Chromium Code Reviews Chromium Code Reviews
Issue 2792973004:
Moved all tests about bypassing CSP into csp-tests (content layer) (Closed)
| OLD | NEW |
|---|---|
| 1 // Copyright 2017 The Chromium Authors. All rights reserved. | 1 // Copyright 2017 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/common/content_security_policy/csp_context.h" | 5 #include "content/common/content_security_policy/csp_context.h" |
| 6 | 6 |
| 7 namespace content { | 7 namespace content { |
| 8 | 8 |
| 9 namespace { | 9 namespace { |
| 10 | 10 |
| 11 const GURL ExtractInnerURL(const GURL& url) { | |
| 12 if (const GURL* inner_url = url.inner_url()) | |
| 13 return *inner_url; | |
| 14 else | |
| 15 // TODO(arthursonzogni): revisit this once GURL::inner_url support blob-URL. | |
| 16 return GURL(url.path()); | |
| 17 } | |
| 18 | |
| 19 const GURL GetEffectiveURL(CSPContext* context, const GURL& url) { | |
| 20 // Due to backwards-compatibility concerns, we allow 'self' to match blob and | |
| 21 // filesystem inner URLs if we are in a context that bypasses | |
| 22 // ContentSecurityPolicy in the main world. | |
| 23 if (context->SelfSchemeShouldBypassCsp()) { | |
| 24 if (url.SchemeIsFileSystem() || url.SchemeIsBlob()) | |
| 25 return ExtractInnerURL(url); | |
| 26 } | |
| 27 return url; | |
| 28 } | |
| 29 | |
| 30 bool AllowFromSources(const GURL& url, | 11 bool AllowFromSources(const GURL& url, |
| 31 const std::vector<CSPSource>& sources, | 12 const std::vector<CSPSource>& sources, |
| 32 CSPContext* context, | 13 CSPContext* context, |
| 33 bool is_redirect) { | 14 bool is_redirect) { |
| 34 for (const CSPSource& source : sources) { | 15 for (const CSPSource& source : sources) { |
| 35 if (CSPSource::Allow(source, url, context, is_redirect)) | 16 if (CSPSource::Allow(source, url, context, is_redirect)) |
| 36 return true; | 17 return true; |
| 37 } | 18 } |
| 38 return false; | 19 return false; |
| 39 } | 20 } |
| (...skipping 23 matching lines...) Expand all Loading... | |
| 63 // list. | 44 // list. |
| 64 if (source_list.allow_star) { | 45 if (source_list.allow_star) { |
| 65 if (url.SchemeIsHTTPOrHTTPS() || url.SchemeIsSuborigin() || | 46 if (url.SchemeIsHTTPOrHTTPS() || url.SchemeIsSuborigin() || |
| 66 url.SchemeIsWSOrWSS() || url.SchemeIs("ftp") || | 47 url.SchemeIsWSOrWSS() || url.SchemeIs("ftp") || |
| 67 context->ProtocolMatchesSelf(url)) | 48 context->ProtocolMatchesSelf(url)) |
| 68 return true; | 49 return true; |
| 69 | 50 |
| 70 return AllowFromSources(url, source_list.sources, context, is_redirect); | 51 return AllowFromSources(url, source_list.sources, context, is_redirect); |
| 71 } | 52 } |
| 72 | 53 |
| 73 const GURL effective_url = GetEffectiveURL(context, url); | 54 if (source_list.allow_self && context->AllowSelf(url)) return true; |
|
arthursonzogni
2017/04/05 08:27:13
Nit: please use two lines.
| |
| 74 | 55 |
| 75 if (source_list.allow_self && context->AllowSelf(effective_url)) | 56 return AllowFromSources(url, source_list.sources, context, is_redirect); |
| 76 return true; | |
| 77 | |
| 78 return AllowFromSources(effective_url, source_list.sources, context, | |
| 79 is_redirect); | |
| 80 } | 57 } |
| 81 | 58 |
| 82 std::string CSPSourceList::ToString() const { | 59 std::string CSPSourceList::ToString() const { |
| 83 if (IsNone()) | 60 if (IsNone()) |
| 84 return "'none'"; | 61 return "'none'"; |
| 85 if (allow_star) | 62 if (allow_star) |
| 86 return "*"; | 63 return "*"; |
| 87 | 64 |
| 88 bool is_empty = true; | 65 bool is_empty = true; |
| 89 std::stringstream text; | 66 std::stringstream text; |
| (...skipping 10 matching lines...) Expand all Loading... | |
| 100 } | 77 } |
| 101 | 78 |
| 102 return text.str(); | 79 return text.str(); |
| 103 } | 80 } |
| 104 | 81 |
| 105 bool CSPSourceList::IsNone() const { | 82 bool CSPSourceList::IsNone() const { |
| 106 return !allow_self && !allow_star && sources.empty(); | 83 return !allow_self && !allow_star && sources.empty(); |
| 107 } | 84 } |
| 108 | 85 |
| 109 } // namespace content | 86 } // namespace content |
| OLD | NEW |
