Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(317)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/common/content_security_policy/csp_source.cc

Issue 2937503002: CSP, PlzNavigate: make clear what happens with unique origins. (Closed)
Patch Set: Add web platform tests. Created 3 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « content/common/content_security_policy/csp_context.cc ('k') | content/common/content_security_policy/csp_source_list.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2017 The Chromium Authors. All rights reserved. 1 // Copyright 2017 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include <sstream> 5 #include <sstream>
6 6
7 #include "base/strings/string_util.h" 7 #include "base/strings/string_util.h"
8 #include "base/strings/utf_string_conversions.h" 8 #include "base/strings/utf_string_conversions.h"
9 #include "content/common/content_security_policy/csp_context.h" 9 #include "content/common/content_security_policy/csp_context.h"
10 #include "url/url_canon.h" 10 #include "url/url_canon.h"
(...skipping 19 matching lines...) Expand all
30 NotMatching, 30 NotMatching,
31 MatchingWildcard, 31 MatchingWildcard,
32 MatchingUpgrade, 32 MatchingUpgrade,
33 MatchingExact 33 MatchingExact
34 }; 34 };
35 enum class SchemeMatchingResult { NotMatching, MatchingUpgrade, MatchingExact }; 35 enum class SchemeMatchingResult { NotMatching, MatchingUpgrade, MatchingExact };
36 36
37 SchemeMatchingResult SourceAllowScheme(const CSPSource& source, 37 SchemeMatchingResult SourceAllowScheme(const CSPSource& source,
38 const GURL& url, 38 const GURL& url,
39 CSPContext* context) { 39 CSPContext* context) {
40 const std::string& source_scheme = 40 // The source doesn't specify a scheme and the current origin is unique. In
41 source.scheme.empty() ? context->GetSelfScheme() : source.scheme; 41 // this case, the url doesn't match regardless of its scheme.
42 if (source.scheme.empty() && !context->self_source())
43 return SchemeMatchingResult::NotMatching;
42 44
43 if (source_scheme.empty()) { 45 // |allowed_scheme| is guaranteed to be non-empty.
44 if (context->ProtocolIsSelf(url)) 46 const std::string& allowed_scheme =
45 return SchemeMatchingResult::MatchingExact; 47 source.scheme.empty() ? context->self_source()->scheme : source.scheme;
46 return SchemeMatchingResult::NotMatching;
47 }
48 48
49 if (url.SchemeIs(source_scheme)) 49 if (url.SchemeIs(allowed_scheme))
50 return SchemeMatchingResult::MatchingExact; 50 return SchemeMatchingResult::MatchingExact;
51 51
52 if ((source_scheme == url::kHttpScheme && url.SchemeIs(url::kHttpsScheme)) || 52 // Implicitly allow using a more secure version of a protocol when the
53 (source_scheme == url::kHttpScheme && 53 // non-secure one is allowed.
54 if ((allowed_scheme == url::kHttpScheme && url.SchemeIs(url::kHttpsScheme)) ||
55 (allowed_scheme == url::kHttpScheme &&
54 url.SchemeIs(url::kHttpsSuboriginScheme)) || 56 url.SchemeIs(url::kHttpsSuboriginScheme)) ||
55 (source_scheme == url::kWsScheme && url.SchemeIs(url::kWssScheme))) { 57 (allowed_scheme == url::kWsScheme && url.SchemeIs(url::kWssScheme))) {
56 return SchemeMatchingResult::MatchingUpgrade; 58 return SchemeMatchingResult::MatchingUpgrade;
57 } 59 }
58 60 if ((allowed_scheme == url::kHttpScheme &&
59 if ((source_scheme == url::kHttpScheme &&
60 url.SchemeIs(url::kHttpSuboriginScheme)) || 61 url.SchemeIs(url::kHttpSuboriginScheme)) ||
61 (source_scheme == url::kHttpsScheme && 62 (allowed_scheme == url::kHttpsScheme &&
62 url.SchemeIs(url::kHttpsSuboriginScheme))) { 63 url.SchemeIs(url::kHttpsSuboriginScheme))) {
63 return SchemeMatchingResult::MatchingExact; 64 return SchemeMatchingResult::MatchingExact;
64 } 65 }
65 66
66 return SchemeMatchingResult::NotMatching; 67 return SchemeMatchingResult::NotMatching;
67 } 68 }
68 69
69 bool SourceAllowHost(const CSPSource& source, const GURL& url) { 70 bool SourceAllowHost(const CSPSource& source, const GURL& url) {
70 if (source.is_host_wildcard) { 71 if (source.is_host_wildcard) {
71 if (source.host.empty()) 72 if (source.host.empty())
(...skipping 170 matching lines...) Expand 10 before | Expand all | Expand 10 after
242 243
243 bool CSPSource::HasHost() const { 244 bool CSPSource::HasHost() const {
244 return !host.empty() || is_host_wildcard; 245 return !host.empty() || is_host_wildcard;
245 } 246 }
246 247
247 bool CSPSource::HasPath() const { 248 bool CSPSource::HasPath() const {
248 return !path.empty(); 249 return !path.empty();
249 } 250 }
250 251
251 } // namespace content 252 } // namespace content
OLDNEW
« no previous file with comments | « content/common/content_security_policy/csp_context.cc ('k') | content/common/content_security_policy/csp_source_list.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698