OLD | NEW |
1 // Copyright 2017 The Chromium Authors. All rights reserved. | 1 // Copyright 2017 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "content/common/content_security_policy/csp_context.h" | 5 #include "content/common/content_security_policy/csp_context.h" |
6 | 6 |
7 namespace content { | 7 namespace content { |
8 | 8 |
9 namespace { | 9 namespace { |
10 | 10 |
11 // Helper function that returns true if |policy| should be checked under | 11 // Helper function that returns true if |policy| should be checked under |
12 // |check_csp_disposition|. | 12 // |check_csp_disposition|. |
13 bool ShouldCheckPolicy(const ContentSecurityPolicy& policy, | 13 bool ShouldCheckPolicy(const ContentSecurityPolicy& policy, |
14 CSPContext::CheckCSPDisposition check_csp_disposition) { | 14 CSPContext::CheckCSPDisposition check_csp_disposition) { |
15 switch (check_csp_disposition) { | 15 switch (check_csp_disposition) { |
16 case CSPContext::CHECK_REPORT_ONLY_CSP: | 16 case CSPContext::CHECK_REPORT_ONLY_CSP: |
17 return policy.header.type == blink::kWebContentSecurityPolicyTypeReport; | 17 return policy.header.type == blink::kWebContentSecurityPolicyTypeReport; |
18 case CSPContext::CHECK_ENFORCED_CSP: | 18 case CSPContext::CHECK_ENFORCED_CSP: |
19 return policy.header.type == blink::kWebContentSecurityPolicyTypeEnforce; | 19 return policy.header.type == blink::kWebContentSecurityPolicyTypeEnforce; |
20 case CSPContext::CHECK_ALL_CSP: | 20 case CSPContext::CHECK_ALL_CSP: |
21 return true; | 21 return true; |
22 } | 22 } |
23 NOTREACHED(); | 23 NOTREACHED(); |
24 return true; | 24 return true; |
25 } | 25 } |
26 | 26 |
27 } // namespace | 27 } // namespace |
28 | 28 |
29 CSPContext::CSPContext() : has_self_(false) {} | 29 CSPContext::CSPContext() {} |
30 | |
31 CSPContext::~CSPContext() {} | 30 CSPContext::~CSPContext() {} |
32 | 31 |
33 bool CSPContext::IsAllowedByCsp(CSPDirective::Name directive_name, | 32 bool CSPContext::IsAllowedByCsp(CSPDirective::Name directive_name, |
34 const GURL& url, | 33 const GURL& url, |
35 bool is_redirect, | 34 bool is_redirect, |
36 const SourceLocation& source_location, | 35 const SourceLocation& source_location, |
37 CheckCSPDisposition check_csp_disposition) { | 36 CheckCSPDisposition check_csp_disposition) { |
38 if (SchemeShouldBypassCSP(url.scheme_piece())) | 37 if (SchemeShouldBypassCSP(url.scheme_piece())) |
39 return true; | 38 return true; |
40 | 39 |
(...skipping 21 matching lines...) Expand all Loading... |
62 if (url.port() == "80") | 61 if (url.port() == "80") |
63 replacements.SetPortStr("443"); | 62 replacements.SetPortStr("443"); |
64 *new_url = new_url->ReplaceComponents(replacements); | 63 *new_url = new_url->ReplaceComponents(replacements); |
65 return true; | 64 return true; |
66 } | 65 } |
67 } | 66 } |
68 return false; | 67 return false; |
69 } | 68 } |
70 | 69 |
71 void CSPContext::SetSelf(const url::Origin origin) { | 70 void CSPContext::SetSelf(const url::Origin origin) { |
72 if (origin.unique()) { | 71 self_source_.reset(); |
73 // TODO(arthursonzogni): Decide what to do with unique origins. | 72 |
74 has_self_ = false; | 73 // When the origin is unique, no URL should match with 'self'. That's why |
| 74 // |self_source_| stays undefined here. |
| 75 if (origin.unique()) |
75 return; | 76 return; |
76 } | |
77 | 77 |
78 if (origin.scheme() == url::kFileScheme) { | 78 if (origin.scheme() == url::kFileScheme) { |
