1d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)/* 2d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) * Copyright (C) 2011 Google, Inc. All rights reserved. 3d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) * 4d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) * Redistribution and use in source and binary forms, with or without 5d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) * modification, are permitted provided that the following conditions 6d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) * are met: 7d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) * 1. Redistributions of source code must retain the above copyright 8d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) * notice, this list of conditions and the following disclaimer. 9d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) * 2. Redistributions in binary form must reproduce the above copyright 10d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) * notice, this list of conditions and the following disclaimer in the 11d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) * documentation and/or other materials provided with the distribution. 12d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) * 13d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) * THIS SOFTWARE IS PROVIDED BY GOOGLE INC. ``AS IS'' AND ANY 14d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 16d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE COMPUTER, INC. OR 17d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 18d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 19d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 20d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY 21d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 22d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 23d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) */ 25d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 26d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)#include "config.h" 27d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)#include "core/frame/csp/ContentSecurityPolicy.h" 28d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 29197021e6b966cfb06891637935ef33fff06433d1Ben Murdoch#include "bindings/core/v8/ScriptCallStackFactory.h" 30197021e6b966cfb06891637935ef33fff06433d1Ben Murdoch#include "bindings/core/v8/ScriptController.h" 31d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)#include "core/dom/DOMStringList.h" 32d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)#include "core/dom/Document.h" 33d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)#include "core/events/SecurityPolicyViolationEvent.h" 3476c265b59aa821ccbf8c75ab2bb0d036e97d2956Torne (Richard Coles)#include "core/frame/LocalDOMWindow.h" 35d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)#include "core/frame/LocalFrame.h" 36d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)#include "core/frame/UseCounter.h" 37d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)#include "core/frame/csp/CSPDirectiveList.h" 38d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)#include "core/frame/csp/CSPSource.h" 39d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)#include "core/frame/csp/CSPSourceList.h" 40d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)#include "core/frame/csp/MediaListDirective.h" 41d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)#include "core/frame/csp/SourceListDirective.h" 42e38fbeeb576b5094e34e038ab88d9d6a5c5c2214Torne (Richard Coles)#include "core/inspector/ConsoleMessage.h" 43d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)#include "core/inspector/InspectorInstrumentation.h" 44d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)#include "core/inspector/ScriptCallStack.h" 45d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)#include "core/loader/DocumentLoader.h" 46d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)#include "core/loader/PingLoader.h" 47a9984bf9ddc3cf73fdae3f29134a2bab379e7029Ben Murdoch#include "platform/Crypto.h" 48d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)#include "platform/JSONValues.h" 49d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)#include "platform/NotImplemented.h" 50d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)#include "platform/ParsingUtilities.h" 515d92fedcae5e801a8b224de090094f2d9df0b54aTorne (Richard Coles)#include "platform/RuntimeEnabledFeatures.h" 52d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)#include "platform/network/ContentSecurityPolicyParsers.h" 53d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)#include "platform/network/ContentSecurityPolicyResponseHeaders.h" 54d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)#include "platform/network/FormData.h" 55d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)#include "platform/network/ResourceResponse.h" 56d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)#include "platform/weborigin/KURL.h" 57d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)#include "platform/weborigin/KnownPorts.h" 58d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)#include "platform/weborigin/SchemeRegistry.h" 59d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)#include "platform/weborigin/SecurityOrigin.h" 60d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)#include "public/platform/Platform.h" 61d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)#include "public/platform/WebArrayBuffer.h" 62d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)#include "public/platform/WebCrypto.h" 63d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)#include "public/platform/WebCryptoAlgorithm.h" 64d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)#include "wtf/StringHasher.h" 65d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)#include "wtf/text/StringBuilder.h" 66d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)#include "wtf/text/StringUTF8Adaptor.h" 67d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 68c1847b1379d12d0e05df27436bf19a9b1bf12deaTorne (Richard Coles)namespace blink { 69d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 70d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)// CSP 1.0 Directives 71d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)const char ContentSecurityPolicy::ConnectSrc[] = "connect-src"; 72d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)const char ContentSecurityPolicy::DefaultSrc[] = "default-src"; 73d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)const char ContentSecurityPolicy::FontSrc[] = "font-src"; 74d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)const char ContentSecurityPolicy::FrameSrc[] = "frame-src"; 75d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)const char ContentSecurityPolicy::ImgSrc[] = "img-src"; 76d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)const char ContentSecurityPolicy::MediaSrc[] = "media-src"; 77d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)const char ContentSecurityPolicy::ObjectSrc[] = "object-src"; 78d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)const char ContentSecurityPolicy::ReportURI[] = "report-uri"; 79d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)const char ContentSecurityPolicy::Sandbox[] = "sandbox"; 80d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)const char ContentSecurityPolicy::ScriptSrc[] = "script-src"; 81d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)const char ContentSecurityPolicy::StyleSrc[] = "style-src"; 82d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 83d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)// CSP 1.1 Directives 84d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)const char ContentSecurityPolicy::BaseURI[] = "base-uri"; 85d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)const char ContentSecurityPolicy::ChildSrc[] = "child-src"; 86d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)const char ContentSecurityPolicy::FormAction[] = "form-action"; 87d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)const char ContentSecurityPolicy::FrameAncestors[] = "frame-ancestors"; 88d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)const char ContentSecurityPolicy::PluginTypes[] = "plugin-types"; 89d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)const char ContentSecurityPolicy::ReflectedXSS[] = "reflected-xss"; 90d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)const char ContentSecurityPolicy::Referrer[] = "referrer"; 91d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 92d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)bool ContentSecurityPolicy::isDirectiveName(const String& name) 93d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles){ 94d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) return (equalIgnoringCase(name, ConnectSrc) 95d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) || equalIgnoringCase(name, DefaultSrc) 96d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) || equalIgnoringCase(name, FontSrc) 97d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) || equalIgnoringCase(name, FrameSrc) 98d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) || equalIgnoringCase(name, ImgSrc) 99d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) || equalIgnoringCase(name, MediaSrc) 100d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) || equalIgnoringCase(name, ObjectSrc) 101d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) || equalIgnoringCase(name, ReportURI) 102d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) || equalIgnoringCase(name, Sandbox) 103d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) || equalIgnoringCase(name, ScriptSrc) 104d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) || equalIgnoringCase(name, StyleSrc) 105d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) || equalIgnoringCase(name, BaseURI) 106d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) || equalIgnoringCase(name, ChildSrc) 107d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) || equalIgnoringCase(name, FormAction) 108d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) || equalIgnoringCase(name, FrameAncestors) 109d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) || equalIgnoringCase(name, PluginTypes) 110d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) || equalIgnoringCase(name, ReflectedXSS) 111d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) || equalIgnoringCase(name, Referrer) 112d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) ); 113d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)} 114d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 115d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)static UseCounter::Feature getUseCounterType(ContentSecurityPolicyHeaderType type) 116d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles){ 117d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) switch (type) { 