Changeset 206254 in webkit
- Timestamp:
- Sep 22, 2016 1:28:37 AM (8 years ago)
- Location:
- trunk/Source/WebCore
- Files:
-
- 18 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/WebCore/ChangeLog
r206253 r206254 1 2016-09-22 Youenn Fablet <youenn@apple.com> 2 3 Refactor ContentSecurityPolicy::allow* methods 4 https://bugs.webkit.org/show_bug.cgi?id=162335 5 6 Reviewed by Darin Adler. 7 8 No change of behavior. 9 10 Removing the second parameter of ContentSecurityPolicy::allow* methods. 11 When true, this parameter makes the methods return true. 12 This patch updates the callers of allow* methods to check for the parameter before making the call. 13 14 Made some refactoring to share more code between the various allow* methods. 15 16 * Modules/fetch/FetchLoader.cpp: 17 (WebCore::FetchLoader::start): 18 * Modules/websockets/WebSocket.cpp: 19 (WebCore::WebSocket::connect): 20 * html/HTMLMediaElement.cpp: 21 (WebCore::HTMLMediaElement::isSafeToLoadURL): 22 (WebCore::HTMLMediaElement::outOfBandTrackSources): 23 * html/HTMLPlugInImageElement.cpp: 24 (WebCore::HTMLPlugInImageElement::allowedToLoadPluginContent): 25 * html/HTMLTrackElement.cpp: 26 (WebCore::HTMLTrackElement::canLoadURL): 27 * loader/DocumentThreadableLoader.cpp: 28 (WebCore::DocumentThreadableLoader::DocumentThreadableLoader): 29 (WebCore::DocumentThreadableLoader::redirectReceived): 30 (WebCore::DocumentThreadableLoader::loadRequest): 31 (WebCore::DocumentThreadableLoader::isAllowedByContentSecurityPolicy): 32 * loader/DocumentThreadableLoader.h: 33 * loader/FrameLoader.cpp: 34 (WebCore::FrameLoader::checkIfFormActionAllowedByCSP): 35 * loader/PolicyChecker.cpp: 36 (WebCore::isAllowedByContentSecurityPolicy): 37 * loader/SubframeLoader.cpp: 38 (WebCore::SubframeLoader::createJavaAppletWidget): 39 * loader/cache/CachedResourceLoader.cpp: 40 (WebCore::CachedResourceLoader::allowedByContentSecurityPolicy): 41 * page/EventSource.cpp: 42 (WebCore::EventSource::create): 43 * page/csp/ContentSecurityPolicy.cpp: 44 (WebCore::ContentSecurityPolicy::allowObjectFromSource): 45 (WebCore::ContentSecurityPolicy::allowChildFrameFromSource): 46 (WebCore::ContentSecurityPolicy::allowResourceFromSource): 47 (WebCore::ContentSecurityPolicy::allowChildContextFromSource): 48 (WebCore::ContentSecurityPolicy::allowScriptFromSource): 49 (WebCore::ContentSecurityPolicy::allowImageFromSource): 50 (WebCore::ContentSecurityPolicy::allowStyleFromSource): 51 (WebCore::ContentSecurityPolicy::allowFontFromSource): 52 (WebCore::ContentSecurityPolicy::allowMediaFromSource): 53 (WebCore::ContentSecurityPolicy::allowConnectToSource): 54 (WebCore::ContentSecurityPolicy::allowFormAction): 55 * page/csp/ContentSecurityPolicy.h: 56 * workers/AbstractWorker.cpp: 57 (WebCore::AbstractWorker::resolveURL): 58 * workers/WorkerGlobalScope.cpp: 59 (WebCore::WorkerGlobalScope::importScripts): 60 * xml/XMLHttpRequest.cpp: 61 (WebCore::XMLHttpRequest::initSend): 62 1 63 2016-09-19 Sergio Villar Senin <svillar@igalia.com> 2 64 -
trunk/Source/WebCore/Modules/fetch/FetchLoader.cpp
r206009 r206254 86 86 87 87 ASSERT(context.contentSecurityPolicy()); 88 context.contentSecurityPolicy()->upgradeInsecureRequestIfNeeded(fetchRequest, ContentSecurityPolicy::InsecureRequestType::Load);88 auto& contentSecurityPolicy = *context.contentSecurityPolicy(); 89 89 90 if (!context.contentSecurityPolicy()->allowConnectToSource(fetchRequest.url(), context.shouldBypassMainWorldContentSecurityPolicy())) { 90 contentSecurityPolicy.upgradeInsecureRequestIfNeeded(fetchRequest, ContentSecurityPolicy::InsecureRequestType::Load); 91 92 if (!context.shouldBypassMainWorldContentSecurityPolicy() && !contentSecurityPolicy.allowConnectToSource(fetchRequest.url())) { 91 93 m_client.didFail(); 92 94 return; -
trunk/Source/WebCore/Modules/websockets/WebSocket.cpp
r205405 r206254 218 218 m_url = URL(URL(), url); 219 219 220 ASSERT(scriptExecutionContext()); 221 auto& context = *scriptExecutionContext(); 222 220 223 if (!m_url.isValid()) { 221 scriptExecutionContext()->addConsoleMessage(MessageSource::JS, MessageLevel::Error, "Invalid url for WebSocket " + m_url.stringCenterEllipsizedToLength());224 context.addConsoleMessage(MessageSource::JS, MessageLevel::Error, "Invalid url for WebSocket " + m_url.stringCenterEllipsizedToLength()); 222 225 m_state = CLOSED; 223 226 ec = SYNTAX_ERR; … … 226 229 227 230 if (!m_url.protocolIs("ws") && !m_url.protocolIs("wss")) { 228 scriptExecutionContext()->addConsoleMessage(MessageSource::JS, MessageLevel::Error, "Wrong url scheme for WebSocket " + m_url.stringCenterEllipsizedToLength());231 context.addConsoleMessage(MessageSource::JS, MessageLevel::Error, "Wrong url scheme for WebSocket " + m_url.stringCenterEllipsizedToLength()); 229 232 m_state = CLOSED; 230 233 ec = SYNTAX_ERR; … … 232 235 } 233 236 if (m_url.hasFragmentIdentifier()) { 234 