused to connect to '";
   else if (ContentSecurityPolicy::FontSrc == effectiveDirective)
@@ -626,15 +626,14 @@ bool CSPDirectiveList::allowObjectFromSource(
                            redirectStatus);
 }
 
-bool CSPDirectiveList::allowChildFrameFromSource(
+bool CSPDirectiveList::allowFrameFromSource(
     const KURL& url,
     ResourceRequest::RedirectStatus redirectStatus,
     ContentSecurityPolicy::ReportingStatus reportingStatus) const {
   if (url.protocolIsAbout())
     return true;
 
-  // 'frame-src' is the only directive which overrides something other than the
-  // default sources.  It overrides 'child-src', which overrides the default
+  // 'frame-src' overrides 'child-src', which overrides the default
   // sources. So, we do this nested set of calls to 'operativeDirective()' to
   // grab 'frame-src' if it exists, 'child-src' if it doesn't, and 'defaut-src'
   // if neither are available.
@@ -745,16 +744,25 @@ bool CSPDirectiveList::allowBaseURI(
              : checkSource(m_baseURI.get(), url, redirectStatus);
 }
 
-bool CSPDirectiveList::allowChildContextFromSource(
+bool CSPDirectiveList::allowWorkerFromSource(
     const KURL& url,
     ResourceRequest::RedirectStatus redirectStatus,
     ContentSecurityPolicy::ReportingStatus reportingStatus) const {
+  if (url.protocolIsAbout())

[estark, 2016/11/09 16:48:05]

Is this necessary? I see why we need it for allowFrameFromSource() (to allow
newly added frames with about:blank) but don't see why for workers.

+    return true;
+
+  // 'worker-src' overrides 'child-src', which overrides the default
+  // sources. So, we do this nested set of calls to 'operativeDirective()' to
+  // grab 'worker-src' if it exists, 'child-src' if it doesn't, and 'defaut-src'
+  // if neither are available.
+  SourceListDirective* whichDirective = operativeDirective(
+      m_workerSrc.get(), operativeDirective(m_childSrc.get()));
+
   return reportingStatus == ContentSecurityPolicy::SendReport
-             ? checkSourceAndReportViolation(
-                   operativeDirective(m_childSrc.get()), url,
-                   ContentSecurityPolicy::ChildSrc, redirectStatus)
-             : checkSource(operativeDirective(m_childSrc.get()), url,
-                           redirectStatus);
+             ? checkSourceAndReportViolation(whichDirective, url,
+                                             ContentSecurityPolicy::WorkerSrc,
+                                             redirectStatus)
+             : checkSource(whichDirective, url, redirectStatus);
 }
 
 bool CSPDirectiveList::allowAncestors(
@@ -1106,6 +1114,8 @@ void CSPDirectiveList::addDirective(const String& name, const String& value) {
     setCSPDirective<SourceListDirective>(name, value, m_baseURI);
   } else if (equalIgnoringCase(name, ContentSecurityPolicy::ChildSrc)) {
     setCSPDirective<SourceListDirective>(name, value, m_childSrc);
+  } else if (equalIgnoringCase(name, ContentSecurityPolicy::WorkerSrc)) {
+    setCSPDirective<SourceListDirective>(name, value, m_workerSrc);
   } else if (equalIgnoringCase(name, ContentSecurityPolicy::FormAction)) {
     setCSPDirective<SourceListDirective>(name, value, m_formAction);
   } else if (equalIgnoringCase(name, ContentSecurityPolicy::PluginTypes)) {
@@ -1146,6 +1156,7 @@ DEFINE_TRACE(CSPDirectiveList) {
   visitor->trace(m_objectSrc);
   visitor->trace(m_scriptSrc);
   visitor->trace(m_styleSrc);
+  visitor->trace(m_workerSrc);
 }
 
 }  // namespace blink