| Index: third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp
|
| diff --git a/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp b/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp
|
| index f872ff2f0d1f60f6c31dde7a8620032409261bd7..6394a1eaddd2e5e6d31681e44e53226546d77c1d 100644
|
| --- a/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp
|
| +++ b/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp
|
| @@ -475,14 +475,18 @@ template <bool (CSPDirectiveList::*allowFromURL)(
|
| bool isAllowedByAll(const CSPDirectiveListVector& policies,
|
| const KURL& url,
|
| RedirectStatus redirectStatus,
|
| - ContentSecurityPolicy::ReportingStatus reportingStatus) {
|
| + ContentSecurityPolicy::ReportingStatus reportingStatus,
|
| + ContentSecurityPolicyHeaderType headerType) {
|
| if (SchemeRegistry::schemeShouldBypassContentSecurityPolicy(url.protocol()))
|
| return true;
|
|
|
| bool isAllowed = true;
|
| - for (const auto& policy : policies)
|
| + for (const auto& policy : policies) {
|
| + if (policy->headerType() != headerType)
|
| + continue;
|
| isAllowed &=
|
| (policy.get()->*allowFromURL)(url, redirectStatus, reportingStatus);
|
| + }
|
| return isAllowed;
|
| }
|
|
|
| @@ -495,14 +499,18 @@ bool isAllowedByAll(const CSPDirectiveListVector& policies,
|
| const KURL& url,
|
| const String& nonce,
|
| RedirectStatus redirectStatus,
|
| - ContentSecurityPolicy::ReportingStatus reportingStatus) {
|
| + ContentSecurityPolicy::ReportingStatus reportingStatus,
|
| + ContentSecurityPolicyHeaderType headerType) {
|
| if (SchemeRegistry::schemeShouldBypassContentSecurityPolicy(url.protocol()))
|
| return true;
|
|
|
| bool isAllowed = true;
|
| - for (const auto& policy : policies)
|
| + for (const auto& policy : policies) {
|
| + if (policy->headerType() != headerType)
|
| + continue;
|
| isAllowed &= (policy.get()->*allowFromURLWithNonce)(
|
| url, nonce, redirectStatus, reportingStatus);
|
| + }
|
| return isAllowed;
|
| }
|
|
|
| @@ -517,7 +525,8 @@ bool isAllowedByAll(const CSPDirectiveListVector& policies,
|
| const String& nonce,
|
| ParserDisposition parserDisposition,
|
| RedirectStatus redirectStatus,
|
| - ContentSecurityPolicy::ReportingStatus reportingStatus) {
|
| + ContentSecurityPolicy::ReportingStatus reportingStatus,
|
| + ContentSecurityPolicyHeaderType headerType) {
|
| if (SchemeRegistry::schemeShouldBypassContentSecurityPolicy(url.protocol())) {
|
| // If we're running experimental features, bypass CSP only for
|
| // non-parser-inserted resources whose scheme otherwise bypasses CSP. If
|
| @@ -534,6 +543,8 @@ bool isAllowedByAll(const CSPDirectiveListVector& policies,
|
|
|
| bool isAllowed = true;
|
| for (const auto& policy : policies) {
|
| + if (policy->headerType() != headerType)
|
| + continue;
|
| isAllowed &= (policy.get()->*allowFromURLWithNonceAndParser)(
|
| url, nonce, parserDisposition, redirectStatus, reportingStatus);
|
| }
|
| @@ -712,7 +723,8 @@ bool ContentSecurityPolicy::allowScriptFromSource(
|
| const String& nonce,
|
| ParserDisposition parserDisposition,
|
| RedirectStatus redirectStatus,
|
| - ContentSecurityPolicy::ReportingStatus reportingStatus) const {
|
| + ContentSecurityPolicy::ReportingStatus reportingStatus,
|
| + ContentSecurityPolicyHeaderType headerType) const {
|
| if (SchemeRegistry::schemeShouldBypassContentSecurityPolicy(url.protocol())) {
|
| UseCounter::count(
|
| document(),
|
| @@ -722,7 +734,7 @@ bool ContentSecurityPolicy::allowScriptFromSource(
|
| }
|
| return isAllowedByAll<&CSPDirectiveList::allowScriptFromSource>(
|
| m_policies, url, nonce, parserDisposition, redirectStatus,
|
| - reportingStatus);
|
| + reportingStatus, headerType);
|
| }
|
|
|
| bool ContentSecurityPolicy::allowScriptWithHash(const String& source,
|
| @@ -741,11 +753,14 @@ bool ContentSecurityPolicy::allowRequestWithoutIntegrity(