79 has_self_ = true; | |
80 self_scheme_ = url::kFileScheme; | |
81 self_source_ = CSPSource(url::kFileScheme, "", false, url::PORT_UNSPECIFIED, | 79 self_source_ = CSPSource(url::kFileScheme, "", false, url::PORT_UNSPECIFIED, |
82 false, ""); | 80 false, ""); |
83 return; | 81 return; |
84 } | 82 } |
85 | 83 |
86 has_self_ = true; | |
87 self_scheme_ = origin.scheme(); | |
88 self_source_ = CSPSource( | 84 self_source_ = CSPSource( |
89 origin.scheme(), origin.host(), false, | 85 origin.scheme(), origin.host(), false, |
90 origin.port() == 0 ? url::PORT_UNSPECIFIED : origin.port(), // port | 86 origin.port() == 0 ? url::PORT_UNSPECIFIED : origin.port(), false, ""); |
91 false, ""); | |
92 } | |
93 | 87 |
94 bool CSPContext::AllowSelf(const GURL& url) { | 88 DCHECK_NE("", self_source_->scheme); |
95 return has_self_ && CSPSource::Allow(self_source_, url, this); | |
96 } | |
97 | |
98 bool CSPContext::ProtocolIsSelf(const GURL& url) { | |
99 if (!has_self_) | |
100 return false; | |
101 return url.SchemeIs(self_scheme_); | |
102 } | |
103 | |
104 const std::string& CSPContext::GetSelfScheme() { | |
105 return self_scheme_; | |
106 } | 89 } |
107 | 90 |
108 bool CSPContext::SchemeShouldBypassCSP(const base::StringPiece& scheme) { | 91 bool CSPContext::SchemeShouldBypassCSP(const base::StringPiece& scheme) { |
109 return false; | 92 return false; |
110 } | 93 } |
111 | 94 |
112 void CSPContext::SanitizeDataForUseInCspViolation( | 95 void CSPContext::SanitizeDataForUseInCspViolation( |
113 bool is_redirect, | 96 bool is_redirect, |
114 CSPDirective::Name directive, | 97 CSPDirective::Name directive, |
115 GURL* blocked_url, | 98 GURL* blocked_url, |
116 SourceLocation* source_location) const { | 99 SourceLocation* source_location) const { |
117 return; | 100 return; |
118 } | 101 } |
119 | 102 |
120 bool CSPContext::SelfSchemeShouldBypassCsp() { | |
121 if (!has_self_) | |
122 return false; | |
123 return SchemeShouldBypassCSP(self_scheme_); | |
124 } | |
125 | |
126 void CSPContext::ReportContentSecurityPolicyViolation( | 103 void CSPContext::ReportContentSecurityPolicyViolation( |
127 const CSPViolationParams& violation_params) { | 104 const CSPViolationParams& violation_params) { |
128 return; | 105 return; |
129 } | 106 } |
130 | 107 |
131 CSPViolationParams::CSPViolationParams() = default; | 108 CSPViolationParams::CSPViolationParams() = default; |
132 | 109 |
133 CSPViolationParams::CSPViolationParams( | 110 CSPViolationParams::CSPViolationParams( |
134 const std::string& directive, | 111 const std::string& directive, |
135 const std::string& effective_directive, | 112 const std::string& effective_directive, |
(...skipping 13 matching lines...) Expand all Loading... |
149 disposition(disposition), | 126 disposition(disposition), |
150 after_redirect(after_redirect), | 127 after_redirect(after_redirect), |
151 source_location(source_location) {} | 128 source_location(source_location) {} |
152 | 129 |
153 CSPViolationParams::CSPViolationParams(const CSPViolationParams& other) = | 130 CSPViolationParams::CSPViolationParams(const CSPViolationParams& other) = |
154 default; | 131 default; |
155 | 132 |
156 CSPViolationParams::~CSPViolationParams() {} | 133 CSPViolationParams::~CSPViolationParams() {} |
157 | 134 |
158 } // namespace content | 135 } // namespace content |
OLD | NEW |