scriptExecutionContext()->addConsoleMessage(MessageSource::JS, MessageLevel::Error, "URL has fragment component " + m_url.stringCenterEllipsizedToLength());237 context.addConsoleMessage(MessageSource::JS, MessageLevel::Error, "URL has fragment component " + m_url.stringCenterEllipsizedToLength()); 235 238 m_state = CLOSED; 236 239 ec = SYNTAX_ERR; … … 238 241 } 239 242 240 scriptExecutionContext()->contentSecurityPolicy()->upgradeInsecureRequestIfNeeded(m_url, ContentSecurityPolicy::InsecureRequestType::Load); 241 243 ASSERT(context.contentSecurityPolicy()); 244 auto& contentSecurityPolicy = *context.contentSecurityPolicy(); 245 246 contentSecurityPolicy.upgradeInsecureRequestIfNeeded(m_url, ContentSecurityPolicy::InsecureRequestType::Load); 247 242 248 if (!portAllowed(m_url)) { 243 scriptExecutionContext()->addConsoleMessage(MessageSource::JS, MessageLevel::Error, "WebSocket port " + String::number(m_url.port()) + " blocked");249 context.addConsoleMessage(MessageSource::JS, MessageLevel::Error, "WebSocket port " + String::number(m_url.port()) + " blocked"); 244 250 m_state = CLOSED; 245 251 ec = SECURITY_ERR; … … 248 254 249 255 // FIXME: Convert this to check the isolated world's Content Security Policy once webkit.org/b/104520 is solved. 250 if (! scriptExecutionContext()->contentSecurityPolicy()->allowConnectToSource(m_url, scriptExecutionContext()->shouldBypassMainWorldContentSecurityPolicy())) {256 if (!context.shouldBypassMainWorldContentSecurityPolicy() && !contentSecurityPolicy.allowConnectToSource(m_url)) { 251 257 m_state = CLOSED; 252 258 … … 256 262 } 257 263 258 if (auto* provider = scriptExecutionContext()->socketProvider())264 if (auto* provider = context.socketProvider()) 259 265 m_channel = ThreadableWebSocketChannel::create(*scriptExecutionContext(), *this, *provider); 260 266 … … 271 277 for (auto& protocol : protocols) { 272 278 if (!isValidProtocolString(protocol)) { 273 scriptExecutionContext()->addConsoleMessage(MessageSource::JS, MessageLevel::Error, "Wrong protocol for WebSocket '" + encodeProtocolString(protocol) + "'");279 context.addConsoleMessage(MessageSource::JS, MessageLevel::Error, "Wrong protocol for WebSocket '" + encodeProtocolString(protocol) + "'"); 274 280 m_state = CLOSED; 275 281 ec = SYNTAX_ERR; … … 280 286 for (auto& protocol : protocols) { 281 287 if (!visited.add(protocol).isNewEntry) { 282 scriptExecutionContext()->addConsoleMessage(MessageSource::JS, MessageLevel::Error, "WebSocket protocols contain duplicates: '" + encodeProtocolString(protocol) + "'");288 context.addConsoleMessage(MessageSource::JS, MessageLevel::Error, "WebSocket protocols contain duplicates: '" + encodeProtocolString(protocol) + "'"); 283 289 m_state = CLOSED; 284 290 ec = SYNTAX_ERR; … … 287 293 } 288 294 289 if (is<Document>( *scriptExecutionContext())) {290 Document& document = downcast<Document>( *scriptExecutionContext());295 if (is<Document>(context)) { 296 Document& document = downcast<Document>(context); 291 297 if (!document.frame()->loader().mixedContentChecker().canRunInsecureContent(document.securityOrigin(), m_url)) { 292 298 // Balanced by the call to ActiveDOMObject::unsetPendingActivity() in WebSocket::stop(). -
trunk/Source/WebCore/html/HTMLMediaElement.cpp
r206208 r206254 1990 1990 #endif 1991 1991 1992 static inline bool isAllowedToLoadMediaURL(HTMLMediaElement& element, const URL& url, bool isInUserAgentShadowTree) 1993 { 1994 // Elements in user agent show tree should load whatever the embedding document policy is. 1995 if (isInUserAgentShadowTree) 1996 return true; 1997 1998 ASSERT(element.document().contentSecurityPolicy()); 1999 return element.document().contentSecurityPolicy()->allowMediaFromSource(url); 2000 } 2001 1992 2002 bool HTMLMediaElement::isSafeToLoadURL(const URL& url, InvalidURLAction actionIfInvalid) 1993 2003 { … … 2005 2015 } 2006 2016 2007 if (! document().contentSecurityPolicy()->allowMediaFromSource(url, isInUserAgentShadowTree())) {2017 if (!isAllowedToLoadMediaURL(*this, url, isInUserAgentShadowTree())) { 2008 2018 LOG(Media, "HTMLMediaElement::isSafeToLoadURL(%p) - %s -> rejected by Content Security Policy", this, urlForLoggingMedia(url).utf8().data()); 2009 2019 return false; … … 6365 6375 if (url.isEmpty()) 6366 6376 continue; 6367 6368 if (! document().contentSecurityPolicy()->allowMediaFromSource(url, trackElement.isInUserAgentShadowTree()))6377 6378 if (!isAllowedToLoadMediaURL(*this, url, trackElement.isInUserAgentShadowTree())) 6369 6379 continue; 6370 6380 -
trunk/Source/WebCore/html/HTMLPlugInImageElement.cpp
