Changeset 195948 in webkit


Ignore:
Timestamp:
Jan 31, 2016 7:10:00 PM (8 years ago)
Author:
dbates@webkit.org
Message:

CSP: Use the served CSP header for dedicated workers
https://bugs.webkit.org/show_bug.cgi?id=153157
<rdar://problem/24383254>
And
https://bugs.webkit.org/show_bug.cgi?id=153156
<rdar://problem/24383246>

Patch by Daniel Bates <dabates@apple.com> on 2016-01-31
Reviewed by Brent Fulgham.

Source/WebCore:

Inspired by Blink commit:
<https://src.chromium.org/viewvc/blink?revision=194143&view=revision>

Implement support for respecting Content Security Policy (CSP) HTTP headers included in the
HTTP response for a Web Worker's script as per section Workers of the CSP 2.0 spec,
<https://w3c.github.io/webappsec-csp/2/#processing-model-workers> (29 August 2015).

Currently a Web Worker always inherits the CSP of its owner document. Instead a web worker
will inherit the CSP of its owner document only if its script is incapable of defining a
content security policy (i.e. its origin is a globally unique identifier). Otherwise, the
CSP HTTP headers delivered with the script will be used to define the CSP for the worker.

Tests: fast/workers/worker-inherits-csp-blocks-eval.html

fast/workers/worker-inherits-csp-blocks-xhr.html
http/tests/security/contentSecurityPolicy/worker-blob-inherits-csp-blocks-eval.html

  • CMakeLists.txt: Add file ContentSecurityPolicyResponseHeaders.cpp.
  • WebCore.vcxproj/WebCore.vcxproj: Add files ContentSecurityPolicyResponseHeaders.{cpp, h}.
  • WebCore.vcxproj/WebCore.vcxproj.filters: Ditto.
  • WebCore.xcodeproj/project.pbxproj: Ditto.
  • dom/Document.cpp:

(WebCore::Document::processHttpEquiv): Update code to use enum class ContentSecurityPolicyHeaderType.

  • loader/FrameLoader.cpp:

(WebCore::FrameLoader::didBeginDocument): Extract logic to collect Content Security Policy HTTP headers
into class ContentSecurityPolicyResponseHeaders and make use of it here.

  • page/csp/ContentSecurityPolicy.cpp:

(WebCore::CSPDirectiveList::headerType): Modified to use enum class ContentSecurityPolicyHeaderType.
(WebCore::CSPDirectiveList::CSPDirectiveList): Ditto.
(WebCore::CSPDirectiveList::create): Ditto.
(WebCore::ContentSecurityPolicy::responseHeaders): Creates and returns a ContentSecurityPolicyResponseHeaders
object with the parsed CSP policy headers.
(WebCore::ContentSecurityPolicy::didReceiveHeaders): Processed the CSP policy headers represented by the
specified ContentSecurityPolicyResponseHeaders object.
(WebCore::ContentSecurityPolicy::deprecatedHeader): Deleted.
(WebCore::ContentSecurityPolicy::deprecatedHeaderType): Deleted.

  • page/csp/ContentSecurityPolicy.h: Defines a class that represents a collection of CSP policy headers.

This class has two purposes:

  • It extracts the CSP policy headers from a HTTP response (ResourceResponse object). We make use of this functionality in both FrameLoader::didBeginDocument() and Worker::didReceiveResponse().
  • It serves as a memento that externalizes the internal CSP policy details of an instance of ContentSecurityPolicy. We make use of this memento functionality to support inheriting the CSP policy of the worker's owner document in a thread-safe manner. You can create and restore a memento using ContentSecurityPolicy::responseHeaders() and ContentSecurityPolicy::didReceiveHeaders(), respectively.
  • page/csp/ContentSecurityPolicyResponseHeaders.cpp: Added.

(WebCore::ContentSecurityPolicyResponseHeaders::ContentSecurityPolicyResponseHeaders): Extracts the
CSP HTTP headers from a ResourceResponse object.
(WebCore::ContentSecurityPolicyResponseHeaders::isolatedCopy): Make a copy of this object that is
safe to pass to another thread.

  • page/csp/ContentSecurityPolicyResponseHeaders.h: Added.
  • workers/DedicatedWorkerGlobalScope.cpp:

(WebCore::DedicatedWorkerGlobalScope::create): Modified to use class ContentSecurityPolicyResponseHeaders.

