Chromium Code Reviews Chromium Code Reviews
Issue 2655463006:
PlzNavigate: Enforce 'frame-src' CSP on the browser. (Closed)
| OLD | NEW |
|---|---|
| 1 // Copyright 2017 The Chromium Authors. All rights reserved. | 1 // Copyright 2017 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/renderer/content_security_policy_util.h" | 5 #include "content/renderer/content_security_policy_util.h" |
| 6 #include "third_party/WebKit/public/platform/WebContentSecurityPolicyStruct.h" | |
| 7 | 6 |
| 8 namespace content { | 7 namespace content { |
| 9 | 8 |
| 10 CSPSource BuildCSPSource( | 9 CSPSource BuildCSPSource( |
| 11 const blink::WebContentSecurityPolicySourceExpression& source) { | 10 const blink::WebContentSecurityPolicySourceExpression& source) { |
| 12 return CSPSource( | 11 return CSPSource( |
| 13 source.scheme.utf8(), // scheme | 12 source.scheme.utf8(), // scheme |
| 14 source.host.utf8(), // host | 13 source.host.utf8(), // host |
| 15 source.isHostWildcard == blink::WebWildcardDispositionHasWildcard, | 14 source.isHostWildcard == blink::WebWildcardDispositionHasWildcard, |
| 16 source.port == 0 ? url::PORT_UNSPECIFIED : source.port, // port | 15 source.port == 0 ? url::PORT_UNSPECIFIED : source.port, // port |
| (...skipping 28 matching lines...) Expand all Loading... | |
| 45 std::vector<std::string> report_endpoints; | 44 std::vector<std::string> report_endpoints; |
| 46 for (const blink::WebString& endpoint : policy.reportEndpoints) | 45 for (const blink::WebString& endpoint : policy.reportEndpoints) |
| 47 report_endpoints.push_back(endpoint.utf8()); | 46 report_endpoints.push_back(endpoint.utf8()); |
| 48 | 47 |
| 49 return CSPPolicy(policy.disposition, // disposition | 48 return CSPPolicy(policy.disposition, // disposition |
| 50 policy.source, // source | 49 policy.source, // source |
| 51 directives, // directives | 50 directives, // directives |
| 52 report_endpoints); // report_endpoints | 51 report_endpoints); // report_endpoints |
| 53 } | 52 } |
| 54 | 53 |
| 54 blink::WebContentSecurityPolicyViolation BuildWebContentSecurityPolicyViolation( | |
| 55 const content::CSPViolationParams& violation_params) { | |
| 56 blink::WebContentSecurityPolicyViolation violation; | |
| 57 violation.directive = blink::WebString::fromASCII(violation_params.directive); | |
| 58 violation.effectiveDirective = | |
| 59 blink::WebString::fromASCII(violation_params.effective_directive); | |
| 60 violation.consoleMessage = | |
| 61 blink::WebString::fromASCII(violation_params.console_message); | |
| 62 violation.blockedUrl = violation_params.blocked_url; | |
| 63 violation.reportEndpoints = blink::WebVector<blink::WebString>( | |
| 64 violation_params.report_endpoints.size()); | |
| 65 for (size_t i = 0; i < violation_params.report_endpoints.size(); ++i) | |
|
nasko
2017/02/15 21:28:45
This for loop needs {} as the body spans more than
arthursonzogni
2017/02/16 17:32:41
Done.
| |
| 66 violation.reportEndpoints[i] = | |
| 67 blink::WebString::fromASCII(violation_params.report_endpoints[i]); | |
| 68 violation.header = blink::WebString::fromASCII(violation_params.header); | |
| 69 violation.disposition = violation_params.disposition; | |
| 70 violation.followedRedirect = violation_params.followed_redirect; | |
| 71 return violation; | |
| 72 } | |
| 73 | |
| 55 } // namespace content | 74 } // namespace content |
| OLD | NEW |
