| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "core/frame/csp/CSPSource.h" | 5 #include "core/frame/csp/CSPSource.h" |
| 6 | 6 |
| 7 #include "core/frame/UseCounter.h" | 7 #include "core/frame/UseCounter.h" |
| 8 #include "core/frame/csp/ContentSecurityPolicy.h" | 8 #include "core/frame/csp/ContentSecurityPolicy.h" |
| 9 #include "platform/weborigin/KURL.h" | 9 #include "platform/weborigin/KURL.h" |
| 10 #include "platform/weborigin/KnownPorts.h" | 10 #include "platform/weborigin/KnownPorts.h" |
| (...skipping 39 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 50 return protocol == "ws" || protocol == "wss"; | 50 return protocol == "ws" || protocol == "wss"; |
| 51 return protocol == m_scheme; | 51 return protocol == m_scheme; |
| 52 } | 52 } |
| 53 | 53 |
| 54 bool CSPSource::hostMatches(const String& host) const { | 54 bool CSPSource::hostMatches(const String& host) const { |
| 55 Document* document = m_policy->document(); | 55 Document* document = m_policy->document(); |
| 56 bool match; | 56 bool match; |
| 57 | 57 |
| 58 bool equalHosts = m_host == host; | 58 bool equalHosts = m_host == host; |
| 59 if (m_hostWildcard == HasWildcard) { | 59 if (m_hostWildcard == HasWildcard) { |
| 60 match = host.endsWith(String("." + m_host), TextCaseUnicodeInsensitive); | 60 if (m_host.isEmpty()) { |
| 61 // host-part = "*" |
| 62 match = true; |
| 63 } else { |
| 64 // host-part = "*." 1*host-char *( "." 1*host-char ) |
| 65 match = host.endsWith(String("." + m_host), TextCaseUnicodeInsensitive); |
| 66 } |
| 61 | 67 |
| 62 // Chrome used to, incorrectly, match *.x.y to x.y. This was fixed, but | 68 // Chrome used to, incorrectly, match *.x.y to x.y. This was fixed, but |
| 63 // the following count measures when a match fails that would have | 69 // the following count measures when a match fails that would have |
| 64 // passed the old, incorrect style, in case a lot of sites were | 70 // passed the old, incorrect style, in case a lot of sites were |
| 65 // relying on that behavior. | 71 // relying on that behavior. |
| 66 if (document && equalHosts) | 72 if (document && equalHosts) |
| 67 UseCounter::count(*document, | 73 UseCounter::count(*document, |
| 68 UseCounter::CSPSourceWildcardWouldMatchExactHost); | 74 UseCounter::CSPSourceWildcardWouldMatchExactHost); |
| 69 } else { | 75 } else { |
| 76 // host-part = 1*host-char *( "." 1*host-char ) |
| 70 match = equalHosts; | 77 match = equalHosts; |
| 71 } | 78 } |
| 72 | 79 |
| 73 return match; | 80 return match; |
| 74 } | 81 } |
| 75 | 82 |
| 76 bool CSPSource::pathMatches(const String& urlPath) const { | 83 bool CSPSource::pathMatches(const String& urlPath) const { |
| 77 if (m_path.isEmpty() || (m_path == "/" && urlPath.isEmpty())) | 84 if (m_path.isEmpty() || (m_path == "/" && urlPath.isEmpty())) |
| 78 return true; | 85 return true; |
| 79 | 86 |
| (...skipping 86 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 166 : other->m_port; | 173 : other->m_port; |
| 167 WildcardDisposition hostWildcard = | 174 WildcardDisposition hostWildcard = |
| 168 (m_hostWildcard == HasWildcard) ? other->m_hostWildcard : m_hostWildcard; | 175 (m_hostWildcard == HasWildcard) ? other->m_hostWildcard : m_hostWildcard; |
| 169 WildcardDisposition portWildcard = | 176 WildcardDisposition portWildcard = |
| 170 (m_portWildcard == HasWildcard) ? other->m_portWildcard : m_portWildcard; | 177 (m_portWildcard == HasWildcard) ? other->m_portWildcard : m_portWildcard; |
| 171 return new CSPSource(m_policy, scheme, host, port, path, hostWildcard, | 178 return new CSPSource(m_policy, scheme, host, port, path, hostWildcard, |
| 172 portWildcard); | 179 portWildcard); |
| 173 } | 180 } |
| 174 | 181 |
| 175 bool CSPSource::isSchemeOnly() const { | 182 bool CSPSource::isSchemeOnly() const { |
| 176 return m_host.isEmpty(); | 183 return m_host.isEmpty() && (m_hostWildcard == NoWildcard); |
| 177 } | 184 } |
| 178 | 185 |
| 179 bool CSPSource::firstSubsumesSecond( | 186 bool CSPSource::firstSubsumesSecond( |
| 180 const HeapVector<Member<CSPSource>>& listA, | 187 const HeapVector<Member<CSPSource>>& listA, |
| 181 const HeapVector<Member<CSPSource>>& listB) { | 188 const HeapVector<Member<CSPSource>>& listB) { |
| 182 // Empty vector of CSPSources has an effect of 'none'. | 189 // Empty vector of CSPSources has an effect of 'none'. |
| 183 if (!listA.size() || !listB.size()) | 190 if (!listA.size() || !listB.size()) |
| 184 return !listB.size(); | 191 return !listB.size(); |
| 185 | 192 |
| 186 // Walk through all the items in |listB|, ensuring that each is subsumed by at | 193 // Walk through all the items in |listB|, ensuring that each is subsumed by at |
| 187 // least one item in |listA|. If any item in |listB| is not subsumed, return | 194 // least one item in |listA|. If any item in |listB| is not subsumed, return |
| 188 // false. | 195 // false. |
| 189 for (const auto& sourceB : listB) { | 196 for (const auto& sourceB : listB) { |
| 190 bool foundMatch = false; | 197 bool foundMatch = false; |
| 191 for (const auto& sourceA : listA) { | 198 for (const auto& sourceA : listA) { |
| 192 if ((foundMatch = sourceA->subsumes(sourceB))) | 199 if ((foundMatch = sourceA->subsumes(sourceB))) |
| 193 break; | 200 break; |
| 194 } | 201 } |
| 195 if (!foundMatch) | 202 if (!foundMatch) |
| 196 return false; | 203 return false; |
| 197 } | 204 } |
| 198 return true; | 205 return true; |
| 199 } | 206 } |
| 200 | 207 |
| 201 DEFINE_TRACE(CSPSource) { | 208 DEFINE_TRACE(CSPSource) { |
| 202 visitor->trace(m_policy); | 209 visitor->trace(m_policy); |
| 203 } | 210 } |
| 204 | 211 |
| 205 } // namespace blink | 212 } // namespace blink |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2646773002:
ContentSecurityPolicy: Fix bug when CSPSource host-part = "*" (Closed)