r205818 r206254 776 776 bool HTMLPlugInImageElement::allowedToLoadPluginContent(const String& url, const String& mimeType) const 777 777 { 778 // Elements in user agent show tree should load whatever the embedding document policy is. 779 if (isInUserAgentShadowTree()) 780 return true; 781 778 782 URL completedURL; 779 783 if (!url.isEmpty()) … … 785 789 contentSecurityPolicy.upgradeInsecureRequestIfNeeded(completedURL, ContentSecurityPolicy::InsecureRequestType::Load); 786 790 787 String declaredMimeType = document().isPluginDocument() && document().ownerElement() ? 791 if (!contentSecurityPolicy.allowObjectFromSource(completedURL)) 792 return false; 793 794 auto& declaredMimeType = document().isPluginDocument() && document().ownerElement() ? 788 795 document().ownerElement()->attributeWithoutSynchronization(HTMLNames::typeAttr) : attributeWithoutSynchronization(HTMLNames::typeAttr); 789 bool isInUserAgentShadowTree = this->isInUserAgentShadowTree(); 790 return contentSecurityPolicy.allowObjectFromSource(completedURL, isInUserAgentShadowTree) && contentSecurityPolicy.allowPluginType(mimeType, declaredMimeType, completedURL, isInUserAgentShadowTree); 796 return contentSecurityPolicy.allowPluginType(mimeType, declaredMimeType, completedURL); 791 797 } 792 798 -
trunk/Source/WebCore/html/HTMLTrackElement.cpp
r204239 r206254 217 217 return false; 218 218 219 if (!document().contentSecurityPolicy()->allowMediaFromSource(url, isInUserAgentShadowTree())) { 219 ASSERT(document().contentSecurityPolicy()); 220 // Elements in user agent show tree should load whatever the embedding document policy is. 221 if (!isInUserAgentShadowTree() && !document().contentSecurityPolicy()->allowMediaFromSource(url)) { 220 222 LOG(Media, "HTMLTrackElement::canLoadURL(%s) -> rejected by Content Security Policy", urlForLoggingTrack(url).utf8().data()); 221 223 return false; 222 224 } 223 225 224 226 return dispatchBeforeLoadEvent(url.string()); 225 227 } -
trunk/Source/WebCore/loader/DocumentThreadableLoader.cpp
r206203 r206254 36 36 #include "CachedResourceRequest.h" 37 37 #include "CachedResourceRequestInitiators.h" 38 #include "ContentSecurityPolicy.h"39 38 #include "CrossOriginAccessControl.h" 40 39 #include "CrossOriginPreflightChecker.h" … … 99 98 ASSERT(!request.hasHTTPReferrer() && !request.hasHTTPOrigin()); 100 99 101 ASSERT_WITH_SECURITY_IMPLICATION(isAllowedByContentSecurityPolicy(request.url() ));100 ASSERT_WITH_SECURITY_IMPLICATION(isAllowedByContentSecurityPolicy(request.url(), ContentSecurityPolicy::RedirectResponseReceived::No)); 102 101 103 102 m_options.allowCredentials = (m_options.credentials == FetchOptions::Credentials::Include || (m_options.credentials == FetchOptions::Credentials::SameOrigin && m_sameOriginRequest)) ? AllowStoredCredentials : DoNotAllowStoredCredentials; … … 224 223 225 224 Ref<DocumentThreadableLoader> protectedThis(*this); 226 if (!isAllowedByContentSecurityPolicy(request.url(), !redirectResponse.isNull())) {225 if (!isAllowedByContentSecurityPolicy(request.url(), redirectResponse.isNull() ? ContentSecurityPolicy::RedirectResponseReceived::No : ContentSecurityPolicy::RedirectResponseReceived::Yes)) { 227 226 reportContentSecurityPolicyError(*m_client, redirectResponse.url()); 228 227 clearResource(); … … 418 417 bool didRedirect = requestURL != response.url(); 419 418 if (didRedirect) { 420 if (!isAllowedByContentSecurityPolicy(response.url(), didRedirect)) {419 if (!isAllowedByContentSecurityPolicy(response.url(), ContentSecurityPolicy::RedirectResponseReceived::Yes)) { 421 420 reportContentSecurityPolicyError(*m_client, requestURL); 422 421 return; … … 449 448 } 450 449 451 bool DocumentThreadableLoader::isAllowedByContentSecurityPolicy(const URL& url, bool didRedirect) 452 { 453 bool overrideContentSecurityPolicy = false; 454 ContentSecurityPolicy::RedirectResponseReceived redirectResponseReceived = didRedirect ? ContentSecurityPolicy::RedirectResponseReceived::Yes : ContentSecurityPolicy::RedirectResponseReceived::No; 455 450 bool DocumentThreadableLoader::isAllowedByContentSecurityPolicy(const URL& url, ContentSecurityPolicy::RedirectResponseReceived redirectResponseReceived) 451 { 456 452 switch (m_options.contentSecurityPolicyEnforcement) { 457 453 case ContentSecurityPolicyEnforcement::DoNotEnforce: 458 454 return true; 459 455 case ContentSecurityPolicyEnforcement::EnforceChildSrcDirective: 460 return contentSecurityPolicy().allowChildContextFromSource(url, overrideContentSecurityPolicy,redirectResponseReceived);456 return contentSecurityPolicy().allowChildContextFromSource(url, redirectResponseReceived); 461 457 case ContentSecurityPolicyEnforcement::EnforceConnectSrcDirective: 462 return contentSecurityPolicy().allowConnectToSource(url, overrideContentSecurityPolicy,redirectResponseReceived);458 return contentSecurityPolicy().allowConnectToSource(url, redirectResponseReceived); 463 459 case ContentSecurityPolicyEnforcement::EnforceScriptSrcDirective: 464 return contentSecurityPolicy().allowScriptFromSource(url, overrideContentSecurityPolicy,redirectResponseReceived);460 return contentSecurityPolicy().allowScriptFromSource(url, redirectResponseReceived); 465 461 } 466 462 ASSERT_NOT_REACHED(); -
