| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "core/frame/DOMWindow.h" | 5 #include "core/frame/DOMWindow.h" |
| 6 | 6 |
| 7 #include <memory> | 7 #include <memory> |
| 8 | 8 |
| 9 #include "bindings/core/v8/WindowProxyManager.h" | 9 #include "bindings/core/v8/WindowProxyManager.h" |
| 10 #include "core/dom/Document.h" | 10 #include "core/dom/Document.h" |
| 11 #include "core/dom/ExecutionContext.h" | 11 #include "core/dom/ExecutionContext.h" |
| 12 #include "core/dom/SecurityContext.h" | 12 #include "core/dom/SecurityContext.h" |
| 13 #include "core/events/MessageEvent.h" | 13 #include "core/events/MessageEvent.h" |
| 14 #include "core/frame/Frame.h" | 14 #include "core/frame/Frame.h" |
| 15 #include "core/frame/FrameClient.h" | 15 #include "core/frame/FrameClient.h" |
| 16 #include "core/frame/FrameConsole.h" | 16 #include "core/frame/FrameConsole.h" |
| 17 #include "core/frame/LocalDOMWindow.h" | 17 #include "core/frame/LocalDOMWindow.h" |
| 18 #include "core/frame/Location.h" | 18 #include "core/frame/Location.h" |
| 19 #include "core/frame/Settings.h" | 19 #include "core/frame/Settings.h" |
| 20 #include "core/frame/UseCounter.h" | 20 #include "core/frame/UseCounter.h" |
| 21 #include "core/frame/csp/ContentSecurityPolicy.h" |
| 21 #include "core/input/InputDeviceCapabilities.h" | 22 #include "core/input/InputDeviceCapabilities.h" |
| 22 #include "core/inspector/ConsoleMessage.h" | 23 #include "core/inspector/ConsoleMessage.h" |
| 23 #include "core/loader/MixedContentChecker.h" | 24 #include "core/loader/MixedContentChecker.h" |
| 24 #include "core/page/ChromeClient.h" | 25 #include "core/page/ChromeClient.h" |
| 25 #include "core/page/FocusController.h" | 26 #include "core/page/FocusController.h" |
| 26 #include "core/page/Page.h" | 27 #include "core/page/Page.h" |
| 27 #include "core/probe/CoreProbes.h" | 28 #include "core/probe/CoreProbes.h" |
| 28 #include "platform/weborigin/KURL.h" | 29 #include "platform/weborigin/KURL.h" |
| 29 #include "platform/weborigin/SecurityOrigin.h" | 30 #include "platform/weborigin/SecurityOrigin.h" |
| 30 #include "platform/weborigin/Suborigin.h" | 31 #include "platform/weborigin/Suborigin.h" |
| (...skipping 197 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 228 source_document->Url())) { | 229 source_document->Url())) { |
| 229 UseCounter::Count(GetFrame(), UseCounter::kPostMessageFromInsecureToSecure); | 230 UseCounter::Count(GetFrame(), UseCounter::kPostMessageFromInsecureToSecure); |
| 230 if (MixedContentChecker::IsMixedContent( | 231 if (MixedContentChecker::IsMixedContent( |
| 231 GetFrame()->Tree().Top().GetSecurityContext()->GetSecurityOrigin(), | 232 GetFrame()->Tree().Top().GetSecurityContext()->GetSecurityOrigin(), |
| 232 source_document->Url())) { | 233 source_document->Url())) { |
| 233 UseCounter::Count(GetFrame(), | 234 UseCounter::Count(GetFrame(), |
| 234 UseCounter::kPostMessageFromInsecureToSecureToplevel); | 235 UseCounter::kPostMessageFromInsecureToSecureToplevel); |
| 235 } | 236 } |
| 236 } | 237 } |
| 237 | 238 |
| 239 if (!source_document->GetContentSecurityPolicy()->AllowConnectToSource( |
| 240 target_url, RedirectStatus::kNoRedirect, |
| 241 SecurityViolationReportingPolicy::kSuppressReporting)) { |
| 242 UseCounter::Count( |
| 243 GetFrame(), UseCounter::kPostMessageOutgoingWouldBeBlockedByConnectSrc); |
| 244 } |
| 245 |
| 238 MessageEvent* event = | 246 MessageEvent* event = |
| 239 MessageEvent::Create(std::move(channels), std::move(message), | 247 MessageEvent::Create(std::move(channels), std::move(message), |
| 240 source_origin, String(), source, source_suborigin); | 248 source_origin, String(), source, source_suborigin); |
| 241 | 249 |
| 242 SchedulePostMessage(event, std::move(target), source_document); | 250 SchedulePostMessage(event, std::move(target), source_document); |
| 243 } | 251 } |
| 244 | 252 |
| 245 // FIXME: Once we're throwing exceptions for cross-origin access violations, we | 253 // FIXME: Once we're throwing exceptions for cross-origin access violations, we |
| 246 // will always sanitize the target frame details, so we can safely combine | 254 // will always sanitize the target frame details, so we can safely combine |
| 247 // 'crossDomainAccessErrorMessage' with this method after considering exactly | 255 // 'crossDomainAccessErrorMessage' with this method after considering exactly |
| (...skipping 199 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 447 visitor->Trace(location_); | 455 visitor->Trace(location_); |
| 448 EventTargetWithInlineData::Trace(visitor); | 456 EventTargetWithInlineData::Trace(visitor); |
| 449 } | 457 } |
| 450 | 458 |
| 451 DEFINE_TRACE_WRAPPERS(DOMWindow) { | 459 DEFINE_TRACE_WRAPPERS(DOMWindow) { |
| 452 visitor->TraceWrappers(location_); | 460 visitor->TraceWrappers(location_); |
| 453 EventTargetWithInlineData::TraceWrappers(visitor); | 461 EventTargetWithInlineData::TraceWrappers(visitor); |
| 454 } | 462 } |
| 455 | 463 |
| 456 } // namespace blink | 464 } // namespace blink |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2873223003:
CSP: Measure the frequency of `postMessage` violating `connect-src` (Closed)
