content/browser/frame_host/csp_context_impl.cc - Issue 2655463006: PlzNavigate: Enforce 'frame-src' CSP on the browser.

Side by Side Diff: content/browser/frame_host/csp_context_impl.cc

Issue 2655463006: PlzNavigate: Enforce 'frame-src' CSP on the browser. (Closed)

Patch Set: Fix tests. Created 3 years, 10 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

« content/browser/frame_host/csp_context_impl.h ('K') | « content/browser/frame_host/csp_context_impl.h ('k') | content/browser/frame_host/frame_tree_node.h » ('j') | content/browser/frame_host/frame_tree_node.h » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
(Empty)
	1 // Copyright 2017 The Chromium Authors. All rights reserved.

	2 // Use of this source code is governed by a BSD-style license that can be

	3 // found in the LICENSE file.

	4

	5 #include <algorithm>

	6

	7 #include "content/browser/frame_host/csp_context_impl.h"

	8 #include "content/browser/frame_host/frame_tree_node.h"

	9 #include "url/url_util.h"

	10

	11 namespace content {

	12

	13 CSPContextImpl::CSPContextImpl(FrameTreeNode* frame_tree_node)

	14 : frame_tree_node_(frame_tree_node) {

	15 DCHECK(frame_tree_node_);

	16 }

	17

	18 void CSPContextImpl::LogToConsole(const std::string& message) {

	19 RenderFrameHostImpl* current_frame_host =

	20 frame_tree_node_->render_manager()->current_frame_host();
	nasko 2017/02/11 00:01:23 nit: No need to indirect through render_manager() nit: No need to indirect through render_manager() call, the current host is exposed through the FrameTreeNode itself. arthursonzogni 2017/02/13 16:33:20 Done. Show quoted text On 2017/02/11 00:01:23, nasko wrote: > nit: No need to indirect through render_manager() call, the current host is > exposed through the FrameTreeNode itself. Done.
	21

	22 if (!current_frame_host)
	alexmos 2017/02/10 22:59:53 Is this null check needed? Is this null check needed? arthursonzogni 2017/02/13 16:33:20 It is probably not needed indeed for this case(i.e Show quoted text On 2017/02/10 22:59:53, alexmos wrote: > Is this null check needed? It is probably not needed indeed for this case(i.e. frame-src) Maybe in the future if we choose to handle frame-ancestor on the browser-side and the response is 204-No-content? Do you prefer to add a DCHECK for the moment to detect some edges cases we are not aware of? alexmos 2017/02/14 06:57:19 I haven't ever seen any code null-checking current Show quoted text On 2017/02/13 16:33:20, arthursonzogni wrote: > On 2017/02/10 22:59:53, alexmos wrote: > > Is this null check needed? > > It is probably not needed indeed for this case(i.e. frame-src) > Maybe in the future if we choose to handle frame-ancestor on the browser-side > and the response is 204-No-content? > > Do you prefer to add a DCHECK for the moment to detect some edges cases we are > not aware of? I haven't ever seen any code null-checking current_frame_host(), out of numerous call sites, so my assumption is that something else will break very quickly if it happens to be null. You could add the DCHECK, but if it's null, we'll just crash on the next line and we will get some crash reports anyway, so I don't think it's really needed. I'm not exactly sure how the 204 works, but that should keep the RFH created initially (in RFHM::Init), no? See also this comment in ~RFHM: // We should always have a current RenderFrameHost except in some tests. SetRenderFrameHost(std::unique_ptr<RenderFrameHostImpl>()); (not sure what tests it's talking about, but I'd rather only include the null-check if any tests actually need it.) arthursonzogni 2017/02/15 09:26:09 You are probably right. I will remove the "if (!cu Show quoted text On 2017/02/14 06:57:19, alexmos (OOO until 2-21) wrote: > On 2017/02/13 16:33:20, arthursonzogni wrote: > > On 2017/02/10 22:59:53, alexmos wrote: > > > Is this null check needed? > > > > It is probably not needed indeed for this case(i.e. frame-src) > > Maybe in the future if we choose to handle frame-ancestor on the browser-side > > and the response is 204-No-content? > > > > Do you prefer to add a DCHECK for the moment to detect some edges cases we are > > not aware of? > > I haven't ever seen any code null-checking current_frame_host(), out of numerous > call sites, so my assumption is that something else will break very quickly if > it happens to be null. You could add the DCHECK, but if it's null, we'll just > crash on the next line and we will get some crash reports anyway, so I don't > think it's really needed. > > I'm not exactly sure how the 204 works, but that should keep the RFH created > initially (in RFHM::Init), no? > > See also this comment in ~RFHM: > // We should always have a current RenderFrameHost except in some tests. > SetRenderFrameHost(std::unique_ptr<RenderFrameHostImpl>()); > > (not sure what tests it's talking about, but I'd rather only include the > null-check if any tests actually need it.) You are probably right. I will remove the "if (!current_frame_host)". I initially put this because of this patch: https://codereview.chromium.org/2606933002/ But it doesn't apply to this case I think.
	23 return;

