Chromium Code Reviews Chromium Code Reviews
Issue 2612793002:
Implement ContentSecurityPolicy on the browser-side. (Closed)
| OLD | NEW |
|---|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/renderer/render_frame_impl.h" | 5 #include "content/renderer/render_frame_impl.h" |
| 6 | 6 |
| 7 #include <map> | 7 #include <map> |
| 8 #include <string> | 8 #include <string> |
| 9 #include <utility> | 9 #include <utility> |
| 10 #include <vector> | 10 #include <vector> |
| (...skipping 35 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 46 #include "content/child/v8_value_converter_impl.h" | 46 #include "content/child/v8_value_converter_impl.h" |
| 47 #include "content/child/web_url_loader_impl.h" | 47 #include "content/child/web_url_loader_impl.h" |
| 48 #include "content/child/web_url_request_util.h" | 48 #include "content/child/web_url_request_util.h" |
| 49 #include "content/child/webmessageportchannel_impl.h" | 49 #include "content/child/webmessageportchannel_impl.h" |
| 50 #include "content/child/weburlresponse_extradata_impl.h" | 50 #include "content/child/weburlresponse_extradata_impl.h" |
| 51 #include "content/common/accessibility_messages.h" | 51 #include "content/common/accessibility_messages.h" |
| 52 #include "content/common/associated_interface_provider_impl.h" | 52 #include "content/common/associated_interface_provider_impl.h" |
| 53 #include "content/common/associated_interfaces.mojom.h" | 53 #include "content/common/associated_interfaces.mojom.h" |
| 54 #include "content/common/clipboard_messages.h" | 54 #include "content/common/clipboard_messages.h" |
| 55 #include "content/common/content_constants_internal.h" | 55 #include "content/common/content_constants_internal.h" |
| 56 #include "content/common/content_security_policy/csp_context.h" | |
| 56 #include "content/common/content_security_policy_header.h" | 57 #include "content/common/content_security_policy_header.h" |
| 57 #include "content/common/download/mhtml_save_status.h" | 58 #include "content/common/download/mhtml_save_status.h" |
| 58 #include "content/common/edit_command.h" | 59 #include "content/common/edit_command.h" |
| 59 #include "content/common/frame_messages.h" | 60 #include "content/common/frame_messages.h" |
| 60 #include "content/common/frame_owner_properties.h" | 61 #include "content/common/frame_owner_properties.h" |
| 61 #include "content/common/frame_replication_state.h" | 62 #include "content/common/frame_replication_state.h" |
| 62 #include "content/common/input_messages.h" | 63 #include "content/common/input_messages.h" |
| 63 #include "content/common/navigation_params.h" | 64 #include "content/common/navigation_params.h" |
| 64 #include "content/common/page_messages.h" | 65 #include "content/common/page_messages.h" |
| 65 #include "content/common/savable_subframe.h" | 66 #include "content/common/savable_subframe.h" |
| (...skipping 22 matching lines...) Expand all Loading... | |
| 88 #include "content/public/renderer/content_renderer_client.h" | 89 #include "content/public/renderer/content_renderer_client.h" |
| 89 #include "content/public/renderer/context_menu_client.h" | 90 #include "content/public/renderer/context_menu_client.h" |
| 90 #include "content/public/renderer/document_state.h" | 91 #include "content/public/renderer/document_state.h" |
| 91 #include "content/public/renderer/navigation_state.h" | 92 #include "content/public/renderer/navigation_state.h" |
| 92 #include "content/public/renderer/render_frame_observer.h" | 93 #include "content/public/renderer/render_frame_observer.h" |
| 93 #include "content/public/renderer/renderer_ppapi_host.h" | 94 #include "content/public/renderer/renderer_ppapi_host.h" |
| 94 #include "content/renderer/accessibility/render_accessibility_impl.h" | 95 #include "content/renderer/accessibility/render_accessibility_impl.h" |
| 95 #include "content/renderer/browser_plugin/browser_plugin.h" | 96 #include "content/renderer/browser_plugin/browser_plugin.h" |
| 96 #include "content/renderer/browser_plugin/browser_plugin_manager.h" | 97 #include "content/renderer/browser_plugin/browser_plugin_manager.h" |
| 97 #include "content/renderer/child_frame_compositing_helper.h" | 98 #include "content/renderer/child_frame_compositing_helper.h" |
| 99 #include "content/renderer/content_security_policy_util.h" | |
| 98 #include "content/renderer/context_menu_params_builder.h" | 100 #include "content/renderer/context_menu_params_builder.h" |
| 99 #include "content/renderer/devtools/devtools_agent.h" | 101 #include "content/renderer/devtools/devtools_agent.h" |
| 100 #include "content/renderer/dom_automation_controller.h" | 102 #include "content/renderer/dom_automation_controller.h" |
