| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2011 Google, Inc. All rights reserved. | 2 * Copyright (C) 2011 Google, Inc. All rights reserved. |
| 3 * | 3 * |
| 4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
| 5 * modification, are permitted provided that the following conditions | 5 * modification, are permitted provided that the following conditions |
| 6 * are met: | 6 * are met: |
| 7 * 1. Redistributions of source code must retain the above copyright | 7 * 1. Redistributions of source code must retain the above copyright |
| 8 * notice, this list of conditions and the following disclaimer. | 8 * notice, this list of conditions and the following disclaimer. |
| 9 * 2. Redistributions in binary form must reproduce the above copyright | 9 * 2. Redistributions in binary form must reproduce the above copyright |
| 10 * notice, this list of conditions and the following disclaimer in the | 10 * notice, this list of conditions and the following disclaimer in the |
| (...skipping 477 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 488 for (const auto& policy : policies) { | 488 for (const auto& policy : policies) { |
| 489 isAllowed &= (policy.get()->*allowFromURLWithNonce)( | 489 isAllowed &= (policy.get()->*allowFromURLWithNonce)( |
| 490 url, nonce, redirectStatus, reportingPolicy); | 490 url, nonce, redirectStatus, reportingPolicy); |
| 491 } | 491 } |
| 492 return isAllowed; | 492 return isAllowed; |
| 493 } | 493 } |
| 494 | 494 |
| 495 template <bool (CSPDirectiveList::*allowFromURLWithNonceAndParser)( | 495 template <bool (CSPDirectiveList::*allowFromURLWithNonceAndParser)( |
| 496 const KURL&, | 496 const KURL&, |
| 497 const String& nonce, | 497 const String& nonce, |
| 498 const IntegrityMetadataSet& hashes, |
| 498 ParserDisposition parserDisposition, | 499 ParserDisposition parserDisposition, |
| 499 RedirectStatus, | 500 RedirectStatus, |
| 500 SecurityViolationReportingPolicy) const> | 501 SecurityViolationReportingPolicy) const> |
| 501 bool isAllowedByAll(const CSPDirectiveListVector& policies, | 502 bool isAllowedByAll(const CSPDirectiveListVector& policies, |
| 502 const KURL& url, | 503 const KURL& url, |
| 503 const String& nonce, | 504 const String& nonce, |
| 505 const IntegrityMetadataSet& hashes, |
| 504 ParserDisposition parserDisposition, | 506 ParserDisposition parserDisposition, |
| 505 RedirectStatus redirectStatus, | 507 RedirectStatus redirectStatus, |
| 506 SecurityViolationReportingPolicy reportingPolicy) { | 508 SecurityViolationReportingPolicy reportingPolicy) { |
| 507 if (ContentSecurityPolicy::shouldBypassContentSecurityPolicy(url)) { | 509 if (ContentSecurityPolicy::shouldBypassContentSecurityPolicy(url)) { |
| 508 // If we're running experimental features, bypass CSP only for | 510 // If we're running experimental features, bypass CSP only for |
| 509 // non-parser-inserted resources whose scheme otherwise bypasses CSP. If | 511 // non-parser-inserted resources whose scheme otherwise bypasses CSP. If |
| 510 // we're not running experimental features, bypass CSP for all resources | 512 // we're not running experimental features, bypass CSP for all resources |
| 511 // regardless of parser state. Once we have more data via the | 513 // regardless of parser state. Once we have more data via the |
| 512 // 'ScriptWithCSPBypassingScheme*' metrics, make a decision about what | 514 // 'ScriptWithCSPBypassingScheme*' metrics, make a decision about what |
| 513 // behavior to ship. https://crbug.com/653521 | 515 // behavior to ship. https://crbug.com/653521 |
| 514 if (parserDisposition == NotParserInserted || | 516 if (parserDisposition == NotParserInserted || |
| 515 !RuntimeEnabledFeatures:: | 517 !RuntimeEnabledFeatures:: |
| 516 experimentalContentSecurityPolicyFeaturesEnabled()) { | 518 experimentalContentSecurityPolicyFeaturesEnabled()) { |
| 517 return true; | 519 return true; |
| 518 } | 520 } |
| 519 } | 521 } |
| 520 | 522 |
| 521 bool isAllowed = true; | 523 bool isAllowed = true; |
| 522 for (const auto& policy : policies) { | 524 for (const auto& policy : policies) { |
| 523 isAllowed &= (policy.get()->*allowFromURLWithNonceAndParser)( | 525 isAllowed &= (policy.get()->*allowFromURLWithNonceAndParser)( |
| 524 url, nonce, parserDisposition, redirectStatus, reportingPolicy); | 526 url, nonce, hashes, parserDisposition, redirectStatus, reportingPolicy); |
