Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(218)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: content/browser/frame_host/ancestor_throttle.cc

Issue 2655463006: PlzNavigate: Enforce 'frame-src' CSP on the browser. (Closed)
Patch Set: Addressed comments Created 3 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « content/browser/frame_host/ancestor_throttle.h ('k') | content/browser/frame_host/frame_tree_node.h » ('j') | content/common/frame_messages.h » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: content/browser/frame_host/ancestor_throttle.cc
diff --git a/content/browser/frame_host/ancestor_throttle.cc b/content/browser/frame_host/ancestor_throttle.cc
index ca87f0a221d797c54f9304669bd016aa961c9bcc..ddbf9611f532394cce8f11b5a7f81e9d77e4056d 100644
--- a/content/browser/frame_host/ancestor_throttle.cc
+++ b/content/browser/frame_host/ancestor_throttle.cc
@@ -11,9 +11,11 @@
#include "content/browser/frame_host/frame_tree.h"
#include "content/browser/frame_host/frame_tree_node.h"
#include "content/browser/frame_host/navigation_handle_impl.h"
+#include "content/browser/frame_host/navigation_request.h"
#include "content/public/browser/browser_thread.h"
#include "content/public/browser/navigation_handle.h"
#include "content/public/browser/navigation_throttle.h"
+#include "content/public/common/browser_side_navigation_policy.h"
#include "content/public/common/console_message_level.h"
#include "net/http/http_response_headers.h"
#include "url/origin.h"
@@ -165,6 +167,44 @@ AncestorThrottle::WillProcessResponse() {
return NavigationThrottle::BLOCK_RESPONSE;
}
+NavigationThrottle::ThrottleCheckResult
+AncestorThrottle::CheckContentSecurityPolicyFrameSrc(bool is_redirect) {
+ // If PlzNavigate is enabled, "frame-src" is enforced on the browser side,
+ // else on the renderer side.
+ if (!IsBrowserSideNavigationEnabled())
+ return NavigationThrottle::PROCEED;
+
+ const GURL& url = navigation_handle()->GetURL();
+ if (url.SchemeIs(url::kAboutScheme))
+ return NavigationThrottle::PROCEED;
+
+ NavigationHandleImpl* handle =
+ static_cast<NavigationHandleImpl*>(navigation_handle());
+
+ // Allow the request when it bypasses the CSP.
+ if (handle->should_bypass_main_world_csp())
+ return NavigationThrottle::PROCEED;
+
+ FrameTreeNode* parent_ftn = handle->frame_tree_node()->parent();
+ DCHECK(parent_ftn);
+ RenderFrameHostImpl* parent = parent_ftn->current_frame_host();
+ DCHECK(parent);
+
+ if (!parent->IsAllowedByCsp(CSPDirective::FrameSrc, url, is_redirect))
+ return NavigationThrottle::BLOCK_REQUEST;
+
+ return NavigationThrottle::PROCEED;
+}
+
+NavigationThrottle::ThrottleCheckResult AncestorThrottle::WillStartRequest() {
+ return CheckContentSecurityPolicyFrameSrc(false);
+}
+
+NavigationThrottle::ThrottleCheckResult
+AncestorThrottle::WillRedirectRequest() {
+ return CheckContentSecurityPolicyFrameSrc(true);
+}
+
AncestorThrottle::AncestorThrottle(NavigationHandle* handle)
: NavigationThrottle(handle) {}
« no previous file with comments | « content/browser/frame_host/ancestor_throttle.h ('k') | content/browser/frame_host/frame_tree_node.h » ('j') | content/common/frame_messages.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698