118d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) case ContentSecurityPolicyHeaderTypeEnforce: 119d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) return UseCounter::ContentSecurityPolicy; 120d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) case ContentSecurityPolicyHeaderTypeReport: 121d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) return UseCounter::ContentSecurityPolicyReportOnly; 122d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) } 123d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) ASSERT_NOT_REACHED(); 124d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) return UseCounter::NumberOfFeatures; 125d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)} 126d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 127d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)static ReferrerPolicy mergeReferrerPolicies(ReferrerPolicy a, ReferrerPolicy b) 128d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles){ 129d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) if (a != b) 130d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) return ReferrerPolicyNever; 131d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) return a; 132d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)} 133d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 1347242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano TucciContentSecurityPolicy::ContentSecurityPolicy() 1357242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tucci : m_executionContext(0) 136d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) , m_overrideInlineStyleAllowed(false) 137d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) , m_scriptHashAlgorithmsUsed(ContentSecurityPolicyHashAlgorithmNone) 138d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) , m_styleHashAlgorithmsUsed(ContentSecurityPolicyHashAlgorithmNone) 1397242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tucci , m_sandboxMask(0) 1407242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tucci , m_referrerPolicy(ReferrerPolicyDefault) 141d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles){ 142d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)} 143d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 1447242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tuccivoid ContentSecurityPolicy::bindToExecutionContext(ExecutionContext* executionContext) 1457242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tucci{ 1467242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tucci m_executionContext = executionContext; 1477242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tucci applyPolicySideEffectsToExecutionContext(); 1487242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tucci} 1497242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tucci 1507242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tuccivoid ContentSecurityPolicy::applyPolicySideEffectsToExecutionContext() 1517242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tucci{ 1527242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tucci ASSERT(m_executionContext); 1537242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tucci // Ensure that 'self' processes correctly. 1547242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tucci m_selfSource = adoptPtr(new CSPSource(this, securityOrigin()->protocol(), securityOrigin()->host(), securityOrigin()->port(), String(), CSPSource::NoWildcard, CSPSource::NoWildcard)); 1557242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tucci 1567242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tucci // If we're in a Document, set the referrer policy and sandbox flags, then dump all the 1577242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tucci // parsing error messages, then poke at histograms. 1587242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tucci if (Document* document = this->document()) { 1597242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tucci document->enforceSandboxFlags(m_sandboxMask); 1607242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tucci if (didSetReferrerPolicy()) 1617242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tucci document->setReferrerPolicy(m_referrerPolicy); 1627242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tucci 1637242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tucci for (ConsoleMessageVector::const_iterator iter = m_consoleMessages.begin(); iter != m_consoleMessages.end(); ++iter) 1647242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tucci m_executionContext->addConsoleMessage(*iter); 1657242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tucci m_consoleMessages.clear(); 1667242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tucci 1677242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tucci for (CSPDirectiveListVector::const_iterator iter = m_policies.begin(); iter != m_policies.end(); ++iter) 1687242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tucci UseCounter::count(*document, getUseCounterType((*iter)->headerType())); 1697242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tucci } 1707242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tucci 1717242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tucci // We disable 'eval()' even in the case of report-only policies, and rely on the check in the 1727242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tucci // V8Initializer::codeGenerationCheckCallbackInMainThread callback to determine whether the 1737242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tucci // call should execute or not. 1747242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tucci if (!m_disableEvalErrorMessage.isNull()) 1757242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tucci m_executionContext->disableEval(m_disableEvalErrorMessage); 1767242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tucci} 1777242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tucci 178d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)ContentSecurityPolicy::~ContentSecurityPolicy() 179d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles){ 180d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)} 181d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 182197021e6b966cfb06891637935ef33fff06433d1Ben MurdochDocument* ContentSecurityPolicy::document() const 183197021e6b966cfb06891637935ef33fff06433d1Ben Murdoch{ 184197021e6b966cfb06891637935ef33fff06433d1Ben Murdoch return m_executionContext->isDocument() ? toDocument(m_executionContext) : 0; 185197021e6b966cfb06891637935ef33fff06433d1Ben Murdoch} 186197021e6b966cfb06891637935ef33fff06433d1Ben Murdoch 187d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)void ContentSecurityPolicy::copyStateFrom(const ContentSecurityPolicy* other) 188d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles){ 189d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) ASSERT(m_policies.isEmpty()); 190d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) for (CSPDirectiveListVector::const_iterator iter = other->m_policies.begin(); iter != other->m_policies.end(); ++iter) 191d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) addPolicyFromHeaderValue((*iter)->header(), (*iter)->headerType(), (*iter)->headerSource()); 192d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)} 193d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 194d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)void ContentSecurityPolicy::didReceiveHeaders(const ContentSecurityPolicyResponseHeaders& headers) 195d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles){ 196d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) if (!headers.contentSecurityPolicy().isEmpty()) 1977242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tucci addPolicyFromHeaderValue(headers.contentSecurityPolicy(), ContentSecurityPolicyHeaderTypeEnforce, ContentSecurityPolicyHeaderSourceHTTP); 198d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) if (!headers.contentSecurityPolicyReportOnly().isEmpty()) 1997242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tucci addPolicyFromHeaderValue(headers.contentSecurityPolicyReportOnly(), ContentSecurityPolicyHeaderTypeReport, ContentSecurityPolicyHeaderSourceHTTP); 200d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)} 201d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 202d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)void ContentSecurityPolicy::didReceiveHeader(const String& header, ContentSecurityPolicyHeaderType type, ContentSecurityPolicyHeaderSource source) 203d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles){ 204d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) addPolicyFromHeaderValue(header, type, source); 2057242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tucci 2067242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tucci // This might be called after we've been bound to an execution context. For example, a <meta> 2077242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tucci // element might be injected after page load. 2087242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tucci if (m_executionContext) 2097242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tucci applyPolicySideEffectsToExecutionContext(); 210d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)} 211d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 212d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)void ContentSecurityPolicy::addPolicyFromHeaderValue(const String& header, ContentSecurityPolicyHeaderType type, ContentSecurityPolicyHeaderSource source) 213d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles){ 2147242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tucci // If this is a report-only header inside a <meta> element, bail out. 2157242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tucci if (source == ContentSecurityPolicyHeaderSourceMeta && type == ContentSecurityPolicyHeaderTypeReport && experimentalFeaturesEnabled()) { 2167242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tucci reportReportOnlyInMeta(header); 2177242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tucci return; 218d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) } 219d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 220d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) Vector<UChar> characters; 221d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) header.appendTo(characters); 222d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 223d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) const UChar* begin = characters.data(); 224d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) const UChar* end = begin + characters.size(); 225d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 226d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) // RFC2616, section 4.2 specifies that headers appearing multiple times can 227d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) // be combined with a comma. Walk the header string, and parse each comma 228d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) // separated chunk as a separate header. 