| 101 #include "content/renderer/effective_connection_type_helper.h" | 103 #include "content/renderer/effective_connection_type_helper.h" |
| 102 #include "content/renderer/external_popup_menu.h" | 104 #include "content/renderer/external_popup_menu.h" |
| 103 #include "content/renderer/gpu/gpu_benchmarking_extension.h" | 105 #include "content/renderer/gpu/gpu_benchmarking_extension.h" |
| 104 #include "content/renderer/history_entry.h" | 106 #include "content/renderer/history_entry.h" |
| 105 #include "content/renderer/history_serialization.h" | 107 #include "content/renderer/history_serialization.h" |
| 106 #include "content/renderer/image_downloader/image_downloader_impl.h" | 108 #include "content/renderer/image_downloader/image_downloader_impl.h" |
| 107 #include "content/renderer/ime_event_guard.h" | 109 #include "content/renderer/ime_event_guard.h" |
| (...skipping 3087 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 3195 | 3197 |
| 3196 void RenderFrameImpl::didSetFeaturePolicyHeader( | 3198 void RenderFrameImpl::didSetFeaturePolicyHeader( |
| 3197 const blink::WebParsedFeaturePolicyHeader& parsed_header) { | 3199 const blink::WebParsedFeaturePolicyHeader& parsed_header) { |
| 3198 Send(new FrameHostMsg_DidSetFeaturePolicyHeader( | 3200 Send(new FrameHostMsg_DidSetFeaturePolicyHeader( |
| 3199 routing_id_, FeaturePolicyHeaderFromWeb(parsed_header))); | 3201 routing_id_, FeaturePolicyHeaderFromWeb(parsed_header))); |
| 3200 } | 3202 } |
| 3201 | 3203 |
| 3202 void RenderFrameImpl::didAddContentSecurityPolicy( | 3204 void RenderFrameImpl::didAddContentSecurityPolicy( |
| 3203 const blink::WebString& header_value, | 3205 const blink::WebString& header_value, |
| 3204 blink::WebContentSecurityPolicyType type, | 3206 blink::WebContentSecurityPolicyType type, |
| 3205 blink::WebContentSecurityPolicySource source) { | 3207 blink::WebContentSecurityPolicySource source, |
| 3206 if (!SiteIsolationPolicy::AreCrossProcessFramesPossible()) | 3208 const std::vector<blink::WebContentSecurityPolicyPolicy>& policies) { |
| 3207 return; | |
| 3208 | |
| 3209 ContentSecurityPolicyHeader header; | 3209 ContentSecurityPolicyHeader header; |
| 3210 header.header_value = header_value.utf8(); | 3210 header.header_value = header_value.utf8(); |
| 3211 header.type = type; | 3211 header.type = type; |
| 3212 header.source = source; | 3212 header.source = source; |
| 3213 Send(new FrameHostMsg_DidAddContentSecurityPolicy(routing_id_, header)); | 3213 |
| 3214 std::vector<CSPPolicy> content_policies; | |
|
Mike West
2017/02/13 14:10:51
CSPPolicy => "Content Security Policy Policy". :(
arthursonzogni
2017/02/14 17:07:03
I like thinking that Content-Security-Policy is {t
| |
| 3215 for (const auto& policy : policies) | |
| 3216 content_policies.push_back(BuildCSPPolicy(policy)); | |
| 3217 | |
| 3218 Send(new FrameHostMsg_DidAddContentSecurityPolicy(routing_id_, header, | |
| 3219 content_policies)); | |
| 3214 } | 3220 } |
| 3215 | 3221 |
| 3216 void RenderFrameImpl::didChangeFrameOwnerProperties( | 3222 void RenderFrameImpl::didChangeFrameOwnerProperties( |
| 3217 blink::WebFrame* child_frame, | 3223 blink::WebFrame* child_frame, |
| 3218 const blink::WebFrameOwnerProperties& frame_owner_properties) { | 3224 const blink::WebFrameOwnerProperties& frame_owner_properties) { |
| 3219 Send(new FrameHostMsg_DidChangeFrameOwnerProperties( | 3225 Send(new FrameHostMsg_DidChangeFrameOwnerProperties( |
| 3220 routing_id_, GetRoutingIdForFrameOrProxy(child_frame), | 3226 routing_id_, GetRoutingIdForFrameOrProxy(child_frame), |
| 3221 FrameOwnerProperties(frame_owner_properties))); | 3227 FrameOwnerProperties(frame_owner_properties))); |
| 3222 } | 3228 } |
| 3223 | 3229 |
| (...skipping 3599 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 6823 // event target. Potentially a Pepper plugin will receive the event. | 6829 // event target. Potentially a Pepper plugin will receive the event. |
| 6824 // In order to tell whether a plugin gets the last mouse event and which it | 6830 // In order to tell whether a plugin gets the last mouse event and which it |
| 6825 // is, we set |pepper_last_mouse_event_target_| to null here. If a plugin gets | 6831 // is, we set |pepper_last_mouse_event_target_| to null here. If a plugin gets |
| 6826 // the event, it will notify us via DidReceiveMouseEvent() and set itself as | 6832 // the event, it will notify us via DidReceiveMouseEvent() and set itself as |
| 6827 // |pepper_last_mouse_event_target_|. | 6833 // |pepper_last_mouse_event_target_|. |
| 6828 pepper_last_mouse_event_target_ = nullptr; | 6834 pepper_last_mouse_event_target_ = nullptr; |
| 6829 #endif | 6835 #endif |
| 6830 } | 6836 } |
| 6831 | 6837 |
| 6832 } // namespace content | 6838 } // namespace content |
| OLD | NEW |
