| Index: content/common/content_security_policy/csp_policy.cc
|
| diff --git a/content/common/content_security_policy/csp_policy.cc b/content/common/content_security_policy/csp_policy.cc
|
| new file mode 100644
|
| index 0000000000000000000000000000000000000000..0abbd3437381ebf0b6ac53beed7e2a9394efab68
|
| --- /dev/null
|
| +++ b/content/common/content_security_policy/csp_policy.cc
|
| @@ -0,0 +1,154 @@
|
| +// Copyright 2017 The Chromium Authors. All rights reserved.
|
| +// Use of this source code is governed by a BSD-style license that can be
|
| +// found in the LICENSE file.
|
| +
|
| +#include <sstream>
|
| +#include "base/strings/string_split.h"
|
| +#include "base/strings/string_util.h"
|
| +#include "content/common/content_security_policy/csp_context.h"
|
| +
|
| +namespace content {
|
| +
|
| +namespace {
|
| +
|
| +static CSPDirective::Name CSPFallback(CSPDirective::Name directive) {
|
| + switch (directive) {
|
| + case CSPDirective::DefaultSrc:
|
| + case CSPDirective::FormAction:
|
| + return CSPDirective::Unknown;
|
| +
|
| + case CSPDirective::FrameSrc:
|
| + return CSPDirective::ChildSrc;
|
| +
|
| + case CSPDirective::ChildSrc:
|
| + return CSPDirective::DefaultSrc;
|
| +
|
| + case CSPDirective::Unknown:
|
| + NOTREACHED();
|
| + return CSPDirective::Unknown;
|
| + }
|
| + NOTREACHED();
|
| + return CSPDirective::Unknown;
|
| +}
|
| +
|
| +std::string ElideURLForReportViolation(const GURL& url) {
|
| + // TODO(arthursonzogni): the url length should be limited to 1024 char. Find
|
| + // a function that will not break the utf8 encoding while eliding the string.
|
| + return url.spec();
|
| +}
|
| +
|
| +} // namespace
|
| +
|
| +CSPPolicy::CSPPolicy()
|
| + : disposition(blink::WebContentSecurityPolicyTypeEnforce),
|
| + source(blink::WebContentSecurityPolicySourceHTTP),
|
| + directives(),
|
| + report_endpoints() {}
|
| +
|
| +CSPPolicy::CSPPolicy(blink::WebContentSecurityPolicyType disposition,
|
| + blink::WebContentSecurityPolicySource source,
|
| + const std::vector<CSPDirective>& directives,
|
| + const std::vector<std::string>& report_endpoints)
|
| + : disposition(disposition),
|
| + source(source),
|
| + directives(directives),
|
| + report_endpoints(report_endpoints) {}
|
| +
|
| +CSPPolicy::CSPPolicy(const CSPPolicy&) = default;
|
| +CSPPolicy::~CSPPolicy() = default;
|
| +
|
| +bool CSPPolicy::Allow(CSPContext* context,
|
| + CSPDirective::Name directive_name,
|
| + const GURL& url,
|
| + bool is_redirect) const {
|
| + CSPDirective::Name current_directive_name = directive_name;
|
| + do {
|
| + for (const CSPDirective& directive : directives) {
|
| + if (directive.name == current_directive_name) {
|
| + return AllowDirective(context, directive_name, directive, url,
|
| + is_redirect);
|
| + }
|
| + }
|
| + current_directive_name = CSPFallback(current_directive_name);
|
| + } while (current_directive_name != CSPDirective::Unknown);
|
| + return true;
|
| +}
|
| +
|
| +std::string CSPPolicy::ToString() const {
|
| + std::stringstream text;
|
| + bool is_first_policy = true;
|
| + for (const CSPDirective& directive : directives) {
|
| + if (!is_first_policy)
|
| + text << "; ";
|
| + is_first_policy = false;
|
| + text << directive.ToString();
|
| + }
|
| +
|
| + if (!report_endpoints.empty()) {
|
| + if (!is_first_policy)
|
| + text << "; ";
|
| + is_first_policy = false;
|
| + text << "report-uri";
|
| + for (const std::string& endpoint : report_endpoints)
|
| + text << " " << endpoint;
|
| + }
|
| +
|
| + return text.str();
|
| +}
|
| +
|
| +bool CSPPolicy::AllowDirective(CSPContext* context,
|
| + CSPDirective::Name directive_name,
|
| + const CSPDirective& directive,
|
| + const GURL& url,
|
| + bool is_redirect) const {
|
| + if (directive.source_list.Allow(context, url, is_redirect))
|
| + return true;
|
| +
|
| + ReportViolation(context, directive_name, directive, url);
|
| +
|
| + return disposition == blink::WebContentSecurityPolicyTypeReport;
|
| +}
|
| +
|
| +void CSPPolicy::ReportViolation(CSPContext* context,
|
| + const CSPDirective::Name directive_name,
|
| + const CSPDirective& directive,
|
| + const GURL& url) const {
|
| + // We should never have a violation against `child-src` or `default-src`
|
| + // directly; the effective directive should always be one of the explicit
|
| + // fetch directives.
|
| + DCHECK_NE(directive_name, CSPDirective::DefaultSrc);
|
| + DCHECK_NE(directive_name, CSPDirective::ChildSrc);
|
| +
|
| + std::stringstream message;
|
| +
|
| + if (disposition == blink::WebContentSecurityPolicyTypeReport)
|
| + message << "[Report Only] ";
|
| +
|
| + if (directive_name == CSPDirective::FormAction)
|
| + message << "Refused to send form data to '";
|
| + else if (directive_name == CSPDirective::FrameSrc)
|
| + message << "Refused to frame '";
|
| +
|
| + message << ElideURLForReportViolation(url)
|
| + << "' because it violates the following Content Security Policy "
|
| + "directive: \""
|
| + << directive.ToString() << "\".";
|
| +
|
| + if (directive.name != directive_name)
|
| + message << " Note that '" << CSPDirective::NameToString(directive_name)
|
| + << "' was not explicitly set, so '"
|
| + << CSPDirective::NameToString(directive.name)
|
| + << "' is used as a fallback.";
|
| +
|
| + message << "\n";
|
| +
|
| + context->LogToConsole(message.str());
|
| + context->ReportViolation(CSPDirective::NameToString(directive.name),
|
| + CSPDirective::NameToString(directive_name),
|
| + message.str(), url, report_endpoints,
|
| + // TODO(arthursonzogni): consider passing the
|
| + // original header
|
| + "", disposition);
|
| +}
|
| +
|
| +} // namespace content
|
|
|
Chromium Code Reviews
Issue 2612793002:
Implement ContentSecurityPolicy on the browser-side. (Closed)
