content/browser/frame_host/ancestor_throttle.cc - Issue 2761153003: PlzNavigate & CSP. Use the SourceLocation in violation reports.

Side by Side Diff: content/browser/frame_host/ancestor_throttle.cc

Issue 2761153003: PlzNavigate & CSP. Use the SourceLocation in violation reports. (Closed)

Patch Set: Nit. Created 3 years, 9 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

OLD	NEW
1 // Copyright 2016 The Chromium Authors. All rights reserved.	1 // Copyright 2016 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "content/browser/frame_host/ancestor_throttle.h"	5 #include "content/browser/frame_host/ancestor_throttle.h"

6	6

7 #include "base/metrics/histogram_macros.h"	7 #include "base/metrics/histogram_macros.h"

8 #include "base/strings/string_split.h"	8 #include "base/strings/string_split.h"

9 #include "base/strings/string_util.h"	9 #include "base/strings/string_util.h"

10 #include "base/strings/stringprintf.h"	10 #include "base/strings/stringprintf.h"

(...skipping 171 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
182 static_cast<NavigationHandleImpl*>(navigation_handle());	182 static_cast<NavigationHandleImpl*>(navigation_handle());

183	183

184 if (handle->should_check_main_world_csp() == CSPDisposition::DO_NOT_CHECK)	184 if (handle->should_check_main_world_csp() == CSPDisposition::DO_NOT_CHECK)

185 return NavigationThrottle::PROCEED;	185 return NavigationThrottle::PROCEED;

186	186

187 FrameTreeNode* parent_ftn = handle->frame_tree_node()->parent();	187 FrameTreeNode* parent_ftn = handle->frame_tree_node()->parent();

188 DCHECK(parent_ftn);	188 DCHECK(parent_ftn);

189 RenderFrameHostImpl* parent = parent_ftn->current_frame_host();	189 RenderFrameHostImpl* parent = parent_ftn->current_frame_host();

190 DCHECK(parent);	190 DCHECK(parent);

191	191

192 if (!parent->IsAllowedByCsp(CSPDirective::FrameSrc, url, is_redirect))	192 if (parent->EnforceCsp(CSPDirective::FrameSrc, url, is_redirect,
	arthursonzogni 2017/03/21 16:20:38 While I added the SourceLocation argument to this While I added the SourceLocation argument to this function, I choose to change the "IsAllowedByCsp" name, because it was not clear that this function produces side-effects. It is probably unrelated to this CL though, let me know what do you think. Mike West 2017/03/22 08:57:38 It seems odd to diverge from Blink's implementatio Show quoted text On 2017/03/21 at 16:20:38, arthursonzogni wrote: > While I added the SourceLocation argument to this function, I choose to change the "IsAllowedByCsp" name, because it was not clear that this function produces side-effects. > It is probably unrelated to this CL though, let me know what do you think. It seems odd to diverge from Blink's implementation. There we do something like `policy->allowRequest(...)` and pass in an enum that governs whether or not we're just checking the result or doing reporting. I'd suggest splitting this change out into a separate patch so we have a chance to discuss the model in a little more detail. arthursonzogni 2017/03/22 09:38:35 Okay, let's do this! Show quoted text On 2017/03/22 08:57:38, Mike West wrote: > On 2017/03/21 at 16:20:38, arthursonzogni wrote: > > While I added the SourceLocation argument to this function, I choose to change > the "IsAllowedByCsp" name, because it was not clear that this function produces > side-effects. > > It is probably unrelated to this CL though, let me know what do you think. > > It seems odd to diverge from Blink's implementation. There we do something like > `policy->allowRequest(...)` and pass in an enum that governs whether or not > we're just checking the result or doing reporting. I'd suggest splitting this > change out into a separate patch so we have a chance to discuss the model in a > little more detail. Okay, let's do this!
193 return NavigationThrottle::BLOCK_REQUEST;	193 handle->source_location())) {

	194 return NavigationThrottle::PROCEED;

	195 }

194	196

195 return NavigationThrottle::PROCEED;	197 return NavigationThrottle::BLOCK_REQUEST;

196 }	198 }

197	199

198 NavigationThrottle::ThrottleCheckResult AncestorThrottle::WillStartRequest() {	200 NavigationThrottle::ThrottleCheckResult AncestorThrottle::WillStartRequest() {

199 return CheckContentSecurityPolicyFrameSrc(false);	201 return CheckContentSecurityPolicyFrameSrc(false);

200 }	202 }

201	203

202 NavigationThrottle::ThrottleCheckResult	204 NavigationThrottle::ThrottleCheckResult

203 AncestorThrottle::WillRedirectRequest() {	205 AncestorThrottle::WillRedirectRequest() {

204 return CheckContentSecurityPolicyFrameSrc(true);	206 return CheckContentSecurityPolicyFrameSrc(true);

205 }	207 }

(...skipping 93 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
299 HeadersContainFrameAncestorsCSP(headers)) {	301 HeadersContainFrameAncestorsCSP(headers)) {

300 // TODO(mkwst): 'frame-ancestors' is currently handled in Blink. We should	302 // TODO(mkwst): 'frame-ancestors' is currently handled in Blink. We should

301 // handle it here instead. Until then, don't block the request, and let	303 // handle it here instead. Until then, don't block the request, and let

302 // Blink handle it. https://crbug.com/555418	304 // Blink handle it. https://crbug.com/555418

303 return HeaderDisposition::BYPASS;	305 return HeaderDisposition::BYPASS;

304 }	306 }

305 return result;	307 return result;

306 }	308 }

307	309

308 } // namespace content	310 } // namespace content

OLD	NEW

« no previous file with comments | « no previous file | content/browser/frame_host/form_submission_throttle.cc » ('j') | no next file with comments »