third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp - Issue 2764993002: CSP: group policies in didAddContentSecurityPolicy.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp

Issue 2764993002: CSP: group policies in didAddContentSecurityPolicy. (Closed)

Patch Set: Rebase. Created 3 years, 9 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

« no previous file with comments | « third_party/WebKit/Source/core/frame/LocalFrameClient.h ('k') | third_party/WebKit/Source/web/LocalFrameClientImpl.h » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp

diff --git a/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp b/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp

index 913ef17e5fcd05b6ab3034ef5588f3a8eda7ce51..da4e0a75325ce6819838e8841bd956d6f80967d5 100644

--- a/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp

+++ b/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp

@@ -324,11 +324,10 @@ void ContentSecurityPolicy::reportAccumulatedHeaders(

// navigation got committed. See comments in

// addAndReportPolicyFromHeaderValue for more details and context.

DCHECK(client);

- for (const auto& policy : m_policies) {

- client->didAddContentSecurityPolicy(

- policy->header(), policy->headerType(), policy->headerSource(),

- {policy->exposeForNavigationalChecks()});

- }

+ WebVector<WebContentSecurityPolicy> policies(m_policies.size());

+ for (size_t i = 0; i < m_policies.size(); ++i)

+ policies[i] = m_policies[i]->exposeForNavigationalChecks();

+ client->didAddContentSecurityPolicies(policies);

}

void ContentSecurityPolicy::addAndReportPolicyFromHeaderValue(

@@ -345,15 +344,15 @@ void ContentSecurityPolicy::addAndReportPolicyFromHeaderValue(

// 2) enforce CSP in the browser process (long-term - see

// https://crbug.com/376522).

// TODO(arthursonzogni): policies are actually replicated (1) and some of

- // them are (or will) be enforced on the browser process (2). Stop doing (1)

- // when (2) is finished.

- // Zero, one or several policies could be produced by only one header.

- std::vector<blink::WebContentSecurityPolicy> policies;

- for (size_t i = previousPolicyCount; i < m_policies.size(); ++i)

- policies.push_back(m_policies[i]->exposeForNavigationalChecks());

- document()->frame()->client()->didAddContentSecurityPolicy(

- header, type, source, policies);

+ // them are enforced on the browser process (2). Stop doing (1) when (2) is

+ // finished.

+ WebVector<WebContentSecurityPolicy> policies(m_policies.size() -

+ previousPolicyCount);

+ for (size_t i = previousPolicyCount; i < m_policies.size(); ++i) {

+ policies[i - previousPolicyCount] =

+ m_policies[i]->exposeForNavigationalChecks();

+ }

+ document()->frame()->client()->didAddContentSecurityPolicies(policies);

}

« no previous file with comments | « third_party/WebKit/Source/core/frame/LocalFrameClient.h ('k') | third_party/WebKit/Source/web/LocalFrameClientImpl.h » ('j') | no next file with comments »