229d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) const UChar* position = begin; 230d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) while (position < end) { 231d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) skipUntil<UChar>(position, end, ','); 232d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 233d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) // header1,header2 OR header1 234d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) // ^ ^ 235d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) OwnPtr<CSPDirectiveList> policy = CSPDirectiveList::create(this, begin, position, type, source); 236d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 2377242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tucci if (type != ContentSecurityPolicyHeaderTypeReport && policy->didSetReferrerPolicy()) { 2387242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tucci // FIXME: We need a 'ReferrerPolicyUnset' enum to avoid confusing code like this. 2397242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tucci m_referrerPolicy = didSetReferrerPolicy() ? mergeReferrerPolicies(m_referrerPolicy, policy->referrerPolicy()) : policy->referrerPolicy(); 2407242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tucci } 2417242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tucci 2427242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tucci if (!policy->allowEval(0, SuppressReport) && m_disableEvalErrorMessage.isNull()) 2437242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tucci m_disableEvalErrorMessage = policy->evalDisabledErrorMessage(); 244d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 245d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) m_policies.append(policy.release()); 246d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 247d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) // Skip the comma, and begin the next header from the current position. 248d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) ASSERT(position == end || *position == ','); 249d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) skipExactly<UChar>(position, end, ','); 250d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) begin = position; 251d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) } 252d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)} 253d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 254d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)void ContentSecurityPolicy::setOverrideAllowInlineStyle(bool value) 255d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles){ 256d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) m_overrideInlineStyleAllowed = value; 257d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)} 258d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 2597242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tuccivoid ContentSecurityPolicy::setOverrideURLForSelf(const KURL& url) 2607242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tucci{ 2617242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tucci // Create a temporary CSPSource so that 'self' expressions can be resolved before we bind to 2627242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tucci // an execution context (for 'frame-ancestor' resolution, for example). This CSPSource will 2637242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tucci // be overwritten when we bind this object to an execution context. 2647242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tucci RefPtr<SecurityOrigin> origin = SecurityOrigin::create(url); 2657242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tucci m_selfSource = adoptPtr(new CSPSource(this, origin->protocol(), origin->host(), origin->port(), String(), CSPSource::NoWildcard, CSPSource::NoWildcard)); 2667242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tucci} 2677242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tucci 268d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)const String& ContentSecurityPolicy::deprecatedHeader() const 269d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles){ 270d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) return m_policies.isEmpty() ? emptyString() : m_policies[0]->header(); 271d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)} 272d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 273d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)ContentSecurityPolicyHeaderType ContentSecurityPolicy::deprecatedHeaderType() const 274d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles){ 275d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) return m_policies.isEmpty() ? ContentSecurityPolicyHeaderTypeEnforce : m_policies[0]->headerType(); 276d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)} 277d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 278d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)template<bool (CSPDirectiveList::*allowed)(ContentSecurityPolicy::ReportingStatus) const> 279d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)bool isAllowedByAll(const CSPDirectiveListVector& policies, ContentSecurityPolicy::ReportingStatus reportingStatus) 280d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles){ 281d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) for (size_t i = 0; i < policies.size(); ++i) { 282d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) if (!(policies[i].get()->*allowed)(reportingStatus)) 283d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) return false; 284d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) } 285d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) return true; 286d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)} 287d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 288f91f5fa1608c2cdd9af1842fb5dadbe78275be2aBo Liutemplate<bool (CSPDirectiveList::*allowed)(ScriptState* scriptState, ContentSecurityPolicy::ReportingStatus) const> 289f91f5fa1608c2cdd9af1842fb5dadbe78275be2aBo Liubool isAllowedByAllWithState(const CSPDirectiveListVector& policies, ScriptState* scriptState, ContentSecurityPolicy::ReportingStatus reportingStatus) 290d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles){ 291d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) for (size_t i = 0; i < policies.size(); ++i) { 292f91f5fa1608c2cdd9af1842fb5dadbe78275be2aBo Liu if (!(policies[i].get()->*allowed)(scriptState, reportingStatus)) 293d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) return false; 294d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) } 295d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) return true; 296d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)} 297d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 298d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)template<bool (CSPDirectiveList::*allowed)(const String&, const WTF::OrdinalNumber&, ContentSecurityPolicy::ReportingStatus) const> 299d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)bool isAllowedByAllWithContext(const CSPDirectiveListVector& policies, const String& contextURL, const WTF::OrdinalNumber& contextLine, ContentSecurityPolicy::ReportingStatus reportingStatus) 300d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles){ 301d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) for (size_t i = 0; i < policies.size(); ++i) { 302d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) if (!(policies[i].get()->*allowed)(contextURL, contextLine, reportingStatus)) 303d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) return false; 304d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) } 305d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) return true; 306d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)} 307d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 308d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)template<bool (CSPDirectiveList::*allowed)(const String&) const> 309d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)bool isAllowedByAllWithNonce(const CSPDirectiveListVector& policies, const String& nonce) 310d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles){ 311d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) for (size_t i = 0; i < policies.size(); ++i) { 312d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) if (!(policies[i].get()->*allowed)(nonce)) 313d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) return false; 314d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) } 315d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) return true; 316d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)} 317d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 318d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)template<bool (CSPDirectiveList::*allowed)(const CSPHashValue&) const> 319d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)bool isAllowedByAllWithHash(const CSPDirectiveListVector& policies, const CSPHashValue& hashValue) 320d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles){ 321d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) for (size_t i = 0; i < policies.size(); ++i) { 322d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) if (!(policies[i].get()->*allowed)(hashValue)) 323d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) return false; 324d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) } 325d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) return true; 326d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)} 327d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 328d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)template<bool (CSPDirectiveList::*allowFromURL)(const KURL&, ContentSecurityPolicy::ReportingStatus) const> 329d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)bool isAllowedByAllWithURL(const CSPDirectiveListVector& policies, const KURL& url, ContentSecurityPolicy::ReportingStatus reportingStatus) 330d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles){ 331d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) if (SchemeRegistry::schemeShouldBypassContentSecurityPolicy(url.protocol())) 332d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) return true; 333d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 334d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) for (size_t i = 0; i < policies.size(); ++i) { 335d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) if (!