content/common/content_security_policy/csp_context.cc - Issue 2612793002: Implement ContentSecurityPolicy on the browser-side.

Side by Side Diff

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Side by Side Diff: content/common/content_security_policy/csp_context.cc

Issue 2612793002: Implement ContentSecurityPolicy on the browser-side. (Closed)

Patch Set: Add the TODO and bug ids that was forgotten. Created 3 years, 10 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
(Empty)
	1 // Copyright 2017 The Chromium Authors. All rights reserved.

	2 // Use of this source code is governed by a BSD-style license that can be

	3 // found in the LICENSE file.

	4

	5 #include "content/common/content_security_policy/csp_context.h"

	6

	7 namespace content {

	8

	9 CSPContext::CSPContext() : has_self_(false) {}

	10

	11 CSPContext::~CSPContext() {}

	12

	13 bool CSPContext::Allow(const std::vector<ContentSecurityPolicy>& policies,

	14 CSPDirective::Name directive_name,

	15 const GURL& url,

	16 bool is_redirect) {

	17 if (SchemeShouldBypassCSP(url.scheme_piece()))

	18 return true;

	19

	20 for (const auto& policy : policies) {

	21 if (!ContentSecurityPolicy::Allow(policy, directive_name, url, this,

	22 is_redirect))

	23 return false;

	24 }

	25 return true;

	26 }

	27

	28 void CSPContext::SetSelf(const url::Origin origin) {

	29 if (origin.unique()) {

	30 // TODO(arthursonzogni): Decide what to do with unique origins.

	31 has_self_ = false;

	32 return;

	33 }

	34

	35 if (origin.scheme() == url::kFileScheme) {

	36 has_self_ = true;

	37 self_scheme_ = url::kFileScheme;

	38 self_source_ = CSPSource(url::kFileScheme, "", false, url::PORT_UNSPECIFIED,

	39 false, "");

	40 return;

	41 }

	42

	43 has_self_ = true;

	44 self_scheme_ = origin.scheme();

	45 self_source_ = CSPSource(

	46 origin.scheme(), origin.host(), false,

	47 origin.port() == 0 ? url::PORT_UNSPECIFIED : origin.port(), // port

	48 false, "");

	49 }

	50

	51 bool CSPContext::AllowSelf(const GURL& url) {

	52 return has_self_ && CSPSource::Allow(self_source_, url, this);

	53 }

	54

	55 bool CSPContext::ProtocolMatchesSelf(const GURL& url) {

	56 if (!has_self_)

	57 return false;

	58 if (self_scheme_ == url::kHttpScheme)

	59 return url.SchemeIsHTTPOrHTTPS() \|\| url.SchemeIsSuborigin();

	60 return url.SchemeIs(self_scheme_);

	61 }

	62

	63 void CSPContext::LogToConsole(const std::string& message) {

	64 return;

	65 }

	66

	67 bool CSPContext::SchemeShouldBypassCSP(const base::StringPiece& scheme) {

	68 return false;

	69 }

	70

	71 bool CSPContext::SelfSchemeShouldBypassCSP() {

	72 if (!has_self_)

	73 return false;

	74 return SchemeShouldBypassCSP(self_scheme_);

	75 }

	76

	77 void CSPContext::ReportViolation(

	78 const std::string& directive_text,

	79 const std::string& effective_directive,

	80 const std::string& message,

	81 const GURL& blocked_url,

	82 const std::vector<std::string>& report_end_points,

	83 const std::string& header,

	84 blink::WebContentSecurityPolicyType disposition) {

	85 return;

	86 }

	87

	88 } // namespace content

OLD	NEW