Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(151)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: content/common/content_security_policy/content_security_policy.cc

Issue 2761153003: PlzNavigate & CSP. Use the SourceLocation in violation reports. (Closed)
Patch Set: Addressed comment @alexmos Created 3 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « content/common/content_security_policy/content_security_policy.h ('k') | content/common/content_security_policy/content_security_policy_unittest.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: content/common/content_security_policy/content_security_policy.cc
diff --git a/content/common/content_security_policy/content_security_policy.cc b/content/common/content_security_policy/content_security_policy.cc
index c7801000e066ab94884af0aa5a89ad2176b6eff7..204e262f52cbfcece5bff406628ca827424ea4f1 100644
--- a/content/common/content_security_policy/content_security_policy.cc
+++ b/content/common/content_security_policy/content_security_policy.cc
@@ -42,7 +42,8 @@ void ReportViolation(CSPContext* context,
const CSPDirective& directive,
const CSPDirective::Name directive_name,
const GURL& url,
- bool is_redirect) {
+ bool is_redirect,
+ const SourceLocation& source_location) {
// We should never have a violation against `child-src` or `default-src`
// directly; the effective directive should always be one of the explicit
// fetch directives.
@@ -72,13 +73,11 @@ void ReportViolation(CSPContext* context,
message << "\n";
- context->LogToConsole(message.str());
-
context->ReportContentSecurityPolicyViolation(CSPViolationParams(
CSPDirective::NameToString(directive.name),
CSPDirective::NameToString(directive_name), message.str(), url,
policy.report_endpoints, policy.header.header_value, policy.header.type,
- is_redirect));
+ is_redirect, source_location));
}
bool AllowDirective(CSPContext* context,
@@ -86,11 +85,13 @@ bool AllowDirective(CSPContext* context,
const CSPDirective& directive,
CSPDirective::Name directive_name,
const GURL& url,
- bool is_redirect) {
+ bool is_redirect,
+ const SourceLocation& source_location) {
if (CSPSourceList::Allow(directive.source_list, url, context, is_redirect))
return true;
- ReportViolation(context, policy, directive, directive_name, url, is_redirect);
+ ReportViolation(context, policy, directive, directive_name, url, is_redirect,
+ source_location);
return false;
}
@@ -117,14 +118,16 @@ ContentSecurityPolicy::~ContentSecurityPolicy() = default;
bool ContentSecurityPolicy::Allow(const ContentSecurityPolicy& policy,
CSPDirective::Name directive_name,
const GURL& url,
+ bool is_redirect,
CSPContext* context,
- bool is_redirect) {
+ const SourceLocation& source_location) {
CSPDirective::Name current_directive_name = directive_name;
do {
for (const CSPDirective& directive : policy.directives) {
if (directive.name == current_directive_name) {
- bool allowed = AllowDirective(context, policy, directive,
- directive_name, url, is_redirect);
+ bool allowed =
+ AllowDirective(context, policy, directive, directive_name, url,
+ is_redirect, source_location);
return allowed ||
policy.header.type == blink::WebContentSecurityPolicyTypeReport;
}
« no previous file with comments | « content/common/content_security_policy/content_security_policy.h ('k') | content/common/content_security_policy/content_security_policy_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698