  • workers/DedicatedWorkerGlobalScope.h:
  • workers/DedicatedWorkerThread.cpp:

(WebCore::DedicatedWorkerThread::create): Ditto.
(WebCore::DedicatedWorkerThread::DedicatedWorkerThread): Ditto.
(WebCore::DedicatedWorkerThread::createWorkerGlobalScope): Ditto.

  • workers/DedicatedWorkerThread.h:
  • workers/Worker.cpp:

(WebCore::Worker::didReceiveResponse): Create a ContentSecurityPolicyResponseHeaders if the origin of
the worker's script is capable of providing a CSP. Otherwise, we will inherit the CSP of the worker's owner
document in Worker::notifyFinished().
(WebCore::Worker::notifyFinished): Pass the appropriate CSP response headers to WorkerMessagingProxy::startWorkerGlobalScope().

  • workers/Worker.h:
  • workers/WorkerGlobalScope.cpp:

(WebCore::WorkerGlobalScope::applyContentSecurityPolicyResponseHeaders): Renamed; formerly named applyContentSecurityPolicyFromString().
Modified to take a ContentSecurityPolicyResponseHeaders and apply it to the ContentSecurityPolicy object associated with the worker.
(WebCore::WorkerGlobalScope::applyContentSecurityPolicyFromString): Deleted.

  • workers/WorkerGlobalScope.h:
  • workers/WorkerMessagingProxy.cpp:

(WebCore::WorkerMessagingProxy::startWorkerGlobalScope): Pass the worker's ContentSecurityPolicyResponseHeaders object.

  • workers/WorkerThread.cpp:

(WebCore::WorkerThreadStartupData::WorkerThreadStartupData): Added field m_contentSecurityPolicyResponseHeaders to store
the CSP response headers to be applied to the worker's ContentSecurityPolicy object.
(WebCore::WorkerThread::WorkerThread): Modified to use ContentSecurityPolicyResponseHeaders.
(WebCore::WorkerThread::workerThread): Pass the ContentSecurityPolicyResponseHeaders object from the start up data struct
to DedicatedWorkerThread::createWorkerGlobalScope().

  • workers/WorkerThread.h:

LayoutTests:

Add new tests to ensure we block eval() in blob-, file-URL workers and block XHR in a file-URL worker.

  • TestExpectations: Remove now passing tests http/tests/security/contentSecurityPolicy/worker-{multiple-csp-headers, without-own-csp}.html

and update the associated bug # for tests that fail.

  • fast/workers/resources/worker-inherits-csp-blocks-eval.js: Added.

(catch):

  • fast/workers/resources/worker-inherits-csp-blocks-xhr.js: Added.

(catch):

  • fast/workers/worker-inherits-csp-blocks-eval-expected.txt: Added.
  • fast/workers/worker-inherits-csp-blocks-eval.html: Added.
  • fast/workers/worker-inherits-csp-blocks-xhr-expected.txt: Added.
  • fast/workers/worker-inherits-csp-blocks-xhr.html: Added.
  • http/tests/security/contentSecurityPolicy/worker-blob-inherits-csp-blocks-eval-expected.txt: Added.
  • http/tests/security/contentSecurityPolicy/worker-blob-inherits-csp-blocks-eval.html: Added.
  • http/tests/security/contentSecurityPolicy/worker-multiple-csp-headers-expected.txt: Updated expected results as

the result was incorrect.

  • http/tests/security/contentSecurityPolicy/worker-without-own-csp-expected.txt: Ditto.
Location:
trunk
Files:
10 added
26 edited

Legend:

