OLD | NEW |
1 // Copyright 2017 The Chromium Authors. All rights reserved. | 1 // Copyright 2017 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "content/browser/frame_host/form_submission_throttle.h" | 5 #include "content/browser/frame_host/form_submission_throttle.h" |
6 #include "content/browser/frame_host/navigation_handle_impl.h" | 6 #include "content/browser/frame_host/navigation_handle_impl.h" |
7 #include "content/public/browser/browser_thread.h" | 7 #include "content/public/browser/browser_thread.h" |
8 #include "content/public/browser/navigation_handle.h" | 8 #include "content/public/browser/navigation_handle.h" |
9 #include "content/public/browser/navigation_throttle.h" | 9 #include "content/public/browser/navigation_throttle.h" |
10 #include "content/public/common/browser_side_navigation_policy.h" | 10 #include "content/public/common/browser_side_navigation_policy.h" |
(...skipping 42 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
53 NavigationHandleImpl* handle = | 53 NavigationHandleImpl* handle = |
54 static_cast<NavigationHandleImpl*>(navigation_handle()); | 54 static_cast<NavigationHandleImpl*>(navigation_handle()); |
55 | 55 |
56 if (handle->should_check_main_world_csp() == CSPDisposition::DO_NOT_CHECK) | 56 if (handle->should_check_main_world_csp() == CSPDisposition::DO_NOT_CHECK) |
57 return NavigationThrottle::PROCEED; | 57 return NavigationThrottle::PROCEED; |
58 | 58 |
59 const GURL& url = handle->GetURL(); | 59 const GURL& url = handle->GetURL(); |
60 RenderFrameHostImpl* render_frame = | 60 RenderFrameHostImpl* render_frame = |
61 handle->frame_tree_node()->current_frame_host(); | 61 handle->frame_tree_node()->current_frame_host(); |
62 | 62 |
| 63 // TODO(estark): Move this check into NavigationRequest and split it into (1) |
| 64 // check report-only CSP, (2) upgrade request if needed, (3) check enforced |
| 65 // CSP to match how frame-src works. https://crbug.com/713388 |
63 if (render_frame->IsAllowedByCsp(CSPDirective::FormAction, url, is_redirect, | 66 if (render_frame->IsAllowedByCsp(CSPDirective::FormAction, url, is_redirect, |
64 handle->source_location())) { | 67 handle->source_location(), |
| 68 CSPContext::CHECK_ALL_CSP)) { |
65 return NavigationThrottle::PROCEED; | 69 return NavigationThrottle::PROCEED; |
66 } | 70 } |
67 | 71 |
68 return NavigationThrottle::CANCEL; | 72 return NavigationThrottle::CANCEL; |
69 } | 73 } |
70 | 74 |
71 } // namespace content | 75 } // namespace content |
OLD | NEW |