| 525 } | 527 } |
| 526 return isAllowed; | 528 return isAllowed; |
| 527 } | 529 } |
| 528 | 530 |
| 529 template <bool (CSPDirectiveList::*allowed)(LocalFrame*, | 531 template <bool (CSPDirectiveList::*allowed)(LocalFrame*, |
| 530 const KURL&, | 532 const KURL&, |
| 531 SecurityViolationReportingPolicy) | 533 SecurityViolationReportingPolicy) |
| 532 const> | 534 const> |
| 533 bool isAllowedByAll(const CSPDirectiveListVector& policies, | 535 bool isAllowedByAll(const CSPDirectiveListVector& policies, |
| 534 LocalFrame* frame, | 536 LocalFrame* frame, |
| (...skipping 156 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 691 if (parentCSP && !parentCSP->allowPluginType(type, typeAttribute, url)) | 693 if (parentCSP && !parentCSP->allowPluginType(type, typeAttribute, url)) |
| 692 return false; | 694 return false; |
| 693 } | 695 } |
| 694 | 696 |
| 695 return true; | 697 return true; |
| 696 } | 698 } |
| 697 | 699 |
| 698 bool ContentSecurityPolicy::allowScriptFromSource( | 700 bool ContentSecurityPolicy::allowScriptFromSource( |
| 699 const KURL& url, | 701 const KURL& url, |
| 700 const String& nonce, | 702 const String& nonce, |
| 703 const IntegrityMetadataSet& hashes, |
| 701 ParserDisposition parserDisposition, | 704 ParserDisposition parserDisposition, |
| 702 RedirectStatus redirectStatus, | 705 RedirectStatus redirectStatus, |
| 703 SecurityViolationReportingPolicy reportingPolicy) const { | 706 SecurityViolationReportingPolicy reportingPolicy) const { |
| 704 if (shouldBypassContentSecurityPolicy(url)) { | 707 if (shouldBypassContentSecurityPolicy(url)) { |
| 705 UseCounter::count( | 708 UseCounter::count( |
| 706 document(), | 709 document(), |
| 707 parserDisposition == ParserInserted | 710 parserDisposition == ParserInserted |
| 708 ? UseCounter::ScriptWithCSPBypassingSchemeParserInserted | 711 ? UseCounter::ScriptWithCSPBypassingSchemeParserInserted |
| 709 : UseCounter::ScriptWithCSPBypassingSchemeNotParserInserted); | 712 : UseCounter::ScriptWithCSPBypassingSchemeNotParserInserted); |
| 710 } | 713 } |
| 711 return isAllowedByAll<&CSPDirectiveList::allowScriptFromSource>( | 714 return isAllowedByAll<&CSPDirectiveList::allowScriptFromSource>( |
| 712 m_policies, url, nonce, parserDisposition, redirectStatus, | 715 m_policies, url, nonce, hashes, parserDisposition, redirectStatus, |
| 713 reportingPolicy); | 716 reportingPolicy); |
| 714 } | 717 } |
| 715 | 718 |
| 716 bool ContentSecurityPolicy::allowScriptWithHash(const String& source, | 719 bool ContentSecurityPolicy::allowScriptWithHash(const String& source, |
| 717 InlineType type) const { | 720 InlineType type) const { |
| 718 return checkDigest<&CSPDirectiveList::allowScriptHash>( | 721 return checkDigest<&CSPDirectiveList::allowScriptHash>( |
| 719 source, type, m_scriptHashAlgorithmsUsed, m_policies); | 722 source, type, m_scriptHashAlgorithmsUsed, m_policies); |
| 720 } | 723 } |
| 721 | 724 |
| 722 bool ContentSecurityPolicy::allowStyleWithHash(const String& source, | 725 bool ContentSecurityPolicy::allowStyleWithHash(const String& source, |
| (...skipping 49 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 772 case WebURLRequest::RequestContextFont: | 775 case WebURLRequest::RequestContextFont: |
| 773 return allowFontFromSource(url, redirectStatus, reportingPolicy); | 776 return allowFontFromSource(url, redirectStatus, reportingPolicy); |
| 774 case WebURLRequest::RequestContextForm: | 777 case WebURLRequest::RequestContextForm: |
| 775 return allowFormAction(url, redirectStatus, reportingPolicy); | 778 return allowFormAction(url, redirectStatus, reportingPolicy); |
| 776 case WebURLRequest::RequestContextFrame: | 779 case WebURLRequest::RequestContextFrame: |
| 777 case WebURLRequest::RequestContextIframe: | 780 case WebURLRequest::RequestContextIframe: |
| 778 return allowFrameFromSource(url, redirectStatus, reportingPolicy); | 781 return allowFrameFromSource(url, redirectStatus, reportingPolicy); |
| 779 case WebURLRequest::RequestContextImport: | 782 case WebURLRequest::RequestContextImport: |
| 780 case WebURLRequest::RequestContextScript: | 783 case WebURLRequest::RequestContextScript: |
| 781 case WebURLRequest::RequestContextXSLT: | 784 case WebURLRequest::RequestContextXSLT: |
| 782 return allowScriptFromSource(url, nonce, parserDisposition, | 785 return allowScriptFromSource(url, nonce, integrityMetadata, |