(policies[i].get()->*allowFromURL)(url, reportingStatus)) 336d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) return false; 337d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) } 338d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) return true; 339d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)} 340d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 3417242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tuccitemplate<bool (CSPDirectiveList::*allowed)(LocalFrame*, const KURL&, ContentSecurityPolicy::ReportingStatus) const> 3427242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tuccibool isAllowedByAllWithFrame(const CSPDirectiveListVector& policies, LocalFrame* frame, const KURL& url, ContentSecurityPolicy::ReportingStatus reportingStatus) 343d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles){ 344d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) for (size_t i = 0; i < policies.size(); ++i) { 3457242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tucci if (!(policies[i].get()->*allowed)(frame, url, reportingStatus)) 346d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) return false; 347d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) } 348d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) return true; 349d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)} 350d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 351d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)template<bool (CSPDirectiveList::*allowed)(const CSPHashValue&) const> 352d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)bool checkDigest(const String& source, uint8_t hashAlgorithmsUsed, const CSPDirectiveListVector& policies) 353d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles){ 354d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) // Any additions or subtractions from this struct should also modify the 355d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) // respective entries in the kSupportedPrefixes array in 356d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) // CSPSourceList::parseHash(). 357d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) static const struct { 358d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) ContentSecurityPolicyHashAlgorithm cspHashAlgorithm; 359a9984bf9ddc3cf73fdae3f29134a2bab379e7029Ben Murdoch HashAlgorithm algorithm; 360d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) } kAlgorithmMap[] = { 361a9984bf9ddc3cf73fdae3f29134a2bab379e7029Ben Murdoch { ContentSecurityPolicyHashAlgorithmSha1, HashAlgorithmSha1 }, 362a9984bf9ddc3cf73fdae3f29134a2bab379e7029Ben Murdoch { ContentSecurityPolicyHashAlgorithmSha256, HashAlgorithmSha256 }, 363a9984bf9ddc3cf73fdae3f29134a2bab379e7029Ben Murdoch { ContentSecurityPolicyHashAlgorithmSha384, HashAlgorithmSha384 }, 364a9984bf9ddc3cf73fdae3f29134a2bab379e7029Ben Murdoch { ContentSecurityPolicyHashAlgorithmSha512, HashAlgorithmSha512 } 365d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) }; 366d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 367d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) // Only bother normalizing the source/computing digests if there are any checks to be done. 368d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) if (hashAlgorithmsUsed == ContentSecurityPolicyHashAlgorithmNone) 369d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) return false; 370d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 371d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) StringUTF8Adaptor normalizedSource(source, StringUTF8Adaptor::Normalize, WTF::EntitiesForUnencodables); 372d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 373d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) // See comment in CSPSourceList::parseHash about why we are using this sizeof 374d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) // calculation instead of WTF_ARRAY_LENGTH. 375d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) for (size_t i = 0; i < (sizeof(kAlgorithmMap) / sizeof(kAlgorithmMap[0])); i++) { 376d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) DigestValue digest; 377d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) if (kAlgorithmMap[i].cspHashAlgorithm & hashAlgorithmsUsed) { 3786f543c786fc42989f552b4daa774ca5ff32fa697Ben Murdoch bool digestSuccess = computeDigest(kAlgorithmMap[i].algorithm, normalizedSource.data(), normalizedSource.length(), digest); 3796f543c786fc42989f552b4daa774ca5ff32fa697Ben Murdoch if (digestSuccess && isAllowedByAllWithHash<allowed>(policies, CSPHashValue(kAlgorithmMap[i].cspHashAlgorithm, digest))) 380d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) return true; 381d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) } 382d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) } 383d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 384d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) return false; 385d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)} 386d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 387d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)bool ContentSecurityPolicy::allowJavaScriptURLs(const String& contextURL, const WTF::OrdinalNumber& contextLine, ContentSecurityPolicy::ReportingStatus reportingStatus) const 388d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles){ 389d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) return isAllowedByAllWithContext<&CSPDirectiveList::allowJavaScriptURLs>(m_policies, contextURL, contextLine, reportingStatus); 390d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)} 391d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 392d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)bool ContentSecurityPolicy::allowInlineEventHandlers(const String& contextURL, const WTF::OrdinalNumber& contextLine, ContentSecurityPolicy::ReportingStatus reportingStatus) const 393d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles){ 394d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) return isAllowedByAllWithContext<&CSPDirectiveList::allowInlineEventHandlers>(m_policies, contextURL, contextLine, reportingStatus); 395d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)} 396d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 397d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)bool ContentSecurityPolicy::allowInlineScript(const String& contextURL, const WTF::OrdinalNumber& contextLine, ContentSecurityPolicy::ReportingStatus reportingStatus) const 398d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles){ 399d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) return isAllowedByAllWithContext<&CSPDirectiveList::allowInlineScript>(m_policies, contextURL, contextLine, reportingStatus); 400d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)} 401d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 402d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)bool ContentSecurityPolicy::allowInlineStyle(const String& contextURL, const WTF::OrdinalNumber& contextLine, ContentSecurityPolicy::ReportingStatus reportingStatus) const 403d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles){ 404d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) if (m_overrideInlineStyleAllowed) 405d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) return true; 406d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) return isAllowedByAllWithContext<&CSPDirectiveList::allowInlineStyle>(m_policies, contextURL, contextLine, reportingStatus); 407d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)} 408d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 409f91f5fa1608c2cdd9af1842fb5dadbe78275be2aBo Liubool ContentSecurityPolicy::allowEval(ScriptState* scriptState, ContentSecurityPolicy::ReportingStatus reportingStatus) const 410d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles){ 411f91f5fa1608c2cdd9af1842fb5dadbe78275be2aBo Liu return isAllowedByAllWithState<&CSPDirectiveList::allowEval>(m_policies, scriptState, reportingStatus); 412d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)} 413d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 414d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)String ContentSecurityPolicy::evalDisabledErrorMessage() const 415d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles){ 416d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) for (size_t i = 0; i < m_policies.size(); ++i) { 417d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) if (!m_policies[i]->allowEval(0, SuppressReport)) 418d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) return m_policies[i]->evalDisabledErrorMessage(); 419d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) } 420d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) return String(); 421d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)} 422d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 423d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)bool ContentSecurityPolicy::allowPluginType(const String& type, const String& typeAttribute, const KURL& url, ContentSecurityPolicy::ReportingStatus reportingStatus) const 424d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles){ 425d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) for (size_t i = 0; i < m_policies.size(); ++i) { 426d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) if (!m_policies[i]->allowPluginType(type, typeAttribute, url, reportingStatus)) 427d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) return false; 428d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) } 429d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) return true; 430d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)} 431d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 432d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)bool ContentSecurityPolicy::allowScriptFromSource(const KURL& url, ContentSecurityPolicy::ReportingStatus reportingStatus) const 433d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles){ 434d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) return isAllowedByAllWithURL<&CSPDirectiveList::allowScriptFromSource>(m_policies, url, reportingStatus); 435d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)} 436d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 437197021e6b966cfb06891637935ef33fff06433d1Ben Murdochbool ContentSecurityPolicy::allowScriptWithNonce(const String& nonce) const 438d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles){ 439d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) return isAllowedByAllWithNonce<&CSPDirectiveList::allowScriptNonce>(m_policies, nonce); 440d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)} 441d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 442197021e6b966cfb06891637935ef33fff06433d1Ben Murdochbool ContentSecurityPolicy::allowStyleWithNonce(const String& nonce) const 443d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles){ 444d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) return isAllowedByAllWithNonce<&CSPDirectiveList::allowStyleNonce>(m_policies, nonce); 445d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)} 446d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 447197021e6b966cfb06891637935ef33fff06433d1Ben Murdochbool ContentSecurityPolicy::allowScriptWithHash(const String& source) const 