content/renderer/render_frame_proxy.cc - Issue 2764993002: CSP: group policies in didAddContentSecurityPolicy.

Side by Side Diff: content/renderer/render_frame_proxy.cc

Issue 2764993002: CSP: group policies in didAddContentSecurityPolicy. (Closed)

Patch Set: Nit. Created 3 years, 9 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

« content/browser/frame_host/render_frame_host_impl.cc ('K') | « content/renderer/render_frame_proxy.h ('k') | third_party/WebKit/Source/core/frame/LocalFrameClient.h » ('j') | third_party/WebKit/Source/core/frame/LocalFrameClient.h » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
1 // Copyright 2014 The Chromium Authors. All rights reserved.	1 // Copyright 2014 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "content/renderer/render_frame_proxy.h"	5 #include "content/renderer/render_frame_proxy.h"

6	6

7 #include <stdint.h>	7 #include <stdint.h>

8 #include <map>	8 #include <map>

9 #include <utility>	9 #include <utility>

10	10

(...skipping 213 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
224 web_frame_->setReplicatedName(blink::WebString::fromUTF8(state.name));	224 web_frame_->setReplicatedName(blink::WebString::fromUTF8(state.name));

225 web_frame_->setReplicatedInsecureRequestPolicy(state.insecure_request_policy);	225 web_frame_->setReplicatedInsecureRequestPolicy(state.insecure_request_policy);

226 web_frame_->setReplicatedPotentiallyTrustworthyUniqueOrigin(	226 web_frame_->setReplicatedPotentiallyTrustworthyUniqueOrigin(

227 state.has_potentially_trustworthy_unique_origin);	227 state.has_potentially_trustworthy_unique_origin);

228 web_frame_->setReplicatedFeaturePolicyHeader(	228 web_frame_->setReplicatedFeaturePolicyHeader(

229 FeaturePolicyHeaderToWeb(state.feature_policy_header));	229 FeaturePolicyHeaderToWeb(state.feature_policy_header));

230 if (state.has_received_user_gesture)	230 if (state.has_received_user_gesture)

231 web_frame_->setHasReceivedUserGesture();	231 web_frame_->setHasReceivedUserGesture();

232	232

233 web_frame_->resetReplicatedContentSecurityPolicy();	233 web_frame_->resetReplicatedContentSecurityPolicy();

234 for (const auto& header : state.accumulated_csp_headers)	234 OnAddContentSecurityPolicies(state.accumulated_csp_headers);

235 OnAddContentSecurityPolicy(header);

236 }	235 }

237	236

238 // Update the proxy's SecurityContext and FrameOwner with new sandbox flags	237 // Update the proxy's SecurityContext and FrameOwner with new sandbox flags

239 // that were set by its parent in another process.	238 // that were set by its parent in another process.

240 //	239 //

241 // Normally, when a frame's sandbox attribute is changed dynamically, the	240 // Normally, when a frame's sandbox attribute is changed dynamically, the

242 // frame's FrameOwner is updated with the new sandbox flags right away, while	241 // frame's FrameOwner is updated with the new sandbox flags right away, while

243 // the frame's SecurityContext is updated when the frame is navigated and the	242 // the frame's SecurityContext is updated when the frame is navigated and the

244 // new sandbox flags take effect.	243 // new sandbox flags take effect.

245 //	244 //

(...skipping 23 matching lines...) Expand all Loading...
269 IPC_BEGIN_MESSAGE_MAP(RenderFrameProxy, msg)	268 IPC_BEGIN_MESSAGE_MAP(RenderFrameProxy, msg)

270 IPC_MESSAGE_HANDLER(FrameMsg_DeleteProxy, OnDeleteProxy)	269 IPC_MESSAGE_HANDLER(FrameMsg_DeleteProxy, OnDeleteProxy)

271 IPC_MESSAGE_HANDLER(FrameMsg_ChildFrameProcessGone, OnChildFrameProcessGone)	270 IPC_MESSAGE_HANDLER(FrameMsg_ChildFrameProcessGone, OnChildFrameProcessGone)

272 IPC_MESSAGE_HANDLER(FrameMsg_SetChildFrameSurface, OnSetChildFrameSurface)	271 IPC_MESSAGE_HANDLER(FrameMsg_SetChildFrameSurface, OnSetChildFrameSurface)

273 IPC_MESSAGE_HANDLER(FrameMsg_UpdateOpener, OnUpdateOpener)	272 IPC_MESSAGE_HANDLER(FrameMsg_UpdateOpener, OnUpdateOpener)

274 IPC_MESSAGE_HANDLER(FrameMsg_DidStartLoading, OnDidStartLoading)	273 IPC_MESSAGE_HANDLER(FrameMsg_DidStartLoading, OnDidStartLoading)

275 IPC_MESSAGE_HANDLER(FrameMsg_DidStopLoading, OnDidStopLoading)	274 IPC_MESSAGE_HANDLER(FrameMsg_DidStopLoading, OnDidStopLoading)

