content/renderer/render_frame_impl.cc - Issue 2655463006: PlzNavigate: Enforce 'frame-src' CSP on the browser.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: content/renderer/render_frame_impl.cc

Issue 2655463006: PlzNavigate: Enforce 'frame-src' CSP on the browser. (Closed)

Patch Set: Rebase. Created 3 years, 9 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

« no previous file with comments | « content/renderer/render_frame_impl.h ('k') | third_party/WebKit/LayoutTests/FlagExpectations/enable-browser-side-navigation » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: content/renderer/render_frame_impl.cc

diff --git a/content/renderer/render_frame_impl.cc b/content/renderer/render_frame_impl.cc

index fcc32abd2396cd8d78446e3b43c942ef83f42b2b..c453e5a32a52886e809ecf5c17df82845f358a82 100644

--- a/content/renderer/render_frame_impl.cc

+++ b/content/renderer/render_frame_impl.cc

@@ -684,6 +684,12 @@ CommonNavigationParams MakeCommonNavigationParams(

info.sourceLocation.columnNumber);

}

+ CSPDisposition should_check_main_world_csp =

+ info.shouldCheckMainWorldContentSecurityPolicy ==

+ blink::WebContentSecurityPolicyDispositionCheck

+ ? CSPDisposition::CHECK

+ : CSPDisposition::DO_NOT_CHECK;

const RequestExtraData* extra_data =

static_cast<RequestExtraData*>(info.urlRequest.getExtraData());

DCHECK(extra_data);

@@ -693,7 +699,8 @@ CommonNavigationParams MakeCommonNavigationParams(

report_type, GURL(), GURL(),

static_cast<PreviewsState>(info.urlRequest.getPreviewsState()),

base::TimeTicks::Now(), info.urlRequest.httpMethod().latin1(),

- GetRequestBodyForWebURLRequest(info.urlRequest), source_location);

+ GetRequestBodyForWebURLRequest(info.urlRequest), source_location,

+ should_check_main_world_csp);

}

media::Context3D GetSharedMainThreadContext3D(

@@ -1578,6 +1585,8 @@ bool RenderFrameImpl::OnMessageReceived(const IPC::Message& msg) {

OnTextTrackSettingsChanged)

IPC_MESSAGE_HANDLER(FrameMsg_PostMessageEvent, OnPostMessageEvent)

IPC_MESSAGE_HANDLER(FrameMsg_FailedNavigation, OnFailedNavigation)

+ IPC_MESSAGE_HANDLER(FrameMsg_ReportContentSecurityPolicyViolation,

+ OnReportContentSecurityPolicyViolation)

IPC_MESSAGE_HANDLER(FrameMsg_GetSavableResourceLinks,

OnGetSavableResourceLinks)

IPC_MESSAGE_HANDLER(FrameMsg_GetSerializedHtmlWithLocalLinks,

@@ -5258,6 +5267,12 @@ void RenderFrameImpl::OnFailedNavigation(

browser_side_navigation_pending_ = false;

}

+void RenderFrameImpl::OnReportContentSecurityPolicyViolation(

+ const content::CSPViolationParams& violation_params) {

+ frame_->reportContentSecurityPolicyViolation(

+ BuildWebContentSecurityPolicyViolation(violation_params));

WebNavigationPolicy RenderFrameImpl::decidePolicyForNavigation(

const NavigationPolicyInfo& info) {

// A content initiated navigation may have originated from a link-click,