Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(317)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/common/content_security_policy/csp_source_list.cc

Issue 2655463006: PlzNavigate: Enforce 'frame-src' CSP on the browser. (Closed)
Patch Set: Rebase. Created 3 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « content/common/content_security_policy/csp_disposition_enum.h ('k') | content/common/frame_messages.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2017 The Chromium Authors. All rights reserved. 1 // Copyright 2017 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "content/common/content_security_policy/csp_context.h" 5 #include "content/common/content_security_policy/csp_context.h"
6 6
7 namespace content { 7 namespace content {
8 8
9 namespace { 9 namespace {
10 10
11 const GURL ExtractInnerURL(const GURL& url) { 11 const GURL ExtractInnerURL(const GURL& url) {
12 if (const GURL* inner_url = url.inner_url()) 12 if (const GURL* inner_url = url.inner_url())
13 return *inner_url; 13 return *inner_url;
14 else 14 else
15 // TODO(arthursonzogni): revisit this once GURL::inner_url support blob-URL. 15 // TODO(arthursonzogni): revisit this once GURL::inner_url support blob-URL.
16 return GURL(url.path()); 16 return GURL(url.path());
17 } 17 }
18 18
19 const GURL GetEffectiveURL(CSPContext* context, const GURL& url) { 19 const GURL GetEffectiveURL(CSPContext* context, const GURL& url) {
20 // Due to backwards-compatibility concerns, we allow 'self' to match blob and 20 // Due to backwards-compatibility concerns, we allow 'self' to match blob and
21 // filesystem inner URLs if we are in a context that bypasses 21 // filesystem inner URLs if we are in a context that bypasses
22 // ContentSecurityPolicy in the main world. 22 // ContentSecurityPolicy in the main world.
23 if (context->SelfSchemeShouldBypassCSP()) { 23 if (context->SelfSchemeShouldBypassCsp()) {
24 if (url.SchemeIsFileSystem() || url.SchemeIsBlob()) 24 if (url.SchemeIsFileSystem() || url.SchemeIsBlob())
25 return ExtractInnerURL(url); 25 return ExtractInnerURL(url);
26 } 26 }
27 return url; 27 return url;
28 } 28 }
29 29
30 bool AllowFromSources(const GURL& url, 30 bool AllowFromSources(const GURL& url,
31 const std::vector<CSPSource>& sources, 31 const std::vector<CSPSource>& sources,
32 CSPContext* context, 32 CSPContext* context,
33 bool is_redirect) { 33 bool is_redirect) {
(...skipping 66 matching lines...) Expand 10 before | Expand all | Expand 10 after
100 } 100 }
101 101
102 return text.str(); 102 return text.str();
103 } 103 }
104 104
105 bool CSPSourceList::IsNone() const { 105 bool CSPSourceList::IsNone() const {
106 return !allow_self && !allow_star && sources.empty(); 106 return !allow_self && !allow_star && sources.empty();
107 } 107 }
108 108
109 } // namespace content 109 } // namespace content
OLDNEW
« no previous file with comments | « content/common/content_security_policy/csp_disposition_enum.h ('k') | content/common/frame_messages.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698