Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(897)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: content/common/content_security_policy/csp_context.cc

Issue 2612793002: Implement ContentSecurityPolicy on the browser-side. (Closed)
Patch Set: Temporary re-add the parser + transmit parsed CSP over IPC. Created 3 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « content/common/content_security_policy/csp_context.h ('k') | content/common/content_security_policy/csp_context_unittest.cc » ('j') | content/renderer/render_frame_impl.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: content/common/content_security_policy/csp_context.cc
diff --git a/content/common/content_security_policy/csp_context.cc b/content/common/content_security_policy/csp_context.cc
new file mode 100644
index 0000000000000000000000000000000000000000..3c68ce260a119bd32c6811dd655ed6c447654432
--- /dev/null
+++ b/content/common/content_security_policy/csp_context.cc
@@ -0,0 +1,82 @@
+// Copyright 2017 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "content/common/content_security_policy/csp_context.h"
+#include "content/common/content_security_policy/csp_policy.h"
+
+namespace content {
+
+CSPContext::CSPContext()
+ : has_self_(false),
+ self_scheme_(""),
+ self_source_("", "", false, -1, false, "") {}
+CSPContext::~CSPContext() {}
+
+bool CSPContext::Allow(const std::vector<CSPPolicy>& policies,
+ CSPDirective::Name directive_name,
+ const GURL& url,
+ bool is_redirect) {
+ if (this->SchemeShouldByPass(url.scheme_piece()))
+ return true;
+
+ for (const auto& policy : policies) {
+ if (!policy.Allow(this, directive_name, url, is_redirect))
+ return false;
+ }
+ return true;
+}
+
+void CSPContext::SetSelf(const url::Origin origin) {
+ if (origin.unique()) {
+ // TODO(arthursonzogni): Decide what to do with unique origins.
+ has_self_ = false;
+ return;
+ }
+
+ if (origin.scheme() == "file") {
+ has_self_ = true;
+ self_scheme_ = "file";
+ self_source_ =
+ CSPSource("file", "", false, url::PORT_UNSPECIFIED, false, "");
+ return;
+ }
+
+ has_self_ = true;
+ self_scheme_ = origin.scheme();
+ self_source_ = CSPSource(origin.scheme(), origin.host(), false, origin.port(),
+ false, "");
+}
+
+bool CSPContext::AllowSelf(const GURL& url) {
+ return has_self_ && self_source_.Allow(this, url);
+}
+
+bool CSPContext::ProtocolMatchesSelf(const GURL& url) {
+ if (!has_self_)
+ return false;
+ if (self_scheme_ == url::kHttpScheme)
+ return url.SchemeIsHTTPOrHTTPS() || url.SchemeIsSuborigin();
+ return url.SchemeIs(self_scheme_);
+}
+
+void CSPContext::LogToConsole(const std::string& message) {
+ return;
+}
+
+bool CSPContext::SchemeShouldByPass(const base::StringPiece& scheme) {
+ return false;
+}
+
+void CSPContext::ReportViolation(
+ const std::string& directive_text,
+ const std::string& effective_directive,
+ const std::string& message,
+ const GURL& blocked_url,
+ const std::vector<std::string>& report_end_points,
+ const std::string& header,
+ blink::WebContentSecurityPolicyType disposition) {
+ return;
+}
+
+} // namespace content
« no previous file with comments | « content/common/content_security_policy/csp_context.h ('k') | content/common/content_security_policy/csp_context_unittest.cc » ('j') | content/renderer/render_frame_impl.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698