OLD | NEW |
1 /* | 1 /* |
2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org) | 2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org) |
3 * (C) 1999 Antti Koivisto (koivisto@kde.org) | 3 * (C) 1999 Antti Koivisto (koivisto@kde.org) |
4 * (C) 2001 Dirk Mueller (mueller@kde.org) | 4 * (C) 2001 Dirk Mueller (mueller@kde.org) |
5 * (C) 2006 Alexey Proskuryakov (ap@webkit.org) | 5 * (C) 2006 Alexey Proskuryakov (ap@webkit.org) |
6 * Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2011, 2012 Apple Inc. All | 6 * Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2011, 2012 Apple Inc. All |
7 * rights reserved. | 7 * rights reserved. |
8 * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved. | 8 * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved. |
9 * (http://www.torchmobile.com/) | 9 * (http://www.torchmobile.com/) |
10 * Copyright (C) 2008, 2009, 2011, 2012 Google Inc. All rights reserved. | 10 * Copyright (C) 2008, 2009, 2011, 2012 Google Inc. All rights reserved. |
(...skipping 5488 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
5499 if (getSecurityOrigin()->isUnique() && | 5499 if (getSecurityOrigin()->isUnique() && |
5500 SecurityOrigin::create(m_url)->isPotentiallyTrustworthy()) | 5500 SecurityOrigin::create(m_url)->isPotentiallyTrustworthy()) |
5501 getSecurityOrigin()->setUniqueOriginIsPotentiallyTrustworthy(true); | 5501 getSecurityOrigin()->setUniqueOriginIsPotentiallyTrustworthy(true); |
5502 | 5502 |
5503 if (getSecurityOrigin()->hasSuborigin()) | 5503 if (getSecurityOrigin()->hasSuborigin()) |
5504 enforceSuborigin(*getSecurityOrigin()->suborigin()); | 5504 enforceSuborigin(*getSecurityOrigin()->suborigin()); |
5505 } | 5505 } |
5506 | 5506 |
5507 void Document::initContentSecurityPolicy(ContentSecurityPolicy* csp) { | 5507 void Document::initContentSecurityPolicy(ContentSecurityPolicy* csp) { |
5508 setContentSecurityPolicy(csp ? csp : ContentSecurityPolicy::create()); | 5508 setContentSecurityPolicy(csp ? csp : ContentSecurityPolicy::create()); |
5509 if (m_frame && m_frame->tree().parent() && | |
5510 m_frame->tree().parent()->isLocalFrame()) { | |
5511 ContentSecurityPolicy* parentCSP = toLocalFrame(m_frame->tree().parent()) | |
5512 ->document() | |
5513 ->contentSecurityPolicy(); | |
5514 | 5509 |
5515 // We inherit the parent frame's CSP for documents with "local" schemes: | 5510 // We inherit the parent/opener's CSP for documents with "local" schemes: |
5516 // 'about', 'blob', 'data', and 'filesystem'. We also inherit the parent | 5511 // 'about', 'blob', 'data', and 'filesystem'. We also inherit CSP for |
5517 // frame's CSP for documents with empty/invalid URLs because we treat | 5512 // documents with empty/invalid URLs because we treat those URLs as |
5518 // those URLs as 'about:blank' in Blink. | 5513 // 'about:blank' in Blink. |
5519 // | 5514 // |
5520 // https://w3c.github.io/webappsec-csp/#initialize-document-csp | 5515 // https://w3c.github.io/webappsec-csp/#initialize-document-csp |
5521 if (m_url.isEmpty() || m_url.protocolIsAbout() || m_url.protocolIsData() || | 5516 // |
5522 m_url.protocolIs("blob") || m_url.protocolIs("filesystem")) { | 5517 // TODO(dcheng): This is similar enough to work we're doing in |
5523 contentSecurityPolicy()->copyStateFrom(parentCSP); | 5518 // 'DocumentLoader::ensureWriter' that it might make sense to combine them. |
5524 } else if (isPluginDocument()) { | 5519 if (m_frame) { |
5525 // Per CSP2, plugin-types for plugin documents in nested browsing | 5520 Frame* inheritFrom = m_frame->tree().parent() ? m_frame->tree().parent() |
5526 // contexts gets inherited from the parent. | 5521 : m_frame->client()->opener(); |
5527 contentSecurityPolicy()->copyPluginTypesFrom(parentCSP); | 5522 if (inheritFrom && m_frame != inheritFrom) { |
| 5523 DCHECK(inheritFrom->securityContext() && |
| 5524 inheritFrom->securityContext()->contentSecurityPolicy()); |
| 5525 ContentSecurityPolicy* policyToInherit = |
| 5526 inheritFrom->securityContext()->contentSecurityPolicy(); |
| 5527 if (m_url.isEmpty() || m_url.protocolIsAbout() || |
| 5528 m_url.protocolIsData() || m_url.protocolIs("blob") || |
| 5529 m_url.protocolIs("filesystem")) { |
| 5530 contentSecurityPolicy()->copyStateFrom(policyToInherit); |
| 5531 } |
| 5532 // Plugin documents inherit their parent/opener's 'plugin-types' directive |
| 5533 // regardless of URL. |
| 5534 if (isPluginDocument()) |
| 5535 contentSecurityPolicy()->copyPluginTypesFrom(policyToInherit); |
5528 } | 5536 } |
5529 } | 5537 } |
5530 contentSecurityPolicy()->bindToExecutionContext(this); | 5538 contentSecurityPolicy()->bindToExecutionContext(this); |
5531 } | 5539 } |
5532 | 5540 |
5533 bool Document::isSecureTransitionTo(const KURL& url) const { | 5541 bool Document::isSecureTransitionTo(const KURL& url) const { |
5534 RefPtr<SecurityOrigin> other = SecurityOrigin::create(url); | 5542 RefPtr<SecurityOrigin> other = SecurityOrigin::create(url); |
5535 return getSecurityOrigin()->canAccess(other.get()); | 5543 return getSecurityOrigin()->canAccess(other.get()); |
5536 } | 5544 } |
5537 | 5545 |
(...skipping 1042 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
6580 } | 6588 } |
6581 | 6589 |
6582 void showLiveDocumentInstances() { | 6590 void showLiveDocumentInstances() { |
6583 WeakDocumentSet& set = liveDocumentSet(); | 6591 WeakDocumentSet& set = liveDocumentSet(); |
6584 fprintf(stderr, "There are %u documents currently alive:\n", set.size()); | 6592 fprintf(stderr, "There are %u documents currently alive:\n", set.size()); |
6585 for (Document* document : set) | 6593 for (Document* document : set) |
6586 fprintf(stderr, "- Document %p URL: %s\n", document, | 6594 fprintf(stderr, "- Document %p URL: %s\n", document, |
6587 document->url().getString().utf8().data()); | 6595 document->url().getString().utf8().data()); |
6588 } | 6596 } |
6589 #endif | 6597 #endif |
OLD | NEW |