OLD | NEW |
1 /* | 1 /* |
2 * Copyright (C) 2011 Google, Inc. All rights reserved. | 2 * Copyright (C) 2011 Google, Inc. All rights reserved. |
3 * | 3 * |
4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
5 * modification, are permitted provided that the following conditions | 5 * modification, are permitted provided that the following conditions |
6 * are met: | 6 * are met: |
7 * 1. Redistributions of source code must retain the above copyright | 7 * 1. Redistributions of source code must retain the above copyright |
8 * notice, this list of conditions and the following disclaimer. | 8 * notice, this list of conditions and the following disclaimer. |
9 * 2. Redistributions in binary form must reproduce the above copyright | 9 * 2. Redistributions in binary form must reproduce the above copyright |
10 * notice, this list of conditions and the following disclaimer in the | 10 * notice, this list of conditions and the following disclaimer in the |
(...skipping 1297 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1308 "directives. Please use those directives instead, as 'options' has no " | 1308 "directives. Please use those directives instead, as 'options' has no " |
1309 "effect."; | 1309 "effect."; |
1310 static const char kPolicyURIMessage[] = | 1310 static const char kPolicyURIMessage[] = |
1311 "The 'policy-uri' directive has been removed from the " | 1311 "The 'policy-uri' directive has been removed from the " |
1312 "specification. Please specify a complete policy via " | 1312 "specification. Please specify a complete policy via " |
1313 "the Content-Security-Policy header."; | 1313 "the Content-Security-Policy header."; |
1314 | 1314 |
1315 String message = | 1315 String message = |
1316 "Unrecognized Content-Security-Policy directive '" + name + "'.\n"; | 1316 "Unrecognized Content-Security-Policy directive '" + name + "'.\n"; |
1317 MessageLevel level = kErrorMessageLevel; | 1317 MessageLevel level = kErrorMessageLevel; |
1318 if (EqualIgnoringCase(name, kAllow)) { | 1318 if (DeprecatedEqualIgnoringCase(name, kAllow)) { |
1319 message = kAllowMessage; | 1319 message = kAllowMessage; |
1320 } else if (EqualIgnoringCase(name, kOptions)) { | 1320 } else if (DeprecatedEqualIgnoringCase(name, kOptions)) { |
1321 message = kOptionsMessage; | 1321 message = kOptionsMessage; |
1322 } else if (EqualIgnoringCase(name, kPolicyURI)) { | 1322 } else if (DeprecatedEqualIgnoringCase(name, kPolicyURI)) { |
1323 message = kPolicyURIMessage; | 1323 message = kPolicyURIMessage; |
1324 } else if (GetDirectiveType(name) != DirectiveType::kUndefined) { | 1324 } else if (GetDirectiveType(name) != DirectiveType::kUndefined) { |
1325 message = "The Content-Security-Policy directive '" + name + | 1325 message = "The Content-Security-Policy directive '" + name + |
1326 "' is implemented behind a flag which is currently disabled.\n"; | 1326 "' is implemented behind a flag which is currently disabled.\n"; |
1327 level = kInfoMessageLevel; | 1327 level = kInfoMessageLevel; |
1328 } | 1328 } |
1329 | 1329 |
1330 LogToConsole(message, level); | 1330 LogToConsole(message, level); |
1331 } | 1331 } |
1332 | 1332 |
(...skipping 77 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1410 "'. " + ignoring; | 1410 "'. " + ignoring; |
1411 LogToConsole(message); | 1411 LogToConsole(message); |
1412 } | 1412 } |
1413 | 1413 |
1414 void ContentSecurityPolicy::ReportInvalidSourceExpression( | 1414 void ContentSecurityPolicy::ReportInvalidSourceExpression( |
1415 const String& directive_name, | 1415 const String& directive_name, |
1416 const String& source) { | 1416 const String& source) { |