Unmodified
Added
Removed
  • trunk/LayoutTests/ChangeLog

    r195947 r195948  
     12016-01-31  Daniel Bates  <dabates@apple.com>
     2
     3        CSP: Use the served CSP header for dedicated workers
     4        https://bugs.webkit.org/show_bug.cgi?id=153157
     5        <rdar://problem/24383254>
     6        And
     7        https://bugs.webkit.org/show_bug.cgi?id=153156
     8        <rdar://problem/24383246>
     9
     10        Reviewed by Brent Fulgham.
     11
     12        Add new tests to ensure we block eval() in blob-, file-URL workers and block XHR in a file-URL worker.
     13
     14        * TestExpectations: Remove now passing tests http/tests/security/contentSecurityPolicy/worker-{multiple-csp-headers, without-own-csp}.html
     15        and update the associated bug # for tests that fail.
     16        * fast/workers/resources/worker-inherits-csp-blocks-eval.js: Added.
     17        (catch):
     18        * fast/workers/resources/worker-inherits-csp-blocks-xhr.js: Added.
     19        (catch):
     20        * fast/workers/worker-inherits-csp-blocks-eval-expected.txt: Added.
     21        * fast/workers/worker-inherits-csp-blocks-eval.html: Added.
     22        * fast/workers/worker-inherits-csp-blocks-xhr-expected.txt: Added.
     23        * fast/workers/worker-inherits-csp-blocks-xhr.html: Added.
     24        * http/tests/security/contentSecurityPolicy/worker-blob-inherits-csp-blocks-eval-expected.txt: Added.
     25        * http/tests/security/contentSecurityPolicy/worker-blob-inherits-csp-blocks-eval.html: Added.
     26        * http/tests/security/contentSecurityPolicy/worker-multiple-csp-headers-expected.txt: Updated expected results as
     27        the result was incorrect.
     28        * http/tests/security/contentSecurityPolicy/worker-without-own-csp-expected.txt: Ditto.
     29
     302016-01-27  Daniel Bates  <dabates@apple.com>
     31
     32        CSP: Use the served CSP header for dedicated workers
     33        https://bugs.webkit.org/show_bug.cgi?id=153157
     34        And
     35        https://bugs.webkit.org/show_bug.cgi?id=153156
     36
     37        Reviewed by Brent Fulgham.
     38
     39        Remove some tests that now pass and update the expected results of existing tests.
     40
     41        * TestExpectations:
     42        * http/tests/security/contentSecurityPolicy/worker-multiple-csp-headers-expected.txt:
     43        * http/tests/security/contentSecurityPolicy/worker-without-own-csp-expected.txt:
     44
    1452016-01-31  Hunseop Jeong  <hs85.jeong@samsung.com>
    246
  • trunk/LayoutTests/TestExpectations

    r195892 r195948  
    800800webkit.org/b/69359 http/tests/security/contentSecurityPolicy/connect-src-eventsource-redirect-to-blocked.html [ Failure ]
    801801webkit.org/b/69359 http/tests/security/contentSecurityPolicy/connect-src-xmlhttprequest-redirect-to-blocked.html [ Failure ]
     802webkit.org/b/69359 http/tests/security/contentSecurityPolicy/worker-blob-inherits-csp.html [ Failure ]
    802803webkit.org/b/111869 http/tests/security/contentSecurityPolicy/eval-blocked-and-sends-report.html
    803804webkit.org/b/115700 http/tests/security/contentSecurityPolicy/inline-event-handler-blocked-after-injecting-meta.html [ Failure ]
     
    817818webkit.org/b/153154 http/tests/security/contentSecurityPolicy/redirect-does-not-match-paths.html
    818819webkit.org/b/153155 http/tests/security/contentSecurityPolicy/style-src-blocked-error-event.html
    819 webkit.org/b/153156 http/tests/security/contentSecurityPolicy/worker-multiple-csp-headers.html [ Failure ]
    820 webkit.org/b/153157 http/tests/security/contentSecurityPolicy/worker-blob-inherits-csp.html [ Failure ]
    821 webkit.org/b/153157 http/tests/security/contentSecurityPolicy/worker-importscripts-blocked.html [ Failure ]
    822 webkit.org/b/153157 http/tests/security/contentSecurityPolicy/worker-script-src.html [ Failure ]
    823 webkit.org/b/153157 http/tests/security/contentSecurityPolicy/worker-without-own-csp.html [ Failure ]
    824820webkit.org/b/153158 http/tests/security/contentSecurityPolicy/blob-urls-match-self.html [ Failure ]
    825821webkit.org/b/153159 http/tests/security/contentSecurityPolicy/image-document-default-src-none.html [ Failure ]
     
