OLD | NEW |
---|---|
1 // Copyright 2017 The Chromium Authors. All rights reserved. | 1 // Copyright 2017 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include <sstream> | 5 #include <sstream> |
6 #include "base/strings/string_split.h" | 6 #include "base/strings/string_split.h" |
7 #include "base/strings/string_util.h" | 7 #include "base/strings/string_util.h" |
8 #include "content/common/content_security_policy/csp_context.h" | 8 #include "content/common/content_security_policy/csp_context.h" |
9 | 9 |
10 namespace content { | 10 namespace content { |
(...skipping 86 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
97 } | 97 } |
98 | 98 |
99 bool CSPPolicy::AllowDirective(CSPContext* context, | 99 bool CSPPolicy::AllowDirective(CSPContext* context, |
100 CSPDirective::Name directive_name, | 100 CSPDirective::Name directive_name, |
101 const CSPDirective& directive, | 101 const CSPDirective& directive, |
102 const GURL& url, | 102 const GURL& url, |
103 bool is_redirect) const { | 103 bool is_redirect) const { |
104 if (directive.source_list.Allow(context, url, is_redirect)) | 104 if (directive.source_list.Allow(context, url, is_redirect)) |
105 return true; | 105 return true; |
106 | 106 |
107 ReportViolation(context, directive_name, directive, url); | 107 ReportViolation(context, directive_name, directive, url, is_redirect); |
108 | 108 |
109 return disposition == blink::WebContentSecurityPolicyTypeReport; | 109 return disposition == blink::WebContentSecurityPolicyTypeReport; |
110 } | 110 } |
111 | 111 |
112 void CSPPolicy::ReportViolation(CSPContext* context, | 112 void CSPPolicy::ReportViolation(CSPContext* context, |
113 const CSPDirective::Name directive_name, | 113 const CSPDirective::Name directive_name, |
114 const CSPDirective& directive, | 114 const CSPDirective& directive, |
115 const GURL& url) const { | 115 const GURL& url, |
116 bool is_redirect) const { | |
116 // We should never have a violation against `child-src` or `default-src` | 117 // We should never have a violation against `child-src` or `default-src` |
117 // directly; the effective directive should always be one of the explicit | 118 // directly; the effective directive should always be one of the explicit |
118 // fetch directives. | 119 // fetch directives. |
119 DCHECK_NE(directive_name, CSPDirective::DefaultSrc); | 120 DCHECK_NE(directive_name, CSPDirective::DefaultSrc); |
120 DCHECK_NE(directive_name, CSPDirective::ChildSrc); | 121 DCHECK_NE(directive_name, CSPDirective::ChildSrc); |
121 | 122 |
122 std::stringstream message; | 123 std::stringstream message; |
123 | 124 |
124 if (disposition == blink::WebContentSecurityPolicyTypeReport) | 125 if (disposition == blink::WebContentSecurityPolicyTypeReport) |
125 message << "[Report Only] "; | 126 message << "[Report Only] "; |
(...skipping 10 matching lines...) Expand all Loading... | |
136 | 137 |
137 if (directive.name != directive_name) | 138 if (directive.name != directive_name) |
138 message << " Note that '" << CSPDirective::NameToString(directive_name) | 139 message << " Note that '" << CSPDirective::NameToString(directive_name) |
139 << "' was not explicitly set, so '" | 140 << "' was not explicitly set, so '" |
140 << CSPDirective::NameToString(directive.name) | 141 << CSPDirective::NameToString(directive.name) |
141 << "' is used as a fallback."; | 142 << "' is used as a fallback."; |
142 | 143 |
143 message << "\n"; | 144 message << "\n"; |
144 | 145 |
145 context->LogToConsole(message.str()); | 146 context->LogToConsole(message.str()); |
146 context->ReportViolation(CSPDirective::NameToString(directive.name), | 147 context->ReportViolation( |
147 CSPDirective::NameToString(directive_name), | 148 CSPViolationParams(CSPDirective::NameToString(directive.name), |
148 message.str(), url, report_endpoints, | 149 CSPDirective::NameToString(directive_name), |
149 // TODO(arthursonzogni): consider passing the | 150 message.str(), url, report_endpoints, |
150 // original header | 151 // TODO(arthursonzogni): consider passing the |
151 "", disposition); | 152 // original header |
nasko
2017/02/15 21:28:44
This struct now defines a member for the original
arthursonzogni
2017/02/16 17:32:41
I don't understand your question.
Maybe I will ha
| |
153 "", disposition, is_redirect)); | |
152 } | 154 } |
153 | 155 |
154 } // namespace content | 156 } // namespace content |
OLD | NEW |