1417 String message = "The source list for Content Security Policy directive '" + | 1417 String message = "The source list for Content Security Policy directive '" + |
1418 directive_name + "' contains an invalid source: '" + source + | 1418 directive_name + "' contains an invalid source: '" + source + |
1419 "'. It will be ignored."; | 1419 "'. It will be ignored."; |
1420 if (EqualIgnoringCase(source, "'none'")) | 1420 if (DeprecatedEqualIgnoringCase(source, "'none'")) |
1421 message = message + | 1421 message = message + |
1422 " Note that 'none' has no effect unless it is the only " | 1422 " Note that 'none' has no effect unless it is the only " |
1423 "expression in the source list."; | 1423 "expression in the source list."; |
1424 LogToConsole(message); | 1424 LogToConsole(message); |
1425 } | 1425 } |
1426 | 1426 |
1427 void ContentSecurityPolicy::ReportMissingReportURI(const String& policy) { | 1427 void ContentSecurityPolicy::ReportMissingReportURI(const String& policy) { |
1428 LogToConsole("The Content Security Policy '" + policy + | 1428 LogToConsole("The Content Security Policy '" + policy + |
1429 "' was delivered in report-only mode, but does not specify a " | 1429 "' was delivered in report-only mode, but does not specify a " |
1430 "'report-uri'; the policy will have no effect. Please either " | 1430 "'report-uri'; the policy will have no effect. Please either " |
(...skipping 32 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1463 return true; | 1463 return true; |
1464 } | 1464 } |
1465 return false; | 1465 return false; |
1466 } | 1466 } |
1467 | 1467 |
1468 bool ContentSecurityPolicy::UrlMatchesSelf(const KURL& url) const { | 1468 bool ContentSecurityPolicy::UrlMatchesSelf(const KURL& url) const { |
1469 return self_source_->Matches(url, RedirectStatus::kNoRedirect); | 1469 return self_source_->Matches(url, RedirectStatus::kNoRedirect); |
1470 } | 1470 } |
1471 | 1471 |
1472 bool ContentSecurityPolicy::ProtocolEqualsSelf(const String& protocol) const { | 1472 bool ContentSecurityPolicy::ProtocolEqualsSelf(const String& protocol) const { |
1473 return EqualIgnoringCase(protocol, self_protocol_); | 1473 return DeprecatedEqualIgnoringCase(protocol, self_protocol_); |
1474 } | 1474 } |
1475 | 1475 |
1476 const String& ContentSecurityPolicy::GetSelfProtocol() const { | 1476 const String& ContentSecurityPolicy::GetSelfProtocol() const { |
1477 return self_protocol_; | 1477 return self_protocol_; |
1478 } | 1478 } |
1479 | 1479 |
1480 bool ContentSecurityPolicy::ShouldBypassMainWorld( | 1480 bool ContentSecurityPolicy::ShouldBypassMainWorld( |
1481 const ExecutionContext* context) { | 1481 const ExecutionContext* context) { |
1482 if (context && context->IsDocument()) { | 1482 if (context && context->IsDocument()) { |
1483 const Document* document = ToDocument(context); | 1483 const Document* document = ToDocument(context); |
(...skipping 141 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1625 if (SecurityOrigin::ShouldUseInnerURL(url)) { | 1625 if (SecurityOrigin::ShouldUseInnerURL(url)) { |
1626 return SchemeRegistry::SchemeShouldBypassContentSecurityPolicy( | 1626 return SchemeRegistry::SchemeShouldBypassContentSecurityPolicy( |
1627 SecurityOrigin::ExtractInnerURL(url).Protocol(), area); | 1627 SecurityOrigin::ExtractInnerURL(url).Protocol(), area); |
1628 } else { | 1628 } else { |
1629 return SchemeRegistry::SchemeShouldBypassContentSecurityPolicy( | 1629 return SchemeRegistry::SchemeShouldBypassContentSecurityPolicy( |
1630 url.Protocol(), area); | 1630 url.Protocol(), area); |
1631 } | 1631 } |
1632 } | 1632 } |
1633 | 1633 |
1634 } // namespace blink | 1634 } // namespace blink |
OLD | NEW |