Chromium Code Reviews Chromium Code Reviews
Issue 2909513002:
Move PlzNavigate frame-src CSP check to NavigationRequest (Closed)
| OLD | NEW |
|---|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/browser/frame_host/navigation_request.h" | 5 #include "content/browser/frame_host/navigation_request.h" |
| 6 | 6 |
| 7 #include <utility> | 7 #include <utility> |
| 8 | 8 |
| 9 #include "base/memory/ptr_util.h" | 9 #include "base/memory/ptr_util.h" |
| 10 #include "content/browser/appcache/appcache_navigation_handle.h" | 10 #include "content/browser/appcache/appcache_navigation_handle.h" |
| (...skipping 365 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 376 | 376 |
| 377 NavigationRequest::~NavigationRequest() { | 377 NavigationRequest::~NavigationRequest() { |
| 378 TRACE_EVENT_ASYNC_END0("navigation", "NavigationRequest", this); | 378 TRACE_EVENT_ASYNC_END0("navigation", "NavigationRequest", this); |
| 379 } | 379 } |
| 380 | 380 |
| 381 void NavigationRequest::BeginNavigation() { | 381 void NavigationRequest::BeginNavigation() { |
| 382 DCHECK(!loader_); | 382 DCHECK(!loader_); |
| 383 DCHECK(state_ == NOT_STARTED || state_ == WAITING_FOR_RENDERER_RESPONSE); | 383 DCHECK(state_ == NOT_STARTED || state_ == WAITING_FOR_RENDERER_RESPONSE); |
| 384 TRACE_EVENT_ASYNC_STEP_INTO0("navigation", "NavigationRequest", this, | 384 TRACE_EVENT_ASYNC_STEP_INTO0("navigation", "NavigationRequest", this, |
| 385 "BeginNavigation"); | 385 "BeginNavigation"); |
| 386 | |
| 386 state_ = STARTED; | 387 state_ = STARTED; |
| 388 | |
| 389 // Check Content Security Policy before the NavigationThrottles run. This is | |
| 390 // so that the CSP should be allowed to modify the request such that the | |
| 391 // navigation throttles allow, but would block it otherwise. For the same | |
|
nasko
2017/06/05 20:46:29
I'm finding this sentence a bit hard to parse, but
estark
2017/06/06 00:38:02
Reworded, hopefully better now
nasko
2017/06/06 01:03:44
Much better! Thanks!
Can you also use the same wor
estark
2017/06/06 19:22:15
Done.
| |
| 392 // reason, the navigation handle is created afterwards -- so that it gets the | |
|
nasko
2017/06/05 20:46:29
nit: s/navigation handle/NavigationHande/
estark
2017/06/06 00:38:02
Done.
| |
| 393 // request URL after potentially being modified by CSP. | |
| 394 if (CheckContentSecurityPolicyFrameSrc(false /* is redirect */) == | |
| 395 CONTENT_SECURITY_POLICY_CHECK_FAILED) { | |
| 396 // Create a navigation handle so that the correct error code can be set on | |
| 397 // it by OnRequestFailed(). | |
| 398 CreateNavigationHandle(); | |
| 399 OnRequestFailed(false, net::ERR_BLOCKED_BY_CLIENT); | |
| 400 // DO NOT ADD CODE after this. The previous call to OnRequestFailed has | |
|
nasko
2017/06/05 20:46:29
nit: empty line before the comment.
estark
2017/06/06 00:38:02
Done.
| |
| 401 // destroyed the NavigationRequest. | |
| 402 return; | |
| 403 } | |
| 404 | |
| 387 CreateNavigationHandle(); | 405 CreateNavigationHandle(); |
| 388 | 406 |
| 389 RenderFrameDevToolsAgentHost::OnBeforeNavigation(navigation_handle_.get()); | 407 RenderFrameDevToolsAgentHost::OnBeforeNavigation(navigation_handle_.get()); |
| 390 | 408 |
| 391 if (ShouldMakeNetworkRequestForURL(common_params_.url) && | 409 if (ShouldMakeNetworkRequestForURL(common_params_.url) && |
| 392 !navigation_handle_->IsSameDocument()) { | 410 !navigation_handle_->IsSameDocument()) { |
| 393 // It's safe to use base::Unretained because this NavigationRequest owns | 411 // It's safe to use base::Unretained because this NavigationRequest owns |
| 394 // the NavigationHandle where the callback will be stored. | 412 // the NavigationHandle where the callback will be stored. |
| 395 // TODO(clamy): pass the method to the NavigationHandle instead of a | 413 // TODO(clamy): pass the method to the NavigationHandle instead of a |
| 396 // boolean. | 414 // boolean. |
| (...skipping 104 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 501 request_params_.redirect_response.push_back(response->head); | 519 request_params_.redirect_response.push_back(response->head); |
| 502 request_params_.redirect_infos.push_back(redirect_info); | 520 request_params_.redirect_infos.push_back(redirect_info); |
| 503 | 521 |
| 504 request_params_.redirects.push_back(common_params_.url); | 522 request_params_.redirects.push_back(common_params_.url); |
| 505 common_params_.url = redirect_info.new_url; | 523 common_params_.url = redirect_info.new_url; |
| 506 common_params_.method = redirect_info.new_method; | 524 common_params_.method = redirect_info.new_method; |
| 507 common_params_.referrer.url = GURL(redirect_info.new_referrer); | 525 common_params_.referrer.url = GURL(redirect_info.new_referrer); |
| 508 common_params_.referrer = | 526 common_params_.referrer = |
| 509 Referrer::SanitizeForRequest(common_params_.url, common_params_.referrer); | 527 Referrer::SanitizeForRequest(common_params_.url, common_params_.referrer); |
| 510 | 528 |
| 529 // Check Content Security Policy before the NavigationThrottles run. This is | |
| 530 // so that the CSP should be allowed to modify the request such that the | |
| 531 // navigation throttles allow, but would block it otherwise. | |
| 532 if (CheckContentSecurityPolicyFrameSrc(true /* is redirect */) == | |
| 533 CONTENT_SECURITY_POLICY_CHECK_FAILED) { | |
| 534 OnRequestFailed(false, net::ERR_BLOCKED_BY_CLIENT); | |
| 535 // DO NOT ADD CODE after this. The previous call to OnRequestFailed has | |
|
nasko
2017/06/05 20:46:30
nit: an empty line before the comment.