|
| WebURLRequest::RequestContext context,
|
| const KURL& url,
|
| RedirectStatus redirectStatus,
|
| - ContentSecurityPolicy::ReportingStatus reportingStatus) const {
|
| + ContentSecurityPolicy::ReportingStatus reportingStatus,
|
| + ContentSecurityPolicyHeaderType headerType) const {
|
| for (const auto& policy : m_policies) {
|
| - if (!policy->allowRequestWithoutIntegrity(context, url, redirectStatus,
|
| - reportingStatus))
|
| + if (policy->headerType() == headerType &&
|
| + !policy->allowRequestWithoutIntegrity(context, url, redirectStatus,
|
| + reportingStatus)) {
|
| return false;
|
| + }
|
| }
|
| return true;
|
| }
|
| @@ -757,52 +772,61 @@ bool ContentSecurityPolicy::allowRequest(
|
| const IntegrityMetadataSet& integrityMetadata,
|
| ParserDisposition parserDisposition,
|
| RedirectStatus redirectStatus,
|
| - ReportingStatus reportingStatus) const {
|
| + ReportingStatus reportingStatus,
|
| + ContentSecurityPolicyHeaderType headerType) const {
|
| if (integrityMetadata.isEmpty() &&
|
| !allowRequestWithoutIntegrity(context, url, redirectStatus,
|
| - reportingStatus))
|
| + reportingStatus, headerType)) {
|
| return false;
|
| + }
|
|
|
| switch (context) {
|
| case WebURLRequest::RequestContextAudio:
|
| case WebURLRequest::RequestContextTrack:
|
| case WebURLRequest::RequestContextVideo:
|
| - return allowMediaFromSource(url, redirectStatus, reportingStatus);
|
| + return allowMediaFromSource(url, redirectStatus, reportingStatus,
|
| + headerType);
|
| case WebURLRequest::RequestContextBeacon:
|
| case WebURLRequest::RequestContextEventSource:
|
| case WebURLRequest::RequestContextFetch:
|
| case WebURLRequest::RequestContextXMLHttpRequest:
|
| case WebURLRequest::RequestContextSubresource:
|
| - return allowConnectToSource(url, redirectStatus, reportingStatus);
|
| + return allowConnectToSource(url, redirectStatus, reportingStatus,
|
| + headerType);
|
| case WebURLRequest::RequestContextEmbed:
|
| case WebURLRequest::RequestContextObject:
|
| - return allowObjectFromSource(url, redirectStatus, reportingStatus);
|
| + return allowObjectFromSource(url, redirectStatus, reportingStatus,
|
| + headerType);
|
| case WebURLRequest::RequestContextFavicon:
|
| case WebURLRequest::RequestContextImage:
|
| case WebURLRequest::RequestContextImageSet:
|
| - return allowImageFromSource(url, redirectStatus, reportingStatus);
|
| + return allowImageFromSource(url, redirectStatus, reportingStatus,
|
| + headerType);
|
| case WebURLRequest::RequestContextFont:
|
| - return allowFontFromSource(url, redirectStatus, reportingStatus);
|
| + return allowFontFromSource(url, redirectStatus, reportingStatus,
|
| + headerType);
|
| case WebURLRequest::RequestContextForm:
|
| - return allowFormAction(url, redirectStatus, reportingStatus);
|
| + return allowFormAction(url, redirectStatus, reportingStatus, headerType);
|
| case WebURLRequest::RequestContextFrame:
|
| case WebURLRequest::RequestContextIframe:
|
| - return allowFrameFromSource(url, redirectStatus, reportingStatus);
|
| + return allowFrameFromSource(url, redirectStatus, reportingStatus,
|
| + headerType);
|
| case WebURLRequest::RequestContextImport:
|
| case WebURLRequest::RequestContextScript:
|
| - return allowScriptFromSource(url, nonce, parserDisposition,
|
| - redirectStatus, reportingStatus);
|
| case WebURLRequest::RequestContextXSLT:
|
| return allowScriptFromSource(url, nonce, parserDisposition,
|
| - redirectStatus, reportingStatus);
|
| + redirectStatus, reportingStatus, headerType);
|
| case WebURLRequest::RequestContextManifest:
|
| - return allowManifestFromSource(url, redirectStatus, reportingStatus);
|
| + return allowManifestFromSource(url, redirectStatus, reportingStatus,
|
| + headerType);
|
| case WebURLRequest::RequestContextServiceWorker:
|
| case WebURLRequest::RequestContextSharedWorker:
