Chromium Code Reviews Chromium Code Reviews
Issue 2869423002:
PlzNavigate: Do not disclose urls between cross-origin renderers. (Closed)
| OLD | NEW |
|---|---|
| 1 // Copyright 2017 The Chromium Authors. All rights reserved. | 1 // Copyright 2017 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <sstream> | 5 #include <sstream> |
| 6 #include "base/strings/string_split.h" | 6 #include "base/strings/string_split.h" |
| 7 #include "base/strings/string_util.h" | 7 #include "base/strings/string_util.h" |
| 8 #include "content/common/content_security_policy/csp_context.h" | 8 #include "content/common/content_security_policy/csp_context.h" |
| 9 | 9 |
| 10 namespace content { | 10 namespace content { |
| (...skipping 32 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 43 const CSPDirective::Name directive_name, | 43 const CSPDirective::Name directive_name, |
| 44 const GURL& url, | 44 const GURL& url, |
| 45 bool is_redirect, | 45 bool is_redirect, |
| 46 const SourceLocation& source_location) { | 46 const SourceLocation& source_location) { |
| 47 // We should never have a violation against `child-src` or `default-src` | 47 // We should never have a violation against `child-src` or `default-src` |
| 48 // directly; the effective directive should always be one of the explicit | 48 // directly; the effective directive should always be one of the explicit |
| 49 // fetch directives. | 49 // fetch directives. |
| 50 DCHECK_NE(directive_name, CSPDirective::DefaultSrc); | 50 DCHECK_NE(directive_name, CSPDirective::DefaultSrc); |
| 51 DCHECK_NE(directive_name, CSPDirective::ChildSrc); | 51 DCHECK_NE(directive_name, CSPDirective::ChildSrc); |
| 52 | 52 |
| 53 // For security reasons, some urls must not be disclosed. It includes the | |
|
alexmos
2017/05/16 05:56:49
nit: It includes -> This includes (also below)
arthursonzogni
2017/05/16 12:48:44
Done.
| |
| 54 // blocked url and the source location of the error. Care must be taken to | |
| 55 // ensure that these are not transmitted between different cross-origin | |
| 56 // renderers. | |
| 57 GURL safe_url = url; | |
| 58 SourceLocation safe_source_location = source_location; | |
| 59 context->SanitizeDataForUseInCspViolation(&safe_url, &safe_source_location, | |
| 60 is_redirect, directive_name); | |
| 61 | |
| 53 std::stringstream message; | 62 std::stringstream message; |
| 54 | 63 |
| 55 if (policy.header.type == blink::kWebContentSecurityPolicyTypeReport) | 64 if (policy.header.type == blink::kWebContentSecurityPolicyTypeReport) |
| 56 message << "[Report Only] "; | 65 message << "[Report Only] "; |
| 57 | 66 |
| 58 if (directive_name == CSPDirective::FormAction) | 67 if (directive_name == CSPDirective::FormAction) |
| 59 message << "Refused to send form data to '"; | 68 message << "Refused to send form data to '"; |
| 60 else if (directive_name == CSPDirective::FrameSrc) | 69 else if (directive_name == CSPDirective::FrameSrc) |
| 61 message << "Refused to frame '"; | 70 message << "Refused to frame '"; |
| 62 | 71 |
| 63 message << ElideURLForReportViolation(url) | 72 message << ElideURLForReportViolation(safe_url) |
| 64 << "' because it violates the following Content Security Policy " | 73 << "' because it violates the following Content Security Policy " |
| 65 "directive: \"" | 74 "directive: \"" |
| 66 << directive.ToString() << "\"."; | 75 << directive.ToString() << "\"."; |
| 67 | 76 |
| 68 if (directive.name != directive_name) | 77 if (directive.name != directive_name) |
| 69 message << " Note that '" << CSPDirective::NameToString(directive_name) | 78 message << " Note that '" << CSPDirective::NameToString(directive_name) |
| 70 << "' was not explicitly set, so '" | 79 << "' was not explicitly set, so '" |
| 71 << CSPDirective::NameToString(directive.name) | 80 << CSPDirective::NameToString(directive.name) |
| 72 << "' is used as a fallback."; | 81 << "' is used as a fallback."; |
| 73 | 82 |
| 74 message << "\n"; | 83 message << "\n"; |
| 75 | 84 |
| 76 context->ReportContentSecurityPolicyViolation(CSPViolationParams( | 85 context->ReportContentSecurityPolicyViolation(CSPViolationParams( |
| 77 CSPDirective::NameToString(directive.name), | 86 CSPDirective::NameToString(directive.name), |
| 78 CSPDirective::NameToString(directive_name), message.str(), url, | 87 CSPDirective::NameToString(directive_name), message.str(), safe_url, |
| 79 policy.report_endpoints, policy.header.header_value, policy.header.type, | 88 policy.report_endpoints, policy.header.header_value, policy.header.type, |
| 80 is_redirect, source_location)); | 89 is_redirect, safe_source_location)); |
| 81 } | 90 } |
| 82 | 91 |
| 83 bool AllowDirective(CSPContext* context, | 92 bool AllowDirective(CSPContext* context, |
| 84 const ContentSecurityPolicy& policy, | 93 const ContentSecurityPolicy& policy, |
| 85 const CSPDirective& directive, | 94 const CSPDirective& directive, |
| 86 CSPDirective::Name directive_name, | 95 CSPDirective::Name directive_name, |
| 87 const GURL& url, | 96 const GURL& url, |
| 88 bool is_redirect, | 97 bool is_redirect, |
| 89 const SourceLocation& source_location) { | 98 const SourceLocation& source_location) { |
| 90 if (CSPSourceList::Allow(directive.source_list, url, context, is_redirect)) | 99 if (CSPSourceList::Allow(directive.source_list, url, context, is_redirect)) |
| (...skipping 80 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 171 is_first_policy = false; | 180 is_first_policy = false; |
| 172 text << "report-uri"; | 181 text << "report-uri"; |
| 173 for (const std::string& endpoint : report_endpoints) | 182 for (const std::string& endpoint : report_endpoints) |
| 174 text << " " << endpoint; | 183 text << " " << endpoint; |
| 175 } | 184 } |
| 176 | 185 |
| 177 return text.str(); | 186 return text.str(); |
| 178 } | 187 } |
| 179 | 188 |
| 180 } // namespace content | 189 } // namespace content |
| OLD | NEW |
