| Index: content/browser/frame_host/render_frame_host_impl.cc
|
| diff --git a/content/browser/frame_host/render_frame_host_impl.cc b/content/browser/frame_host/render_frame_host_impl.cc
|
| index 1448dd8939f48fe69578f4ecea6344312c1111fc..313189e8e59a6d25cbcf87c8628396ce7fc8a06d 100644
|
| --- a/content/browser/frame_host/render_frame_host_impl.cc
|
| +++ b/content/browser/frame_host/render_frame_host_impl.cc
|
| @@ -855,6 +855,30 @@ void RenderFrameHostImpl::RenderProcessGone(SiteInstanceImpl* site_instance) {
|
| set_nav_entry_id(0);
|
| }
|
|
|
| +void RenderFrameHostImpl::LogToConsole(const std::string& message) {
|
| + AddMessageToConsole(CONSOLE_MESSAGE_LEVEL_ERROR, message);
|
| +}
|
| +
|
| +void RenderFrameHostImpl::ReportContentSecurityPolicyViolation(
|
| + const CSPViolationParams& violation_params) {
|
| + Send(new FrameMsg_ReportContentSecurityPolicyViolation(routing_id_,
|
| + violation_params));
|
| +}
|
| +
|
| +bool RenderFrameHostImpl::SchemeShouldBypassCSP(
|
| + const base::StringPiece& scheme) {
|
| + // Blink uses its SchemeRegistry to check if a scheme should be bypassed.
|
| + // It can't be used on the browser process. It is used for two things:
|
| + // 1) Bypassing the "chrome-extension" scheme when chrome is built with the
|
| + // extensions support.
|
| + // 2) Bypassing arbitrary scheme for testing purpose only in blink and in V8.
|
| + // TODO(arthursonzogni): url::GetBypassingCSPScheme() is used instead of the
|
| + // blink::SchemeRegistry. It contains 1) but not 2).
|
| + const auto& bypassing_schemes = url::GetCSPBypassingSchemes();
|
| + return std::find(bypassing_schemes.begin(), bypassing_schemes.end(),
|
| + scheme) != bypassing_schemes.end();
|
| +}
|
| +
|
| bool RenderFrameHostImpl::CreateRenderFrame(int proxy_routing_id,
|
| int opener_routing_id,
|
| int parent_routing_id,
|
| @@ -1813,7 +1837,9 @@ void RenderFrameHostImpl::OnDidSetFeaturePolicyHeader(
|
| void RenderFrameHostImpl::OnDidAddContentSecurityPolicy(
|
| const ContentSecurityPolicyHeader& header,
|
| const std::vector<ContentSecurityPolicy>& policies) {
|
| - frame_tree_node()->AddContentSecurityPolicy(header, policies);
|
| + frame_tree_node()->AddContentSecurityPolicy(header);
|
| + for (const ContentSecurityPolicy& policy : policies)
|
| + AddContentSecurityPolicy(policy);
|
| }
|
|
|
| void RenderFrameHostImpl::OnEnforceInsecureRequestPolicy(
|
| @@ -2492,7 +2518,8 @@ void RenderFrameHostImpl::NavigateToInterstitialURL(const GURL& data_url) {
|
| data_url, Referrer(), ui::PAGE_TRANSITION_LINK,
|
| FrameMsg_Navigate_Type::DIFFERENT_DOCUMENT, false, false,
|
| base::TimeTicks::Now(), FrameMsg_UILoadMetricsReportType::NO_REPORT,
|
| - GURL(), GURL(), PREVIEWS_OFF, base::TimeTicks::Now(), "GET", nullptr);
|
| + GURL(), GURL(), PREVIEWS_OFF, base::TimeTicks::Now(), "GET", nullptr,
|
| + false /* should_bypass_main_world_csp */);
|
| if (IsBrowserSideNavigationEnabled()) {
|
| CommitNavigation(nullptr, nullptr, common_params, RequestNavigationParams(),
|
| false);
|
| @@ -3398,7 +3425,9 @@ RenderFrameHostImpl::TakeNavigationHandleForCommit(
|
| return NavigationHandleImpl::Create(
|
| params.url, params.redirects, frame_tree_node_, is_renderer_initiated,
|
| params.was_within_same_page, base::TimeTicks::Now(),
|
| - pending_nav_entry_id, false); // started_from_context_menu
|
| + pending_nav_entry_id,
|
| + false, // started_from_context_menu
|
| + false); // should_bypass_main_world_csp
|
| }
|
|
|
| // Determine if the current NavigationHandle can be used.
|
| @@ -3450,7 +3479,9 @@ RenderFrameHostImpl::TakeNavigationHandleForCommit(
|
| return NavigationHandleImpl::Create(
|
| params.url, params.redirects, frame_tree_node_, is_renderer_initiated,
|
| params.was_within_same_page, base::TimeTicks::Now(),
|
| - entry_id_for_data_nav, false); // started_from_context_menu
|
| + entry_id_for_data_nav,
|
| + false, // started_from_context_menu
|
| + false); // should_bypass_main_world_csp
|
| }
|
|
|
| } // namespace content
|
|
|
Chromium Code Reviews
Issue 2655463006:
PlzNavigate: Enforce 'frame-src' CSP on the browser. (Closed)
