Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(705)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: content/common/content_security_policy/content_security_policy.cc

Issue 2655463006: PlzNavigate: Enforce 'frame-src' CSP on the browser. (Closed)
Patch Set: Rebase. Created 3 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « content/browser/site_per_process_browsertest.cc ('k') | content/common/content_security_policy/csp_context.h » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: content/common/content_security_policy/content_security_policy.cc
diff --git a/content/common/content_security_policy/content_security_policy.cc b/content/common/content_security_policy/content_security_policy.cc
index b091744bd5ad703057af8dfc8ec52c5340ba6c85..745cb1c2fb11f3c940a7c17e6fd4a29fd38c2594 100644
--- a/content/common/content_security_policy/content_security_policy.cc
+++ b/content/common/content_security_policy/content_security_policy.cc
@@ -41,7 +41,8 @@ void ReportViolation(CSPContext* context,
const ContentSecurityPolicy& policy,
const CSPDirective& directive,
const CSPDirective::Name directive_name,
- const GURL& url) {
+ const GURL& url,
+ bool is_redirect) {
// We should never have a violation against `child-src` or `default-src`
// directly; the effective directive should always be one of the explicit
// fetch directives.
@@ -72,10 +73,11 @@ void ReportViolation(CSPContext* context,
message << "\n";
context->LogToConsole(message.str());
- context->ReportViolation(CSPDirective::NameToString(directive.name),
- CSPDirective::NameToString(directive_name),
- message.str(), url, policy.report_endpoints,
- policy.header, policy.disposition);
+
+ context->ReportContentSecurityPolicyViolation(CSPViolationParams(
+ CSPDirective::NameToString(directive.name),
+ CSPDirective::NameToString(directive_name), message.str(), url,
+ policy.report_endpoints, policy.header, policy.disposition, is_redirect));
}
bool AllowDirective(CSPContext* context,
@@ -87,7 +89,7 @@ bool AllowDirective(CSPContext* context,
if (CSPSourceList::Allow(directive.source_list, url, context, is_redirect))
return true;
- ReportViolation(context, policy, directive, directive_name, url);
+ ReportViolation(context, policy, directive, directive_name, url, is_redirect);
return false;
}
« no previous file with comments | « content/browser/site_per_process_browsertest.cc ('k') | content/common/content_security_policy/csp_context.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698