Index: Source/core/frame/csp/CSPDirectiveList.cpp |
diff --git a/Source/core/frame/csp/CSPDirectiveList.cpp b/Source/core/frame/csp/CSPDirectiveList.cpp |
index bcf706764911bdc82fc26771ee6bc53eda90b7ad..6c9f031ef38ab83a1101447592cf8e5a1a8a11c4 100644 |
--- a/Source/core/frame/csp/CSPDirectiveList.cpp |
+++ b/Source/core/frame/csp/CSPDirectiveList.cpp |
@@ -6,6 +6,7 @@ |
#include "core/frame/csp/CSPDirectiveList.h" |
#include "core/dom/Document.h" |
+#include "core/dom/SecurityContext.h" |
#include "core/frame/LocalFrame.h" |
#include "core/inspector/ConsoleMessage.h" |
#include "platform/Crypto.h" |
@@ -47,6 +48,7 @@ CSPDirectiveList::CSPDirectiveList(ContentSecurityPolicy* policy, ContentSecurit |
, m_didSetReferrerPolicy(false) |
, m_referrerPolicy(ReferrerPolicyDefault) |
, m_strictMixedContentCheckingEnforced(false) |
+ , m_upgradeInsecureContent(false) |
{ |
m_reportOnly = type == ContentSecurityPolicyHeaderTypeReport; |
} |
@@ -577,6 +579,18 @@ void CSPDirectiveList::enforceStrictMixedContentChecking(const String& name, con |
m_policy->reportValueForEmptyDirective(name, value); |
} |
+void CSPDirectiveList::enableInsecureContentUpgrade(const String& name, const String& value) |
+{ |
+ if (m_upgradeInsecureContent) { |
+ m_policy->reportDuplicateDirective(name); |
+ return; |
+ } |
+ m_upgradeInsecureContent = true; |
+ m_policy->setInsecureContentPolicy(m_reportOnly ? SecurityContext::InsecureContentMonitor : SecurityContext::InsecureContentUpgrade); |
+ if (!value.isEmpty()) |
+ m_policy->reportValueForEmptyDirective(name, value); |
+} |
+ |
void CSPDirectiveList::parseReflectedXSS(const String& name, const String& value) |
{ |
if (m_reflectedXSSDisposition != ReflectedXSSUnset) { |
@@ -727,6 +741,8 @@ void CSPDirectiveList::addDirective(const String& name, const String& value) |
setCSPDirective<SourceListDirective>(name, value, m_manifestSrc); |
else if (equalIgnoringCase(name, ContentSecurityPolicy::BlockAllMixedContent)) |
enforceStrictMixedContentChecking(name, value); |
+ else if (equalIgnoringCase(name, ContentSecurityPolicy::UpgradeInsecureContent)) |
Mike West
2015/02/05 13:39:34
This probably wasn't clear from the diff, but we o
Yoav Weiss
2015/02/05 13:49:13
Yeah, missed that :)
|
+ enableInsecureContentUpgrade(name, value); |
else |
m_policy->reportUnsupportedDirective(name); |
} else { |