OLD | NEW |
1 // Copyright 2017 The Chromium Authors. All rights reserved. | 1 // Copyright 2017 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include <sstream> | 5 #include <sstream> |
6 | 6 |
7 #include "base/strings/string_util.h" | 7 #include "base/strings/string_util.h" |
8 #include "base/strings/utf_string_conversions.h" | 8 #include "base/strings/utf_string_conversions.h" |
9 #include "content/common/content_security_policy/csp_context.h" | 9 #include "content/common/content_security_policy/csp_context.h" |
10 #include "url/url_canon.h" | 10 #include "url/url_canon.h" |
(...skipping 19 matching lines...) Expand all Loading... |
30 NotMatching, | 30 NotMatching, |
31 MatchingWildcard, | 31 MatchingWildcard, |
32 MatchingUpgrade, | 32 MatchingUpgrade, |
33 MatchingExact | 33 MatchingExact |
34 }; | 34 }; |
35 enum class SchemeMatchingResult { NotMatching, MatchingUpgrade, MatchingExact }; | 35 enum class SchemeMatchingResult { NotMatching, MatchingUpgrade, MatchingExact }; |
36 | 36 |
37 SchemeMatchingResult SourceAllowScheme(const CSPSource& source, | 37 SchemeMatchingResult SourceAllowScheme(const CSPSource& source, |
38 const GURL& url, | 38 const GURL& url, |
39 CSPContext* context) { | 39 CSPContext* context) { |
40 const std::string& source_scheme = | 40 // The source doesn't specify a scheme and the current origin is unique. In |
41 source.scheme.empty() ? context->GetSelfScheme() : source.scheme; | 41 // this case, the url doesn't match regardless of its scheme. |
| 42 if (source.scheme.empty() && !context->self_source()) |
| 43 return SchemeMatchingResult::NotMatching; |
42 | 44 |
43 if (source_scheme.empty()) { | 45 // |allowed_scheme| is guaranteed to be non-empty. |
44 if (context->ProtocolIsSelf(url)) | 46 const std::string& allowed_scheme = |
45 return SchemeMatchingResult::MatchingExact; | 47 source.scheme.empty() ? context->self_source()->scheme : source.scheme; |
46 return SchemeMatchingResult::NotMatching; | |
47 } | |
48 | 48 |
49 if (url.SchemeIs(source_scheme)) | 49 if (url.SchemeIs(allowed_scheme)) |
50 return SchemeMatchingResult::MatchingExact; | 50 return SchemeMatchingResult::MatchingExact; |
51 | 51 |
52 if ((source_scheme == url::kHttpScheme && url.SchemeIs(url::kHttpsScheme)) || | 52 // Implicitly allow using a more secure version of a protocol when the |
53 (source_scheme == url::kHttpScheme && | 53 // non-secure one is allowed. |
| 54 if ((allowed_scheme == url::kHttpScheme && url.SchemeIs(url::kHttpsScheme)) || |
| 55 (allowed_scheme == url::kHttpScheme && |
54 url.SchemeIs(url::kHttpsSuboriginScheme)) || | 56 url.SchemeIs(url::kHttpsSuboriginScheme)) || |
55 (source_scheme == url::kWsScheme && url.SchemeIs(url::kWssScheme))) { | 57 (allowed_scheme == url::kWsScheme && url.SchemeIs(url::kWssScheme))) { |
56 return SchemeMatchingResult::MatchingUpgrade; | 58 return SchemeMatchingResult::MatchingUpgrade; |
57 } | 59 } |
58 | 60 if ((allowed_scheme == url::kHttpScheme && |
59 if ((source_scheme == url::kHttpScheme && | |
60 url.SchemeIs(url::kHttpSuboriginScheme)) || | 61 url.SchemeIs(url::kHttpSuboriginScheme)) || |
61 (source_scheme == url::kHttpsScheme && | 62 (allowed_scheme == url::kHttpsScheme && |
62 url.SchemeIs(url::kHttpsSuboriginScheme))) { | 63 url.SchemeIs(url::kHttpsSuboriginScheme))) { |
63 return SchemeMatchingResult::MatchingExact; | 64 return SchemeMatchingResult::MatchingExact; |
64 } | 65 } |
65 | 66 |
66 return SchemeMatchingResult::NotMatching; | 67 return SchemeMatchingResult::NotMatching; |
67 } | 68 } |
68 | 69 |
69 bool SourceAllowHost(const CSPSource& source, const GURL& url) { | 70 bool SourceAllowHost(const CSPSource& source, const GURL& url) { |
70 if (source.is_host_wildcard) { | 71 if (source.is_host_wildcard) { |
71 if (source.host.empty()) | 72 if (source.host.empty()) |
(...skipping 170 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
242 | 243 |
243 bool CSPSource::HasHost() const { | 244 bool CSPSource::HasHost() const { |
244 return !host.empty() || is_host_wildcard; | 245 return !host.empty() || is_host_wildcard; |
245 } | 246 } |
246 | 247 |
247 bool CSPSource::HasPath() const { | 248 bool CSPSource::HasPath() const { |
248 return !path.empty(); | 249 return !path.empty(); |
249 } | 250 } |
250 | 251 |
251 } // namespace content | 252 } // namespace content |
OLD | NEW |