|
| case WebURLRequest::RequestContextWorker:
|
| - return allowWorkerContextFromSource(url, redirectStatus, reportingStatus);
|
| + return allowWorkerContextFromSource(url, redirectStatus, reportingStatus,
|
| + headerType);
|
| case WebURLRequest::RequestContextStyle:
|
| - return allowStyleFromSource(url, nonce, redirectStatus, reportingStatus);
|
| + return allowStyleFromSource(url, nonce, redirectStatus, reportingStatus,
|
| + headerType);
|
| case WebURLRequest::RequestContextCSPReport:
|
| case WebURLRequest::RequestContextDownload:
|
| case WebURLRequest::RequestContextHyperlink:
|
| @@ -829,110 +853,126 @@ void ContentSecurityPolicy::usesStyleHashAlgorithms(uint8_t algorithms) {
|
| bool ContentSecurityPolicy::allowObjectFromSource(
|
| const KURL& url,
|
| RedirectStatus redirectStatus,
|
| - ContentSecurityPolicy::ReportingStatus reportingStatus) const {
|
| + ContentSecurityPolicy::ReportingStatus reportingStatus,
|
| + ContentSecurityPolicyHeaderType headerType) const {
|
| return isAllowedByAll<&CSPDirectiveList::allowObjectFromSource>(
|
| - m_policies, url, redirectStatus, reportingStatus);
|
| + m_policies, url, redirectStatus, reportingStatus, headerType);
|
| }
|
|
|
| bool ContentSecurityPolicy::allowFrameFromSource(
|
| const KURL& url,
|
| RedirectStatus redirectStatus,
|
| - ContentSecurityPolicy::ReportingStatus reportingStatus) const {
|
| + ContentSecurityPolicy::ReportingStatus reportingStatus,
|
| + ContentSecurityPolicyHeaderType headerType) const {
|
| return isAllowedByAll<&CSPDirectiveList::allowFrameFromSource>(
|
| - m_policies, url, redirectStatus, reportingStatus);
|
| + m_policies, url, redirectStatus, reportingStatus, headerType);
|
| }
|
|
|
| bool ContentSecurityPolicy::allowImageFromSource(
|
| const KURL& url,
|
| RedirectStatus redirectStatus,
|
| - ContentSecurityPolicy::ReportingStatus reportingStatus) const {
|
| + ContentSecurityPolicy::ReportingStatus reportingStatus,
|
| + ContentSecurityPolicyHeaderType headerType) const {
|
| if (SchemeRegistry::schemeShouldBypassContentSecurityPolicy(
|
| url.protocol(), SchemeRegistry::PolicyAreaImage))
|
| return true;
|
| return isAllowedByAll<&CSPDirectiveList::allowImageFromSource>(
|
| - m_policies, url, redirectStatus, reportingStatus);
|
| + m_policies, url, redirectStatus, reportingStatus, headerType);
|
| }
|
|
|
| bool ContentSecurityPolicy::allowStyleFromSource(
|
| const KURL& url,
|
| const String& nonce,
|
| RedirectStatus redirectStatus,
|
| - ContentSecurityPolicy::ReportingStatus reportingStatus) const {
|
| + ContentSecurityPolicy::ReportingStatus reportingStatus,
|
| + ContentSecurityPolicyHeaderType headerType) const {
|
| if (SchemeRegistry::schemeShouldBypassContentSecurityPolicy(
|
| url.protocol(), SchemeRegistry::PolicyAreaStyle))
|
| return true;
|
| return isAllowedByAll<&CSPDirectiveList::allowStyleFromSource>(
|
| - m_policies, url, nonce, redirectStatus, reportingStatus);
|
| + m_policies, url, nonce, redirectStatus, reportingStatus, headerType);
|
| }
|
|
|
| bool ContentSecurityPolicy::allowFontFromSource(
|
| const KURL& url,
|
| RedirectStatus redirectStatus,
|
| - ContentSecurityPolicy::ReportingStatus reportingStatus) const {
|
| + ContentSecurityPolicy::ReportingStatus reportingStatus,
|
| + ContentSecurityPolicyHeaderType headerType) const {
|
| return isAllowedByAll<&CSPDirectiveList::allowFontFromSource>(
|
| - m_policies, url, redirectStatus, reportingStatus);
|
| + m_policies, url, redirectStatus, reportingStatus, headerType);
|
| }
|
|
|
| bool ContentSecurityPolicy::allowMediaFromSource(
|
| const KURL& url,
|
| RedirectStatus redirectStatus,
|
| - ContentSecurityPolicy::ReportingStatus reportingStatus) const {
|
| + ContentSecurityPolicy::ReportingStatus reportingStatus,
|
| + ContentSecurityPolicyHeaderType headerType) const {
