Chromium Code Reviews Chromium Code Reviews
Issue 2655463006:
PlzNavigate: Enforce 'frame-src' CSP on the browser. (Closed)
| Index: third_party/WebKit/Source/web/WebLocalFrameImpl.cpp |
| diff --git a/third_party/WebKit/Source/web/WebLocalFrameImpl.cpp b/third_party/WebKit/Source/web/WebLocalFrameImpl.cpp |
| index 859ed9967d4c420907b7b2fb2ce70167129e7875..b7029760a8330385cdfb48abc9ef6f1781870144 100644 |
| --- a/third_party/WebKit/Source/web/WebLocalFrameImpl.cpp |
| +++ b/third_party/WebKit/Source/web/WebLocalFrameImpl.cpp |
| @@ -2044,6 +2044,27 @@ bool WebLocalFrameImpl::maybeRenderFallbackContent( |
| return true; |
| } |
| +// Called when a navigation is blocked because a Content Security Policy (CSP) |
| +// is infringed. |
| +void WebLocalFrameImpl::contentSecurityPolicyViolation( |
| + const blink::WebContentSecurityPolicyViolation& violation) { |
| + DCHECK(frame() && frame()->document()); |
| + Document* document = frame()->document(); |
| + Vector<String> reportEndpoints; |
| + for (const WebString& endPoint : violation.reportEndpoints) |
| + reportEndpoints.push_back(endPoint); |
| + document->contentSecurityPolicy()->reportViolation( |
| + violation.directive, /* directiveText */ |
| + ContentSecurityPolicy::getDirectiveType( |
| + violation.effectiveDirective), /* effectiveType */ |
| + violation.consoleMessage, /* consoleMessage */ |
| + violation.blockedUrl, /* blockedUrl */ |
| + reportEndpoints, /* reportEndpoints */ |
| + violation.header, /* header */ |
| + static_cast<ContentSecurityPolicyHeaderType>(violation.disposition), |
| + ContentSecurityPolicy::ViolationType::URLViolation); /* ViolationType */ |
|
alexmos
2017/02/10 22:59:54
Do you need to forward the redirect status also, r
arthursonzogni
2017/02/13 16:33:21
Yes, I completely ignored the redirect status. Tha
|
| +} |
| + |
| bool WebLocalFrameImpl::isLoading() const { |
| if (!frame() || !frame()->document()) |
| return false; |
