content/common/content_security_policy/csp_context.h - Issue 2869423002: PlzNavigate: Do not disclose urls between cross-origin renderers.

Side by Side Diff: content/common/content_security_policy/csp_context.h

Issue 2869423002: PlzNavigate: Do not disclose urls between cross-origin renderers. (Closed)

Patch Set: alexmos@ suggestions. Created 3 years, 7 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

« content/common/content_security_policy/content_security_policy.cc ('K') | « content/common/content_security_policy/content_security_policy.cc ('k') | content/common/content_security_policy/csp_context.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
1 // Copyright 2017 The Chromium Authors. All rights reserved.	1 // Copyright 2017 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #ifndef CONTENT_COMMON_CONTENT_SECURITY_POLICY_CSP_CONTEXT_H_	5 #ifndef CONTENT_COMMON_CONTENT_SECURITY_POLICY_CSP_CONTEXT_H_

6 #define CONTENT_COMMON_CONTENT_SECURITY_POLICY_CSP_CONTEXT_H_	6 #define CONTENT_COMMON_CONTENT_SECURITY_POLICY_CSP_CONTEXT_H_

7	7

8 #include <vector>	8 #include <vector>

9	9

10 #include "content/common/content_export.h"	10 #include "content/common/content_export.h"

(...skipping 37 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
48	48

49 bool SelfSchemeShouldBypassCsp();	49 bool SelfSchemeShouldBypassCsp();

50	50

51 void ResetContentSecurityPolicies() { policies_.clear(); }	51 void ResetContentSecurityPolicies() { policies_.clear(); }

52 void AddContentSecurityPolicy(const ContentSecurityPolicy& policy) {	52 void AddContentSecurityPolicy(const ContentSecurityPolicy& policy) {

53 policies_.push_back(policy);	53 policies_.push_back(policy);

54 }	54 }

55	55

56 virtual bool SchemeShouldBypassCSP(const base::StringPiece& scheme);	56 virtual bool SchemeShouldBypassCSP(const base::StringPiece& scheme);

57	57

	58 // For security reasons, some urls must not be disclosed. It includes the
	alexmos 2017/05/12 01:37:20 nit: disclosed -> disclosed cross-origin in violat nit: disclosed -> disclosed cross-origin in violation reports. arthursonzogni 2017/05/15 12:20:46 Done. Show quoted text On 2017/05/12 01:37:20, alexmos wrote: > nit: disclosed -> disclosed cross-origin in violation reports. Done.
	59 // blocked url and the url of the initiator of the navigation. These

	60 // informations are potentially transmitted between different renderer
	alexmos 2017/05/12 01:37:20 nit: These informations are -> This information is nit: These informations are -> This information is arthursonzogni 2017/05/15 12:20:46 Done. Show quoted text On 2017/05/12 01:37:20, alexmos wrote: > nit: These informations are -> This information is Done.
	61 // processes. When this function returns true, only the url's origin is

	62 // displayed instead.

	63 // TODO(arthursonzogni): Stop hidding sensitive parts of URLs in console
	alexmos 2017/05/12 01:37:20 nit: s/hidding/hiding/ nit: s/hidding/hiding/ arthursonzogni 2017/05/15 12:20:46 Done. Show quoted text On 2017/05/12 01:37:20, alexmos wrote: > nit: s/hidding/hiding/ Done.
	64 // error message as soon as there is a way to send it to the devtool process
	alexmos 2017/05/12 01:37:20 nit: s/message/messages/ s/devtool/devtools/ nit: s/message/messages/ s/devtool/devtools/ arthursonzogni 2017/05/15 12:20:46 Done. Show quoted text On 2017/05/12 01:37:20, alexmos wrote: > nit: s/message/messages/ > s/devtool/devtools/ Done.
	65 // without the round trip in the renderer process.

	66 // See https://crbug.com/721329

	67 virtual bool ShouldProtectDataInCspViolation(const url::Origin& origin) const;

	68

58 private:	69 private:

59 bool has_self_ = false;	70 bool has_self_ = false;

60 std::string self_scheme_;	71 std::string self_scheme_;

61 CSPSource self_source_;	72 CSPSource self_source_;

62	73

63 std::vector<ContentSecurityPolicy> policies_;	74 std::vector<ContentSecurityPolicy> policies_;

64	75

65 DISALLOW_COPY_AND_ASSIGN(CSPContext);	76 DISALLOW_COPY_AND_ASSIGN(CSPContext);

66 };	77 };

67	78

(...skipping 38 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
106	117

107 // Whether or not the violation happens after a redirect.	118 // Whether or not the violation happens after a redirect.

108 bool after_redirect;	119 bool after_redirect;

109	120

110 // The source code location that triggered the blocked navigation.	121 // The source code location that triggered the blocked navigation.

111 SourceLocation source_location;	122 SourceLocation source_location;

112 };	123 };

113	124

114 } // namespace content	125 } // namespace content

115 #endif // CONTENT_COMMON_CONTENT_SECURITY_POLICY_CSP_CONTEXT_H_	126 #endif // CONTENT_COMMON_CONTENT_SECURITY_POLICY_CSP_CONTEXT_H_

OLD	NEW