| Index: content/common/content_security_policy/csp_context.cc
|
| diff --git a/content/common/content_security_policy/csp_context.cc b/content/common/content_security_policy/csp_context.cc
|
| new file mode 100644
|
| index 0000000000000000000000000000000000000000..b9a0f0301c3b6a1e4fdb929de436601e6dad1bb6
|
| --- /dev/null
|
| +++ b/content/common/content_security_policy/csp_context.cc
|
| @@ -0,0 +1,90 @@
|
| +// Copyright 2017 The Chromium Authors. All rights reserved.
|
| +// Use of this source code is governed by a BSD-style license that can be
|
| +// found in the LICENSE file.
|
| +
|
| +#include "content/common/content_security_policy/csp_context.h"
|
| +#include "content/common/content_security_policy/csp_policy.h"
|
| +
|
| +namespace content {
|
| +
|
| +CSPContext::CSPContext()
|
| + : has_self_(false),
|
| + self_scheme_(""),
|
| + self_source_("", "", false, -1, false, "") {}
|
| +CSPContext::~CSPContext() {}
|
| +
|
| +bool CSPContext::Allow(const std::vector<CSPPolicy>& policies,
|
| + CSPDirective::Name directive_name,
|
| + const GURL& url,
|
| + bool is_redirect) {
|
| + if (this->SchemeShouldBypassCSP(url.scheme_piece()))
|
| + return true;
|
| +
|
| + for (const auto& policy : policies) {
|
| + if (!policy.Allow(this, directive_name, url, is_redirect))
|
| + return false;
|
| + }
|
| + return true;
|
| +}
|
| +
|
| +void CSPContext::SetSelf(const url::Origin origin) {
|
| + if (origin.unique()) {
|
| + // TODO(arthursonzogni): Decide what to do with unique origins.
|
| + has_self_ = false;
|
| + return;
|
| + }
|
| +
|
| + if (origin.scheme() == "file") {
|
| + has_self_ = true;
|
| + self_scheme_ = "file";
|
| + self_source_ =
|
| + CSPSource("file", "", false, url::PORT_UNSPECIFIED, false, "");
|
| + return;
|
| + }
|
| +
|
| + has_self_ = true;
|
| + self_scheme_ = origin.scheme();
|
| + self_source_ = CSPSource(
|
| + origin.scheme(), origin.host(), false,
|
| + origin.port() == 0 ? url::PORT_UNSPECIFIED : origin.port(), // port
|
| + false, "");
|
| +}
|
| +
|
| +bool CSPContext::AllowSelf(const GURL& url) {
|
| + return has_self_ && self_source_.Allow(this, url);
|
| +}
|
| +
|
| +bool CSPContext::ProtocolMatchesSelf(const GURL& url) {
|
| + if (!has_self_)
|
| + return false;
|
| + if (self_scheme_ == url::kHttpScheme)
|
| + return url.SchemeIsHTTPOrHTTPS() || url.SchemeIsSuborigin();
|
| + return url.SchemeIs(self_scheme_);
|
| +}
|
| +
|
| +void CSPContext::LogToConsole(const std::string& message) {
|
| + return;
|
| +}
|
| +
|
| +bool CSPContext::SchemeShouldBypassCSP(const base::StringPiece& scheme) {
|
| + return false;
|
| +}
|
| +
|
| +bool CSPContext::SelfSchemeShouldBypassCSP() {
|
| + if (!has_self_)
|
| + return false;
|
| + return SchemeShouldBypassCSP(self_scheme_);
|
| +}
|
| +
|
| +void CSPContext::ReportViolation(
|
| + const std::string& directive_text,
|
| + const std::string& effective_directive,
|
| + const std::string& message,
|
| + const GURL& blocked_url,
|
| + const std::vector<std::string>& report_end_points,
|
| + const std::string& header,
|
| + blink::WebContentSecurityPolicyType disposition) {
|
| + return;
|
| +}
|
| +
|
| +} // namespace content
|
|
|
Chromium Code Reviews
Issue 2612793002:
Implement ContentSecurityPolicy on the browser-side. (Closed)