448d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles){ 449d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) return checkDigest<&CSPDirectiveList::allowScriptHash>(source, m_scriptHashAlgorithmsUsed, m_policies); 450d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)} 451d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 452197021e6b966cfb06891637935ef33fff06433d1Ben Murdochbool ContentSecurityPolicy::allowStyleWithHash(const String& source) const 453d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles){ 454d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) return checkDigest<&CSPDirectiveList::allowStyleHash>(source, m_styleHashAlgorithmsUsed, m_policies); 455d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)} 456d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 457d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)void ContentSecurityPolicy::usesScriptHashAlgorithms(uint8_t algorithms) 458d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles){ 459d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) m_scriptHashAlgorithmsUsed |= algorithms; 460d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)} 461d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 462d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)void ContentSecurityPolicy::usesStyleHashAlgorithms(uint8_t algorithms) 463d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles){ 464d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) m_styleHashAlgorithmsUsed |= algorithms; 465d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)} 466d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 467d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)bool ContentSecurityPolicy::allowObjectFromSource(const KURL& url, ContentSecurityPolicy::ReportingStatus reportingStatus) const 468d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles){ 469d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) return isAllowedByAllWithURL<&CSPDirectiveList::allowObjectFromSource>(m_policies, url, reportingStatus); 470d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)} 471d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 472d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)bool ContentSecurityPolicy::allowChildFrameFromSource(const KURL& url, ContentSecurityPolicy::ReportingStatus reportingStatus) const 473d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles){ 474d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) return isAllowedByAllWithURL<&CSPDirectiveList::allowChildFrameFromSource>(m_policies, url, reportingStatus); 475d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)} 476d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 477d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)bool ContentSecurityPolicy::allowImageFromSource(const KURL& url, ContentSecurityPolicy::ReportingStatus reportingStatus) const 478d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles){ 479d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) return isAllowedByAllWithURL<&CSPDirectiveList::allowImageFromSource>(m_policies, url, reportingStatus); 480d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)} 481d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 482d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)bool ContentSecurityPolicy::allowStyleFromSource(const KURL& url, ContentSecurityPolicy::ReportingStatus reportingStatus) const 483d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles){ 484d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) return isAllowedByAllWithURL<&CSPDirectiveList::allowStyleFromSource>(m_policies, url, reportingStatus); 485d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)} 486d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 487d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)bool ContentSecurityPolicy::allowFontFromSource(const KURL& url, ContentSecurityPolicy::ReportingStatus reportingStatus) const 488d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles){ 489d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) return isAllowedByAllWithURL<&CSPDirectiveList::allowFontFromSource>(m_policies, url, reportingStatus); 490d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)} 491d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 492d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)bool ContentSecurityPolicy::allowMediaFromSource(const KURL& url, ContentSecurityPolicy::ReportingStatus reportingStatus) const 493d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles){ 494d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) return isAllowedByAllWithURL<&CSPDirectiveList::allowMediaFromSource>(m_policies, url, reportingStatus); 495d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)} 496d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 497d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)bool ContentSecurityPolicy::allowConnectToSource(const KURL& url, ContentSecurityPolicy::ReportingStatus reportingStatus) const 498d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles){ 499d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) return isAllowedByAllWithURL<&CSPDirectiveList::allowConnectToSource>(m_policies, url, reportingStatus); 500d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)} 501d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 502d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)bool ContentSecurityPolicy::allowFormAction(const KURL& url, ContentSecurityPolicy::ReportingStatus reportingStatus) const 503d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles){ 504d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) return isAllowedByAllWithURL<&CSPDirectiveList::allowFormAction>(m_policies, url, reportingStatus); 505d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)} 506d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 507d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)bool ContentSecurityPolicy::allowBaseURI(const KURL& url, ContentSecurityPolicy::ReportingStatus reportingStatus) const 508d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles){ 509d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) return isAllowedByAllWithURL<&CSPDirectiveList::allowBaseURI>(m_policies, url, reportingStatus); 510d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)} 511d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 5127242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tuccibool ContentSecurityPolicy::allowAncestors(LocalFrame* frame, const KURL& url, ContentSecurityPolicy::ReportingStatus reportingStatus) const 513d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles){ 5147242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tucci return isAllowedByAllWithFrame<&CSPDirectiveList::allowAncestors>(m_policies, frame, url, reportingStatus); 515d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)} 516d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 517d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)bool ContentSecurityPolicy::allowChildContextFromSource(const KURL& url, ContentSecurityPolicy::ReportingStatus reportingStatus) const 518d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles){ 519d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) return isAllowedByAllWithURL<&CSPDirectiveList::allowChildContextFromSource>(m_policies, url, reportingStatus); 520d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)} 521d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 522d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)bool ContentSecurityPolicy::allowWorkerContextFromSource(const KURL& url, ContentSecurityPolicy::ReportingStatus reportingStatus) const 523d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles){ 524d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) // CSP 1.1 moves workers from 'script-src' to the new 'child-src'. Measure the impact of this backwards-incompatible change. 525197021e6b966cfb06891637935ef33fff06433d1Ben Murdoch if (Document* document = this->document()) { 526d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) UseCounter::count(*document, UseCounter::WorkerSubjectToCSP); 527d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) if (isAllowedByAllWithURL<&CSPDirectiveList::allowChildContextFromSource>(m_policies, url, SuppressReport) && !isAllowedByAllWithURL<&CSPDirectiveList::allowScriptFromSource>(m_policies, url, SuppressReport)) 528d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) UseCounter::count(*document, UseCounter::WorkerAllowedByChildBlockedByScript); 529d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) } 530d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 531d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) return experimentalFeaturesEnabled() ? 532d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) isAllowedByAllWithURL<&CSPDirectiveList::allowChildContextFromSource>(m_policies, url, reportingStatus) : 533d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) isAllowedByAllWithURL<&CSPDirectiveList::allowScriptFromSource>(m_policies, url, reportingStatus); 534d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)} 535d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 536d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)bool ContentSecurityPolicy::isActive() const 537d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles){ 538d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) return !m_policies.isEmpty(); 539d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)} 540d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 541d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)ReflectedXSSDisposition ContentSecurityPolicy::reflectedXSSDisposition() const 542d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles){ 543d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) ReflectedXSSDisposition disposition = ReflectedXSSUnset; 544d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) for (size_t i = 0; i < m_policies.size(); ++i) { 545d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) if (m_policies[i]->reflectedXSSDisposition() > disposition) 546d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) disposition = std::max(disposition, m_policies[i]->reflectedXSSDisposition()); 547d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) } 548d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) return disposition; 549d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)} 550d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 551d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)ReferrerPolicy ContentSecurityPolicy::referrerPolicy() const 552d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles){ 553d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) ReferrerPolicy policy = ReferrerPolicyDefault; 554d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) bool first = true; 555d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) for (size_t i = 0; i < m_policies.size(); ++i) { 