OLD | NEW |
---|---|
1 /* | 1 /* |
2 * Copyright (C) 2011 Google, Inc. All rights reserved. | 2 * Copyright (C) 2011 Google, Inc. All rights reserved. |
3 * | 3 * |
4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
5 * modification, are permitted provided that the following conditions | 5 * modification, are permitted provided that the following conditions |
6 * are met: | 6 * are met: |
7 * 1. Redistributions of source code must retain the above copyright | 7 * 1. Redistributions of source code must retain the above copyright |
8 * notice, this list of conditions and the following disclaimer. | 8 * notice, this list of conditions and the following disclaimer. |
9 * 2. Redistributions in binary form must reproduce the above copyright | 9 * 2. Redistributions in binary form must reproduce the above copyright |
10 * notice, this list of conditions and the following disclaimer in the | 10 * notice, this list of conditions and the following disclaimer in the |
(...skipping 1008 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1019 const KURL& blockedURL, | 1019 const KURL& blockedURL, |
1020 const String& header, | 1020 const String& header, |
1021 RedirectStatus redirectStatus, | 1021 RedirectStatus redirectStatus, |
1022 ContentSecurityPolicyHeaderType headerType, | 1022 ContentSecurityPolicyHeaderType headerType, |
1023 ContentSecurityPolicy::ViolationType violationType, | 1023 ContentSecurityPolicy::ViolationType violationType, |
1024 int contextLine) { | 1024 int contextLine) { |
1025 if (effectiveType == ContentSecurityPolicy::DirectiveType::FrameAncestors) { | 1025 if (effectiveType == ContentSecurityPolicy::DirectiveType::FrameAncestors) { |
1026 // If this load was blocked via 'frame-ancestors', then the URL of | 1026 // If this load was blocked via 'frame-ancestors', then the URL of |
1027 // |document| has not yet been initialized. In this case, we'll set both | 1027 // |document| has not yet been initialized. In this case, we'll set both |
1028 // 'documentURI' and 'blockedURI' to the blocked document's URL. | 1028 // 'documentURI' and 'blockedURI' to the blocked document's URL. |
1029 init.setDocumentURI(blockedURL.getString()); | 1029 init.setDocumentURI(blockedURL.strippedForUseAsReferrer()); |
elawrence
2017/01/09 16:34:41
In the stripURLForUseInReport() function immediate
Mike West
2017/02/23 08:41:19
For the `document-uri`, that's less of a concern,
| |
1030 init.setBlockedURI(blockedURL.getString()); | 1030 init.setBlockedURI(blockedURL.strippedForUseAsReferrer()); |
1031 } else { | 1031 } else { |
1032 init.setDocumentURI(context->url().getString()); | 1032 init.setDocumentURI(context->url().strippedForUseAsReferrer()); |
1033 switch (violationType) { | 1033 switch (violationType) { |
1034 case ContentSecurityPolicy::InlineViolation: | 1034 case ContentSecurityPolicy::InlineViolation: |
1035 init.setBlockedURI("inline"); | 1035 init.setBlockedURI("inline"); |
1036 break; | 1036 break; |
1037 case ContentSecurityPolicy::EvalViolation: | 1037 case ContentSecurityPolicy::EvalViolation: |
1038 init.setBlockedURI("eval"); | 1038 init.setBlockedURI("eval"); |
1039 break; | 1039 break; |
1040 case ContentSecurityPolicy::URLViolation: | 1040 case ContentSecurityPolicy::URLViolation: |
1041 init.setBlockedURI(stripURLForUseInReport( | 1041 init.setBlockedURI(stripURLForUseInReport( |
1042 context, blockedURL, redirectStatus, effectiveType)); | 1042 context, blockedURL, redirectStatus, effectiveType)); |
(...skipping 12 matching lines...) Expand all Loading... | |
1055 init.setSourceFile(String()); | 1055 init.setSourceFile(String()); |
1056 init.setLineNumber(contextLine); | 1056 init.setLineNumber(contextLine); |
1057 init.setColumnNumber(0); | 1057 init.setColumnNumber(0); |
1058 init.setStatusCode(0); | 1058 init.setStatusCode(0); |
1059 | 1059 |
1060 // TODO(mkwst): We only have referrer and status code information for | 1060 // TODO(mkwst): We only have referrer and status code information for |
1061 // Documents. It would be nice to get them for Workers as well. | 1061 // Documents. It would be nice to get them for Workers as well. |
1062 if (context->isDocument()) { | 1062 if (context->isDocument()) { |
1063 Document* document = toDocument(context); | 1063 Document* document = toDocument(context); |
1064 DCHECK(document); | 1064 DCHECK(document); |
1065 init.setReferrer(document->referrer()); | 1065 init.setReferrer(document->referrer()); |
elawrence
2017/01/09 16:34:41
The algorithm described here (https://www.w3.org/T
Mike West
2017/02/23 08:41:19
Yes.
