Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(155)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/common/content_security_policy/csp_context.cc

Issue 2727633005: PlzNavigate: Enforce frame-src CSP on the browser. (Closed)
Patch Set: Addressed Alex's comments + trying to fix subframe swap issue Created 3 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« content/common/content_security_policy/csp_context.h ('K') | « content/common/content_security_policy/csp_context.h ('k') | content/common/content_security_policy/csp_context_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2017 The Chromium Authors. All rights reserved. 1 // Copyright 2017 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "content/common/content_security_policy/csp_context.h" 5 #include "content/common/content_security_policy/csp_context.h"
6 6
7 namespace content { 7 namespace content {
8 8
9 CSPContext::CSPContext() : has_self_(false) {} 9 CSPContext::CSPContext() : has_self_(false) {}
10 10
11 CSPContext::~CSPContext() {} 11 CSPContext::~CSPContext() {}
12 12
13 bool CSPContext::Allow(const std::vector<ContentSecurityPolicy>& policies, 13 bool CSPContext::AllowContentSecurityPolicy(CSPDirective::Name directive_name,
14 CSPDirective::Name directive_name, 14 const GURL& url,
15 const GURL& url, 15 bool is_redirect) {
16 bool is_redirect) {
17 if (SchemeShouldBypassCSP(url.scheme_piece())) 16 if (SchemeShouldBypassCSP(url.scheme_piece()))
18 return true; 17 return true;
19 18
20 for (const auto& policy : policies) { 19 for (const auto& policy : policies_) {
21 if (!ContentSecurityPolicy::Allow(policy, directive_name, url, this, 20 if (!ContentSecurityPolicy::Allow(policy, directive_name, url, this,
22 is_redirect)) 21 is_redirect))
23 return false; 22 return false;
24 } 23 }
25 return true; 24 return true;
26 } 25 }
27 26
28 void CSPContext::SetSelf(const url::Origin origin) { 27 void CSPContext::SetSelf(const url::Origin origin) {
29 if (origin.unique()) { 28 if (origin.unique()) {
30 // TODO(arthursonzogni): Decide what to do with unique origins. 29 // TODO(arthursonzogni): Decide what to do with unique origins.
(...skipping 36 matching lines...) Expand 10 before | Expand all | Expand 10 after
67 bool CSPContext::SchemeShouldBypassCSP(const base::StringPiece& scheme) { 66 bool CSPContext::SchemeShouldBypassCSP(const base::StringPiece& scheme) {
68 return false; 67 return false;
69 } 68 }
70 69
71 bool CSPContext::SelfSchemeShouldBypassCSP() { 70 bool CSPContext::SelfSchemeShouldBypassCSP() {
72 if (!has_self_) 71 if (!has_self_)
73 return false; 72 return false;
74 return SchemeShouldBypassCSP(self_scheme_); 73 return SchemeShouldBypassCSP(self_scheme_);
75 } 74 }
76 75
77 void CSPContext::ReportViolation( 76 void CSPContext::ReportContentSecurityPolicyViolation(
78 const std::string& directive_text, 77 const CSPViolationParams& violation_params) {
79 const std::string& effective_directive,
80 const std::string& message,
81 const GURL& blocked_url,
82 const std::vector<std::string>& report_end_points,
83 const std::string& header,
84 blink::WebContentSecurityPolicyType disposition) {
85 return; 78 return;
86 } 79 }
87 80
81 CSPViolationParams::CSPViolationParams() = default;
82
83 CSPViolationParams::CSPViolationParams(
84 const std::string& directive,
85 const std::string& effective_directive,
86 const std::string& console_message,
87 const GURL& blocked_url,
88 const std::vector<std::string>& report_endpoints,
89 const std::string& header,
90 const blink::WebContentSecurityPolicyType& disposition,
91 bool after_redirect)
92 : directive(directive),
93 effective_directive(effective_directive),
94 console_message(console_message),
95 blocked_url(blocked_url),
96 report_endpoints(report_endpoints),
97 header(header),
98 disposition(disposition),
99 after_redirect(after_redirect) {}
100
101 CSPViolationParams::CSPViolationParams(const CSPViolationParams& other) =
102 default;
103
104 CSPViolationParams::~CSPViolationParams() {}
105
88 } // namespace content 106 } // namespace content
OLDNEW
« content/common/content_security_policy/csp_context.h ('K') | « content/common/content_security_policy/csp_context.h ('k') | content/common/content_security_policy/csp_context_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698