| OLD | NEW |
|---|
| (Empty) | |
| 1 // Copyright 2017 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #include "content/common/content_security_policy/csp_context.h" |
| 6 #include "content/common/content_security_policy/csp_policy.h" |
| 7 |
| 8 namespace content { |
| 9 |
| 10 CSPContext::CSPContext() |
| 11 : has_self_(false), |
| 12 self_scheme_(""), |
| 13 self_source_("", "", false, -1, false, "") {} |
| 14 CSPContext::~CSPContext() {} |
| 15 |
| 16 bool CSPContext::Allow(const std::vector<CSPPolicy>& policies, |
| 17 CSPDirective::Name directive_name, |
| 18 const GURL& url, |
| 19 bool is_redirect) { |
| 20 if (this->SchemeShouldBypassCSP(url.scheme_piece())) |
| 21 return true; |
| 22 |
| 23 for (const auto& policy : policies) { |
| 24 if (!policy.Allow(this, directive_name, url, is_redirect)) |
| 25 return false; |
| 26 } |
| 27 return true; |
| 28 } |
| 29 |
| 30 void CSPContext::SetSelf(const url::Origin origin) { |
| 31 if (origin.unique()) { |
| 32 // TODO(arthursonzogni): Decide what to do with unique origins. |
| 33 has_self_ = false; |
| 34 return; |
| 35 } |
| 36 |
| 37 if (origin.scheme() == "file") { |
| 38 has_self_ = true; |
| 39 self_scheme_ = "file"; |
| 40 self_source_ = |
| 41 CSPSource("file", "", false, url::PORT_UNSPECIFIED, false, ""); |
| 42 return; |
| 43 } |
| 44 |
| 45 has_self_ = true; |
| 46 self_scheme_ = origin.scheme(); |
| 47 self_source_ = CSPSource( |
| 48 origin.scheme(), origin.host(), false, |
| 49 origin.port() == 0 ? url::PORT_UNSPECIFIED : origin.port(), // port |
| 50 false, ""); |
| 51 } |
| 52 |
| 53 bool CSPContext::AllowSelf(const GURL& url) { |
| 54 return has_self_ && self_source_.Allow(this, url); |
| 55 } |
| 56 |
| 57 bool CSPContext::ProtocolMatchesSelf(const GURL& url) { |
| 58 if (!has_self_) |
| 59 return false; |
| 60 if (self_scheme_ == url::kHttpScheme) |
| 61 return url.SchemeIsHTTPOrHTTPS() || url.SchemeIsSuborigin(); |
| 62 return url.SchemeIs(self_scheme_); |
| 63 } |
| 64 |
| 65 void CSPContext::LogToConsole(const std::string& message) { |
| 66 return; |
| 67 } |
| 68 |
| 69 bool CSPContext::SchemeShouldBypassCSP(const base::StringPiece& scheme) { |
| 70 return false; |
| 71 } |
| 72 |
| 73 bool CSPContext::SelfSchemeShouldBypassCSP() { |
| 74 if (!has_self_) |
| 75 return false; |
| 76 return SchemeShouldBypassCSP(self_scheme_); |
| 77 } |
| 78 |
| 79 void CSPContext::ReportViolation( |
| 80 const std::string& directive_text, |
| 81 const std::string& effective_directive, |
| 82 const std::string& message, |
| 83 const GURL& blocked_url, |
| 84 const std::vector<std::string>& report_end_points, |
| 85 const std::string& header, |
| 86 blink::WebContentSecurityPolicyType disposition) { |
| 87 return; |
| 88 } |
| 89 |
| 90 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2612793002:
Implement ContentSecurityPolicy on the browser-side. (Closed)