556d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) if (m_policies[i]->didSetReferrerPolicy()) { 557d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) if (first) 558d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) policy = m_policies[i]->referrerPolicy(); 559d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) else 560d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) policy = mergeReferrerPolicies(policy, m_policies[i]->referrerPolicy()); 561d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) } 562d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) } 563d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) return policy; 564d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)} 565d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 566d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)bool ContentSecurityPolicy::didSetReferrerPolicy() const 567d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles){ 568d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) for (size_t i = 0; i < m_policies.size(); ++i) { 569d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) if (m_policies[i]->didSetReferrerPolicy()) 570d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) return true; 571d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) } 572d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) return false; 573d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)} 574d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 575d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)SecurityOrigin* ContentSecurityPolicy::securityOrigin() const 576d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles){ 5775d92fedcae5e801a8b224de090094f2d9df0b54aTorne (Richard Coles) return m_executionContext->securityContext().securityOrigin(); 578d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)} 579d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 580d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)const KURL ContentSecurityPolicy::url() const 581d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles){ 5825d92fedcae5e801a8b224de090094f2d9df0b54aTorne (Richard Coles) return m_executionContext->contextURL(); 583d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)} 584d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 585d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)KURL ContentSecurityPolicy::completeURL(const String& url) const 586d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles){ 5875d92fedcae5e801a8b224de090094f2d9df0b54aTorne (Richard Coles) return m_executionContext->contextCompleteURL(url); 588d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)} 589d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 5907242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tuccivoid ContentSecurityPolicy::enforceSandboxFlags(SandboxFlags mask) 591d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles){ 5927242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tucci m_sandboxMask |= mask; 593d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)} 594d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 595d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)static String stripURLForUseInReport(Document* document, const KURL& url) 596d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles){ 597d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) if (!url.isValid()) 598d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) return String(); 599d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) if (!url.isHierarchical() || url.protocolIs("file")) 600d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) return url.protocol(); 601d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) return document->securityOrigin()->canRequest(url) ? url.strippedForUseAsReferrer() : SecurityOrigin::create(url)->toString(); 602d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)} 603d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 604d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)static void gatherSecurityPolicyViolationEventData(SecurityPolicyViolationEventInit& init, Document* document, const String& directiveText, const String& effectiveDirective, const KURL& blockedURL, const String& header) 605d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles){ 6067242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tucci if (equalIgnoringCase(effectiveDirective, ContentSecurityPolicy::FrameAncestors)) { 6077242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tucci // If this load was blocked via 'frame-ancestors', then the URL of |document| has not yet 6087242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tucci // been initialized. In this case, we'll set both 'documentURI' and 'blockedURI' to the 6097242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tucci // blocked document's URL. 6107242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tucci init.documentURI = blockedURL.string(); 6117242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tucci init.blockedURI = blockedURL.string(); 6127242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tucci } else { 6137242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tucci init.documentURI = document->url().string(); 6147242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tucci init.blockedURI = stripURLForUseInReport(document, blockedURL); 6157242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tucci } 616d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) init.referrer = document->referrer(); 617d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) init.violatedDirective = directiveText; 618d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) init.effectiveDirective = effectiveDirective; 619d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) init.originalPolicy = header; 620d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) init.sourceFile = String(); 621d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) init.lineNumber = 0; 622d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) init.columnNumber = 0; 623d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) init.statusCode = 0; 624d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 625d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) if (!SecurityOrigin::isSecure(document->url()) && document->loader()) 626d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) init.statusCode = document->loader()->response().httpStatusCode(); 627d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 6285d92fedcae5e801a8b224de090094f2d9df0b54aTorne (Richard Coles) RefPtrWillBeRawPtr<ScriptCallStack> stack = createScriptCallStack(1, false); 629d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) if (!stack) 630d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) return; 631d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 632d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) const ScriptCallFrame& callFrame = stack->at(0); 633d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 634d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) if (callFrame.lineNumber()) { 635d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) KURL source = KURL(ParsedURLString, callFrame.sourceURL()); 636d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) init.sourceFile = stripURLForUseInReport(document, source); 637d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) init.lineNumber = callFrame.lineNumber(); 638d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) init.columnNumber = callFrame.columnNumber(); 639d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) } 640d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)} 641d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 6427242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tuccivoid ContentSecurityPolicy::reportViolation(const String& directiveText, const String& effectiveDirective, const String& consoleMessage, const KURL& blockedURL, const Vector<String>& reportEndpoints, const String& header, LocalFrame* contextFrame) 643d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles){ 6447242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tucci ASSERT((m_executionContext && !contextFrame) || (equalIgnoringCase(effectiveDirective, ContentSecurityPolicy::FrameAncestors) && contextFrame)); 6457242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tucci 646d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) // FIXME: Support sending reports from worker. 6477242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tucci Document* document = contextFrame ? contextFrame->document() : this->document(); 648197021e6b966cfb06891637935ef33fff06433d1Ben Murdoch if (!document) 649d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) return; 650d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 651d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) LocalFrame* frame = document->frame(); 652d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) if (!frame) 653d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) return; 654d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 655d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) SecurityPolicyViolationEventInit violationData; 656d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) gatherSecurityPolicyViolationEventData(violationData, document, directiveText, effectiveDirective, blockedURL, header); 657d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 658d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) if (experimentalFeaturesEnabled()) 659d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) frame->domWindow()->enqueueDocumentEvent(SecurityPolicyViolationEvent::create(EventTypeNames::securitypolicyviolation, violationData)); 660d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 6617242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tucci if (reportEndpoints.isEmpty()) 662d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) return; 663d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 664d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) // We need to be careful here when deciding what information to send to the 665d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) // report-uri. Currently, we send only the current document's URL and the 666d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) // directive that was violated. The document's URL is safe to send because 667d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) // it's the document itself that's requesting that it be sent. You could 668d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) // make an argument that we shouldn't send HTTPS document URLs to HTTP 669d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) // report-uris (for the same reasons that we supress the Referer in that 670d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) // case), but the Referer is sent implicitly whereas this request is only 671d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) // sent explicitly. As for which directive was violated, that's pretty 672d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) // harmless information. 