276 IPC_MESSAGE_HANDLER(FrameMsg_DidUpdateSandboxFlags, OnDidUpdateSandboxFlags)	275 IPC_MESSAGE_HANDLER(FrameMsg_DidUpdateSandboxFlags, OnDidUpdateSandboxFlags)

277 IPC_MESSAGE_HANDLER(FrameMsg_DispatchLoad, OnDispatchLoad)	276 IPC_MESSAGE_HANDLER(FrameMsg_DispatchLoad, OnDispatchLoad)

278 IPC_MESSAGE_HANDLER(FrameMsg_DidUpdateName, OnDidUpdateName)	277 IPC_MESSAGE_HANDLER(FrameMsg_DidUpdateName, OnDidUpdateName)

279 IPC_MESSAGE_HANDLER(FrameMsg_AddContentSecurityPolicy,	278 IPC_MESSAGE_HANDLER(FrameMsg_AddContentSecurityPolicies,

280 OnAddContentSecurityPolicy)	279 OnAddContentSecurityPolicies)

281 IPC_MESSAGE_HANDLER(FrameMsg_ResetContentSecurityPolicy,	280 IPC_MESSAGE_HANDLER(FrameMsg_ResetContentSecurityPolicy,

282 OnResetContentSecurityPolicy)	281 OnResetContentSecurityPolicy)

283 IPC_MESSAGE_HANDLER(FrameMsg_EnforceInsecureRequestPolicy,	282 IPC_MESSAGE_HANDLER(FrameMsg_EnforceInsecureRequestPolicy,

284 OnEnforceInsecureRequestPolicy)	283 OnEnforceInsecureRequestPolicy)

285 IPC_MESSAGE_HANDLER(FrameMsg_SetFrameOwnerProperties,	284 IPC_MESSAGE_HANDLER(FrameMsg_SetFrameOwnerProperties,

286 OnSetFrameOwnerProperties)	285 OnSetFrameOwnerProperties)

287 IPC_MESSAGE_HANDLER(FrameMsg_DidUpdateOrigin, OnDidUpdateOrigin)	286 IPC_MESSAGE_HANDLER(FrameMsg_DidUpdateOrigin, OnDidUpdateOrigin)

288 IPC_MESSAGE_HANDLER(InputMsg_SetFocus, OnSetPageFocus)	287 IPC_MESSAGE_HANDLER(InputMsg_SetFocus, OnSetPageFocus)

289 IPC_MESSAGE_HANDLER(FrameMsg_SetFocusedFrame, OnSetFocusedFrame)	288 IPC_MESSAGE_HANDLER(FrameMsg_SetFocusedFrame, OnSetFocusedFrame)

290 IPC_MESSAGE_HANDLER(FrameMsg_WillEnterFullscreen, OnWillEnterFullscreen)	289 IPC_MESSAGE_HANDLER(FrameMsg_WillEnterFullscreen, OnWillEnterFullscreen)

(...skipping 53 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
344 void RenderFrameProxy::OnDispatchLoad() {	343 void RenderFrameProxy::OnDispatchLoad() {

345 web_frame_->dispatchLoadEventOnFrameOwner();	344 web_frame_->dispatchLoadEventOnFrameOwner();

346 }	345 }

347	346

348 void RenderFrameProxy::OnDidUpdateName(const std::string& name,	347 void RenderFrameProxy::OnDidUpdateName(const std::string& name,

349 const std::string& unique_name) {	348 const std::string& unique_name) {

350 web_frame_->setReplicatedName(blink::WebString::fromUTF8(name));	349 web_frame_->setReplicatedName(blink::WebString::fromUTF8(name));

351 unique_name_ = unique_name;	350 unique_name_ = unique_name;

352 }	351 }

353	352

354 void RenderFrameProxy::OnAddContentSecurityPolicy(	353 void RenderFrameProxy::OnAddContentSecurityPolicies(

