OLD | NEW |
1 // Copyright 2017 The Chromium Authors. All rights reserved. | 1 // Copyright 2017 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "content/common/content_security_policy/csp_context.h" | 5 #include "content/common/content_security_policy/csp_context.h" |
6 | 6 |
7 namespace content { | 7 namespace content { |
8 | 8 |
| 9 namespace { |
| 10 |
| 11 // Helper function that returns true if |policy| should be checked under |
| 12 // |check_csp_disposition|. |
| 13 bool ShouldCheckPolicy(const ContentSecurityPolicy& policy, |
| 14 CSPContext::CheckCSPDisposition check_csp_disposition) { |
| 15 switch (check_csp_disposition) { |
| 16 case CSPContext::CHECK_REPORT_ONLY_CSP: |
| 17 return policy.header.type == blink::kWebContentSecurityPolicyTypeReport; |
| 18 case CSPContext::CHECK_ENFORCED_CSP: |
| 19 return policy.header.type == blink::kWebContentSecurityPolicyTypeEnforce; |
| 20 case CSPContext::CHECK_ALL_CSP: |
| 21 return true; |
| 22 } |
| 23 NOTREACHED(); |
| 24 return true; |
| 25 } |
| 26 |
| 27 } // namespace |
| 28 |
9 CSPContext::CSPContext() : has_self_(false) {} | 29 CSPContext::CSPContext() : has_self_(false) {} |
10 | 30 |
11 CSPContext::~CSPContext() {} | 31 CSPContext::~CSPContext() {} |
12 | 32 |
13 bool CSPContext::IsAllowedByCsp(CSPDirective::Name directive_name, | 33 bool CSPContext::IsAllowedByCsp(CSPDirective::Name directive_name, |
14 const GURL& url, | 34 const GURL& url, |
15 bool is_redirect, | 35 bool is_redirect, |
16 const SourceLocation& source_location) { | 36 const SourceLocation& source_location, |
| 37 CheckCSPDisposition check_csp_disposition) { |
17 if (SchemeShouldBypassCSP(url.scheme_piece())) | 38 if (SchemeShouldBypassCSP(url.scheme_piece())) |
18 return true; | 39 return true; |
19 | 40 |
20 bool allow = true; | 41 bool allow = true; |
21 for (const auto& policy : policies_) { | 42 for (const auto& policy : policies_) { |
22 allow &= ContentSecurityPolicy::Allow(policy, directive_name, url, | 43 if (ShouldCheckPolicy(policy, check_csp_disposition)) { |
23 is_redirect, this, source_location); | 44 allow &= ContentSecurityPolicy::Allow(policy, directive_name, url, |
| 45 is_redirect, this, source_location); |
| 46 } |
24 } | 47 } |
25 return allow; | 48 return allow; |
26 } | 49 } |
27 | 50 |
| 51 bool CSPContext::ShouldModifyRequestUrlForCsp( |
| 52 const GURL& url, |
| 53 bool is_subresource_or_form_submission, |
| 54 GURL* new_url) { |
| 55 for (const auto& policy : policies_) { |
| 56 if (url.scheme() == "http" && |
| 57 ContentSecurityPolicy::ShouldUpgradeInsecureRequest(policy) && |
| 58 is_subresource_or_form_submission) { |
| 59 *new_url = url; |
| 60 GURL::Replacements replacements; |
| 61 replacements.SetSchemeStr("https"); |
| 62 if (url.port() == "80") |
| 63 replacements.SetPortStr("443"); |
| 64 *new_url = new_url->ReplaceComponents(replacements); |
| 65 return true; |
| 66 } |
| 67 } |
| 68 return false; |
| 69 } |
| 70 |
28 void CSPContext::SetSelf(const url::Origin origin) { | 71 void CSPContext::SetSelf(const url::Origin origin) { |
29 if (origin.unique()) { | 72 if (origin.unique()) { |
30 // TODO(arthursonzogni): Decide what to do with unique origins. | 73 // TODO(arthursonzogni): Decide what to do with unique origins. |
31 has_self_ = false; | 74 has_self_ = false; |
32 return; | 75 return; |
33 } | 76 } |
34 | 77 |
35 if (origin.scheme() == url::kFileScheme) { | 78 if (origin.scheme() == url::kFileScheme) { |
36 has_self_ = true; | 79 has_self_ = true; |
37 self_scheme_ = url::kFileScheme; | 80 self_scheme_ = url::kFileScheme; |
(...skipping 68 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
106 disposition(disposition), | 149 disposition(disposition), |
107 after_redirect(after_redirect), | 150 after_redirect(after_redirect), |
108 source_location(source_location) {} | 151 source_location(source_location) {} |
109 | 152 |
110 CSPViolationParams::CSPViolationParams(const CSPViolationParams& other) = | 153 CSPViolationParams::CSPViolationParams(const CSPViolationParams& other) = |
111 default; | 154 default; |
112 | 155 |
113 CSPViolationParams::~CSPViolationParams() {} | 156 CSPViolationParams::~CSPViolationParams() {} |
114 | 157 |
115 } // namespace content | 158 } // namespace content |
OLD | NEW |