Index: content/common/content_security_policy/content_security_policy.cc |
diff --git a/content/common/content_security_policy/content_security_policy.cc b/content/common/content_security_policy/content_security_policy.cc |
index 745cb1c2fb11f3c940a7c17e6fd4a29fd38c2594..ae3e1dbc048f6f41af17a74613f2bf77ca6b55f6 100644 |
--- a/content/common/content_security_policy/content_security_policy.cc |
+++ b/content/common/content_security_policy/content_security_policy.cc |
@@ -42,7 +42,8 @@ void ReportViolation(CSPContext* context, |
const CSPDirective& directive, |
const CSPDirective::Name directive_name, |
const GURL& url, |
- bool is_redirect) { |
+ bool is_redirect, |
+ const SourceLocation& source_location) { |
// We should never have a violation against `child-src` or `default-src` |
// directly; the effective directive should always be one of the explicit |
// fetch directives. |
@@ -72,12 +73,11 @@ void ReportViolation(CSPContext* context, |
message << "\n"; |
- context->LogToConsole(message.str()); |
- |
context->ReportContentSecurityPolicyViolation(CSPViolationParams( |
CSPDirective::NameToString(directive.name), |
CSPDirective::NameToString(directive_name), message.str(), url, |
- policy.report_endpoints, policy.header, policy.disposition, is_redirect)); |
+ policy.report_endpoints, policy.header, policy.disposition, is_redirect, |
+ source_location)); |
} |
bool AllowDirective(CSPContext* context, |
@@ -85,11 +85,13 @@ bool AllowDirective(CSPContext* context, |
const CSPDirective& directive, |
CSPDirective::Name directive_name, |
const GURL& url, |
- bool is_redirect) { |
+ bool is_redirect, |
+ const SourceLocation& source_location) { |
if (CSPSourceList::Allow(directive.source_list, url, context, is_redirect)) |
return true; |
- ReportViolation(context, policy, directive, directive_name, url, is_redirect); |
+ ReportViolation(context, policy, directive, directive_name, url, is_redirect, |
+ source_location); |
return false; |
} |
@@ -119,14 +121,16 @@ ContentSecurityPolicy::~ContentSecurityPolicy() = default; |
bool ContentSecurityPolicy::Allow(const ContentSecurityPolicy& policy, |
CSPDirective::Name directive_name, |
const GURL& url, |
+ bool is_redirect, |
CSPContext* context, |
- bool is_redirect) { |
+ const SourceLocation& source_location) { |
CSPDirective::Name current_directive_name = directive_name; |
do { |
for (const CSPDirective& directive : policy.directives) { |
if (directive.name == current_directive_name) { |
- bool allowed = AllowDirective(context, policy, directive, |
- directive_name, url, is_redirect); |
+ bool allowed = |
+ AllowDirective(context, policy, directive, directive_name, url, |
+ is_redirect, source_location); |
return allowed || |
policy.disposition == blink::WebContentSecurityPolicyTypeReport; |
} |