    843839webkit.org/b/153168 http/tests/security/contentSecurityPolicy/source-list-parsing-07.html [ Failure ]
    844840webkit.org/b/153170 http/tests/security/contentSecurityPolicy/source-list-parsing-paths-03.html [ Failure ]
     841webkit.org/b/153562 http/tests/security/contentSecurityPolicy/worker-importscripts-blocked.html [ Failure ]
     842webkit.org/b/153562 http/tests/security/contentSecurityPolicy/worker-script-src.html [ Failure ]
    845843http/tests/security/contentSecurityPolicy/script-src-blocked-error-event.html [ Pass Failure ]
    846844http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/frame-ancestors-overrides-xfo.html # Needs expected file.
  • trunk/LayoutTests/http/tests/security/contentSecurityPolicy/worker-multiple-csp-headers-expected.txt

    r195367 r195948  
     1CONSOLE MESSAGE: Refused to connect to 'http://127.0.0.1:8000/xmlhttprequest/resources/get.txt' because it violates the following Content Security Policy directive: "connect-src 'none'".
     2
    13
    24PASS Worker can have multiple CSP headers
  • trunk/LayoutTests/http/tests/security/contentSecurityPolicy/worker-without-own-csp-expected.txt

    r195367 r195948  
    1 
    21
    32PASS Worker should not inherit document's CSP
  • trunk/Source/WebCore/CMakeLists.txt

    r195764 r195948  
    20682068
    20692069    page/csp/ContentSecurityPolicy.cpp
     2070    page/csp/ContentSecurityPolicyResponseHeaders.cpp
    20702071
    20712072    page/scrolling/AxisScrollSnapOffsets.cpp
  • trunk/Source/WebCore/ChangeLog

