Index: content/browser/frame_host/ancestor_throttle.cc |
diff --git a/content/browser/frame_host/ancestor_throttle.cc b/content/browser/frame_host/ancestor_throttle.cc |
index ca87f0a221d797c54f9304669bd016aa961c9bcc..e596c128c7868b159d997239dcb496f2ffd10c7e 100644 |
--- a/content/browser/frame_host/ancestor_throttle.cc |
+++ b/content/browser/frame_host/ancestor_throttle.cc |
@@ -11,9 +11,11 @@ |
#include "content/browser/frame_host/frame_tree.h" |
#include "content/browser/frame_host/frame_tree_node.h" |
#include "content/browser/frame_host/navigation_handle_impl.h" |
+#include "content/browser/frame_host/navigation_request.h" |
#include "content/public/browser/browser_thread.h" |
#include "content/public/browser/navigation_handle.h" |
#include "content/public/browser/navigation_throttle.h" |
+#include "content/public/common/browser_side_navigation_policy.h" |
#include "content/public/common/console_message_level.h" |
#include "net/http/http_response_headers.h" |
#include "url/origin.h" |
@@ -165,6 +167,45 @@ AncestorThrottle::WillProcessResponse() { |
return NavigationThrottle::BLOCK_RESPONSE; |
} |
+NavigationThrottle::ThrottleCheckResult |
+AncestorThrottle::CheckContentSecurityPolicyFrameSrc(bool is_redirect) { |
+ // If PlzNavigate is enabled, "frame-src" is enforced on the browser-side, |
+ // else on the renderer-side. |
+ if (!IsBrowserSideNavigationEnabled()) |
+ return NavigationThrottle::PROCEED; |
+ |
+ NavigationHandleImpl* handle = |
+ static_cast<NavigationHandleImpl*>(navigation_handle()); |
+ |
+ const GURL& url = navigation_handle()->GetURL(); |
+ if (url.SchemeIs(url::kAboutScheme)) |
+ return NavigationThrottle::PROCEED; |
+ |
+ // Allow the request when it bypasses the CSP of the parent frame. |
+ if (handle->should_bypass_main_world_csp()) |
+ return NavigationThrottle::PROCEED; |
+ |
+ auto parent = handle->frame_tree_node()->parent(); |
+ DCHECK(parent); |
+ |
+ CSPContext* csp_context = parent->csp_context(); |
+ if (!csp_context->Allow(parent->csp_policies(), CSPDirective::FrameSrc, url, |
+ is_redirect)) { |
+ return NavigationThrottle::BLOCK_REQUEST; |
+ } |
+ |
+ return NavigationThrottle::PROCEED; |
+} |
+ |
+NavigationThrottle::ThrottleCheckResult AncestorThrottle::WillStartRequest() { |
+ return CheckContentSecurityPolicyFrameSrc(false); |
+} |
+ |
+NavigationThrottle::ThrottleCheckResult |
+AncestorThrottle::WillRedirectRequest() { |
+ return CheckContentSecurityPolicyFrameSrc(true); |
+} |
+ |
AncestorThrottle::AncestorThrottle(NavigationHandle* handle) |
: NavigationThrottle(handle) {} |