673d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 674d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) RefPtr<JSONObject> cspReport = JSONObject::create(); 675d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) cspReport->setString("document-uri", violationData.documentURI); 676d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) cspReport->setString("referrer", violationData.referrer); 677d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) cspReport->setString("violated-directive", violationData.violatedDirective); 678d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) if (experimentalFeaturesEnabled()) 679d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) cspReport->setString("effective-directive", violationData.effectiveDirective); 680d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) cspReport->setString("original-policy", violationData.originalPolicy); 681d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) cspReport->setString("blocked-uri", violationData.blockedURI); 682d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) if (!violationData.sourceFile.isEmpty() && violationData.lineNumber) { 683d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) cspReport->setString("source-file", violationData.sourceFile); 684d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) cspReport->setNumber("line-number", violationData.lineNumber); 685d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) cspReport->setNumber("column-number", violationData.columnNumber); 686d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) } 687d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) cspReport->setNumber("status-code", violationData.statusCode); 688d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 689d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) RefPtr<JSONObject> reportObject = JSONObject::create(); 690d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) reportObject->setObject("csp-report", cspReport.release()); 691d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) String stringifiedReport = reportObject->toJSONString(); 692d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 693d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) if (!shouldSendViolationReport(stringifiedReport)) 694d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) return; 695d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 696d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) RefPtr<FormData> report = FormData::create(stringifiedReport.utf8()); 697d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 6987242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tucci for (size_t i = 0; i < reportEndpoints.size(); ++i) { 6997242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tucci // If we have a context frame we're dealing with 'frame-ancestors' and we don't have our 7007242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tucci // own execution context. Use the frame's document to complete the endpoint URL, overriding 7017242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tucci // its URL with the blocked document's URL. 7027242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tucci ASSERT(!contextFrame || !m_executionContext); 7037242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tucci ASSERT(!contextFrame || equalIgnoringCase(effectiveDirective, FrameAncestors)); 7047242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tucci KURL endpoint = contextFrame ? frame->document()->completeURLWithOverride(reportEndpoints[i], blockedURL) : completeURL(reportEndpoints[i]); 7057242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tucci PingLoader::sendViolationReport(frame, completeURL(reportEndpoints[i]), report, PingLoader::ContentSecurityPolicyViolationReport); 7067242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tucci } 707d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 708d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) didSendViolationReport(stringifiedReport); 709d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)} 710d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 7117242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tuccivoid ContentSecurityPolicy::reportInvalidReferrer(const String& invalidValue) 712d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles){ 713d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) logToConsole("The 'referrer' Content Security Policy directive has the invalid value \"" + invalidValue + "\". Valid values are \"always\", \"default\", \"never\", and \"origin\"."); 714d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)} 715d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 7167242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tuccivoid ContentSecurityPolicy::reportReportOnlyInMeta(const String& header) 717d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles){ 718d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) logToConsole("The report-only Content Security Policy '" + header + "' was delivered via a <meta> element, which is disallowed. The policy has been ignored."); 719d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)} 720d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 7217242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tuccivoid ContentSecurityPolicy::reportMetaOutsideHead(const String& header) 722d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles){ 723d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) logToConsole("The Content Security Policy '" + header + "' was delivered via a <meta> element outside the document's <head>, which is disallowed. The policy has been ignored."); 724d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)} 725d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 7267242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tuccivoid ContentSecurityPolicy::reportInvalidInReportOnly(const String& name) 727d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles){ 728d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) logToConsole("The Content Security Policy directive '" + name + "' is ignored when delivered in a report-only policy."); 729d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)} 730d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 7317242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tuccivoid ContentSecurityPolicy::reportUnsupportedDirective(const String& name) 732d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles){ 733d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) DEFINE_STATIC_LOCAL(String, allow, ("allow")); 734d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) DEFINE_STATIC_LOCAL(String, options, ("options")); 735d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) DEFINE_STATIC_LOCAL(String, policyURI, ("policy-uri")); 736d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) DEFINE_STATIC_LOCAL(String, allowMessage, ("The 'allow' directive has been replaced with 'default-src'. Please use that directive instead, as 'allow' has no effect.")); 737d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) DEFINE_STATIC_LOCAL(String, optionsMessage, ("The 'options' directive has been replaced with 'unsafe-inline' and 'unsafe-eval' source expressions for the 'script-src' and 'style-src' directives. Please use those directives instead, as 'options' has no effect.")); 738d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) DEFINE_STATIC_LOCAL(String, policyURIMessage, ("The 'policy-uri' directive has been removed from the specification. Please specify a complete policy via the Content-Security-Policy header.")); 739d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 740d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) String message = "Unrecognized Content-Security-Policy directive '" + name + "'.\n"; 741c1847b1379d12d0e05df27436bf19a9b1bf12deaTorne (Richard Coles) MessageLevel level = ErrorMessageLevel; 742c1847b1379d12d0e05df27436bf19a9b1bf12deaTorne (Richard Coles) if (equalIgnoringCase(name, allow)) { 743d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) message = allowMessage; 744c1847b1379d12d0e05df27436bf19a9b1bf12deaTorne (Richard Coles) } else if (equalIgnoringCase(name, options)) { 745d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) message = optionsMessage; 746c1847b1379d12d0e05df27436bf19a9b1bf12deaTorne (Richard Coles) } else if (equalIgnoringCase(name, policyURI)) { 747d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) message = policyURIMessage; 748c1847b1379d12d0e05df27436bf19a9b1bf12deaTorne (Richard Coles) } else if (isDirectiveName(name)) { 749c1847b1379d12d0e05df27436bf19a9b1bf12deaTorne (Richard Coles) message = "The Content-Security-Policy directive '" + name + "' is implemented behind a flag which is currently disabled.\n"; 750c1847b1379d12d0e05df27436bf19a9b1bf12deaTorne (Richard Coles) level = InfoMessageLevel; 751c1847b1379d12d0e05df27436bf19a9b1bf12deaTorne (Richard Coles) } 752d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 753c1847b1379d12d0e05df27436bf19a9b1bf12deaTorne (Richard Coles) logToConsole(message, level); 754d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)} 755d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 7567242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tuccivoid ContentSecurityPolicy::reportDirectiveAsSourceExpression(const String& directiveName, const String& sourceExpression) 757d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles){ 758d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) String message = "The Content Security Policy directive '" + directiveName + "' contains '" + sourceExpression + "' as a source expression. Did you mean '" + directiveName + " ...; " + sourceExpression + "...' (note the semicolon)?"; 759d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) logToConsole(message); 760d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)} 761d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 7627242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tuccivoid ContentSecurityPolicy::reportDuplicateDirective(const String& name) 763d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles){ 764d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) String message = "Ignoring duplicate Content-Security-Policy directive '" + name + "'.\n"; 765d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) logToConsole(message); 766d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)} 767d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 7687242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tuccivoid ContentSecurityPolicy::reportInvalidPluginTypes(const String& pluginType) 769d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles){ 770d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) String message; 771d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) if (pluginType.isNull()) 772d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) message = "'plugin-types' Content Security Policy directive is empty; all plugins will be blocked.