| 783 redirectStatus, reportingPolicy); | 786 parserDisposition, redirectStatus, |
| 787 reportingPolicy); |
| 784 case WebURLRequest::RequestContextManifest: | 788 case WebURLRequest::RequestContextManifest: |
| 785 return allowManifestFromSource(url, redirectStatus, reportingPolicy); | 789 return allowManifestFromSource(url, redirectStatus, reportingPolicy); |
| 786 case WebURLRequest::RequestContextServiceWorker: | 790 case WebURLRequest::RequestContextServiceWorker: |
| 787 case WebURLRequest::RequestContextSharedWorker: | 791 case WebURLRequest::RequestContextSharedWorker: |
| 788 case WebURLRequest::RequestContextWorker: | 792 case WebURLRequest::RequestContextWorker: |
| 789 return allowWorkerContextFromSource(url, redirectStatus, reportingPolicy); | 793 return allowWorkerContextFromSource(url, redirectStatus, reportingPolicy); |
| 790 case WebURLRequest::RequestContextStyle: | 794 case WebURLRequest::RequestContextStyle: |
| 791 return allowStyleFromSource(url, nonce, redirectStatus, reportingPolicy); | 795 return allowStyleFromSource(url, nonce, redirectStatus, reportingPolicy); |
| 792 case WebURLRequest::RequestContextCSPReport: | 796 case WebURLRequest::RequestContextCSPReport: |
| 793 case WebURLRequest::RequestContextDownload: | 797 case WebURLRequest::RequestContextDownload: |
| (...skipping 100 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 894 RedirectStatus redirectStatus, | 898 RedirectStatus redirectStatus, |
| 895 SecurityViolationReportingPolicy reportingPolicy) const { | 899 SecurityViolationReportingPolicy reportingPolicy) const { |
| 896 // CSP 1.1 moves workers from 'script-src' to the new 'child-src'. Measure the | 900 // CSP 1.1 moves workers from 'script-src' to the new 'child-src'. Measure the |
| 897 // impact of this backwards-incompatible change. | 901 // impact of this backwards-incompatible change. |
| 898 if (Document* document = this->document()) { | 902 if (Document* document = this->document()) { |
| 899 UseCounter::count(*document, UseCounter::WorkerSubjectToCSP); | 903 UseCounter::count(*document, UseCounter::WorkerSubjectToCSP); |
| 900 if (isAllowedByAll<&CSPDirectiveList::allowWorkerFromSource>( | 904 if (isAllowedByAll<&CSPDirectiveList::allowWorkerFromSource>( |
| 901 m_policies, url, redirectStatus, | 905 m_policies, url, redirectStatus, |
| 902 SecurityViolationReportingPolicy::SuppressReporting) && | 906 SecurityViolationReportingPolicy::SuppressReporting) && |
| 903 !isAllowedByAll<&CSPDirectiveList::allowScriptFromSource>( | 907 !isAllowedByAll<&CSPDirectiveList::allowScriptFromSource>( |
| 904 m_policies, url, AtomicString(), NotParserInserted, redirectStatus, | 908 m_policies, url, AtomicString(), IntegrityMetadataSet(), |
| 909 NotParserInserted, redirectStatus, |
| 905 SecurityViolationReportingPolicy::SuppressReporting)) { | 910 SecurityViolationReportingPolicy::SuppressReporting)) { |
| 906 UseCounter::count(*document, | 911 UseCounter::count(*document, |
| 907 UseCounter::WorkerAllowedByChildBlockedByScript); | 912 UseCounter::WorkerAllowedByChildBlockedByScript); |
| 908 } | 913 } |
| 909 } | 914 } |
| 910 | 915 |
| 911 return isAllowedByAll<&CSPDirectiveList::allowWorkerFromSource>( | 916 return isAllowedByAll<&CSPDirectiveList::allowWorkerFromSource>( |
| 912 m_policies, url, redirectStatus, reportingPolicy); | 917 m_policies, url, redirectStatus, reportingPolicy); |
| 913 } | 918 } |
| 914 | 919 |
| (...skipping 696 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1611 if (SecurityOrigin::shouldUseInnerURL(url)) { | 1616 if (SecurityOrigin::shouldUseInnerURL(url)) { |
| 1612 return SchemeRegistry::schemeShouldBypassContentSecurityPolicy( | 1617 return SchemeRegistry::schemeShouldBypassContentSecurityPolicy( |
| 1613 SecurityOrigin::extractInnerURL(url).protocol(), area); | 1618 SecurityOrigin::extractInnerURL(url).protocol(), area); |
| 1614 } else { | 1619 } else { |
| 1615 return SchemeRegistry::schemeShouldBypassContentSecurityPolicy( | 1620 return SchemeRegistry::schemeShouldBypassContentSecurityPolicy( |
| 1616 url.protocol(), area); | 1621 url.protocol(), area); |
| 1617 } | 1622 } |
| 1618 } | 1623 } |
| 1619 | 1624 |
| 1620 } // namespace blink | 1625 } // namespace blink |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2784753003:
CSP: Enable whitelisting of external JavaScript via hashes (Closed)
