content/browser/frame_host/csp_context_impl.cc - Issue 2655463006: PlzNavigate: Enforce 'frame-src' CSP on the browser.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: content/browser/frame_host/csp_context_impl.cc

Issue 2655463006: PlzNavigate: Enforce 'frame-src' CSP on the browser. (Closed)

Patch Set: Add TODO in the FrameLoader. Created 3 years, 10 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

Index: content/browser/frame_host/csp_context_impl.cc

diff --git a/content/browser/frame_host/csp_context_impl.cc b/content/browser/frame_host/csp_context_impl.cc

new file mode 100644

index 0000000000000000000000000000000000000000..ad4efe6a49d0e8b0e7f9e11b776c97d84a16784e

--- /dev/null

+++ b/content/browser/frame_host/csp_context_impl.cc

@@ -0,0 +1,42 @@

+// Use of this source code is governed by a BSD-style license that can be

+// found in the LICENSE file.

+#include <algorithm>

+#include "content/browser/frame_host/csp_context_impl.h"

+#include "content/browser/frame_host/frame_tree_node.h"

+#include "url/url_util.h"

+namespace content {

+CSPContextImpl::CSPContextImpl(FrameTreeNode* frame_tree_node)

+ : frame_tree_node_(frame_tree_node) {

+ DCHECK(frame_tree_node_);

+void CSPContextImpl::LogToConsole(const std::string& message) {

+ frame_tree_node_->current_frame_host()->AddMessageToConsole(

+ CONSOLE_MESSAGE_LEVEL_ERROR, message);

+void CSPContextImpl::ReportViolation(

+ const CSPViolationParams& violation_params) {

+ frame_tree_node_->current_frame_host()->ContentSecurityPolicyViolation(

+ violation_params);

+bool CSPContextImpl::SchemeShouldBypassCSP(const base::StringPiece& scheme) {

+ // Blink uses its SchemeRegistry to check if a scheme should be bypassed.

+ // It can't be used on the browser process. It is used for two things:

+ // 1) Bypassing the "chrome-extension" scheme when chrome is built with the

+ // extensions support.

+ // 2) Bypassing arbitrary scheme for testing purpose only in blink and in V8.

+ // TODO(arthursonzogni): url::GetBypassingCSPScheme() is used instead of the

+ // blink::SchemeRegistry. It contains 1) but not 2).

+ const auto& bypassing_schemes = url::GetCSPBypassingSchemes();

+ return std::find(bypassing_schemes.begin(), bypassing_schemes.end(),

+ scheme) != bypassing_schemes.end();

+} // namespace content