\n"; 773d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) else 774d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) message = "Invalid plugin type in 'plugin-types' Content Security Policy directive: '" + pluginType + "'.\n"; 775d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) logToConsole(message); 776d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)} 777d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 7787242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tuccivoid ContentSecurityPolicy::reportInvalidSandboxFlags(const String& invalidFlags) 779d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles){ 780d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) logToConsole("Error while parsing the 'sandbox' Content Security Policy directive: " + invalidFlags); 781d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)} 782d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 7837242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tuccivoid ContentSecurityPolicy::reportInvalidReflectedXSS(const String& invalidValue) 784d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles){ 785d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) logToConsole("The 'reflected-xss' Content Security Policy directive has the invalid value \"" + invalidValue + "\". Valid values are \"allow\", \"filter\", and \"block\"."); 786d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)} 787d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 7887242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tuccivoid ContentSecurityPolicy::reportInvalidDirectiveValueCharacter(const String& directiveName, const String& value) 789d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles){ 790d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) String message = "The value for Content Security Policy directive '" + directiveName + "' contains an invalid character: '" + value + "'. Non-whitespace characters outside ASCII 0x21-0x7E must be percent-encoded, as described in RFC 3986, section 2.1: http://tools.ietf.org/html/rfc3986#section-2.1."; 791d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) logToConsole(message); 792d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)} 793d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 7947242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tuccivoid ContentSecurityPolicy::reportInvalidPathCharacter(const String& directiveName, const String& value, const char invalidChar) 795d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles){ 796d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) ASSERT(invalidChar == '#' || invalidChar == '?'); 797d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 798d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) String ignoring = "The fragment identifier, including the '#', will be ignored."; 799d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) if (invalidChar == '?') 800d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) ignoring = "The query component, including the '?', will be ignored."; 801d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) String message = "The source list for Content Security Policy directive '" + directiveName + "' contains a source with an invalid path: '" + value + "'. " + ignoring; 802d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) logToConsole(message); 803d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)} 804d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 8057242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tuccivoid ContentSecurityPolicy::reportInvalidSourceExpression(const String& directiveName, const String& source) 806d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles){ 807d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) String message = "The source list for Content Security Policy directive '" + directiveName + "' contains an invalid source: '" + source + "'. It will be ignored."; 808d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) if (equalIgnoringCase(source, "'none'")) 809d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) message = message + " Note that 'none' has no effect unless it is the only expression in the source list."; 810d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) logToConsole(message); 811d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)} 812d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 8137242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tuccivoid ContentSecurityPolicy::reportMissingReportURI(const String& policy) 814d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles){ 815d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) logToConsole("The Content Security Policy '" + policy + "' was delivered in report-only mode, but does not specify a 'report-uri'; the policy will have no effect. Please either add a 'report-uri' directive, or deliver the policy via the 'Content-Security-Policy' header."); 816d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)} 817d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 8187242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tuccivoid ContentSecurityPolicy::logToConsole(const String& message, MessageLevel level) 819d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles){ 8207242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tucci logToConsole(ConsoleMessage::create(SecurityMessageSource, level, message)); 8217242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tucci} 8227242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tucci 8237242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tuccivoid ContentSecurityPolicy::logToConsole(PassRefPtrWillBeRawPtr<ConsoleMessage> consoleMessage, LocalFrame* frame) 8247242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tucci{ 8257242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tucci if (frame) 8267242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tucci frame->document()->addConsoleMessage(consoleMessage); 8277242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tucci else if (m_executionContext) 8287242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tucci m_executionContext->addConsoleMessage(consoleMessage); 8297242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tucci else 8307242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tucci m_consoleMessages.append(consoleMessage); 831d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)} 832d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 833d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)void ContentSecurityPolicy::reportBlockedScriptExecutionToInspector(const String& directiveText) const 834d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles){ 8355d92fedcae5e801a8b224de090094f2d9df0b54aTorne (Richard Coles) m_executionContext->reportBlockedScriptExecutionToInspector(directiveText); 836d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)} 837d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 838d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)bool ContentSecurityPolicy::experimentalFeaturesEnabled() const 839d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles){ 840d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) return RuntimeEnabledFeatures::experimentalContentSecurityPolicyFeaturesEnabled(); 841d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)} 842d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 8437242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tuccibool ContentSecurityPolicy::urlMatchesSelf(const KURL& url) const 8447242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tucci{ 8457242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tucci return m_selfSource->matches(url); 8467242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tucci} 8477242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tucci 8487242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tuccibool ContentSecurityPolicy::protocolMatchesSelf(const KURL& url) const 8497242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tucci{ 8507242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tucci String protectedResourceScheme(securityOrigin()->protocol()); 8517242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tucci if (equalIgnoringCase("http", protectedResourceScheme)) 8527242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tucci return url.protocolIsInHTTPFamily(); 8537242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tucci return equalIgnoringCase(url.protocol(), protectedResourceScheme); 8547242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tucci} 8557242dc3dbeb210b5e876a3c42d1ec1a667fc621aPrimiano Tucci 856d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)bool ContentSecurityPolicy::shouldBypassMainWorld(ExecutionContext* context) 857d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles){ 858d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) if (context && context->isDocument()) { 859d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) Document* document = toDocument(context); 860d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) if (document->frame()) 861197021e6b966cfb06891637935ef33fff06433d1Ben Murdoch return document->frame()->script().shouldBypassMainWorldCSP(); 862d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) } 863d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) return false; 864d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)} 865d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 866d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)bool ContentSecurityPolicy::shouldSendViolationReport(const String& report) const 867d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles){ 868d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) // Collisions have no security impact, so we can save space by storing only the string's hash rather than the whole report. 869d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) return !m_violationReportsSent.contains(report.impl()->hash()); 870d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)} 871d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 872d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)void ContentSecurityPolicy::didSendViolationReport(const String& report) 873d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles){ 874d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) m_violationReportsSent.add(report.impl()->hash()); 875d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)} 876d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 877c1847b1379d12d0e05df27436bf19a9b1bf12deaTorne (Richard Coles)} // namespace blink 878