OLD | NEW |
1 // Copyright 2017 The Chromium Authors. All rights reserved. | 1 // Copyright 2017 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "content/common/content_security_policy/csp_context.h" | 5 #include "content/common/content_security_policy/csp_context.h" |
6 | 6 |
7 namespace content { | 7 namespace content { |
8 | 8 |
9 CSPContext::CSPContext() : has_self_(false) {} | 9 CSPContext::CSPContext() : has_self_(false) {} |
10 | 10 |
11 CSPContext::~CSPContext() {} | 11 CSPContext::~CSPContext() {} |
12 | 12 |
13 bool CSPContext::IsAllowedByCsp(CSPDirective::Name directive_name, | 13 bool CSPContext::EnforceCsp(CSPDirective::Name directive_name, |
14 const GURL& url, | 14 const GURL& url, |
15 bool is_redirect) { | 15 bool is_redirect, |
| 16 const SourceLocation& source_location) { |
16 if (SchemeShouldBypassCSP(url.scheme_piece())) | 17 if (SchemeShouldBypassCSP(url.scheme_piece())) |
17 return true; | 18 return true; |
18 | 19 |
19 for (const auto& policy : policies_) { | 20 for (const auto& policy : policies_) { |
20 if (!ContentSecurityPolicy::Allow(policy, directive_name, url, this, | 21 if (!ContentSecurityPolicy::Allow(policy, directive_name, url, is_redirect, |
21 is_redirect)) | 22 this, source_location)) |
22 return false; | 23 return false; |
23 } | 24 } |
24 return true; | 25 return true; |
25 } | 26 } |
26 | 27 |
27 void CSPContext::SetSelf(const url::Origin origin) { | 28 void CSPContext::SetSelf(const url::Origin origin) { |
28 if (origin.unique()) { | 29 if (origin.unique()) { |
29 // TODO(arthursonzogni): Decide what to do with unique origins. | 30 // TODO(arthursonzogni): Decide what to do with unique origins. |
30 has_self_ = false; | 31 has_self_ = false; |
31 return; | 32 return; |
(...skipping 20 matching lines...) Expand all Loading... |
52 } | 53 } |
53 | 54 |
54 bool CSPContext::ProtocolMatchesSelf(const GURL& url) { | 55 bool CSPContext::ProtocolMatchesSelf(const GURL& url) { |
55 if (!has_self_) | 56 if (!has_self_) |
56 return false; | 57 return false; |
57 if (self_scheme_ == url::kHttpScheme) | 58 if (self_scheme_ == url::kHttpScheme) |
58 return url.SchemeIsHTTPOrHTTPS() || url.SchemeIsSuborigin(); | 59 return url.SchemeIsHTTPOrHTTPS() || url.SchemeIsSuborigin(); |
59 return url.SchemeIs(self_scheme_); | 60 return url.SchemeIs(self_scheme_); |
60 } | 61 } |
61 | 62 |
62 void CSPContext::LogToConsole(const std::string& message) { | |
63 return; | |
64 } | |
65 | |
66 bool CSPContext::SchemeShouldBypassCSP(const base::StringPiece& scheme) { | 63 bool CSPContext::SchemeShouldBypassCSP(const base::StringPiece& scheme) { |
67 return false; | 64 return false; |
68 } | 65 } |
69 | 66 |
70 bool CSPContext::SelfSchemeShouldBypassCsp() { | 67 bool CSPContext::SelfSchemeShouldBypassCsp() { |
71 if (!has_self_) | 68 if (!has_self_) |
72 return false; | 69 return false; |
73 return SchemeShouldBypassCSP(self_scheme_); | 70 return SchemeShouldBypassCSP(self_scheme_); |
74 } | 71 } |
75 | 72 |
76 void CSPContext::ReportContentSecurityPolicyViolation( | 73 void CSPContext::ReportContentSecurityPolicyViolation( |
77 const CSPViolationParams& violation_params) { | 74 const CSPViolationParams& violation_params) { |
78 return; | 75 return; |
79 } | 76 } |
80 | 77 |
81 CSPViolationParams::CSPViolationParams() = default; | 78 CSPViolationParams::CSPViolationParams() = default; |
82 | 79 |
83 CSPViolationParams::CSPViolationParams( | 80 CSPViolationParams::CSPViolationParams( |
84 const std::string& directive, | 81 const std::string& directive, |
85 const std::string& effective_directive, | 82 const std::string& effective_directive, |
86 const std::string& console_message, | 83 const std::string& console_message, |
87 const GURL& blocked_url, | 84 const GURL& blocked_url, |
88 const std::vector<std::string>& report_endpoints, | 85 const std::vector<std::string>& report_endpoints, |
89 const std::string& header, | 86 const std::string& header, |
90 const blink::WebContentSecurityPolicyType& disposition, | 87 const blink::WebContentSecurityPolicyType& disposition, |
91 bool after_redirect) | 88 bool after_redirect, |
| 89 const SourceLocation& source_location) |
92 : directive(directive), | 90 : directive(directive), |
93 effective_directive(effective_directive), | 91 effective_directive(effective_directive), |
94 console_message(console_message), | 92 console_message(console_message), |
95 blocked_url(blocked_url), | 93 blocked_url(blocked_url), |
96 report_endpoints(report_endpoints), | 94 report_endpoints(report_endpoints), |
97 header(header), | 95 header(header), |
98 disposition(disposition), | 96 disposition(disposition), |
99 after_redirect(after_redirect) {} | 97 after_redirect(after_redirect), |
| 98 source_location(source_location) {} |
100 | 99 |
101 CSPViolationParams::CSPViolationParams(const CSPViolationParams& other) = | 100 CSPViolationParams::CSPViolationParams(const CSPViolationParams& other) = |
102 default; | 101 default; |
103 | 102 |
104 CSPViolationParams::~CSPViolationParams() {} | 103 CSPViolationParams::~CSPViolationParams() {} |
105 | 104 |
106 } // namespace content | 105 } // namespace content |
OLD | NEW |