Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(35)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp

Issue 2838153002: Make most of CSP code work with non-Document ExecutionContext (Closed)
Patch Set: . Created 3 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « third_party/WebKit/Source/core/dom/SecurityContext.h ('k') | third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicyTest.cpp » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 2011 Google, Inc. All rights reserved. 2 * Copyright (C) 2011 Google, Inc. All rights reserved.
3 * 3 *
4 * Redistribution and use in source and binary forms, with or without 4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions 5 * modification, are permitted provided that the following conditions
6 * are met: 6 * are met:
7 * 1. Redistributions of source code must retain the above copyright 7 * 1. Redistributions of source code must retain the above copyright
8 * notice, this list of conditions and the following disclaimer. 8 * notice, this list of conditions and the following disclaimer.
9 * 2. Redistributions in binary form must reproduce the above copyright 9 * 2. Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the 10 * notice, this list of conditions and the following disclaimer in the
(...skipping 160 matching lines...) Expand 10 before | Expand all | Expand 10 after
171 security_origin.Port(), String(), 171 security_origin.Port(), String(),
172 CSPSource::kNoWildcard, CSPSource::kNoWildcard); 172 CSPSource::kNoWildcard, CSPSource::kNoWildcard);
173 } 173 }
174 174
175 void ContentSecurityPolicy::ApplyPolicySideEffectsToExecutionContext() { 175 void ContentSecurityPolicy::ApplyPolicySideEffectsToExecutionContext() {
176 DCHECK(execution_context_ && 176 DCHECK(execution_context_ &&
177 execution_context_->GetSecurityContext().GetSecurityOrigin()); 177 execution_context_->GetSecurityContext().GetSecurityOrigin());
178 178
179 SetupSelf(*execution_context_->GetSecurityContext().GetSecurityOrigin()); 179 SetupSelf(*execution_context_->GetSecurityContext().GetSecurityOrigin());
180 180
181 // If we're in a Document, set mixed content checking and sandbox 181 // Set mixed content checking and sandbox flags, then dump all the parsing
182 // flags, then dump all the parsing error messages, then poke at histograms. 182 // error messages, then poke at histograms.
183 if (Document* document = this->GetDocument()) { 183 Document* document = this->GetDocument();
184 if (sandbox_mask_ != kSandboxNone) { 184 if (sandbox_mask_ != kSandboxNone) {
185 UseCounter::Count(document, UseCounter::kSandboxViaCSP); 185 UseCounter::Count(execution_context_, UseCounter::kSandboxViaCSP);
186 if (document)
186 document->EnforceSandboxFlags(sandbox_mask_); 187 document->EnforceSandboxFlags(sandbox_mask_);
187 } 188 else
188 if (treat_as_public_address_) 189 execution_context_->GetSecurityContext().ApplySandboxFlags(sandbox_mask_);
189 document->SetAddressSpace(kWebAddressSpacePublic); 190 }
191 if (treat_as_public_address_) {
192 execution_context_->GetSecurityContext().SetAddressSpace(
193 kWebAddressSpacePublic);
194 }
190 195
196 if (document) {
191 document->EnforceInsecureRequestPolicy(insecure_request_policy_); 197 document->EnforceInsecureRequestPolicy(insecure_request_policy_);
192 if (insecure_request_policy_ & kUpgradeInsecureRequests) { 198 } else {
193 UseCounter::Count(document, UseCounter::kUpgradeInsecureRequestsEnabled); 199 execution_context_->GetSecurityContext().SetInsecureRequestPolicy(
194 if (!document->Url().Host().IsEmpty()) 200 insecure_request_policy_);
195 document->AddInsecureNavigationUpgrade( 201 }
196 document->Url().Host().Impl()->GetHash());
197 }
198 202
199 for (const auto& console_message : console_messages_) 203 if (insecure_request_policy_ & kUpgradeInsecureRequests) {
200 execution_context_->AddConsoleMessage(console_message); 204 UseCounter::Count(execution_context_,
201 console_messages_.clear(); 205 UseCounter::kUpgradeInsecureRequestsEnabled);
202 206 if (!execution_context_->Url().Host().IsEmpty()) {
203 for (const auto& policy : policies_) { 207 execution_context_->GetSecurityContext().AddInsecureNavigationUpgrade(
204 UseCounter::Count(*document, GetUseCounterType(policy->HeaderType())); 208 execution_context_->Url().Host().Impl()->GetHash());
205 if (policy->AllowDynamic())
206 UseCounter::Count(*document, UseCounter::kCSPWithStrictDynamic);
207 } 209 }
208 } 210 }
209 211
212 for (const auto& console_message : console_messages_)
213 execution_context_->AddConsoleMessage(console_message);
214 console_messages_.clear();
215
216 for (const auto& policy : policies_) {
217 UseCounter::Count(execution_context_,
218 GetUseCounterType(policy->HeaderType()));
219 if (policy->AllowDynamic())
220 UseCounter::Count(execution_context_, UseCounter::kCSPWithStrictDynamic);
221 }
222
210 // We disable 'eval()' even in the case of report-only policies, and rely on 223 // We disable 'eval()' even in the case of report-only policies, and rely on
211 // the check in the V8Initializer::codeGenerationCheckCallbackInMainThread 224 // the check in the V8Initializer::codeGenerationCheckCallbackInMainThread
212 // callback to determine whether the call should execute or not. 225 // callback to determine whether the call should execute or not.
213 if (!disable_eval_error_message_.IsNull()) 226 if (!disable_eval_error_message_.IsNull())
214 execution_context_->DisableEval(disable_eval_error_message_); 227 execution_context_->DisableEval(disable_eval_error_message_);
215 } 228 }
216 229
217 ContentSecurityPolicy::~ContentSecurityPolicy() {} 230 ContentSecurityPolicy::~ContentSecurityPolicy() {}
218 231
219 DEFINE_TRACE(ContentSecurityPolicy) { 232 DEFINE_TRACE(ContentSecurityPolicy) {
(...skipping 1468 matching lines...) Expand 10 before | Expand all | Expand 10 after
1688 if (SecurityOrigin::ShouldUseInnerURL(url)) { 1701 if (SecurityOrigin::ShouldUseInnerURL(url)) {
1689 return SchemeRegistry::SchemeShouldBypassContentSecurityPolicy( 1702 return SchemeRegistry::SchemeShouldBypassContentSecurityPolicy(
1690 SecurityOrigin::ExtractInnerURL(url).Protocol(), area); 1703 SecurityOrigin::ExtractInnerURL(url).Protocol(), area);
1691 } else { 1704 } else {
1692 return SchemeRegistry::SchemeShouldBypassContentSecurityPolicy( 1705 return SchemeRegistry::SchemeShouldBypassContentSecurityPolicy(
1693 url.Protocol(), area); 1706 url.Protocol(), area);
1694 } 1707 }
1695 } 1708 }
1696 1709
1697 } // namespace blink 1710 } // namespace blink
OLDNEW
« no previous file with comments | « third_party/WebKit/Source/core/dom/SecurityContext.h ('k') | third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicyTest.cpp » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698