OLD | NEW |
---|---|
1 /* | 1 /* |
2 * Copyright (C) 2011 Google, Inc. All rights reserved. | 2 * Copyright (C) 2011 Google, Inc. All rights reserved. |
3 * | 3 * |
4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
5 * modification, are permitted provided that the following conditions | 5 * modification, are permitted provided that the following conditions |
6 * are met: | 6 * are met: |
7 * 1. Redistributions of source code must retain the above copyright | 7 * 1. Redistributions of source code must retain the above copyright |
8 * notice, this list of conditions and the following disclaimer. | 8 * notice, this list of conditions and the following disclaimer. |
9 * 2. Redistributions in binary form must reproduce the above copyright | 9 * 2. Redistributions in binary form must reproduce the above copyright |
10 * notice, this list of conditions and the following disclaimer in the | 10 * notice, this list of conditions and the following disclaimer in the |
(...skipping 15 matching lines...) Expand all Loading... | |
26 #include "config.h" | 26 #include "config.h" |
27 #include "core/frame/csp/ContentSecurityPolicy.h" | 27 #include "core/frame/csp/ContentSecurityPolicy.h" |
28 | 28 |
29 #include "bindings/core/v8/ScriptCallStackFactory.h" | 29 #include "bindings/core/v8/ScriptCallStackFactory.h" |
30 #include "bindings/core/v8/ScriptController.h" | 30 #include "bindings/core/v8/ScriptController.h" |
31 #include "core/dom/DOMStringList.h" | 31 #include "core/dom/DOMStringList.h" |
32 #include "core/dom/Document.h" | 32 #include "core/dom/Document.h" |
33 #include "core/events/SecurityPolicyViolationEvent.h" | 33 #include "core/events/SecurityPolicyViolationEvent.h" |
34 #include "core/frame/LocalDOMWindow.h" | 34 #include "core/frame/LocalDOMWindow.h" |
35 #include "core/frame/LocalFrame.h" | 35 #include "core/frame/LocalFrame.h" |
36 #include "core/frame/Settings.h" | |
36 #include "core/frame/UseCounter.h" | 37 #include "core/frame/UseCounter.h" |
37 #include "core/frame/csp/CSPDirectiveList.h" | 38 #include "core/frame/csp/CSPDirectiveList.h" |
38 #include "core/frame/csp/CSPSource.h" | 39 #include "core/frame/csp/CSPSource.h" |
39 #include "core/frame/csp/CSPSourceList.h" | 40 #include "core/frame/csp/CSPSourceList.h" |
40 #include "core/frame/csp/MediaListDirective.h" | 41 #include "core/frame/csp/MediaListDirective.h" |
41 #include "core/frame/csp/SourceListDirective.h" | 42 #include "core/frame/csp/SourceListDirective.h" |
42 #include "core/inspector/ConsoleMessage.h" | 43 #include "core/inspector/ConsoleMessage.h" |
43 #include "core/inspector/InspectorInstrumentation.h" | 44 #include "core/inspector/InspectorInstrumentation.h" |
44 #include "core/inspector/ScriptCallStack.h" | 45 #include "core/inspector/ScriptCallStack.h" |
45 #include "core/loader/DocumentLoader.h" | 46 #include "core/loader/DocumentLoader.h" |
(...skipping 595 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
641 | 642 |
642 void ContentSecurityPolicy::reportViolation(const String& directiveText, const S tring& effectiveDirective, const String& consoleMessage, const KURL& blockedURL, const Vector<String>& reportEndpoints, const String& header, LocalFrame* contex tFrame) | 643 void ContentSecurityPolicy::reportViolation(const String& directiveText, const S tring& effectiveDirective, const String& consoleMessage, const KURL& blockedURL, const Vector<String>& reportEndpoints, const String& header, LocalFrame* contex tFrame) |
643 { | 644 { |
644 ASSERT((m_executionContext && !contextFrame) || (equalIgnoringCase(effective Directive, ContentSecurityPolicy::FrameAncestors) && contextFrame)); | 645 ASSERT((m_executionContext && !contextFrame) || (equalIgnoringCase(effective Directive, ContentSecurityPolicy::FrameAncestors) && contextFrame)); |
645 | 646 |
646 // FIXME: Support sending reports from worker. | 647 // FIXME: Support sending reports from worker. |
647 Document* document = contextFrame ? contextFrame->document() : this->documen t(); | 648 Document* document = contextFrame ? contextFrame->document() : this->documen t(); |
648 if (!document) | 649 if (!document) |
649 return; | 650 return; |
650 | 651 |
652 if (document->settings()->CSPViolationReportsUploadOptOut()) | |
Mike West
2014/09/24 09:07:55
This should happen after the DOM Event fires on li
Mayur Kankanwadi
2014/09/25 08:40:37
Done.
| |
653 return; | |
654 | |
651 LocalFrame* frame = document->frame(); | 655 LocalFrame* frame = document->frame(); |
652 if (!frame) | 656 if (!frame) |
653 return; | 657 return; |
654 | 658 |
655 SecurityPolicyViolationEventInit violationData; | 659 SecurityPolicyViolationEventInit violationData; |
656 gatherSecurityPolicyViolationEventData(violationData, document, directiveTex t, effectiveDirective, blockedURL, header); | 660 gatherSecurityPolicyViolationEventData(violationData, document, directiveTex t, effectiveDirective, blockedURL, header); |
657 | 661 |
658 if (experimentalFeaturesEnabled()) | 662 if (experimentalFeaturesEnabled()) |
659 frame->domWindow()->enqueueDocumentEvent(SecurityPolicyViolationEvent::c reate(EventTypeNames::securitypolicyviolation, violationData)); | 663 frame->domWindow()->enqueueDocumentEvent(SecurityPolicyViolationEvent::c reate(EventTypeNames::securitypolicyviolation, violationData)); |
660 | 664 |
(...skipping 207 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
868 // Collisions have no security impact, so we can save space by storing only the string's hash rather than the whole report. | 872 // Collisions have no security impact, so we can save space by storing only the string's hash rather than the whole report. |
869 return !m_violationReportsSent.contains(report.impl()->hash()); | 873 return !m_violationReportsSent.contains(report.impl()->hash()); |
870 } | 874 } |
871 | 875 |
872 void ContentSecurityPolicy::didSendViolationReport(const String& report) | 876 void ContentSecurityPolicy::didSendViolationReport(const String& report) |
873 { | 877 { |
874 m_violationReportsSent.add(report.impl()->hash()); | 878 m_violationReportsSent.add(report.impl()->hash()); |
875 } | 879 } |
876 | 880 |
877 } // namespace blink | 881 } // namespace blink |
OLD | NEW |