OLD | NEW |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "core/frame/csp/SourceListDirective.h" | 5 #include "core/frame/csp/SourceListDirective.h" |
6 | 6 |
7 #include "core/frame/csp/CSPSource.h" | 7 #include "core/frame/csp/CSPSource.h" |
8 #include "core/frame/csp/ContentSecurityPolicy.h" | 8 #include "core/frame/csp/ContentSecurityPolicy.h" |
9 #include "platform/network/ContentSecurityPolicyParsers.h" | 9 #include "platform/network/ContentSecurityPolicyParsers.h" |
10 #include "platform/weborigin/KURL.h" | 10 #include "platform/weborigin/KURL.h" |
(...skipping 678 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
689 // have no allowed CSPSources. | 689 // have no allowed CSPSources. |
690 return allowDynamicOther || !normalizedB.size(); | 690 return allowDynamicOther || !normalizedB.size(); |
691 } | 691 } |
692 | 692 |
693 // If embedding CSP specifies `self`, `self` refers to the embedee's origin. | 693 // If embedding CSP specifies `self`, `self` refers to the embedee's origin. |
694 HeapVector<Member<CSPSource>> normalizedA = | 694 HeapVector<Member<CSPSource>> normalizedA = |
695 getSources(other[0]->m_policy->getSelfSource()); | 695 getSources(other[0]->m_policy->getSelfSource()); |
696 return CSPSource::firstSubsumesSecond(normalizedA, normalizedB); | 696 return CSPSource::firstSubsumesSecond(normalizedA, normalizedB); |
697 } | 697 } |
698 | 698 |
| 699 WebContentSecurityPolicySourceList |
| 700 SourceListDirective::exposeForNavigationalChecks() const { |
| 701 WebContentSecurityPolicySourceList sourceList; |
| 702 sourceList.allowSelf = m_allowSelf; |
| 703 sourceList.allowStar = m_allowStar; |
| 704 WebVector<WebContentSecurityPolicySourceExpression> list(m_list.size()); |
| 705 for (size_t i = 0; i < m_list.size(); ++i) |
| 706 list[i] = m_list[i]->exposeForNavigationalChecks(); |
| 707 sourceList.sources.swap(list); |
| 708 return sourceList; |
| 709 } |
| 710 |
699 bool SourceListDirective::subsumesNoncesAndHashes( | 711 bool SourceListDirective::subsumesNoncesAndHashes( |
700 const HashSet<String>& nonces, | 712 const HashSet<String>& nonces, |
701 const HashSet<CSPHashValue> hashes) const { | 713 const HashSet<CSPHashValue> hashes) const { |
702 for (const auto& nonce : nonces) { | 714 for (const auto& nonce : nonces) { |
703 if (!m_nonces.contains(nonce)) | 715 if (!m_nonces.contains(nonce)) |
704 return false; | 716 return false; |
705 } | 717 } |
706 for (const auto& hash : hashes) { | 718 for (const auto& hash : hashes) { |
707 if (!m_hashes.contains(hash)) | 719 if (!m_hashes.contains(hash)) |
708 return false; | 720 return false; |
(...skipping 100 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
809 return normalized; | 821 return normalized; |
810 } | 822 } |
811 | 823 |
812 DEFINE_TRACE(SourceListDirective) { | 824 DEFINE_TRACE(SourceListDirective) { |
813 visitor->trace(m_policy); | 825 visitor->trace(m_policy); |
814 visitor->trace(m_list); | 826 visitor->trace(m_list); |
815 CSPDirective::trace(visitor); | 827 CSPDirective::trace(visitor); |
816 } | 828 } |
817 | 829 |
818 } // namespace blink | 830 } // namespace blink |
OLD | NEW |