Index: content/common/content_security_policy/csp_context.cc |
diff --git a/content/common/content_security_policy/csp_context.cc b/content/common/content_security_policy/csp_context.cc |
new file mode 100644 |
index 0000000000000000000000000000000000000000..cea8f47a29f91713c62fc57e74f5ff451d897b5f |
--- /dev/null |
+++ b/content/common/content_security_policy/csp_context.cc |
@@ -0,0 +1,90 @@ |
+// Copyright 2017 The Chromium Authors. All rights reserved. |
+// Use of this source code is governed by a BSD-style license that can be |
+// found in the LICENSE file. |
+ |
+#include "content/common/content_security_policy/csp_context.h" |
+ |
+namespace content { |
+ |
+CSPContext::CSPContext() |
+ : has_self_(false), |
+ self_scheme_(""), |
nasko
2017/02/17 01:03:15
nit: No need to initialize it to empty string expl
arthursonzogni
2017/02/17 09:30:22
Done.
|
+ self_source_("", "", false, -1, false, "") {} |
nasko
2017/02/17 01:03:16
s/""/std::string()/, use url::PORT_UNSPECIFIED as
arthursonzogni
2017/02/17 09:30:22
I have a default constructor that already does the
|
+CSPContext::~CSPContext() {} |
+ |
+bool CSPContext::Allow(const std::vector<ContentSecurityPolicy>& policies, |
+ CSPDirective::Name directive_name, |
+ const GURL& url, |
+ bool is_redirect) { |
+ if (this->SchemeShouldBypassCSP(url.scheme_piece())) |
nasko
2017/02/17 01:03:16
nit: Chromium code avoids using "this->".
arthursonzogni
2017/02/17 09:30:22
Done.
|
+ return true; |
+ |
+ for (const auto& policy : policies) { |
+ if (!ContentSecurityPolicy::Allow(policy, directive_name, url, this, |
+ is_redirect)) |
+ return false; |
+ } |
+ return true; |
+} |
+ |
+void CSPContext::SetSelf(const url::Origin origin) { |
+ if (origin.unique()) { |
+ // TODO(arthursonzogni): Decide what to do with unique origins. |
+ has_self_ = false; |
+ return; |
+ } |
+ |
+ if (origin.scheme() == "file") { |
nasko
2017/02/17 01:03:17
nit: Please use symbolic constants, kFileScheme in
arthursonzogni
2017/02/17 09:30:22
Done.
|
+ has_self_ = true; |
+ self_scheme_ = "file"; |
+ self_source_ = |
+ CSPSource("file", "", false, url::PORT_UNSPECIFIED, false, ""); |
+ return; |
+ } |
+ |
+ has_self_ = true; |
+ self_scheme_ = origin.scheme(); |
+ self_source_ = CSPSource( |
+ origin.scheme(), origin.host(), false, |
+ origin.port() == 0 ? url::PORT_UNSPECIFIED : origin.port(), // port |
+ false, ""); |
+} |
+ |
+bool CSPContext::AllowSelf(const GURL& url) { |
+ return has_self_ && CSPSource::Allow(self_source_, url, this); |
+} |
+ |
+bool CSPContext::ProtocolMatchesSelf(const GURL& url) { |
+ if (!has_self_) |
+ return false; |
+ if (self_scheme_ == url::kHttpScheme) |
nasko
2017/02/17 01:03:17
What about httpS?
arthursonzogni
2017/02/17 09:30:22
I don't know what is the correct behavior, but at
|
+ return url.SchemeIsHTTPOrHTTPS() || url.SchemeIsSuborigin(); |
+ return url.SchemeIs(self_scheme_); |
+} |
+ |
+void CSPContext::LogToConsole(const std::string& message) { |
+ return; |
+} |
+ |
+bool CSPContext::SchemeShouldBypassCSP(const base::StringPiece& scheme) { |
+ return false; |
+} |
+ |
+bool CSPContext::SelfSchemeShouldBypassCSP() { |
+ if (!has_self_) |
+ return false; |
+ return SchemeShouldBypassCSP(self_scheme_); |
nasko
2017/02/17 01:03:16
This method isn't virtual, so it cannot be overrid
arthursonzogni
2017/02/17 09:30:22
SchemeShouldBypassCSP is virtual :)
|
+} |
+ |
+void CSPContext::ReportViolation( |
+ const std::string& directive_text, |
+ const std::string& effective_directive, |
+ const std::string& message, |
+ const GURL& blocked_url, |
+ const std::vector<std::string>& report_end_points, |
+ const std::string& header, |
+ blink::WebContentSecurityPolicyType disposition) { |
+ return; |
+} |
+ |
+} // namespace content |