	24

	25 current_frame_host->AddMessageToConsole(CONSOLE_MESSAGE_LEVEL_ERROR, message);
	nasko 2017/02/11 00:01:23 Is the log level always ERROR? Is the log level always ERROR? arthursonzogni 2017/02/13 16:33:20 Yes, see all calls to ContentSecurityPolicy::logTo Show quoted text On 2017/02/11 00:01:23, nasko wrote: > Is the log level always ERROR? Yes, see all calls to ContentSecurityPolicy::logToConsole(..). InfoMessageLevel is used one time, but it is for the message: "The Content-Security-Policy directive {{directive}} is implemented behind a flag which is currently disabled". We don't parse CSP on the browser-side for the moment, so I think the log level will be always ERROR.
	26 }

	27

	28 void CSPContextImpl::ReportViolation(

	29 const CSPViolationParams& violation_params) {

	30 frame_tree_node_->current_frame_host()->ContentSecurityPolicyViolation(

	31 violation_params);

	32 }

	33

	34 bool CSPContextImpl::SchemeShouldBypass(const base::StringPiece& scheme) {
	alexmos 2017/02/10 22:59:53 Perhaps name this SchemeShouldBypassCSP, so it's c Perhaps name this SchemeShouldBypassCSP, so it's clear what the scheme should bypass? (This is what the Blink version of this does.) arthursonzogni 2017/02/13 16:33:20 Done. Show quoted text On 2017/02/10 22:59:53, alexmos wrote: > Perhaps name this SchemeShouldBypassCSP, so it's clear what the scheme should > bypass? (This is what the Blink version of this does.) Done.
	35 // Blink uses its SchemeRegistry to check if a scheme should be bypassed.

	36 // It can't be used on the browser process. It is used for two things:

	37 // 1) Bypassing the "chrome-extension" scheme when chrome is built with the

	38 // extensions support.

	39 // 2) Bypassing arbitrary scheme for testing purpose only in blink and in V8.

	40 // TODO(arthursonzogni): url::GetBypassingCSPScheme() is used instead of the

	41 // blink::SchemeRegistry. It contains 1) but not 2).

	42 const auto& bypassing_scheme = url::GetCSPBypassingSchemes();
	alexmos 2017/02/10 22:59:53 nit: s/bypassing_scheme/bypassing_schemes/ nit: s/bypassing_scheme/bypassing_schemes/ arthursonzogni 2017/02/13 16:33:20 Done. Show quoted text On 2017/02/10 22:59:53, alexmos wrote: > nit: s/bypassing_scheme/bypassing_schemes/ Done.
	43 return std::find(bypassing_scheme.begin(), bypassing_scheme.end(), scheme) !=

	44 bypassing_scheme.end();

	45 }

	46

	47 } // namespace content

OLD	NEW