Chromium Code Reviews Chromium Code Reviews
Issue 2655463006:
PlzNavigate: Enforce 'frame-src' CSP on the browser. (Closed)
| Index: third_party/WebKit/Source/web/WebLocalFrameImpl.cpp |
| diff --git a/third_party/WebKit/Source/web/WebLocalFrameImpl.cpp b/third_party/WebKit/Source/web/WebLocalFrameImpl.cpp |
| index 7a1c25a7383ffffcb86d09f88dcdbf1000fa9c86..d5b742a7a62b483649dd45bc12a1e262d2a1ccec 100644 |
| --- a/third_party/WebKit/Source/web/WebLocalFrameImpl.cpp |
| +++ b/third_party/WebKit/Source/web/WebLocalFrameImpl.cpp |
| @@ -2054,6 +2054,27 @@ bool WebLocalFrameImpl::maybeRenderFallbackContent( |
| return true; |
| } |
| +// Called when a navigation is blocked because a Content Security Policy (CSP) |
| +// is infringed. |
| +void WebLocalFrameImpl::reportContentSecurityPolicyViolation( |
| + const blink::WebContentSecurityPolicyViolation& violation) { |
| + DCHECK(frame() && frame()->document()); |
| + Document* document = frame()->document(); |
| + Vector<String> reportEndpoints; |
| + for (const WebString& endPoint : violation.reportEndpoints) |
| + reportEndpoints.push_back(endPoint); |
| + document->contentSecurityPolicy()->reportViolation( |
| + violation.directive, /* directiveText */ |
| + ContentSecurityPolicy::getDirectiveType( |
| + violation.effectiveDirective), /* effectiveType */ |
| + violation.consoleMessage, /* consoleMessage */ |
| + violation.blockedUrl, /* blockedUrl */ |
| + reportEndpoints, /* reportEndpoints */ |
| + violation.header, /* header */ |
| + static_cast<ContentSecurityPolicyHeaderType>(violation.disposition), |
| + ContentSecurityPolicy::ViolationType::URLViolation); /* ViolationType */ |
|
alexmos
2017/02/24 06:40:28
Does this still need to extract out and explicitly
arthursonzogni
2017/02/24 16:13:30
I am not sure to understand, but if you mean that
alexmos
2017/03/01 02:22:28
Yes, this is what I meant. Thanks for fixing it!
|
| +} |
| + |
| bool WebLocalFrameImpl::isLoading() const { |
| if (!frame() || !frame()->document()) |
| return false; |