trunk/Source/WebCore/loader/DocumentThreadableLoader.h
r206009 r206254 32 32 #pragma once 33 33 34 #include "ContentSecurityPolicy.h" 34 35 #include "CrossOriginPreflightChecker.h" 35 36 #include "ResourceResponse.h" … … 95 96 void loadRequest(ResourceRequest&&, SecurityCheckPolicy); 96 97 bool isAllowedRedirect(const URL&); 97 bool isAllowedByContentSecurityPolicy(const URL&, bool didRedirect = false);98 bool isAllowedByContentSecurityPolicy(const URL&, ContentSecurityPolicy::RedirectResponseReceived); 98 99 99 100 bool isXMLHttpRequest() const final; -
trunk/Source/WebCore/loader/FrameLoader.cpp
r206189 r206254 943 943 944 944 auto redirectResponseReceived = didReceiveRedirectResponse ? ContentSecurityPolicy::RedirectResponseReceived::Yes : ContentSecurityPolicy::RedirectResponseReceived::No; 945 return m_frame.document()->contentSecurityPolicy()->allowFormAction(url, false /* overrideContentSecurityPolicy */,redirectResponseReceived);945 return m_frame.document()->contentSecurityPolicy()->allowFormAction(url, redirectResponseReceived); 946 946 } 947 947 -
trunk/Source/WebCore/loader/PolicyChecker.cpp
r203003 r206254 56 56 if (!ownerElement) 57 57 return true; 58 // Elements in user agent show tree should load whatever the embedding document policy is. 59 if (ownerElement->isInUserAgentShadowTree()) 60 return true; 61 58 62 auto redirectResponseReceived = didReceiveRedirectResponse ? ContentSecurityPolicy::RedirectResponseReceived::Yes : ContentSecurityPolicy::RedirectResponseReceived::No; 63 64 ASSERT(ownerElement->document().contentSecurityPolicy()); 59 65 if (is<HTMLPlugInElement>(ownerElement)) 60 return ownerElement->document().contentSecurityPolicy()->allowObjectFromSource(url, ownerElement->isInUserAgentShadowTree(),redirectResponseReceived);61 return ownerElement->document().contentSecurityPolicy()->allowChildFrameFromSource(url, ownerElement->isInUserAgentShadowTree(),redirectResponseReceived);66 return ownerElement->document().contentSecurityPolicy()->allowObjectFromSource(url, redirectResponseReceived); 67 return ownerElement->document().contentSecurityPolicy()->allowChildFrameFromSource(url, redirectResponseReceived); 62 68 } 63 69 -
trunk/Source/WebCore/loader/SubframeLoader.cpp
r204320 r206254 249 249 250 250 const char javaAppletMimeType[] = "application/x-java-applet"; 251 bool isInUserAgentShadowTree = element.isInUserAgentShadowTree(); 252 if (!element.document().contentSecurityPolicy()->allowObjectFromSource(codeBaseURL, isInUserAgentShadowTree) 253 || !element.document().contentSecurityPolicy()->allowPluginType(javaAppletMimeType, javaAppletMimeType, codeBaseURL, isInUserAgentShadowTree)) 251 ASSERT(element.document().contentSecurityPolicy()); 252 auto& contentSecurityPolicy = *element.document().contentSecurityPolicy(); 253 // Elements in user agent show tree should load whatever the embedding document policy is. 254 if (!element.isInUserAgentShadowTree() 255 && (!contentSecurityPolicy.allowObjectFromSource(codeBaseURL) || !contentSecurityPolicy.allowPluginType(javaAppletMimeType, javaAppletMimeType, codeBaseURL))) 254 256 return nullptr; 255 257 } -
trunk/Source/WebCore/loader/cache/CachedResourceLoader.cpp
r206206 r206254 400 400 #endif 401 401 case CachedResource::Script: 402 if (!m_document->contentSecurityPolicy()->allowScriptFromSource(url, false,redirectResponseReceived))402 if (!m_document->contentSecurityPolicy()->allowScriptFromSource(url, redirectResponseReceived)) 403 403 return false; 404 404 break; 405 405 case CachedResource::CSSStyleSheet: 406 if (!m_document->contentSecurityPolicy()->allowStyleFromSource(url, false,redirectResponseReceived))406 if (!m_document->contentSecurityPolicy()->allowStyleFromSource(url, redirectResponseReceived)) 407 407 return false; 408 408 break; 409 409 case CachedResource::SVGDocumentResource: 410 410 case CachedResource::ImageResource: 411 if (!m_document->contentSecurityPolicy()->allowImageFromSource(url, false,redirectResponseReceived))411 if (!m_document->contentSecurityPolicy()->allowImageFromSource(url, redirectResponseReceived)) 412 412 return false; 413 413 break; … … 416 416 #endif 417 417 case CachedResource::FontResource: 418 if (!m_document->contentSecurityPolicy()->allowFontFromSource(url, false,redirectResponseReceived))418 if (!m_document->contentSecurityPolicy()->allowFontFromSource(url, redirectResponseReceived)) 419 419 return false; 420 420 break; … … 423 423 case CachedResource::TextTrackResource: 424 424 #endif 425 if (!m_document->contentSecurityPolicy()->allowMediaFromSource(url, false,redirectResponseReceived))425 if (!m_document->contentSecurityPolicy()->allowMediaFromSource(url, redirectResponseReceived)) 426 426 return false; 427 427 break; -
trunk/Source/WebCore/page/EventSource.cpp