355 const ContentSecurityPolicyHeader& header) {	354 const std::vector<ContentSecurityPolicyHeader>& headers) {
	alexmos 2017/03/25 01:46:27 Is anything stopping us now from sending over the Is anything stopping us now from sending over the real policies to the proxies, instead of reparsing policies from the headers? That would be a nice cleanup to do in a followup. arthursonzogni 2017/03/27 12:03:52 We need this when PlzNavigate is disabled and OOPI Show quoted text On 2017/03/25 01:46:27, alexmos wrote: > Is anything stopping us now from sending over the real policies to the proxies, > instead of reparsing policies from the headers? That would be a nice cleanup to > do in a followup. We need this when PlzNavigate is disabled and OOPIF enabled. The browser-side enforcement of the CSP works only with PlzNavigate. I think that as soon as PlzNavigate is shipped, we will be able to remove the replication of the CSP among the remote frame. That would be a nice cleanup. Alternatively, it would be possible to enable the browser-side enforcement of the CSP when PlzNavigate is disabled. FYI, I am currently blocked on making this patch: https://codereview.chromium.org/2698623006/ working without PlzNavigate. alexmos 2017/03/27 18:27:22 I agree we still need this for OOPIF without PlzNa Show quoted text On 2017/03/27 12:03:52, arthursonzogni wrote: > On 2017/03/25 01:46:27, alexmos wrote: > > Is anything stopping us now from sending over the real policies to the > proxies, > > instead of reparsing policies from the headers? That would be a nice cleanup > to > > do in a followup. > > We need this when PlzNavigate is disabled and OOPIF enabled. The browser-side > enforcement of the CSP works only with PlzNavigate. > > I think that as soon as PlzNavigate is shipped, we will be able to remove the > replication of the CSP among the remote frame. That would be a nice cleanup. > Alternatively, it would be possible to enable the browser-side enforcement of > the CSP when PlzNavigate is disabled. FYI, I am currently blocked on making this > patch: > https://codereview.chromium.org/2698623006/ > working without PlzNavigate. > > I agree we still need this for OOPIF without PlzNavigate, I was just thinking whether FrameMsg_AddContentSecurityPolicies could pass not ContentSecurityPolicyHeaders, but rather a vector of content::ContentSecurityPolicy. With the former, we end up reparsing the same policy multiple times in each OOPIF renderer, and with the latter we'd avoid that. Back when we did the CSP header replication, we didn't have content::ContentSecurityPolicy, but now we do. But that'll probably involve modifying FrameReplicationState as well, and you're probably right that it's just easier to wait for PlzNavigate to ship and remove this altogether. arthursonzogni 2017/03/28 11:12:21 Yes, I think it would be possible to convert back Show quoted text On 2017/03/27 18:27:22, alexmos wrote: > On 2017/03/27 12:03:52, arthursonzogni wrote: > > On 2017/03/25 01:46:27, alexmos wrote: > > > Is anything stopping us now from sending over the real policies to the > > proxies, > > > instead of reparsing policies from the headers? That would be a nice > cleanup > > to > > > do in a followup. > > > > We need this when PlzNavigate is disabled and OOPIF enabled. The browser-side > > enforcement of the CSP works only with PlzNavigate. > > > > I think that as soon as PlzNavigate is shipped, we will be able to remove the > > replication of the CSP among the remote frame. That would be a nice cleanup. > > Alternatively, it would be possible to enable the browser-side enforcement of > > the CSP when PlzNavigate is disabled. FYI, I am currently blocked on making > this > > patch: > > https://codereview.chromium.org/2698623006/ > > working without PlzNavigate. > > > > > > I agree we still need this for OOPIF without PlzNavigate, I was just thinking > whether FrameMsg_AddContentSecurityPolicies could pass not > ContentSecurityPolicyHeaders, but rather a vector of > content::ContentSecurityPolicy. With the former, we end up reparsing the same > policy multiple times in each OOPIF renderer, and with the latter we'd avoid > that. Back when we did the CSP header replication, we didn't have > content::ContentSecurityPolicy, but now we do. But that'll probably involve > modifying FrameReplicationState as well, and you're probably right that it's > just easier to wait for PlzNavigate to ship and remove this altogether. Yes, I think it would be possible to convert back the content::ContentSecurityPolicy to the blink::CSPDirectiveList if we wanted to, such that it isn't need to parse the header again. I don't know. Let's say we will do nothing for the moment and wait for the CSP replication not to be needed anymore and removed.
356 web_frame_->addReplicatedContentSecurityPolicyHeader(	355 for (const auto& header : headers) {

357 blink::WebString::fromUTF8(header.header_value), header.type,	356 web_frame_->addReplicatedContentSecurityPolicyHeader(

358 header.source);	357 blink::WebString::fromUTF8(header.header_value), header.type,

	358 header.source);

	359 }

359 }	360 }

360	361

361 void RenderFrameProxy::OnResetContentSecurityPolicy() {	362 void RenderFrameProxy::OnResetContentSecurityPolicy() {

362 web_frame_->resetReplicatedContentSecurityPolicy();	363 web_frame_->resetReplicatedContentSecurityPolicy();

363 }	364 }

364	365

365 void RenderFrameProxy::OnEnforceInsecureRequestPolicy(	366 void RenderFrameProxy::OnEnforceInsecureRequestPolicy(

366 blink::WebInsecureRequestPolicy policy) {	367 blink::WebInsecureRequestPolicy policy) {

367 web_frame_->setReplicatedInsecureRequestPolicy(policy);	368 web_frame_->setReplicatedInsecureRequestPolicy(policy);

368 }	369 }

(...skipping 158 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
527 blink::WebLocalFrame* source) {	528 blink::WebLocalFrame* source) {

528 int source_routing_id = RenderFrameImpl::FromWebFrame(source)->GetRoutingID();	529 int source_routing_id = RenderFrameImpl::FromWebFrame(source)->GetRoutingID();

529 Send(new FrameHostMsg_AdvanceFocus(routing_id_, type, source_routing_id));	530 Send(new FrameHostMsg_AdvanceFocus(routing_id_, type, source_routing_id));

530 }	531 }

531	532

532 void RenderFrameProxy::frameFocused() {	533 void RenderFrameProxy::frameFocused() {

533 Send(new FrameHostMsg_FrameFocused(routing_id_));	534 Send(new FrameHostMsg_FrameFocused(routing_id_));

534 }	535 }

535	536

536 } // namespace	537 } // namespace

OLD	NEW