third_party/WebKit/Source/web/WebLocalFrameImpl.cpp - Issue 2727633005: PlzNavigate: Enforce frame-src CSP on the browser.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: third_party/WebKit/Source/web/WebLocalFrameImpl.cpp

Issue 2727633005: PlzNavigate: Enforce frame-src CSP on the browser. (Closed)

Patch Set: Addressed Alex's comments + trying to fix subframe swap issue Created 3 years, 10 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

Index: third_party/WebKit/Source/web/WebLocalFrameImpl.cpp

diff --git a/third_party/WebKit/Source/web/WebLocalFrameImpl.cpp b/third_party/WebKit/Source/web/WebLocalFrameImpl.cpp

index a95f10fc30b00e4b0c321788ff8a452a85917c96..617a4b8cb8920bb3c12a3807357a905e4bd6b0ad 100644

--- a/third_party/WebKit/Source/web/WebLocalFrameImpl.cpp

+++ b/third_party/WebKit/Source/web/WebLocalFrameImpl.cpp

@@ -2068,6 +2068,34 @@ bool WebLocalFrameImpl::maybeRenderFallbackContent(

return true;

}

+// Called when a navigation is blocked because a Content Security Policy (CSP)

+// is infringed.

+void WebLocalFrameImpl::reportContentSecurityPolicyViolation(

+ const blink::WebContentSecurityPolicyViolation& violation) {

+ DCHECK(frame() && frame()->document());

+ Document* document = frame()->document();

+ Vector<String> reportEndpoints;

+ for (const WebString& endPoint : violation.reportEndpoints)

+ reportEndpoints.push_back(endPoint);

+ document->contentSecurityPolicy()->reportViolation(

+ violation.directive, /* directiveText */

+ ContentSecurityPolicy::getDirectiveType(

+ violation.effectiveDirective), /* effectiveType */

+ violation.consoleMessage, /* consoleMessage */

+ violation.blockedUrl, /* blockedUrl */

+ reportEndpoints, /* reportEndpoints */

+ violation.header, /* header */

+ static_cast<ContentSecurityPolicyHeaderType>(violation.disposition),

+ ContentSecurityPolicy::ViolationType::URLViolation, /* ViolationType */

+ nullptr, /* LocalFrame */

+ violation.afterRedirect ? RedirectStatus::FollowedRedirect

+ : RedirectStatus::NoRedirect,

+ // TODO(arthursonzogni, clamy) Provide the context line number here.

+ // See http://crbug.com/690946

+ 0, /* contextLine */

+ nullptr); /* Element */

bool WebLocalFrameImpl::isLoading() const {

if (!frame() || !frame()->document())

return false;