r204019 r206254 73 73 74 74 // FIXME: Convert this to check the isolated world's Content Security Policy once webkit.org/b/104520 is solved. 75 if (!context. contentSecurityPolicy()->allowConnectToSource(fullURL, context.shouldBypassMainWorldContentSecurityPolicy())) {75 if (!context.shouldBypassMainWorldContentSecurityPolicy() && !context.contentSecurityPolicy()->allowConnectToSource(fullURL)) { 76 76 // FIXME: Should this be throwing an exception? 77 77 ec = SECURITY_ERR; -
trunk/Source/WebCore/page/csp/ContentSecurityPolicy.cpp
r204521 r206254 452 452 } 453 453 454 bool ContentSecurityPolicy::allowScriptFromSource(const URL& url, bool overrideContentSecurityPolicy, RedirectResponseReceived redirectResponseReceived) const 455 { 456 if (overrideContentSecurityPolicy) 457 return true; 458 if (SchemeRegistry::schemeShouldBypassContentSecurityPolicy(url.protocol())) 459 return true; 460 String sourceURL; 461 TextPosition sourcePosition(WTF::OrdinalNumber::beforeFirst(), WTF::OrdinalNumber()); 462 auto handleViolatedDirective = [&] (const ContentSecurityPolicyDirective& violatedDirective) { 463 String consoleMessage = consoleMessageForViolation(ContentSecurityPolicyDirectiveNames::scriptSrc, violatedDirective, url, "Refused to load"); 464 reportViolation(ContentSecurityPolicyDirectiveNames::scriptSrc, violatedDirective, url, consoleMessage, sourceURL, sourcePosition); 465 }; 466 return allPoliciesAllow(WTFMove(handleViolatedDirective), &ContentSecurityPolicyDirectiveList::violatedDirectiveForScript, url, redirectResponseReceived == RedirectResponseReceived::Yes); 467 } 468 469 bool ContentSecurityPolicy::allowObjectFromSource(const URL& url, bool overrideContentSecurityPolicy, RedirectResponseReceived redirectResponseReceived) const 470 { 471 if (overrideContentSecurityPolicy) 472 return true; 454 bool ContentSecurityPolicy::allowObjectFromSource(const URL& url, RedirectResponseReceived redirectResponseReceived) const 455 { 473 456 if (SchemeRegistry::schemeShouldBypassContentSecurityPolicy(url.protocol())) 474 457 return true; … … 485 468 } 486 469 487 bool ContentSecurityPolicy::allowChildFrameFromSource(const URL& url, bool overrideContentSecurityPolicy, RedirectResponseReceived redirectResponseReceived) const 488 { 489 if (overrideContentSecurityPolicy) 490 return true; 470 bool ContentSecurityPolicy::allowChildFrameFromSource(const URL& url, RedirectResponseReceived redirectResponseReceived) const 471 { 491 472 if (SchemeRegistry::schemeShouldBypassContentSecurityPolicy(url.protocol())) 492 473 return true; … … 501 482 } 502 483 503 bool ContentSecurityPolicy::allowChildContextFromSource(const URL& url, bool overrideContentSecurityPolicy, RedirectResponseReceived redirectResponseReceived) const 504 { 505 if (overrideContentSecurityPolicy) 506 return true; 484 bool ContentSecurityPolicy::allowResourceFromSource(const URL& url, RedirectResponseReceived redirectResponseReceived, const char* name, ResourcePredicate resourcePredicate) const 485 { 507 486 if (SchemeRegistry::schemeShouldBypassContentSecurityPolicy(url.protocol())) 508 487 return true; … … 510 489 TextPosition sourcePosition(WTF::OrdinalNumber::beforeFirst(), WTF::OrdinalNumber()); 511 490 auto handleViolatedDirective = [&] (const ContentSecurityPolicyDirective& violatedDirective) { 512 String consoleMessage = consoleMessageForViolation(ContentSecurityPolicyDirectiveNames::childSrc, violatedDirective, url, "Refused to load"); 513 reportViolation(ContentSecurityPolicyDirectiveNames::childSrc, violatedDirective, url, consoleMessage, sourceURL, sourcePosition); 514 }; 515 return allPoliciesAllow(WTFMove(handleViolatedDirective), &ContentSecurityPolicyDirectiveList::violatedDirectiveForChildContext, url, redirectResponseReceived == RedirectResponseReceived::Yes); 516 } 517 518 bool ContentSecurityPolicy::allowImageFromSource(const URL& url, bool overrideContentSecurityPolicy, RedirectResponseReceived redirectResponseReceived) const 519 { 520 if (overrideContentSecurityPolicy) 521 return true; 491 String consoleMessage = consoleMessageForViolation(name, violatedDirective, url, "Refused to load"); 492 reportViolation(name, violatedDirective, url, consoleMessage, sourceURL, sourcePosition); 493 }; 494 return allPoliciesAllow(WTFMove(handleViolatedDirective), resourcePredicate, url, redirectResponseReceived == RedirectResponseReceived::Yes); 495 } 496 497 bool ContentSecurityPolicy::allowChildContextFromSource(const URL& url, RedirectResponseReceived redirectResponseReceived) const 498 { 499 return allowResourceFromSource(url, redirectResponseReceived, ContentSecurityPolicyDirectiveNames::childSrc, &ContentSecurityPolicyDirectiveList::violatedDirectiveForChildContext); 500 } 501 502 bool ContentSecurityPolicy::allowScriptFromSource(const URL& url, RedirectResponseReceived redirectResponseReceived) const 503 { 504 return allowResourceFromSource(url, redirectResponseReceived, ContentSecurityPolicyDirectiveNames::scriptSrc, &ContentSecurityPolicyDirectiveList::violatedDirectiveForScript); 505 } 506 507 bool ContentSecurityPolicy::allowImageFromSource(const URL& url, RedirectResponseReceived redirectResponseReceived) const 508 { 509 return allowResourceFromSource(url, redirectResponseReceived, ContentSecurityPolicyDirectiveNames::imgSrc, &ContentSecurityPolicyDirectiveList::violatedDirectiveForImage); 510 } 511 512 bool ContentSecurityPolicy::allowStyleFromSource(const URL& url, RedirectResponseReceived redirectResponseReceived) const 513 { 514 return allowResourceFromSource(url, redirectResponseReceived, ContentSecurityPolicyDirectiveNames::styleSrc, &ContentSecurityPolicyDirectiveList::violatedDirectiveForStyle); 515 } 516 517 bool ContentSecurityPolicy::allowFontFromSource(const URL& url, RedirectResponseReceived redirectResponseReceived) const 518 { 519 return allowResourceFromSource(url, redirectResponseReceived, ContentSecurityPolicyDirectiveNames::fontSrc, &ContentSecurityPolicyDirectiveList::violatedDirectiveForFont); 520 } 521 522 bool ContentSecurityPolicy::allowMediaFromSource(const URL& url, RedirectResponseReceived redirectResponseReceived) const 523 { 524 return allowResourceFromSource(url, redirectResponseReceived, ContentSecurityPolicyDirectiveNames::mediaSrc, &ContentSecurityPolicyDirectiveList::violatedDirectiveForMedia); 525 } 526 527 bool ContentSecurityPolicy::allowConnectToSource(const URL& url, RedirectResponseReceived redirectResponseReceived) const 528 { 522 529 if (SchemeRegistry::schemeShouldBypassContentSecurityPolicy(url.protocol())) 523 530 return true; … … 525 532 TextPosition sourcePosition(WTF::OrdinalNumber::beforeFirst(), WTF::OrdinalNumber()); 526 533 auto handleViolatedDirective = [&] (const ContentSecurityPolicyDirective& violatedDirective) { 527 String consoleMessage = consoleMessageForViolation(ContentSecurityPolicyDirectiveNames::imgSrc, violatedDirective, url, "Refused to load");528 reportViolation(ContentSecurityPolicyDirectiveNames::imgSrc, violatedDirective, url, consoleMessage, sourceURL, sourcePosition);529 };530 return allPoliciesAllow(WTFMove(handleViolatedDirective), &ContentSecurityPolicyDirectiveList::violatedDirectiveForImage, url, redirectResponseReceived == RedirectResponseReceived::Yes);531 }532 533 bool ContentSecurityPolicy::allowStyleFromSource(const URL& url, bool overrideContentSecurityPolicy, RedirectResponseReceived redirectResponseReceived) const534 {535 if (overrideContentSecurityPolicy)536 return true;537 if (SchemeRegistry::schemeShouldBypassContentSecurityPolicy(url.protocol()))538 return true;539 String sourceURL;540 TextPosition sourcePosition(WTF::OrdinalNumber::beforeFirst(), WTF::OrdinalNumber());541 auto handleViolatedDirective = [&] (const ContentSecurityPolicyDirective& violatedDirective) {542 String consoleMessage = consoleMessageForViolation(ContentSecurityPolicyDirectiveNames::styleSrc, violatedDirective, url, "Refused to load");543 reportViolation(ContentSecurityPolicyDirectiveNames::styleSrc, violatedDirective, url, consoleMessage, sourceURL, sourcePosition);544 };545 return allPoliciesAllow(WTFMove(handleViolatedDirective), &ContentSecurityPolicyDirectiveList::violatedDirectiveForStyle, url, redirectResponseReceived == RedirectResponseReceived::Yes);546 }547 548 bool ContentSecurityPolicy::allowFontFromSource(const URL& url, bool overrideContentSecurityPolicy, RedirectResponseReceived redirectResponseReceived) const549 {550 if (overrideContentSecurityPolicy)551 return true;552 if (SchemeRegistry::schemeShouldBypassContentSecurityPolicy(url.protocol()))553 return true;554 String sourceURL;555 TextPosition sourcePosition(WTF::OrdinalNumber::beforeFirst(), WTF::OrdinalNumber());556 auto handleViolatedDirective = [&] (const ContentSecurityPolicyDirective& violatedDirective) {557 String consoleMessage = consoleMessageForViolation(ContentSecurityPolicyDirectiveNames::fontSrc, violatedDirective, url, "Refused to load");558 reportViolation(ContentSecurityPolicyDirectiveNames::fontSrc, violatedDirective, url, consoleMessage, sourceURL, sourcePosition);559 };560 return allPoliciesAllow(WTFMove(handleViolatedDirective), &ContentSecurityPolicyDirectiveList::violatedDirectiveForFont, url, redirectResponseReceived == RedirectResponseReceived::Yes);561 }562 563 bool ContentSecurityPolicy::allowMediaFromSource(const URL& url, bool overrideContentSecurityPolicy, RedirectResponseReceived redirectResponseReceived) const564 {565 if (overrideContentSecurityPolicy)566 return true;567 if (SchemeRegistry::schemeShouldBypassContentSecurityPolicy(url.protocol()))568 return true;569 String sourceURL;570 TextPosition sourcePosition(WTF::OrdinalNumber::beforeFirst(), WTF::OrdinalNumber());571 auto handleViolatedDirective = [&] (const ContentSecurityPolicyDirective& violatedDirective) {572 String consoleMessage = consoleMessageForViolation(ContentSecurityPolicyDirectiveNames::mediaSrc, violatedDirective, url, "Refused to load");573 reportViolation(ContentSecurityPolicyDirectiveNames::mediaSrc, violatedDirective, url, consoleMessage, sourceURL, sourcePosition);574 };575 return allPoliciesAllow(WTFMove(handleViolatedDirective), &ContentSecurityPolicyDirectiveList::violatedDirectiveForMedia, url, redirectResponseReceived == RedirectResponseReceived::Yes);576 }577 578 bool ContentSecurityPolicy::allowConnectToSource(const URL& url, bool overrideContentSecurityPolicy, RedirectResponseReceived redirectResponseReceived) const579 {580 if (overrideContentSecurityPolicy)581 return true;582 if (SchemeRegistry::schemeShouldBypassContentSecurityPolicy(url.protocol()))583 return true;584 String sourceURL;585 TextPosition sourcePosition(WTF::OrdinalNumber::beforeFirst(), WTF::OrdinalNumber());586 auto handleViolatedDirective = [&] (const ContentSecurityPolicyDirective& violatedDirective) {587 534 String consoleMessage = consoleMessageForViolation(ContentSecurityPolicyDirectiveNames::connectSrc, violatedDirective, url, "Refused to connect to"); 588 535 reportViolation(ContentSecurityPolicyDirectiveNames::connectSrc, violatedDirective, url, consoleMessage, sourceURL, sourcePosition); … … 591 538 } 592 539 593 bool ContentSecurityPolicy::allowFormAction(const URL& url, bool overrideContentSecurityPolicy, RedirectResponseReceived redirectResponseReceived) const 594 { 595 if (overrideContentSecurityPolicy) 596 return true; 597 if (SchemeRegistry::schemeShouldBypassContentSecurityPolicy(url.protocol())) 598 return true; 599 String sourceURL; 600 TextPosition sourcePosition(WTF::OrdinalNumber::beforeFirst(), WTF::OrdinalNumber()); 601 auto handleViolatedDirective = [&] (const ContentSecurityPolicyDirective& violatedDirective) { 602 String consoleMessage = consoleMessageForViolation(ContentSecurityPolicyDirectiveNames::formAction, violatedDirective, url, "Refused to load"); 603 reportViolation(ContentSecurityPolicyDirectiveNames::formAction, violatedDirective, url, consoleMessage, sourceURL, sourcePosition); 604 }; 605 return allPoliciesAllow(WTFMove(handleViolatedDirective), &ContentSecurityPolicyDirectiveList::violatedDirectiveForFormAction, url, redirectResponseReceived == RedirectResponseReceived::Yes); 540 bool ContentSecurityPolicy::allowFormAction(const URL& url, RedirectResponseReceived redirectResponseReceived) const 541 { 542 return allowResourceFromSource(url, redirectResponseReceived, ContentSecurityPolicyDirectiveNames::formAction, &ContentSecurityPolicyDirectiveList::violatedDirectiveForFormAction); 606 543 } 607 544 -
trunk/Source/WebCore/page/csp/ContentSecurityPolicy.h
r204521 r206254 99 99 100 100 enum class RedirectResponseReceived { No, Yes }; 101 bool allowScriptFromSource(const URL&, bool overrideContentSecurityPolicy = false, RedirectResponseReceived = RedirectResponseReceived::No) const; 102 bool allowChildFrameFromSource(const URL&, bool overrideContentSecurityPolicy = false, RedirectResponseReceived = RedirectResponseReceived::No) const; 103 bool allowChildContextFromSource(const URL&, bool overrideContentSecurityPolicy = false, RedirectResponseReceived = RedirectResponseReceived::No) const; 104 bool allowImageFromSource(const URL&, bool overrideContentSecurityPolicy = false, RedirectResponseReceived = RedirectResponseReceived::No) const; 105 bool allowStyleFromSource(const URL&, bool overrideContentSecurityPolicy = false, RedirectResponseReceived = RedirectResponseReceived::No) const; 106 bool allowFontFromSource(const URL&, bool overrideContentSecurityPolicy = false, RedirectResponseReceived = RedirectResponseReceived::No) const; 107 bool allowMediaFromSource(const URL&, bool overrideContentSecurityPolicy = false, RedirectResponseReceived = RedirectResponseReceived::No) const; 108 bool allowConnectToSource(const URL&, bool overrideContentSecurityPolicy = false, RedirectResponseReceived = RedirectResponseReceived::No) const; 109 bool allowFormAction(const URL&, bool overrideContentSecurityPolicy = false, RedirectResponseReceived = RedirectResponseReceived::No) const; 110 111 bool allowObjectFromSource(const URL&, bool overrideContentSecurityPolicy = false, RedirectResponseReceived = RedirectResponseReceived::No) const; 101 bool allowScriptFromSource(const URL&, RedirectResponseReceived = RedirectResponseReceived::No) const; 102 bool allowImageFromSource(const URL&, RedirectResponseReceived = RedirectResponseReceived::No) const; 103 bool allowStyleFromSource(const URL&, RedirectResponseReceived = RedirectResponseReceived::No) const; 104 bool allowFontFromSource(const URL&, RedirectResponseReceived = RedirectResponseReceived::No) const; 105 bool allowMediaFromSource(const