OLD | NEW |
1 /* | 1 /* |
2 * Copyright (C) 2011 Google, Inc. All rights reserved. | 2 * Copyright (C) 2011 Google, Inc. All rights reserved. |
3 * | 3 * |
4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
5 * modification, are permitted provided that the following conditions | 5 * modification, are permitted provided that the following conditions |
6 * are met: | 6 * are met: |
7 * 1. Redistributions of source code must retain the above copyright | 7 * 1. Redistributions of source code must retain the above copyright |
8 * notice, this list of conditions and the following disclaimer. | 8 * notice, this list of conditions and the following disclaimer. |
9 * 2. Redistributions in binary form must reproduce the above copyright | 9 * 2. Redistributions in binary form must reproduce the above copyright |
10 * notice, this list of conditions and the following disclaimer in the | 10 * notice, this list of conditions and the following disclaimer in the |
(...skipping 160 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
171 security_origin.Port(), String(), | 171 security_origin.Port(), String(), |
172 CSPSource::kNoWildcard, CSPSource::kNoWildcard); | 172 CSPSource::kNoWildcard, CSPSource::kNoWildcard); |
173 } | 173 } |
174 | 174 |
175 void ContentSecurityPolicy::ApplyPolicySideEffectsToExecutionContext() { | 175 void ContentSecurityPolicy::ApplyPolicySideEffectsToExecutionContext() { |
176 DCHECK(execution_context_ && | 176 DCHECK(execution_context_ && |
177 execution_context_->GetSecurityContext().GetSecurityOrigin()); | 177 execution_context_->GetSecurityContext().GetSecurityOrigin()); |
178 | 178 |
179 SetupSelf(*execution_context_->GetSecurityContext().GetSecurityOrigin()); | 179 SetupSelf(*execution_context_->GetSecurityContext().GetSecurityOrigin()); |
180 | 180 |
181 // If we're in a Document, set mixed content checking and sandbox | 181 // Set mixed content checking and sandbox flags, then dump all the parsing |
182 // flags, then dump all the parsing error messages, then poke at histograms. | 182 // error messages, then poke at histograms. |
183 if (Document* document = this->GetDocument()) { | 183 Document* document = this->GetDocument(); |
184 if (sandbox_mask_ != kSandboxNone) { | 184 if (sandbox_mask_ != kSandboxNone) { |
185 UseCounter::Count(document, UseCounter::kSandboxViaCSP); | 185 UseCounter::Count(execution_context_, UseCounter::kSandboxViaCSP); |
| 186 if (document) |
186 document->EnforceSandboxFlags(sandbox_mask_); | 187 document->EnforceSandboxFlags(sandbox_mask_); |
187 } | 188 else |
188 if (treat_as_public_address_) | 189 execution_context_->GetSecurityContext().ApplySandboxFlags(sandbox_mask_); |
189 document->SetAddressSpace(kWebAddressSpacePublic); | 190 } |
| 191 if (treat_as_public_address_) { |
| 192 execution_context_->GetSecurityContext().SetAddressSpace( |
| 193 kWebAddressSpacePublic); |
| 194 } |
190 | 195 |
| 196 if (document) { |
191 document->EnforceInsecureRequestPolicy(insecure_request_policy_); | 197 document->EnforceInsecureRequestPolicy(insecure_request_policy_); |
192 if (insecure_request_policy_ & kUpgradeInsecureRequests) { | 198 } else { |
193 UseCounter::Count(document, UseCounter::kUpgradeInsecureRequestsEnabled); | 199 execution_context_->GetSecurityContext().SetInsecureRequestPolicy( |
194 if (!document->Url().Host().IsEmpty()) | 200 insecure_request_policy_); |
195 document->AddInsecureNavigationUpgrade( | 201 } |
196 document->Url().Host().Impl()->GetHash()); | |
197 } | |
198 | 202 |
199 for (const auto& console_message : console_messages_) | 203 if (insecure_request_policy_ & kUpgradeInsecureRequests) { |
200 execution_context_->AddConsoleMessage(console_message); | 204 UseCounter::Count(execution_context_, |
201 console_messages_.clear(); | 205 UseCounter::kUpgradeInsecureRequestsEnabled); |
202 | 206 if (!execution_context_->Url().Host().IsEmpty()) { |
203 for (const auto& policy : policies_) { | 207 execution_context_->GetSecurityContext().AddInsecureNavigationUpgrade( |
204 UseCounter::Count(*document, GetUseCounterType(policy->HeaderType())); | 208 execution_context_->Url().Host().Impl()->GetHash()); |
205 if (policy->AllowDynamic()) | |
206 UseCounter::Count(*document, UseCounter::kCSPWithStrictDynamic); | |
207 } | 209 } |
208 } | 210 } |
209 | 211 |
| 212 for (const auto& console_message : console_messages_) |
| 213 execution_context_->AddConsoleMessage(console_message); |
| 214 console_messages_.clear(); |
| 215 |
| 216 for (const auto& policy : policies_) { |
| 217 UseCounter::Count(execution_context_, |
| 218 GetUseCounterType(policy->HeaderType())); |
| 219 if (policy->AllowDynamic()) |
| 220 UseCounter::Count(execution_context_, UseCounter::kCSPWithStrictDynamic); |
| 221 } |
| 222 |
210 // We disable 'eval()' even in the case of report-only policies, and rely on | 223 // We disable 'eval()' even in the case of report-only policies, and rely on |
211 // the check in the V8Initializer::codeGenerationCheckCallbackInMainThread | 224 // the check in the V8Initializer::codeGenerationCheckCallbackInMainThread |
212 // callback to determine whether the call should execute or not. | 225 // callback to determine whether the call should execute or not. |
213 if (!disable_eval_error_message_.IsNull()) | 226 if (!disable_eval_error_message_.IsNull()) |
214 execution_context_->DisableEval(disable_eval_error_message_); | 227 execution_context_->DisableEval(disable_eval_error_message_); |
215 } | 228 } |
216 | 229 |
217 ContentSecurityPolicy::~ContentSecurityPolicy() {} | 230 ContentSecurityPolicy::~ContentSecurityPolicy() {} |
218 | 231 |
219 DEFINE_TRACE(ContentSecurityPolicy) { | 232 DEFINE_TRACE(ContentSecurityPolicy) { |
(...skipping 1468 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1688 if (SecurityOrigin::ShouldUseInnerURL(url)) { | 1701 if (SecurityOrigin::ShouldUseInnerURL(url)) { |
1689 return SchemeRegistry::SchemeShouldBypassContentSecurityPolicy( | 1702 return SchemeRegistry::SchemeShouldBypassContentSecurityPolicy( |
1690 SecurityOrigin::ExtractInnerURL(url).Protocol(), area); | 1703 SecurityOrigin::ExtractInnerURL(url).Protocol(), area); |
1691 } else { | 1704 } else { |
1692 return SchemeRegistry::SchemeShouldBypassContentSecurityPolicy( | 1705 return SchemeRegistry::SchemeShouldBypassContentSecurityPolicy( |
1693 url.Protocol(), area); | 1706 url.Protocol(), area); |
1694 } | 1707 } |
1695 } | 1708 } |
1696 | 1709 |
1697 } // namespace blink | 1710 } // namespace blink |
OLD | NEW |