Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(721)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp

Issue 2491903002: Apply connect-src for link preload with no `as` value (Closed)
Patch Set: Created 4 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicyTest.cpp » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 2011 Google, Inc. All rights reserved. 2 * Copyright (C) 2011 Google, Inc. All rights reserved.
3 * 3 *
4 * Redistribution and use in source and binary forms, with or without 4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions 5 * modification, are permitted provided that the following conditions
6 * are met: 6 * are met:
7 * 1. Redistributions of source code must retain the above copyright 7 * 1. Redistributions of source code must retain the above copyright
8 * notice, this list of conditions and the following disclaimer. 8 * notice, this list of conditions and the following disclaimer.
9 * 2. Redistributions in binary form must reproduce the above copyright 9 * 2. Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the 10 * notice, this list of conditions and the following disclaimer in the
(...skipping 812 matching lines...) Expand 10 before | Expand all | Expand 10 after
823 823
824 switch (context) { 824 switch (context) {
825 case WebURLRequest::RequestContextAudio: 825 case WebURLRequest::RequestContextAudio:
826 case WebURLRequest::RequestContextTrack: 826 case WebURLRequest::RequestContextTrack:
827 case WebURLRequest::RequestContextVideo: 827 case WebURLRequest::RequestContextVideo:
828 return allowMediaFromSource(url, redirectStatus, reportingStatus); 828 return allowMediaFromSource(url, redirectStatus, reportingStatus);
829 case WebURLRequest::RequestContextBeacon: 829 case WebURLRequest::RequestContextBeacon:
830 case WebURLRequest::RequestContextEventSource: 830 case WebURLRequest::RequestContextEventSource:
831 case WebURLRequest::RequestContextFetch: 831 case WebURLRequest::RequestContextFetch:
832 case WebURLRequest::RequestContextXMLHttpRequest: 832 case WebURLRequest::RequestContextXMLHttpRequest:
833 case WebURLRequest::RequestContextSubresource:
Mike West 2016/11/10 18:59:10 How confident are you that `Subresource` is target
833 return allowConnectToSource(url, redirectStatus, reportingStatus); 834 return allowConnectToSource(url, redirectStatus, reportingStatus);
834 case WebURLRequest::RequestContextEmbed: 835 case WebURLRequest::RequestContextEmbed:
835 case WebURLRequest::RequestContextObject: 836 case WebURLRequest::RequestContextObject:
836 return allowObjectFromSource(url, redirectStatus, reportingStatus); 837 return allowObjectFromSource(url, redirectStatus, reportingStatus);
837 case WebURLRequest::RequestContextFavicon: 838 case WebURLRequest::RequestContextFavicon:
838 case WebURLRequest::RequestContextImage: 839 case WebURLRequest::RequestContextImage:
839 case WebURLRequest::RequestContextImageSet: 840 case WebURLRequest::RequestContextImageSet:
840 return allowImageFromSource(url, redirectStatus, reportingStatus); 841 return allowImageFromSource(url, redirectStatus, reportingStatus);
841 case WebURLRequest::RequestContextFont: 842 case WebURLRequest::RequestContextFont:
842 return allowFontFromSource(url, redirectStatus, reportingStatus); 843 return allowFontFromSource(url, redirectStatus, reportingStatus);
(...skipping 18 matching lines...) Expand all
861 case WebURLRequest::RequestContextStyle: 862 case WebURLRequest::RequestContextStyle:
862 return allowStyleFromSource(url, nonce, redirectStatus, reportingStatus); 863 return allowStyleFromSource(url, nonce, redirectStatus, reportingStatus);
863 case WebURLRequest::RequestContextCSPReport: 864 case WebURLRequest::RequestContextCSPReport:
864 case WebURLRequest::RequestContextDownload: 865 case WebURLRequest::RequestContextDownload:
865 case WebURLRequest::RequestContextHyperlink: 866 case WebURLRequest::RequestContextHyperlink:
866 case WebURLRequest::RequestContextInternal: 867 case WebURLRequest::RequestContextInternal:
867 case WebURLRequest::RequestContextLocation: 868 case WebURLRequest::RequestContextLocation:
868 case WebURLRequest::RequestContextPing: 869 case WebURLRequest::RequestContextPing:
869 case WebURLRequest::RequestContextPlugin: 870 case WebURLRequest::RequestContextPlugin:
870 case WebURLRequest::RequestContextPrefetch: 871 case WebURLRequest::RequestContextPrefetch:
871 case WebURLRequest::RequestContextSubresource:
872 case WebURLRequest::RequestContextUnspecified: 872 case WebURLRequest::RequestContextUnspecified:
873 return true; 873 return true;
874 } 874 }
875 ASSERT_NOT_REACHED(); 875 ASSERT_NOT_REACHED();
876 return true; 876 return true;
877 } 877 }
878 878
879 void ContentSecurityPolicy::usesScriptHashAlgorithms(uint8_t algorithms) { 879 void ContentSecurityPolicy::usesScriptHashAlgorithms(uint8_t algorithms) {
880 m_scriptHashAlgorithmsUsed |= algorithms; 880 m_scriptHashAlgorithmsUsed |= algorithms;
881 } 881 }
(...skipping 631 matching lines...) Expand 10 before | Expand all | Expand 10 after
1513 // Collisions have no security impact, so we can save space by storing only 1513 // Collisions have no security impact, so we can save space by storing only
1514 // the string's hash rather than the whole report. 1514 // the string's hash rather than the whole report.
1515 return !m_violationReportsSent.contains(report.impl()->hash()); 1515 return !m_violationReportsSent.contains(report.impl()->hash());
1516 } 1516 }
1517 1517
1518 void ContentSecurityPolicy::didSendViolationReport(const String& report) { 1518 void ContentSecurityPolicy::didSendViolationReport(const String& report) {
1519 m_violationReportsSent.add(report.impl()->hash()); 1519 m_violationReportsSent.add(report.impl()->hash());
1520 } 1520 }
1521 1521
1522 } // namespace blink 1522 } // namespace blink
OLDNEW
« no previous file with comments | « no previous file | third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicyTest.cpp » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698