Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(74)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: Source/core/frame/csp/CSPSource.cpp

Issue 549163003: CSP: Change 'self' to ask the policy object whether a URL matches. (Closed) Base URL: svn://svn.chromium.org/blink/trunk
Patch Set: httpfamily Created 6 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « no previous file | Source/core/frame/csp/CSPSourceList.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "config.h" 5 #include "config.h"
6 #include "core/frame/csp/CSPSource.h" 6 #include "core/frame/csp/CSPSource.h"
7 7
8 #include "core/frame/csp/ContentSecurityPolicy.h" 8 #include "core/frame/csp/ContentSecurityPolicy.h"
9 #include "platform/weborigin/KURL.h" 9 #include "platform/weborigin/KURL.h"
10 #include "platform/weborigin/KnownPorts.h" 10 #include "platform/weborigin/KnownPorts.h"
(...skipping 17 matching lines...) Expand all
28 { 28 {
29 if (!schemeMatches(url)) 29 if (!schemeMatches(url))
30 return false; 30 return false;
31 if (isSchemeOnly()) 31 if (isSchemeOnly())
32 return true; 32 return true;
33 return hostMatches(url) && portMatches(url) && pathMatches(url); 33 return hostMatches(url) && portMatches(url) && pathMatches(url);
34 } 34 }
35 35
36 bool CSPSource::schemeMatches(const KURL& url) const 36 bool CSPSource::schemeMatches(const KURL& url) const
37 { 37 {
38 if (m_scheme.isEmpty()) { 38 if (m_scheme.isEmpty())
39 String protectedResourceScheme(m_policy->securityOrigin()->protocol()); 39 return m_policy->protocolMatchesSelf(url);
40 if (equalIgnoringCase("http", protectedResourceScheme))
41 return url.protocolIs("http") || url.protocolIs("https");
42 return equalIgnoringCase(url.protocol(), protectedResourceScheme);
43 }
44 return equalIgnoringCase(url.protocol(), m_scheme); 40 return equalIgnoringCase(url.protocol(), m_scheme);
45 } 41 }
46 42
47 bool CSPSource::hostMatches(const KURL& url) const 43 bool CSPSource::hostMatches(const KURL& url) const
48 { 44 {
49 const String& host = url.host(); 45 const String& host = url.host();
50 if (equalIgnoringCase(host, m_host)) 46 if (equalIgnoringCase(host, m_host))
51 return true; 47 return true;
52 return m_hostHasWildcard && host.endsWith("." + m_host, false); 48 return m_hostHasWildcard && host.endsWith("." + m_host, false);
53 49
(...skipping 30 matching lines...) Expand all
84 80
85 return false; 81 return false;
86 } 82 }
87 83
88 bool CSPSource::isSchemeOnly() const 84 bool CSPSource::isSchemeOnly() const
89 { 85 {
90 return m_host.isEmpty(); 86 return m_host.isEmpty();
91 } 87 }
92 88
93 } // namespace 89 } // namespace
OLDNEW
« no previous file with comments | « no previous file | Source/core/frame/csp/CSPSourceList.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698