URL&, RedirectResponseReceived = RedirectResponseReceived::No) const; 106 107 bool allowChildFrameFromSource(const URL&, RedirectResponseReceived = RedirectResponseReceived::No) const; 108 bool allowChildContextFromSource(const URL&, RedirectResponseReceived = RedirectResponseReceived::No) const; 109 bool allowConnectToSource(const URL&, RedirectResponseReceived = RedirectResponseReceived::No) const; 110 bool allowFormAction(const URL&, RedirectResponseReceived = RedirectResponseReceived::No) const; 111 112 bool allowObjectFromSource(const URL&, RedirectResponseReceived = RedirectResponseReceived::No) const; 112 113 bool allowBaseURI(const URL&, bool overrideContentSecurityPolicy = false) const; 113 114 … … 189 190 bool allPoliciesAllow(ViolatedDirectiveCallback&&, Predicate&&, Args&&...) const WARN_UNUSED_RETURN; 190 191 192 using ResourcePredicate = const ContentSecurityPolicyDirective *(ContentSecurityPolicyDirectiveList::*)(const URL &, bool) const; 193 bool allowResourceFromSource(const URL&, RedirectResponseReceived, const char*, ResourcePredicate) const; 194 191 195 using HashInEnforcedAndReportOnlyPoliciesPair = std::pair<bool, bool>; 192 196 template<typename Predicate> HashInEnforcedAndReportOnlyPoliciesPair findHashOfContentInPolicies(Predicate&&, const String& content, OptionSet<ContentSecurityPolicyHashAlgorithm>) const WARN_UNUSED_RETURN; -
trunk/Source/WebCore/workers/AbstractWorker.cpp
r196526 r206254 64 64 65 65 ASSERT(scriptExecutionContext()->contentSecurityPolicy()); 66 if (!s criptExecutionContext()->contentSecurityPolicy()->allowChildContextFromSource(scriptURL, shouldBypassMainWorldContentSecurityPolicy)) {66 if (!shouldBypassMainWorldContentSecurityPolicy && !scriptExecutionContext()->contentSecurityPolicy()->allowChildContextFromSource(scriptURL)) { 67 67 ec = SECURITY_ERR; 68 68 return URL(); -
trunk/Source/WebCore/workers/WorkerGlobalScope.cpp
r204481 r206254 217 217 void WorkerGlobalScope::importScripts(const Vector<String>& urls, ExceptionCode& ec) 218 218 { 219 ASSERT(scriptExecutionContext()); 219 220 ASSERT(contentSecurityPolicy()); 221 222 auto& context = *scriptExecutionContext(); 220 223 ec = 0; 221 224 Vector<URL> completedURLs; 222 225 for (auto& entry : urls) { 223 URL url = scriptExecutionContext()->completeURL(entry);226 URL url = context.completeURL(entry); 224 227 if (!url.isValid()) { 225 228 ec = SYNTAX_ERR; … … 231 234 for (auto& url : completedURLs) { 232 235 // FIXME: Convert this to check the isolated world's Content Security Policy once webkit.org/b/104520 is solved. 233 bool shouldBypassMainWorldContentSecurityPolicy = scriptExecutionContext()->shouldBypassMainWorldContentSecurityPolicy();234 if (!s criptExecutionContext()->contentSecurityPolicy()->allowScriptFromSource(url, shouldBypassMainWorldContentSecurityPolicy)) {236 bool shouldBypassMainWorldContentSecurityPolicy = context.shouldBypassMainWorldContentSecurityPolicy(); 237 if (!shouldBypassMainWorldContentSecurityPolicy && !context.contentSecurityPolicy()->allowScriptFromSource(url)) { 235 238 ec = NETWORK_ERR; 236 239 return; … … 238 241 239 242 Ref<WorkerScriptLoader> scriptLoader = WorkerScriptLoader::create(); 240 scriptLoader->loadSynchronously( scriptExecutionContext(), url, FetchOptions::Mode::NoCors, shouldBypassMainWorldContentSecurityPolicy ? ContentSecurityPolicyEnforcement::DoNotEnforce : ContentSecurityPolicyEnforcement::EnforceScriptSrcDirective);243 scriptLoader->loadSynchronously(&context, url, FetchOptions::Mode::NoCors, shouldBypassMainWorldContentSecurityPolicy ? ContentSecurityPolicyEnforcement::DoNotEnforce : ContentSecurityPolicyEnforcement::EnforceScriptSrcDirective); 241 244 242 245 // If the fetching attempt failed, throw a NETWORK_ERR exception and abort all these steps. … … 246 249 } 247 250 248 InspectorInstrumentation::scriptImported( scriptExecutionContext(), scriptLoader->identifier(), scriptLoader->script());251 InspectorInstrumentation::scriptImported(&context, scriptLoader->identifier(), scriptLoader->script()); 249 252 250 253 NakedPtr<JSC::Exception> exception; -
trunk/Source/WebCore/xml/XMLHttpRequest.cpp
r205411 r206254 495 495 return false; 496 496 497 auto& context = *scriptExecutionContext(); 498 497 499 if (m_state != OPENED || m_sendFlag) { 498 500 ec = INVALID_STATE_ERR; … … 502 504 503 505 // FIXME: Convert this to check the isolated world's Content Security Policy once webkit.org/b/104520 is solved. 504 if (! scriptExecutionContext()->contentSecurityPolicy()->allowConnectToSource(m_url, scriptExecutionContext()->shouldBypassMainWorldContentSecurityPolicy())) {506 if (!context.shouldBypassMainWorldContentSecurityPolicy() && !context.contentSecurityPolicy()->allowConnectToSource(m_url)) { 505 507 if (m_async) { 506 508 setPendingActivity(this);
Note: See TracChangeset
for help on using the changeset viewer.