Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(224)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/common/content_security_policy/csp_context.cc

Issue 2612793002: Implement ContentSecurityPolicy on the browser-side. (Closed)
Patch Set: Temporary re-add the parser + transmit parsed CSP over IPC. Created 3 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « content/common/content_security_policy/csp_context.h ('k') | content/common/content_security_policy/csp_context_unittest.cc » ('j') | content/renderer/render_frame_impl.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 // Copyright 2017 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "content/common/content_security_policy/csp_context.h"
6 #include "content/common/content_security_policy/csp_policy.h"
7
8 namespace content {
9
10 CSPContext::CSPContext()
11 : has_self_(false),
12 self_scheme_(""),
13 self_source_("", "", false, -1, false, "") {}
14 CSPContext::~CSPContext() {}
15
16 bool CSPContext::Allow(const std::vector<CSPPolicy>& policies,
17 CSPDirective::Name directive_name,
18 const GURL& url,
19 bool is_redirect) {
20 if (this->SchemeShouldByPass(url.scheme_piece()))
21 return true;
22
23 for (const auto& policy : policies) {
24 if (!policy.Allow(this, directive_name, url, is_redirect))
25 return false;
26 }
27 return true;
28 }
29
30 void CSPContext::SetSelf(const url::Origin origin) {
31 if (origin.unique()) {
32 // TODO(arthursonzogni): Decide what to do with unique origins.
33 has_self_ = false;
34 return;
35 }
36
37 if (origin.scheme() == "file") {
38 has_self_ = true;
39 self_scheme_ = "file";
40 self_source_ =
41 CSPSource("file", "", false, url::PORT_UNSPECIFIED, false, "");
42 return;
43 }
44
45 has_self_ = true;
46 self_scheme_ = origin.scheme();
47 self_source_ = CSPSource(origin.scheme(), origin.host(), false, origin.port(),
48 false, "");
49 }
50
51 bool CSPContext::AllowSelf(const GURL& url) {
52 return has_self_ && self_source_.Allow(this, url);
53 }
54
55 bool CSPContext::ProtocolMatchesSelf(const GURL& url) {
56 if (!has_self_)
57 return false;
58 if (self_scheme_ == url::kHttpScheme)
59 return url.SchemeIsHTTPOrHTTPS() || url.SchemeIsSuborigin();
60 return url.SchemeIs(self_scheme_);
61 }
62
63 void CSPContext::LogToConsole(const std::string& message) {
64 return;
65 }
66
67 bool CSPContext::SchemeShouldByPass(const base::StringPiece& scheme) {
68 return false;
69 }
70
71 void CSPContext::ReportViolation(
72 const std::string& directive_text,
73 const std::string& effective_directive,
74 const std::string& message,
75 const GURL& blocked_url,
76 const std::vector<std::string>& report_end_points,
77 const std::string& header,
78 blink::WebContentSecurityPolicyType disposition) {
79 return;
80 }
81
82 } // namespace content
OLDNEW
« no previous file with comments | « content/common/content_security_policy/csp_context.h ('k') | content/common/content_security_policy/csp_context_unittest.cc » ('j') | content/renderer/render_frame_impl.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698