Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(115)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/common/content_security_policy/content_security_policy.cc

Issue 2910573002: Implement upgrade-insecure-requests in browser for frame requests (Closed)
Patch Set: rebase Created 3 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « content/common/content_security_policy/content_security_policy.h ('k') | content/common/content_security_policy/content_security_policy_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2017 The Chromium Authors. All rights reserved. 1 // Copyright 2017 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include <sstream> 5 #include <sstream>
6 #include "base/strings/string_split.h" 6 #include "base/strings/string_split.h"
7 #include "base/strings/string_util.h" 7 #include "base/strings/string_util.h"
8 #include "content/common/content_security_policy/csp_context.h" 8 #include "content/common/content_security_policy/csp_context.h"
9 9
10 namespace content { 10 namespace content {
11 11
12 namespace { 12 namespace {
13 13
14 static CSPDirective::Name CSPFallback(CSPDirective::Name directive) { 14 static CSPDirective::Name CSPFallback(CSPDirective::Name directive) {
15 switch (directive) { 15 switch (directive) {
16 case CSPDirective::DefaultSrc: 16 case CSPDirective::DefaultSrc:
17 case CSPDirective::FormAction: 17 case CSPDirective::FormAction:
18 case CSPDirective::UpgradeInsecureRequests:
18 return CSPDirective::Unknown; 19 return CSPDirective::Unknown;
19 20
20 case CSPDirective::FrameSrc: 21 case CSPDirective::FrameSrc:
21 return CSPDirective::ChildSrc; 22 return CSPDirective::ChildSrc;
22 23
23 case CSPDirective::ChildSrc: 24 case CSPDirective::ChildSrc:
24 return CSPDirective::DefaultSrc; 25 return CSPDirective::DefaultSrc;
25 26
26 case CSPDirective::Unknown: 27 case CSPDirective::Unknown:
27 NOTREACHED(); 28 NOTREACHED();
(...skipping 151 matching lines...) Expand 10 before | Expand all | Expand 10 after
179 text << "; "; 180 text << "; ";
180 is_first_policy = false; 181 is_first_policy = false;
181 text << "report-uri"; 182 text << "report-uri";
182 for (const std::string& endpoint : report_endpoints) 183 for (const std::string& endpoint : report_endpoints)
183 text << " " << endpoint; 184 text << " " << endpoint;
184 } 185 }
185 186
186 return text.str(); 187 return text.str();
187 } 188 }
188 189
190 // static
191 bool ContentSecurityPolicy::ShouldUpgradeInsecureRequest(
192 const ContentSecurityPolicy& policy) {
193 for (const CSPDirective& directive : policy.directives) {
194 if (directive.name == CSPDirective::UpgradeInsecureRequests)
195 return true;
196 }
197 return false;
198 }
199
189 } // namespace content 200 } // namespace content
OLDNEW
« no previous file with comments | « content/common/content_security_policy/content_security_policy.h ('k') | content/common/content_security_policy/content_security_policy_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698