OLD | NEW |
(Empty) | |
| 1 // Copyright 2017 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #include "content/common/content_security_policy/csp_context.h" |
| 6 |
| 7 namespace content { |
| 8 |
| 9 CSPContext::CSPContext() : has_self_(false) {} |
| 10 |
| 11 CSPContext::~CSPContext() {} |
| 12 |
| 13 bool CSPContext::Allow(const std::vector<ContentSecurityPolicy>& policies, |
| 14 CSPDirective::Name directive_name, |
| 15 const GURL& url, |
| 16 bool is_redirect) { |
| 17 if (SchemeShouldBypassCSP(url.scheme_piece())) |
| 18 return true; |
| 19 |
| 20 for (const auto& policy : policies) { |
| 21 if (!ContentSecurityPolicy::Allow(policy, directive_name, url, this, |
| 22 is_redirect)) |
| 23 return false; |
| 24 } |
| 25 return true; |
| 26 } |
| 27 |
| 28 void CSPContext::SetSelf(const url::Origin origin) { |
| 29 if (origin.unique()) { |
| 30 // TODO(arthursonzogni): Decide what to do with unique origins. |
| 31 has_self_ = false; |
| 32 return; |
| 33 } |
| 34 |
| 35 if (origin.scheme() == url::kFileScheme) { |
| 36 has_self_ = true; |
| 37 self_scheme_ = url::kFileScheme; |
| 38 self_source_ = CSPSource(url::kFileScheme, "", false, url::PORT_UNSPECIFIED, |
| 39 false, ""); |
| 40 return; |
| 41 } |
| 42 |
| 43 has_self_ = true; |
| 44 self_scheme_ = origin.scheme(); |
| 45 self_source_ = CSPSource( |
| 46 origin.scheme(), origin.host(), false, |
| 47 origin.port() == 0 ? url::PORT_UNSPECIFIED : origin.port(), // port |
| 48 false, ""); |
| 49 } |
| 50 |
| 51 bool CSPContext::AllowSelf(const GURL& url) { |
| 52 return has_self_ && CSPSource::Allow(self_source_, url, this); |
| 53 } |
| 54 |
| 55 bool CSPContext::ProtocolMatchesSelf(const GURL& url) { |
| 56 if (!has_self_) |
| 57 return false; |
| 58 if (self_scheme_ == url::kHttpScheme) |
| 59 return url.SchemeIsHTTPOrHTTPS() || url.SchemeIsSuborigin(); |
| 60 return url.SchemeIs(self_scheme_); |
| 61 } |
| 62 |
| 63 void CSPContext::LogToConsole(const std::string& message) { |
| 64 return; |
| 65 } |
| 66 |
| 67 bool CSPContext::SchemeShouldBypassCSP(const base::StringPiece& scheme) { |
| 68 return false; |
| 69 } |
| 70 |
| 71 bool CSPContext::SelfSchemeShouldBypassCSP() { |
| 72 if (!has_self_) |
| 73 return false; |
| 74 return SchemeShouldBypassCSP(self_scheme_); |
| 75 } |
| 76 |
| 77 void CSPContext::ReportViolation( |
| 78 const std::string& directive_text, |
| 79 const std::string& effective_directive, |
| 80 const std::string& message, |
| 81 const GURL& blocked_url, |
| 82 const std::vector<std::string>& report_end_points, |
| 83 const std::string& header, |
| 84 blink::WebContentSecurityPolicyType disposition) { |
| 85 return; |
| 86 } |
| 87 |
| 88 } // namespace content |
OLD | NEW |