| OLD | NEW |
|---|
| 1 // Copyright 2017 The Chromium Authors. All rights reserved. | 1 // Copyright 2017 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/common/content_security_policy/csp_context.h" | 5 #include "content/common/content_security_policy/csp_context.h" |
| 6 | 6 |
| 7 namespace content { | 7 namespace content { |
| 8 | 8 |
| 9 CSPContext::CSPContext() : has_self_(false) {} | 9 CSPContext::CSPContext() : has_self_(false) {} |
| 10 | 10 |
| 11 CSPContext::~CSPContext() {} | 11 CSPContext::~CSPContext() {} |
| 12 | 12 |
| 13 bool CSPContext::IsAllowedByCsp(CSPDirective::Name directive_name, | 13 bool CSPContext::IsAllowedByCsp(CSPDirective::Name directive_name, |
| 14 const GURL& url, | 14 const GURL& url, |
| 15 bool is_redirect) { | 15 bool is_redirect, |
| 16 const SourceLocation& source_location) { |
| 16 if (SchemeShouldBypassCSP(url.scheme_piece())) | 17 if (SchemeShouldBypassCSP(url.scheme_piece())) |
| 17 return true; | 18 return true; |
| 18 | 19 |
| 19 for (const auto& policy : policies_) { | 20 for (const auto& policy : policies_) { |
| 20 if (!ContentSecurityPolicy::Allow(policy, directive_name, url, this, | 21 if (!ContentSecurityPolicy::Allow(policy, directive_name, url, is_redirect, |
| 21 is_redirect)) | 22 this, source_location)) |
| 22 return false; | 23 return false; |
| 23 } | 24 } |
| 24 return true; | 25 return true; |
| 25 } | 26 } |
| 26 | 27 |
| 27 void CSPContext::SetSelf(const url::Origin origin) { | 28 void CSPContext::SetSelf(const url::Origin origin) { |
| 28 if (origin.unique()) { | 29 if (origin.unique()) { |
| 29 // TODO(arthursonzogni): Decide what to do with unique origins. | 30 // TODO(arthursonzogni): Decide what to do with unique origins. |
| 30 has_self_ = false; | 31 has_self_ = false; |
| 31 return; | 32 return; |
| (...skipping 20 matching lines...) Expand all Loading... |
| 52 } | 53 } |
| 53 | 54 |
| 54 bool CSPContext::ProtocolMatchesSelf(const GURL& url) { | 55 bool CSPContext::ProtocolMatchesSelf(const GURL& url) { |
| 55 if (!has_self_) | 56 if (!has_self_) |
| 56 return false; | 57 return false; |
| 57 if (self_scheme_ == url::kHttpScheme) | 58 if (self_scheme_ == url::kHttpScheme) |
| 58 return url.SchemeIsHTTPOrHTTPS() || url.SchemeIsSuborigin(); | 59 return url.SchemeIsHTTPOrHTTPS() || url.SchemeIsSuborigin(); |
| 59 return url.SchemeIs(self_scheme_); | 60 return url.SchemeIs(self_scheme_); |
| 60 } | 61 } |
| 61 | 62 |
| 62 void CSPContext::LogToConsole(const std::string& message) { | |
| 63 return; | |
| 64 } | |
| 65 | |
| 66 bool CSPContext::SchemeShouldBypassCSP(const base::StringPiece& scheme) { | 63 bool CSPContext::SchemeShouldBypassCSP(const base::StringPiece& scheme) { |
| 67 return false; | 64 return false; |
| 68 } | 65 } |
| 69 | 66 |
| 70 bool CSPContext::SelfSchemeShouldBypassCsp() { | 67 bool CSPContext::SelfSchemeShouldBypassCsp() { |
| 71 if (!has_self_) | 68 if (!has_self_) |
| 72 return false; | 69 return false; |
| 73 return SchemeShouldBypassCSP(self_scheme_); | 70 return SchemeShouldBypassCSP(self_scheme_); |
| 74 } | 71 } |
| 75 | 72 |
| 76 void CSPContext::ReportContentSecurityPolicyViolation( | 73 void CSPContext::ReportContentSecurityPolicyViolation( |
| 77 const CSPViolationParams& violation_params) { | 74 const CSPViolationParams& violation_params) { |
| 78 return; | 75 return; |
| 79 } | 76 } |
| 80 | 77 |
| 81 CSPViolationParams::CSPViolationParams() = default; | 78 CSPViolationParams::CSPViolationParams() = default; |
| 82 | 79 |
| 83 CSPViolationParams::CSPViolationParams( | 80 CSPViolationParams::CSPViolationParams( |
| 84 const std::string& directive, | 81 const std::string& directive, |
| 85 const std::string& effective_directive, | 82 const std::string& effective_directive, |
| 86 const std::string& console_message, | 83 const std::string& console_message, |
| 87 const GURL& blocked_url, | 84 const GURL& blocked_url, |
| 88 const std::vector<std::string>& report_endpoints, | 85 const std::vector<std::string>& report_endpoints, |
| 89 const std::string& header, | 86 const std::string& header, |
| 90 const blink::WebContentSecurityPolicyType& disposition, | 87 const blink::WebContentSecurityPolicyType& disposition, |
| 91 bool after_redirect) | 88 bool after_redirect, |
| 89 const SourceLocation& source_location) |
| 92 : directive(directive), | 90 : directive(directive), |
| 93 effective_directive(effective_directive), | 91 effective_directive(effective_directive), |
| 94 console_message(console_message), | 92 console_message(console_message), |
| 95 blocked_url(blocked_url), | 93 blocked_url(blocked_url), |
| 96 report_endpoints(report_endpoints), | 94 report_endpoints(report_endpoints), |
| 97 header(header), | 95 header(header), |
| 98 disposition(disposition), | 96 disposition(disposition), |
| 99 after_redirect(after_redirect) {} | 97 after_redirect(after_redirect), |
| 98 source_location(source_location) {} |
| 100 | 99 |
| 101 CSPViolationParams::CSPViolationParams(const CSPViolationParams& other) = | 100 CSPViolationParams::CSPViolationParams(const CSPViolationParams& other) = |
| 102 default; | 101 default; |
| 103 | 102 |
| 104 CSPViolationParams::~CSPViolationParams() {} | 103 CSPViolationParams::~CSPViolationParams() {} |
| 105 | 104 |
| 106 } // namespace content | 105 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2761153003:
PlzNavigate & CSP. Use the SourceLocation in violation reports. (Closed)
