| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "core/frame/csp/SourceListDirective.h" | 5 #include "core/frame/csp/SourceListDirective.h" |
| 6 | 6 |
| 7 #include "core/frame/csp/CSPSource.h" | 7 #include "core/frame/csp/CSPSource.h" |
| 8 #include "core/frame/csp/ContentSecurityPolicy.h" | 8 #include "core/frame/csp/ContentSecurityPolicy.h" |
| 9 #include "platform/network/ContentSecurityPolicyParsers.h" | 9 #include "platform/network/ContentSecurityPolicyParsers.h" |
| 10 #include "platform/weborigin/KURL.h" | 10 #include "platform/weborigin/KURL.h" |
| (...skipping 678 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 689 // have no allowed CSPSources. | 689 // have no allowed CSPSources. |
| 690 return allowDynamicOther || !normalizedB.size(); | 690 return allowDynamicOther || !normalizedB.size(); |
| 691 } | 691 } |
| 692 | 692 |
| 693 // If embedding CSP specifies `self`, `self` refers to the embedee's origin. | 693 // If embedding CSP specifies `self`, `self` refers to the embedee's origin. |
| 694 HeapVector<Member<CSPSource>> normalizedA = | 694 HeapVector<Member<CSPSource>> normalizedA = |
| 695 getSources(other[0]->m_policy->getSelfSource()); | 695 getSources(other[0]->m_policy->getSelfSource()); |
| 696 return CSPSource::firstSubsumesSecond(normalizedA, normalizedB); | 696 return CSPSource::firstSubsumesSecond(normalizedA, normalizedB); |
| 697 } | 697 } |
| 698 | 698 |
| 699 WebContentSecurityPolicySourceList |
| 700 SourceListDirective::exposeForNavigationalChecks() const { |
| 701 WebContentSecurityPolicySourceList sourceList; |
| 702 sourceList.allowSelf = m_allowSelf; |
| 703 sourceList.allowStar = m_allowStar; |
| 704 WebVector<WebContentSecurityPolicySourceExpression> list(m_list.size()); |
| 705 for (size_t i = 0; i < m_list.size(); ++i) |
| 706 list[i] = m_list[i]->exposeForNavigationalChecks(); |
| 707 sourceList.sources.swap(list); |
| 708 return sourceList; |
| 709 } |
| 710 |
| 699 bool SourceListDirective::subsumesNoncesAndHashes( | 711 bool SourceListDirective::subsumesNoncesAndHashes( |
| 700 const HashSet<String>& nonces, | 712 const HashSet<String>& nonces, |
| 701 const HashSet<CSPHashValue> hashes) const { | 713 const HashSet<CSPHashValue> hashes) const { |
| 702 for (const auto& nonce : nonces) { | 714 for (const auto& nonce : nonces) { |
| 703 if (!m_nonces.contains(nonce)) | 715 if (!m_nonces.contains(nonce)) |
| 704 return false; | 716 return false; |
| 705 } | 717 } |
| 706 for (const auto& hash : hashes) { | 718 for (const auto& hash : hashes) { |
| 707 if (!m_hashes.contains(hash)) | 719 if (!m_hashes.contains(hash)) |
| 708 return false; | 720 return false; |
| (...skipping 100 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 809 return normalized; | 821 return normalized; |
| 810 } | 822 } |
| 811 | 823 |
| 812 DEFINE_TRACE(SourceListDirective) { | 824 DEFINE_TRACE(SourceListDirective) { |
| 813 visitor->trace(m_policy); | 825 visitor->trace(m_policy); |
| 814 visitor->trace(m_list); | 826 visitor->trace(m_list); |
| 815 CSPDirective::trace(visitor); | 827 CSPDirective::trace(visitor); |
| 816 } | 828 } |
| 817 | 829 |
| 818 } // namespace blink | 830 } // namespace blink |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2612793002:
Implement ContentSecurityPolicy on the browser-side. (Closed)
