Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1118)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: trunk/Source/core/frame/csp/ContentSecurityPolicy.cpp

Issue 418783002: Revert 178571 "Teach ContentSecurityPolicy about WebURLRequest::..." (Closed) Base URL: svn://svn.chromium.org/blink/
Patch Set: Created 6 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « trunk/Source/core/frame/csp/ContentSecurityPolicy.h ('k') | trunk/Source/core/html/parser/HTMLResourcePreloader.cpp » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: trunk/Source/core/frame/csp/ContentSecurityPolicy.cpp
===================================================================
--- trunk/Source/core/frame/csp/ContentSecurityPolicy.cpp (revision 178796)
+++ trunk/Source/core/frame/csp/ContentSecurityPolicy.cpp (working copy)
@@ -421,78 +421,6 @@
m_styleHashAlgorithmsUsed |= algorithms;
}
-bool ContentSecurityPolicy::allowFromSource(const KURL& url, blink::WebURLRequest::RequestContext requestContext, ContentSecurityPolicy::ReportingStatus reportingStatus) const
-{
- switch (requestContext) {
- case blink::WebURLRequest::RequestContextFrame:
- case blink::WebURLRequest::RequestContextIframe:
- return allowChildFrameFromSource(url, reportingStatus);
-
- case blink::WebURLRequest::RequestContextEmbed:
- case blink::WebURLRequest::RequestContextObject:
- return allowObjectFromSource(url, reportingStatus);
-
- case blink::WebURLRequest::RequestContextFont:
- return allowFontFromSource(url, reportingStatus);
-
- case blink::WebURLRequest::RequestContextStyle:
- return allowStyleFromSource(url, reportingStatus);
-
- case blink::WebURLRequest::RequestContextBeacon:
- case blink::WebURLRequest::RequestContextForm:
- case blink::WebURLRequest::RequestContextPing:
- return allowFormAction(url, reportingStatus);
-
- case blink::WebURLRequest::RequestContextFavicon:
- case blink::WebURLRequest::RequestContextImage:
- return allowImageFromSource(url, reportingStatus);
-
- case blink::WebURLRequest::RequestContextAudio:
- case blink::WebURLRequest::RequestContextVideo:
- case blink::WebURLRequest::RequestContextTrack:
- return allowMediaFromSource(url, reportingStatus);
-
- case blink::WebURLRequest::RequestContextXSLT:
- ASSERT(RuntimeEnabledFeatures::xsltEnabled());
- case blink::WebURLRequest::RequestContextScript:
- return allowScriptFromSource(url, reportingStatus);
-
- case blink::WebURLRequest::RequestContextServiceWorker:
- case blink::WebURLRequest::RequestContextSharedWorker:
- case blink::WebURLRequest::RequestContextWorker:
- return allowWorkerContextFromSource(url, reportingStatus);
-
- case blink::WebURLRequest::RequestContextEventSource:
- case blink::WebURLRequest::RequestContextFetch:
- case blink::WebURLRequest::RequestContextXMLHttpRequest:
- return allowConnectToSource(url, reportingStatus);
-
- // FIXME: Evaluate whether or not we can start applying 'object-src' restrictions to PPAPI requests, now that we can distinguish them.
- case blink::WebURLRequest::RequestContextPlugin:
- if (Document* document = this->document()) {
- UseCounter::count(*document, allowObjectFromSource(url, SuppressReport) ? UseCounter::PPAPIRequestAllowedByObjectSrc : UseCounter::PPAPIRequestBypassedObjectSrc);
- }
- return true;
-
- // FIXME: We should implement 'manifest-src' or something similar: http://w3c.github.io/manifest/#content-security-policy
- case blink::WebURLRequest::RequestContextManifest:
- return true;
-
- // These resource types aren't directly affected by CSP:
- case blink::WebURLRequest::RequestContextCSPReport:
- case blink::WebURLRequest::RequestContextDownload:
- case blink::WebURLRequest::RequestContextHyperlink:
- case blink::WebURLRequest::RequestContextInternal:
- case blink::WebURLRequest::RequestContextLocation:
- case blink::WebURLRequest::RequestContextPrefetch:
- case blink::WebURLRequest::RequestContextSubresource:
- case blink::WebURLRequest::RequestContextUnspecified:
- return true;
- }
- ASSERT_NOT_REACHED();
- return false;
-}
-
bool ContentSecurityPolicy::allowObjectFromSource(const KURL& url, ContentSecurityPolicy::ReportingStatus reportingStatus) const
{
return isAllowedByAllWithURL<&CSPDirectiveList::allowObjectFromSource>(m_policies, url, reportingStatus);
« no previous file with comments | « trunk/Source/core/frame/csp/ContentSecurityPolicy.h ('k') | trunk/Source/core/html/parser/HTMLResourcePreloader.cpp » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698