CSP: Move policy parsing out of Document.

Source/core/dom/Document.cpp

Index: Source/core/dom/Document.cpp
diff --git a/Source/core/dom/Document.cpp b/Source/core/dom/Document.cpp
index f4b33bdbf979b63655eae795cbfd430c283a84a7..7296a39ca3c6be0d3d2967256cf1d91ccc766de3 100644
--- a/Source/core/dom/Document.cpp
+++ b/Source/core/dom/Document.cpp
@@ -4793,13 +4793,6 @@ void Document::initSecurityContext()
     initSecurityContext(DocumentInit(m_url, m_frame, contextDocument(), m_importsController));
 }
 
-static PassRefPtr<ContentSecurityPolicy> contentSecurityPolicyFor(Document* document)
-{
-    if (document->importsController())
-        return document->importsController()->master()->contentSecurityPolicy();
-    return ContentSecurityPolicy::create(document);
-}
-
 void Document::initSecurityContext(const DocumentInit& initializer)
 {
     if (haveInitializedSecurityOrigin()) {
@@ -4812,7 +4805,7 @@ void Document::initSecurityContext(const DocumentInit& initializer)
         // This can occur via document.implementation.createDocument().
         m_cookieURL = KURL(ParsedURLString, emptyString());
         setSecurityOrigin(SecurityOrigin::createUnique());
-        setContentSecurityPolicy(ContentSecurityPolicy::create(this));
+        initContentSecurityPolicy();
         return;
     }
 
@@ -4821,7 +4814,11 @@ void Document::initSecurityContext(const DocumentInit& initializer)
     m_cookieURL = m_url;
     enforceSandboxFlags(initializer.sandboxFlags());
     setSecurityOrigin(isSandboxed(SandboxOrigin) ? SecurityOrigin::createUnique() : SecurityOrigin::create(m_url));
-    setContentSecurityPolicy(contentSecurityPolicyFor(this));
+
+    // If this document is an HTML import, grab a reference to it's master document's Content Security Policy.
+    // Otherwise, the CSP object will be initialized in 'initContentSecurityPolicy'.

[sof, 2014/09/11 07:44:04]

Where do you ensure that it is being called if not an HTML import? The previous
version made it locally clear that the policy was always set; now I'm not sure.

[Mike West, 2014/09/11 08:29:13]

Hrm. What would you like to see? `initContentSecurityPolicy` is called from a
few places (see the rest of this patch); it's not clear where I could ASSERT
anything meaningful.

I could certainly create an empty policy object here, and throw it away when
`initContentSecurityPolicy` is called. That's fairly low overhead, but seems a
bit wasteful.

+    if (importsController())
+        setContentSecurityPolicy(importsController()->master()->contentSecurityPolicy());
 
     if (Settings* settings = initializer.settings()) {
         if (!settings->webSecurityEnabled()) {
@@ -4873,11 +4870,15 @@ void Document::initSecurityContext(const DocumentInit& initializer)
     setSecurityOrigin(initializer.owner()->securityOrigin());
 }
 
-void Document::initContentSecurityPolicy(const ContentSecurityPolicyResponseHeaders& headers)
+void Document::initContentSecurityPolicy(PassRefPtr<ContentSecurityPolicy> csp)
 {
+    ASSERT(!contentSecurityPolicy() || !csp);
+    setContentSecurityPolicy(csp ? csp : ContentSecurityPolicy::create());
     if (m_frame && m_frame->tree().parent() && m_frame->tree().parent()->isLocalFrame() && (shouldInheritSecurityOriginFromOwner(m_url) || isPluginDocument()))
         contentSecurityPolicy()->copyStateFrom(toLocalFrame(m_frame->tree().parent())->document()->contentSecurityPolicy());
-    contentSecurityPolicy()->didReceiveHeaders(headers);
+    if (transformSourceDocument())
+        contentSecurityPolicy()->copyStateFrom(transformSourceDocument()->contentSecurityPolicy());
+    contentSecurityPolicy()->bindToExecutionContext(this);
 }
 
 bool Document::allowInlineEventHandlers(Node* node, EventListener* listener, const String& contextURL, const WTF::OrdinalNumber& contextLine)