Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(7)

Side by Side Diff: content/common/content_security_policy/csp_context.cc

Issue 2792013002: Stop CSP from matching independent scheme/port upgrades (content layer) (Closed)
Patch Set: Format changes Created 3 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
OLDNEW
1 // Copyright 2017 The Chromium Authors. All rights reserved. 1 // Copyright 2017 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "content/common/content_security_policy/csp_context.h" 5 #include "content/common/content_security_policy/csp_context.h"
6 6
7 namespace content { 7 namespace content {
8 8
9 CSPContext::CSPContext() : has_self_(false) {} 9 CSPContext::CSPContext() : has_self_(false) {}
10 10
(...skipping 34 matching lines...) Expand 10 before | Expand all | Expand 10 after
45 self_source_ = CSPSource( 45 self_source_ = CSPSource(
46 origin.scheme(), origin.host(), false, 46 origin.scheme(), origin.host(), false,
47 origin.port() == 0 ? url::PORT_UNSPECIFIED : origin.port(), // port 47 origin.port() == 0 ? url::PORT_UNSPECIFIED : origin.port(), // port
48 false, ""); 48 false, "");
49 } 49 }
50 50
51 bool CSPContext::AllowSelf(const GURL& url) { 51 bool CSPContext::AllowSelf(const GURL& url) {
52 return has_self_ && CSPSource::Allow(self_source_, url, this); 52 return has_self_ && CSPSource::Allow(self_source_, url, this);
53 } 53 }
54 54
55 bool CSPContext::ProtocolMatchesSelf(const GURL& url) { 55 bool CSPContext::ProtocolIsSelf(const GURL& url) {
56 if (!has_self_) 56 if (!has_self_)
57 return false; 57 return false;
58 if (self_scheme_ == url::kHttpScheme)
59 return url.SchemeIsHTTPOrHTTPS() || url.SchemeIsSuborigin();
60 return url.SchemeIs(self_scheme_); 58 return url.SchemeIs(self_scheme_);
61 } 59 }
62 60
61 const std::string& CSPContext::GetSelfScheme() {
62 return self_scheme_;
63 }
64
63 bool CSPContext::SchemeShouldBypassCSP(const base::StringPiece& scheme) { 65 bool CSPContext::SchemeShouldBypassCSP(const base::StringPiece& scheme) {
64 return false; 66 return false;
65 } 67 }
66 68
67 bool CSPContext::SelfSchemeShouldBypassCsp() { 69 bool CSPContext::SelfSchemeShouldBypassCsp() {
68 if (!has_self_) 70 if (!has_self_)
69 return false; 71 return false;
70 return SchemeShouldBypassCSP(self_scheme_); 72 return SchemeShouldBypassCSP(self_scheme_);
71 } 73 }
72 74
(...skipping 23 matching lines...) Expand all
96 disposition(disposition), 98 disposition(disposition),
97 after_redirect(after_redirect), 99 after_redirect(after_redirect),
98 source_location(source_location) {} 100 source_location(source_location) {}
99 101
100 CSPViolationParams::CSPViolationParams(const CSPViolationParams& other) = 102 CSPViolationParams::CSPViolationParams(const CSPViolationParams& other) =
101 default; 103 default;
102 104
103 CSPViolationParams::~CSPViolationParams() {} 105 CSPViolationParams::~CSPViolationParams() {}
104 106
105 } // namespace content 107 } // namespace content
OLDNEW
« no previous file with comments | « content/common/content_security_policy/csp_context.h ('k') | content/common/content_security_policy/csp_source.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698