OLD | NEW |
---|---|
1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "content/browser/frame_host/ancestor_throttle.h" | 5 #include "content/browser/frame_host/ancestor_throttle.h" |
6 | 6 |
7 #include "base/metrics/histogram_macros.h" | 7 #include "base/metrics/histogram_macros.h" |
8 #include "base/strings/string_split.h" | 8 #include "base/strings/string_split.h" |
9 #include "base/strings/string_util.h" | 9 #include "base/strings/string_util.h" |
10 #include "base/strings/stringprintf.h" | 10 #include "base/strings/stringprintf.h" |
11 #include "content/browser/frame_host/frame_tree.h" | 11 #include "content/browser/frame_host/frame_tree.h" |
12 #include "content/browser/frame_host/frame_tree_node.h" | 12 #include "content/browser/frame_host/frame_tree_node.h" |
13 #include "content/browser/frame_host/navigation_handle_impl.h" | 13 #include "content/browser/frame_host/navigation_handle_impl.h" |
14 #include "content/browser/frame_host/navigation_request.h" | |
14 #include "content/public/browser/browser_thread.h" | 15 #include "content/public/browser/browser_thread.h" |
15 #include "content/public/browser/navigation_handle.h" | 16 #include "content/public/browser/navigation_handle.h" |
16 #include "content/public/browser/navigation_throttle.h" | 17 #include "content/public/browser/navigation_throttle.h" |
18 #include "content/public/common/browser_side_navigation_policy.h" | |
17 #include "content/public/common/console_message_level.h" | 19 #include "content/public/common/console_message_level.h" |
18 #include "net/http/http_response_headers.h" | 20 #include "net/http/http_response_headers.h" |
19 #include "url/origin.h" | 21 #include "url/origin.h" |
20 | 22 |
21 namespace content { | 23 namespace content { |
22 | 24 |
23 namespace { | 25 namespace { |
24 const char kXFrameOptionsSameOriginHistogram[] = "Security.XFrameOptions"; | 26 const char kXFrameOptionsSameOriginHistogram[] = "Security.XFrameOptions"; |
25 | 27 |
26 // This enum is used for UMA metrics. Keep these enums up to date with | 28 // This enum is used for UMA metrics. Keep these enums up to date with |
(...skipping 131 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
158 RecordXFrameOptionsUsage(BYPASS); | 160 RecordXFrameOptionsUsage(BYPASS); |
159 return NavigationThrottle::PROCEED; | 161 return NavigationThrottle::PROCEED; |
160 case HeaderDisposition::ALLOWALL: | 162 case HeaderDisposition::ALLOWALL: |
161 RecordXFrameOptionsUsage(ALLOWALL); | 163 RecordXFrameOptionsUsage(ALLOWALL); |
162 return NavigationThrottle::PROCEED; | 164 return NavigationThrottle::PROCEED; |
163 } | 165 } |
164 NOTREACHED(); | 166 NOTREACHED(); |
165 return NavigationThrottle::BLOCK_RESPONSE; | 167 return NavigationThrottle::BLOCK_RESPONSE; |
166 } | 168 } |
167 | 169 |
170 NavigationThrottle::ThrottleCheckResult | |
171 AncestorThrottle::CheckContentSecurityPolicyFrameSrc(bool is_redirect) { | |
172 // If PlzNavigate is not enabled, "frame-src" can not be enforced on the | |
173 // browser-side since a NavigationRequest is needed below. It doesn't matter | |
174 // because it is still enforced on the renderer-side. | |
175 if (!IsBrowserSideNavigationEnabled()) | |
176 return NavigationThrottle::PROCEED; | |
177 | |
178 NavigationHandleImpl* handle = | |
179 static_cast<NavigationHandleImpl*>(navigation_handle()); | |
180 | |
181 const GURL& url = navigation_handle()->GetURL(); | |
182 if (url.SchemeIs(url::kAboutScheme)) | |
183 return NavigationThrottle::PROCEED; | |
184 | |
185 // Allow the request when it bypasses the CSP of the parent frame. | |
186 // Note: it is possible that there is no navigation_request associated with | |
187 // this navigation, but it only happens when the navigation_handle was created | |
188 // by CreateNavigationHandleForTesting(). | |
189 if (handle->frame_tree_node()->navigation_request() && | |
190 handle->frame_tree_node() | |
191 ->navigation_request() | |
192 ->common_params() | |
193 .should_bypass_main_world_CSP) { | |
194 return NavigationThrottle::PROCEED; | |
195 } | |
196 | |
197 auto parent = handle->frame_tree_node()->parent(); | |
198 DCHECK(parent); | |
199 | |
200 CSPContext* csp_context = parent->ContentSecurityPolicyContext(); | |
201 if (!csp_context->Allow(parent->ContentSecurityPolicies(), | |
202 CSPDirective::FrameSrc, url, is_redirect)) { | |
203 return NavigationThrottle::BLOCK_REQUEST; | |
alexmos
2017/02/10 22:59:53
Will this result in loading a regular error page?
arthursonzogni
2017/02/13 16:33:20
Yes you are right. I forgot this.
XFO checks happe
arthursonzogni
2017/02/15 17:02:15
I am working on a solution. See https://codereview
| |
204 } | |
205 | |
206 return NavigationThrottle::PROCEED; | |
207 } | |
208 | |
209 NavigationThrottle::ThrottleCheckResult AncestorThrottle::WillStartRequest() { | |
210 return CheckContentSecurityPolicyFrameSrc(false); | |
211 } | |
212 | |
213 NavigationThrottle::ThrottleCheckResult | |
214 AncestorThrottle::WillRedirectRequest() { | |
215 return CheckContentSecurityPolicyFrameSrc(true); | |
216 } | |
217 | |
168 AncestorThrottle::AncestorThrottle(NavigationHandle* handle) | 218 AncestorThrottle::AncestorThrottle(NavigationHandle* handle) |
169 : NavigationThrottle(handle) {} | 219 : NavigationThrottle(handle) {} |
170 | 220 |
171 void AncestorThrottle::ParseError(const std::string& value, | 221 void AncestorThrottle::ParseError(const std::string& value, |
172 HeaderDisposition disposition) { | 222 HeaderDisposition disposition) { |
173 DCHECK(disposition == HeaderDisposition::CONFLICT || | 223 DCHECK(disposition == HeaderDisposition::CONFLICT || |
174 disposition == HeaderDisposition::INVALID); | 224 disposition == HeaderDisposition::INVALID); |
175 if (!navigation_handle()->GetRenderFrameHost()) | 225 if (!navigation_handle()->GetRenderFrameHost()) |
176 return; // Some responses won't have a RFH (i.e. 204/205s or downloads). | 226 return; // Some responses won't have a RFH (i.e. 204/205s or downloads). |
177 | 227 |
(...skipping 82 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
260 HeadersContainFrameAncestorsCSP(headers)) { | 310 HeadersContainFrameAncestorsCSP(headers)) { |
261 // TODO(mkwst): 'frame-ancestors' is currently handled in Blink. We should | 311 // TODO(mkwst): 'frame-ancestors' is currently handled in Blink. We should |
262 // handle it here instead. Until then, don't block the request, and let | 312 // handle it here instead. Until then, don't block the request, and let |
263 // Blink handle it. https://crbug.com/555418 | 313 // Blink handle it. https://crbug.com/555418 |
264 return HeaderDisposition::BYPASS; | 314 return HeaderDisposition::BYPASS; |
265 } | 315 } |
266 return result; | 316 return result; |
267 } | 317 } |
268 | 318 |
269 } // namespace content | 319 } // namespace content |
OLD | NEW |