estark
2017/06/06 00:38:02
Done.
| |
| 536 // destroyed the NavigationRequest. | |
| 537 return; | |
| 538 } | |
| 539 | |
| 511 // For non browser initiated navigations we need to check if the source has | 540 // For non browser initiated navigations we need to check if the source has |
| 512 // access to the URL. We always allow browser initiated requests. | 541 // access to the URL. We always allow browser initiated requests. |
| 513 // TODO(clamy): Kill the renderer if FilterURL fails? | 542 // TODO(clamy): Kill the renderer if FilterURL fails? |
| 514 GURL url = common_params_.url; | 543 GURL url = common_params_.url; |
| 515 if (!browser_initiated_ && source_site_instance()) { | 544 if (!browser_initiated_ && source_site_instance()) { |
| 516 source_site_instance()->GetProcess()->FilterURL(false, &url); | 545 source_site_instance()->GetProcess()->FilterURL(false, &url); |
| 517 // FilterURL sets the URL to about:blank if the CSP checks prevent the | 546 // FilterURL sets the URL to about:blank if the CSP checks prevent the |
| 518 // renderer from accessing it. | 547 // renderer from accessing it. |
| 519 if ((url == url::kAboutBlankURL) && (url != common_params_.url)) { | 548 if ((url == url::kAboutBlankURL) && (url != common_params_.url)) { |
| 520 navigation_handle_->set_net_error_code(net::ERR_ABORTED); | 549 navigation_handle_->set_net_error_code(net::ERR_ABORTED); |
| (...skipping 366 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 887 | 916 |
| 888 DCHECK_EQ(request_params_.has_user_gesture, begin_params_.has_user_gesture); | 917 DCHECK_EQ(request_params_.has_user_gesture, begin_params_.has_user_gesture); |
| 889 | 918 |
| 890 render_frame_host->CommitNavigation(response_.get(), std::move(body_), | 919 render_frame_host->CommitNavigation(response_.get(), std::move(body_), |
| 891 std::move(handle_), common_params_, | 920 std::move(handle_), common_params_, |
| 892 request_params_, is_view_source_); | 921 request_params_, is_view_source_); |
| 893 | 922 |
| 894 frame_tree_node_->ResetNavigationRequest(true, true); | 923 frame_tree_node_->ResetNavigationRequest(true, true); |
| 895 } | 924 } |
| 896 | 925 |
| 926 NavigationRequest::ContentSecurityPolicyCheckResult | |
| 927 NavigationRequest::CheckContentSecurityPolicyFrameSrc(bool is_redirect) { | |
| 928 if (common_params_.url.SchemeIs(url::kAboutScheme)) | |
| 929 return CONTENT_SECURITY_POLICY_CHECK_PASSED; | |
| 930 | |
| 931 if (common_params_.should_check_main_world_csp == | |
| 932 CSPDisposition::DO_NOT_CHECK) | |
|
nasko
2017/06/05 20:46:29
nit: two line if statement needs {}.
estark
2017/06/06 00:38:02
Done.
| |
| 933 return CONTENT_SECURITY_POLICY_CHECK_PASSED; | |
| 934 | |
| 935 // The CSP frame-src directive only applies to subframes. | |
| 936 if (frame_tree_node()->IsMainFrame()) | |
| 937 return CONTENT_SECURITY_POLICY_CHECK_PASSED; | |
| 938 | |
| 939 FrameTreeNode* parent_ftn = frame_tree_node()->parent(); | |
| 940 DCHECK(parent_ftn); | |
| 941 RenderFrameHostImpl* parent = parent_ftn->current_frame_host(); | |
| 942 DCHECK(parent); | |
| 943 | |
| 944 SourceLocation source_location; | |
| 945 if (common_params_.source_location) | |
| 946 source_location = common_params_.source_location.value(); | |
| 947 if (parent->IsAllowedByCsp(CSPDirective::FrameSrc, common_params_.url, | |
| 948 is_redirect, source_location)) { | |
|
nasko
2017/06/05 20:46:29
Can't we just pass in common_params_.source_locati
estark
2017/06/06 00:38:03
Changed to value_or
nasko
2017/06/06 01:03:44
Nice! TIL about value_or and the code does look ni
| |
| 949 return CONTENT_SECURITY_POLICY_CHECK_PASSED; | |
| 950 } | |
| 951 | |
| 952 return CONTENT_SECURITY_POLICY_CHECK_FAILED; | |
| 953 } | |
| 954 | |
| 897 } // namespace content | 955 } // namespace content |
| OLD | NEW |
