OLD | NEW |
---|---|
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "core/frame/csp/CSPSource.h" | 5 #include "core/frame/csp/CSPSource.h" |
6 | 6 |
7 #include "core/frame/UseCounter.h" | 7 #include "core/frame/UseCounter.h" |
8 #include "core/frame/csp/ContentSecurityPolicy.h" | 8 #include "core/frame/csp/ContentSecurityPolicy.h" |
9 #include "platform/weborigin/KURL.h" | 9 #include "platform/weborigin/KURL.h" |
10 #include "platform/weborigin/KnownPorts.h" | 10 #include "platform/weborigin/KnownPorts.h" |
(...skipping 56 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
67 UseCounter::count(*document, | 67 UseCounter::count(*document, |
68 UseCounter::CSPSourceWildcardWouldMatchExactHost); | 68 UseCounter::CSPSourceWildcardWouldMatchExactHost); |
69 } else { | 69 } else { |
70 match = equalHosts; | 70 match = equalHosts; |
71 } | 71 } |
72 | 72 |
73 return match; | 73 return match; |
74 } | 74 } |
75 | 75 |
76 bool CSPSource::pathMatches(const String& urlPath) const { | 76 bool CSPSource::pathMatches(const String& urlPath) const { |
77 if (m_path.isEmpty()) | 77 if (m_path.isEmpty() || (m_path == "/" && urlPath.isEmpty())) |
78 return true; | 78 return true; |
79 | 79 |
80 String path = decodeURLEscapeSequences(urlPath); | 80 String path = decodeURLEscapeSequences(urlPath); |
81 | 81 |
82 if (m_path.endsWith("/")) | 82 if (m_path.endsWith("/")) |
83 return path.startsWith(m_path); | 83 return path.startsWith(m_path); |
84 | 84 |
85 return path == m_path; | 85 return path == m_path; |
86 } | 86 } |
87 | 87 |
(...skipping 59 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
147 | 147 |
148 String scheme = other->schemeMatches(m_scheme) ? m_scheme : other->m_scheme; | 148 String scheme = other->schemeMatches(m_scheme) ? m_scheme : other->m_scheme; |
149 if (isSchemeOnly() || other->isSchemeOnly()) { | 149 if (isSchemeOnly() || other->isSchemeOnly()) { |
150 const CSPSource* stricter = isSchemeOnly() ? other : this; | 150 const CSPSource* stricter = isSchemeOnly() ? other : this; |
151 return new CSPSource(m_policy, scheme, stricter->m_host, stricter->m_port, | 151 return new CSPSource(m_policy, scheme, stricter->m_host, stricter->m_port, |
152 stricter->m_path, stricter->m_hostWildcard, | 152 stricter->m_path, stricter->m_hostWildcard, |
153 stricter->m_portWildcard); | 153 stricter->m_portWildcard); |
154 } | 154 } |
155 | 155 |
156 String host = m_hostWildcard == NoWildcard ? m_host : other->m_host; | 156 String host = m_hostWildcard == NoWildcard ? m_host : other->m_host; |
157 String path = other->pathMatches(m_path) ? m_path : other->m_path; | 157 // Since sources are similar and paths match, pick the longer one. |
158 String path = | |
159 m_path.length() > other->m_path.length() ? m_path : other->m_path; | |
amalika
2016/12/08 19:30:59
Simplified the logic instead of adding another che
| |
158 // Choose this port if the other port is empty, has wildcard or is a port for | 160 // Choose this port if the other port is empty, has wildcard or is a port for |
159 // a less secure scheme such as "http" whereas scheme of this is "https", in | 161 // a less secure scheme such as "http" whereas scheme of this is "https", in |
160 // which case the lengths would differ. | 162 // which case the lengths would differ. |
161 int port = (other->m_portWildcard == HasWildcard || !other->m_port || | 163 int port = (other->m_portWildcard == HasWildcard || !other->m_port || |
162 m_scheme.length() > other->m_scheme.length()) | 164 m_scheme.length() > other->m_scheme.length()) |
163 ? m_port | 165 ? m_port |
164 : other->m_port; | 166 : other->m_port; |
165 WildcardDisposition hostWildcard = | 167 WildcardDisposition hostWildcard = |
166 (m_hostWildcard == HasWildcard) ? other->m_hostWildcard : m_hostWildcard; | 168 (m_hostWildcard == HasWildcard) ? other->m_hostWildcard : m_hostWildcard; |
167 WildcardDisposition portWildcard = | 169 WildcardDisposition portWildcard = |
(...skipping 26 matching lines...) Expand all Loading... | |
194 return false; | 196 return false; |
195 } | 197 } |
196 return true; | 198 return true; |
197 } | 199 } |
198 | 200 |
199 DEFINE_TRACE(CSPSource) { | 201 DEFINE_TRACE(CSPSource) { |
200 visitor->trace(m_policy); | 202 visitor->trace(m_policy); |
201 } | 203 } |
202 | 204 |
203 } // namespace blink | 205 } // namespace blink |
OLD | NEW |