OLD | NEW |
---|---|
(Empty) | |
1 // Copyright 2017 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #include "content/common/content_security_policy/csp_context.h" | |
6 | |
7 namespace content { | |
8 | |
9 CSPContext::CSPContext() | |
10 : has_self_(false), | |
11 self_scheme_(""), | |
nasko
2017/02/17 01:03:15
nit: No need to initialize it to empty string expl
arthursonzogni
2017/02/17 09:30:22
Done.
| |
12 self_source_("", "", false, -1, false, "") {} | |
nasko
2017/02/17 01:03:16
s/""/std::string()/, use url::PORT_UNSPECIFIED as
arthursonzogni
2017/02/17 09:30:22
I have a default constructor that already does the
| |
13 CSPContext::~CSPContext() {} | |
14 | |
15 bool CSPContext::Allow(const std::vector<ContentSecurityPolicy>& policies, | |
16 CSPDirective::Name directive_name, | |
17 const GURL& url, | |
18 bool is_redirect) { | |
19 if (this->SchemeShouldBypassCSP(url.scheme_piece())) | |
nasko
2017/02/17 01:03:16
nit: Chromium code avoids using "this->".
arthursonzogni
2017/02/17 09:30:22
Done.
| |
20 return true; | |
21 | |
22 for (const auto& policy : policies) { | |
23 if (!ContentSecurityPolicy::Allow(policy, directive_name, url, this, | |
24 is_redirect)) | |
25 return false; | |
26 } | |
27 return true; | |
28 } | |
29 | |
30 void CSPContext::SetSelf(const url::Origin origin) { | |
31 if (origin.unique()) { | |
32 // TODO(arthursonzogni): Decide what to do with unique origins. | |
33 has_self_ = false; | |
34 return; | |
35 } | |
36 | |
37 if (origin.scheme() == "file") { | |
nasko
2017/02/17 01:03:17
nit: Please use symbolic constants, kFileScheme in
arthursonzogni
2017/02/17 09:30:22
Done.
| |
38 has_self_ = true; | |
39 self_scheme_ = "file"; | |
40 self_source_ = | |
41 CSPSource("file", "", false, url::PORT_UNSPECIFIED, false, ""); | |
42 return; | |
43 } | |
44 | |
45 has_self_ = true; | |
46 self_scheme_ = origin.scheme(); | |
47 self_source_ = CSPSource( | |
48 origin.scheme(), origin.host(), false, | |
49 origin.port() == 0 ? url::PORT_UNSPECIFIED : origin.port(), // port | |
50 false, ""); | |
51 } | |
52 | |
53 bool CSPContext::AllowSelf(const GURL& url) { | |
54 return has_self_ && CSPSource::Allow(self_source_, url, this); | |
55 } | |
56 | |
57 bool CSPContext::ProtocolMatchesSelf(const GURL& url) { | |
58 if (!has_self_) | |
59 return false; | |
60 if (self_scheme_ == url::kHttpScheme) | |
nasko
2017/02/17 01:03:17
What about httpS?
arthursonzogni
2017/02/17 09:30:22
I don't know what is the correct behavior, but at
| |
61 return url.SchemeIsHTTPOrHTTPS() || url.SchemeIsSuborigin(); | |
62 return url.SchemeIs(self_scheme_); | |
63 } | |
64 | |
65 void CSPContext::LogToConsole(const std::string& message) { | |
66 return; | |
67 } | |
68 | |
69 bool CSPContext::SchemeShouldBypassCSP(const base::StringPiece& scheme) { | |
70 return false; | |
71 } | |
72 | |
73 bool CSPContext::SelfSchemeShouldBypassCSP() { | |
74 if (!has_self_) | |
75 return false; | |
76 return SchemeShouldBypassCSP(self_scheme_); | |
nasko
2017/02/17 01:03:16
This method isn't virtual, so it cannot be overrid
arthursonzogni
2017/02/17 09:30:22
SchemeShouldBypassCSP is virtual :)
| |
77 } | |
78 | |
79 void CSPContext::ReportViolation( | |
80 const std::string& directive_text, | |
81 const std::string& effective_directive, | |
82 const std::string& message, | |
83 const GURL& blocked_url, | |
84 const std::vector<std::string>& report_end_points, | |
85 const std::string& header, | |
86 blink::WebContentSecurityPolicyType disposition) { | |
87 return; | |
88 } | |
89 | |
90 } // namespace content | |
OLD | NEW |