content/common/content_security_policy/content_security_policy.cc - Issue 2764993002: CSP: group policies in didAddContentSecurityPolicy.

Unified Diff: content/common/content_security_policy/content_security_policy.cc

Issue 2764993002: CSP: group policies in didAddContentSecurityPolicy. (Closed)

Patch Set: Rebase. Created 3 years, 9 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

« no previous file with comments | « content/common/content_security_policy/content_security_policy.h ('k') | content/common/content_security_policy/content_security_policy_unittest.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: content/common/content_security_policy/content_security_policy.cc

diff --git a/content/common/content_security_policy/content_security_policy.cc b/content/common/content_security_policy/content_security_policy.cc

index 745cb1c2fb11f3c940a7c17e6fd4a29fd38c2594..c7801000e066ab94884af0aa5a89ad2176b6eff7 100644

--- a/content/common/content_security_policy/content_security_policy.cc

+++ b/content/common/content_security_policy/content_security_policy.cc

@@ -51,7 +51,7 @@ void ReportViolation(CSPContext* context,

std::stringstream message;

- if (policy.disposition == blink::WebContentSecurityPolicyTypeReport)

+ if (policy.header.type == blink::WebContentSecurityPolicyTypeReport)

message << "[Report Only] ";

if (directive_name == CSPDirective::FormAction)

@@ -77,7 +77,8 @@ void ReportViolation(CSPContext* context,

context->ReportContentSecurityPolicyViolation(CSPViolationParams(

CSPDirective::NameToString(directive.name),

CSPDirective::NameToString(directive_name), message.str(), url,

- policy.report_endpoints, policy.header, policy.disposition, is_redirect));

+ policy.report_endpoints, policy.header.header_value, policy.header.type,

+ is_redirect));

}

bool AllowDirective(CSPContext* context,

@@ -96,20 +97,17 @@ bool AllowDirective(CSPContext* context,

} // namespace

ContentSecurityPolicy::ContentSecurityPolicy()

- : disposition(blink::WebContentSecurityPolicyTypeEnforce),

- source(blink::WebContentSecurityPolicySourceHTTP) {}

+ : header(std::string(),

+ blink::WebContentSecurityPolicyTypeEnforce,

+ blink::WebContentSecurityPolicySourceHTTP) {}

ContentSecurityPolicy::ContentSecurityPolicy(

- blink::WebContentSecurityPolicyType disposition,

- blink::WebContentSecurityPolicySource source,

+ const ContentSecurityPolicyHeader& header,

const std::vector<CSPDirective>& directives,

- const std::vector<std::string>& report_endpoints,

- const std::string& header)

- : disposition(disposition),

- source(source),

+ const std::vector<std::string>& report_endpoints)

+ : header(header),

directives(directives),

- report_endpoints(report_endpoints),

- header(header) {}

+ report_endpoints(report_endpoints) {}

ContentSecurityPolicy::ContentSecurityPolicy(const ContentSecurityPolicy&) =

default;

@@ -128,7 +126,7 @@ bool ContentSecurityPolicy::Allow(const ContentSecurityPolicy& policy,

bool allowed = AllowDirective(context, policy, directive,

directive_name, url, is_redirect);

return allowed ||

- policy.disposition == blink::WebContentSecurityPolicyTypeReport;

+ policy.header.type == blink::WebContentSecurityPolicyTypeReport;

}

current_directive_name = CSPFallback(current_directive_name);