| OLD | NEW |
|---|
| (Empty) | |
| 1 // Copyright 2017 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #include <algorithm> |
| 6 |
| 7 #include "content/browser/frame_host/csp_context_impl.h" |
| 8 #include "content/browser/frame_host/frame_tree_node.h" |
| 9 #include "url/url_util.h" |
| 10 |
| 11 namespace content { |
| 12 |
| 13 CSPContextImpl::CSPContextImpl(FrameTreeNode* frame_tree_node) |
| 14 : frame_tree_node_(frame_tree_node) { |
| 15 DCHECK(frame_tree_node_); |
| 16 } |
| 17 |
| 18 void CSPContextImpl::LogToConsole(const std::string& message) { |
| 19 frame_tree_node_->current_frame_host()->AddMessageToConsole( |
| 20 CONSOLE_MESSAGE_LEVEL_ERROR, message); |
| 21 } |
| 22 |
| 23 void CSPContextImpl::ReportViolation( |
| 24 const CSPViolationParams& violation_params) { |
| 25 frame_tree_node_->current_frame_host()->ContentSecurityPolicyViolation( |
| 26 violation_params); |
| 27 } |
| 28 |
| 29 bool CSPContextImpl::SchemeShouldBypassCSP(const base::StringPiece& scheme) { |
| 30 // Blink uses its SchemeRegistry to check if a scheme should be bypassed. |
| 31 // It can't be used on the browser process. It is used for two things: |
| 32 // 1) Bypassing the "chrome-extension" scheme when chrome is built with the |
| 33 // extensions support. |
| 34 // 2) Bypassing arbitrary scheme for testing purpose only in blink and in V8. |
| 35 // TODO(arthursonzogni): url::GetBypassingCSPScheme() is used instead of the |
| 36 // blink::SchemeRegistry. It contains 1) but not 2). |
| 37 const auto& bypassing_schemes = url::GetCSPBypassingSchemes(); |
| 38 return std::find(bypassing_schemes.begin(), bypassing_schemes.end(), |
| 39 scheme) != bypassing_schemes.end(); |
| 40 } |
| 41 |
| 42 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2655463006:
PlzNavigate: Enforce 'frame-src' CSP on the browser. (Closed)