|
| return isAllowedByAll<&CSPDirectiveList::allowMediaFromSource>(
|
| - m_policies, url, redirectStatus, reportingStatus);
|
| + m_policies, url, redirectStatus, reportingStatus, headerType);
|
| }
|
|
|
| bool ContentSecurityPolicy::allowConnectToSource(
|
| const KURL& url,
|
| RedirectStatus redirectStatus,
|
| - ContentSecurityPolicy::ReportingStatus reportingStatus) const {
|
| + ContentSecurityPolicy::ReportingStatus reportingStatus,
|
| + ContentSecurityPolicyHeaderType headerType) const {
|
| return isAllowedByAll<&CSPDirectiveList::allowConnectToSource>(
|
| - m_policies, url, redirectStatus, reportingStatus);
|
| + m_policies, url, redirectStatus, reportingStatus, headerType);
|
| }
|
|
|
| bool ContentSecurityPolicy::allowFormAction(
|
| const KURL& url,
|
| RedirectStatus redirectStatus,
|
| - ContentSecurityPolicy::ReportingStatus reportingStatus) const {
|
| + ContentSecurityPolicy::ReportingStatus reportingStatus,
|
| + ContentSecurityPolicyHeaderType headerType) const {
|
| return isAllowedByAll<&CSPDirectiveList::allowFormAction>(
|
| - m_policies, url, redirectStatus, reportingStatus);
|
| + m_policies, url, redirectStatus, reportingStatus, headerType);
|
| }
|
|
|
| bool ContentSecurityPolicy::allowBaseURI(
|
| const KURL& url,
|
| RedirectStatus redirectStatus,
|
| ContentSecurityPolicy::ReportingStatus reportingStatus) const {
|
| + // `base-uri` isn't affected by 'upgrade-insecure-requests', so we'll check
|
| + // both report-only and enforce headers here.
|
| + isAllowedByAll<&CSPDirectiveList::allowBaseURI>(
|
| + m_policies, url, redirectStatus, reportingStatus,
|
| + ContentSecurityPolicyHeaderTypeReport);
|
| return isAllowedByAll<&CSPDirectiveList::allowBaseURI>(
|
| - m_policies, url, redirectStatus, reportingStatus);
|
| + m_policies, url, redirectStatus, reportingStatus,
|
| + ContentSecurityPolicyHeaderTypeEnforce);
|
| }
|
|
|
| bool ContentSecurityPolicy::allowWorkerContextFromSource(
|
| const KURL& url,
|
| RedirectStatus redirectStatus,
|
| - ContentSecurityPolicy::ReportingStatus reportingStatus) const {
|
| + ContentSecurityPolicy::ReportingStatus reportingStatus,
|
| + ContentSecurityPolicyHeaderType headerType) const {
|
| // CSP 1.1 moves workers from 'script-src' to the new 'child-src'. Measure the
|
| // impact of this backwards-incompatible change.
|
| if (Document* document = this->document()) {
|
| UseCounter::count(*document, UseCounter::WorkerSubjectToCSP);
|
| if (isAllowedByAll<&CSPDirectiveList::allowWorkerFromSource>(
|
| - m_policies, url, redirectStatus, SuppressReport) &&
|
| + m_policies, url, redirectStatus, SuppressReport, headerType) &&
|
| !isAllowedByAll<&CSPDirectiveList::allowScriptFromSource>(
|
| m_policies, url, AtomicString(), NotParserInserted, redirectStatus,
|
| - SuppressReport)) {
|
| + SuppressReport, headerType)) {
|
| UseCounter::count(*document,
|
| UseCounter::WorkerAllowedByChildBlockedByScript);
|
| }
|
| }
|
|
|
| return isAllowedByAll<&CSPDirectiveList::allowWorkerFromSource>(
|
| - m_policies, url, redirectStatus, reportingStatus);
|
| + m_policies, url, redirectStatus, reportingStatus, headerType);
|
| }
|
|
|
| bool ContentSecurityPolicy::allowManifestFromSource(
|
| const KURL& url,
|
| RedirectStatus redirectStatus,
|
| - ContentSecurityPolicy::ReportingStatus reportingStatus) const {
|
| + ContentSecurityPolicy::ReportingStatus reportingStatus,
|
| + ContentSecurityPolicyHeaderType headerType) const {
|
| return isAllowedByAll<&CSPDirectiveList::allowManifestFromSource>(
|
| - m_policies, url, redirectStatus, reportingStatus);
|
| + m_policies, url, redirectStatus, reportingStatus, headerType);
|
| }
|
|
|
| bool ContentSecurityPolicy::allowAncestors(
|
|
|
Chromium Code Reviews
Issue 2551893002:
Upgrade-Insecure-Requests: Split CSP checks into pre-upgrade and post-upgrade.