| |
1066 if (!SecurityOrigin::isSecure(context->url()) && document->loader()) | 1066 if (!SecurityOrigin::isSecure(context->url()) && document->loader()) |
1067 init.setStatusCode(document->loader()->response().httpStatusCode()); | 1067 init.setStatusCode(document->loader()->response().httpStatusCode()); |
1068 } | 1068 } |
1069 | 1069 |
1070 std::unique_ptr<SourceLocation> location = SourceLocation::capture(context); | 1070 std::unique_ptr<SourceLocation> location = SourceLocation::capture(context); |
1071 if (location->lineNumber()) { | 1071 if (location->lineNumber()) { |
1072 KURL source = KURL(ParsedURLString, location->url()); | 1072 KURL source = KURL(ParsedURLString, location->url()); |
1073 init.setSourceFile( | 1073 init.setSourceFile( |
1074 stripURLForUseInReport(context, source, redirectStatus, effectiveType)); | 1074 stripURLForUseInReport(context, source, redirectStatus, effectiveType)); |
1075 init.setLineNumber(location->lineNumber()); | 1075 init.setLineNumber(location->lineNumber()); |
(...skipping 73 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1149 if (!document) | 1149 if (!document) |
1150 return; | 1150 return; |
1151 | 1151 |
1152 // We need to be careful here when deciding what information to send to the | 1152 // We need to be careful here when deciding what information to send to the |
1153 // report-uri. Currently, we send only the current document's URL and the | 1153 // report-uri. Currently, we send only the current document's URL and the |
1154 // directive that was violated. The document's URL is safe to send because | 1154 // directive that was violated. The document's URL is safe to send because |
1155 // it's the document itself that's requesting that it be sent. You could | 1155 // it's the document itself that's requesting that it be sent. You could |
1156 // make an argument that we shouldn't send HTTPS document URLs to HTTP | 1156 // make an argument that we shouldn't send HTTPS document URLs to HTTP |
1157 // report-uris (for the same reasons that we supress the Referer in that | 1157 // report-uris (for the same reasons that we supress the Referer in that |
1158 // case), but the Referer is sent implicitly whereas this request is only | 1158 // case), but the Referer is sent implicitly whereas this request is only |
1159 // sent explicitly. As for which directive was violated, that's pretty | 1159 // sent explicitly. As for which directive was violated, that's pretty |
elawrence
2017/01/09 16:34:41
The justification for allowing HTTPS URIs to leak
Mike West
2017/02/23 08:41:19
I agree. I'm sure this was a good idea at the time
| |
1160 // harmless information. | 1160 // harmless information. |
1161 | 1161 |
1162 std::unique_ptr<JSONObject> cspReport = JSONObject::create(); | 1162 std::unique_ptr<JSONObject> cspReport = JSONObject::create(); |
1163 cspReport->setString("document-uri", violationData.documentURI()); | 1163 cspReport->setString("document-uri", violationData.documentURI()); |
1164 cspReport->setString("referrer", violationData.referrer()); | 1164 cspReport->setString("referrer", violationData.referrer()); |
1165 cspReport->setString("violated-directive", violationData.violatedDirective()); | 1165 cspReport->setString("violated-directive", violationData.violatedDirective()); |
1166 cspReport->setString("effective-directive", | 1166 cspReport->setString("effective-directive", |
1167 violationData.effectiveDirective()); | 1167 violationData.effectiveDirective()); |
1168 cspReport->setString("original-policy", violationData.originalPolicy()); | 1168 cspReport->setString("original-policy", violationData.originalPolicy()); |
1169 cspReport->setString("disposition", violationData.disposition()); | 1169 cspReport->setString("disposition", violationData.disposition()); |
(...skipping 436 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1606 CSPDirectiveListVector otherVector; | 1606 CSPDirectiveListVector otherVector; |
1607 for (const auto& policy : other.m_policies) { | 1607 for (const auto& policy : other.m_policies) { |
1608 if (!policy->isReportOnly()) | 1608 if (!policy->isReportOnly()) |
1609 otherVector.push_back(policy); | 1609 otherVector.push_back(policy); |
1610 } | 1610 } |
1611 | 1611 |
1612 return m_policies[0]->subsumes(otherVector); | 1612 return m_policies[0]->subsumes(otherVector); |
1613 } | 1613 } |
1614 | 1614 |
1615 } // namespace blink | 1615 } // namespace blink |
OLD | NEW |