    r195946 r195948  
     12016-01-31  Daniel Bates  <dabates@apple.com>
     2
     3        CSP: Use the served CSP header for dedicated workers
     4        https://bugs.webkit.org/show_bug.cgi?id=153157
     5        <rdar://problem/24383254>
     6        And
     7        https://bugs.webkit.org/show_bug.cgi?id=153156
     8        <rdar://problem/24383246>
     9
     10        Reviewed by Brent Fulgham.
     11
     12        Inspired by Blink commit:
     13        <https://src.chromium.org/viewvc/blink?revision=194143&view=revision>
     14
     15        Implement support for respecting Content Security Policy (CSP) HTTP headers included in the
     16        HTTP response for a Web Worker's script as per section Workers of the CSP 2.0 spec,
     17        <https://w3c.github.io/webappsec-csp/2/#processing-model-workers> (29 August 2015).
     18
     19        Currently a Web Worker always inherits the CSP of its owner document. Instead a web worker
     20        will inherit the CSP of its owner document only if its script is incapable of defining a
     21        content security policy (i.e. its origin is a globally unique identifier). Otherwise, the
     22        CSP HTTP headers delivered with the script will be used to define the CSP for the worker.
     23
     24        Tests: fast/workers/worker-inherits-csp-blocks-eval.html
     25               fast/workers/worker-inherits-csp-blocks-xhr.html
     26               http/tests/security/contentSecurityPolicy/worker-blob-inherits-csp-blocks-eval.html
     27
     28        * CMakeLists.txt: Add file ContentSecurityPolicyResponseHeaders.cpp.
     29        * WebCore.vcxproj/WebCore.vcxproj: Add files ContentSecurityPolicyResponseHeaders.{cpp, h}.
     30        * WebCore.vcxproj/WebCore.vcxproj.filters: Ditto.
     31        * WebCore.xcodeproj/project.pbxproj: Ditto.
     32        * dom/Document.cpp:
     33        (WebCore::Document::processHttpEquiv): Update code to use enum class ContentSecurityPolicyHeaderType.
     34        * loader/FrameLoader.cpp:
     35        (WebCore::FrameLoader::didBeginDocument): Extract logic to collect Content Security Policy HTTP headers
     36        into class ContentSecurityPolicyResponseHeaders and make use of it here.
     37        * page/csp/ContentSecurityPolicy.cpp:
     38        (WebCore::CSPDirectiveList::headerType): Modified to use enum class ContentSecurityPolicyHeaderType.
     39        (WebCore::CSPDirectiveList::CSPDirectiveList): Ditto.
     40        (WebCore::CSPDirectiveList::create): Ditto.
     41        (WebCore::ContentSecurityPolicy::responseHeaders): Creates and returns a ContentSecurityPolicyResponseHeaders
     42        object with the parsed CSP policy headers.
     43        (WebCore::ContentSecurityPolicy::didReceiveHeaders): Processed the CSP policy headers represented by the
     44        specified ContentSecurityPolicyResponseHeaders object.
     45        (WebCore::ContentSecurityPolicy::deprecatedHeader): Deleted.
     46        (WebCore::ContentSecurityPolicy::deprecatedHeaderType): Deleted.
     47        * page/csp/ContentSecurityPolicy.h: Defines a class that represents a collection of CSP policy headers.
     48        This class has two purposes:
     49            - It extracts the CSP policy headers from a HTTP response (ResourceResponse object). We make use of
     50            this functionality in both FrameLoader::didBeginDocument() and Worker::didReceiveResponse().
     51            - It serves as a memento that externalizes the internal CSP policy details of an instance of
     52            ContentSecurityPolicy. We make use of this memento functionality to support inheriting the
     53            CSP policy of the worker's owner document in a thread-safe manner. You can create and restore
     54            a memento using ContentSecurityPolicy::responseHeaders() and ContentSecurityPolicy::didReceiveHeaders(), respectively.
     55        * page/csp/ContentSecurityPolicyResponseHeaders.cpp: Added.
     56        (WebCore::ContentSecurityPolicyResponseHeaders::ContentSecurityPolicyResponseHeaders): Extracts the
     57        CSP HTTP headers from a ResourceResponse object.
     58        (WebCore::ContentSecurityPolicyResponseHeaders::isolatedCopy): Make a copy of this object that is
     59        safe to pass to another thread.
     60        * page/csp/ContentSecurityPolicyResponseHeaders.h: Added.
     61        * workers/DedicatedWorkerGlobalScope.cpp:
     62        (WebCore::DedicatedWorkerGlobalScope::create): Modified to use class ContentSecurityPolicyResponseHeaders.
     63        * workers/DedicatedWorkerGlobalScope.h:
     64        * workers/DedicatedWorkerThread.cpp:
     65        (WebCore::DedicatedWorkerThread::create): Ditto.
     66        (WebCore::DedicatedWorkerThread::DedicatedWorkerThread): Ditto.
     67        (WebCore::DedicatedWorkerThread::createWorkerGlobalScope): Ditto.
     68        * workers/DedicatedWorkerThread.h:
     69        * workers/Worker.cpp:
     70        (WebCore::Worker::didReceiveResponse): Create a ContentSecurityPolicyResponseHeaders if the origin of
     71        the worker's script is capable of providing a CSP. Otherwise, we will inherit the CSP of the worker's owner
     72        document in Worker::notifyFinished().
     73        (WebCore::Worker::notifyFinished): Pass the appropriate CSP response headers to WorkerMessagingProxy::startWorkerGlobalScope().
     74        * workers/Worker.h:
     75        * workers/WorkerGlobalScope.cpp:
     76        (WebCore::WorkerGlobalScope::applyContentSecurityPolicyResponseHeaders): Renamed; formerly named applyContentSecurityPolicyFromString().
     77        Modified to take a ContentSecurityPolicyResponseHeaders and apply it to the ContentSecurityPolicy object associated with the worker.
     78        (WebCore::WorkerGlobalScope::applyContentSecurityPolicyFromString): Deleted.
     79        * workers/WorkerGlobalScope.h:
     80        * workers/WorkerMessagingProxy.cpp:
     81        (WebCore::WorkerMessagingProxy::startWorkerGlobalScope): Pass the worker's ContentSecurityPolicyResponseHeaders object.
     82        * workers/WorkerThread.cpp:
     83        (WebCore::WorkerThreadStartupData::WorkerThreadStartupData): Added field m_contentSecurityPolicyResponseHeaders to store
     84        the CSP response headers to be applied to the worker's ContentSecurityPolicy object.
     85        (WebCore::WorkerThread::WorkerThread): Modified to use ContentSecurityPolicyResponseHeaders.
     86        (WebCore::WorkerThread::workerThread): Pass the ContentSecurityPolicyResponseHeaders object from the start up data struct
     87        to DedicatedWorkerThread::createWorkerGlobalScope().
     88        * workers/WorkerThread.h:
     89
    1902016-01-31  Darin Adler  <darin@apple.com>
    291
  • trunk/Source/WebCore/WebCore.vcxproj/WebCore.vcxproj

    r195764 r195948  
    73057305    <ClCompile Include="..\page\animation\CompositeAnimation.cpp" />
    73067306    <ClCompile Include="..\page\csp\ContentSecurityPolicy.cpp" />
     7307    <ClCompile Include="..\page\csp\ContentSecurityPolicyResponseHeaders.cpp" />
    73077308    <ClCompile Include="..\page\ContextMenuContext.cpp" />
    73087309    <ClCompile Include="..\page\ContextMenuController.cpp" />
     
    2070220703    <ClInclude Include="..\page\animation\CompositeAnimation.h" />
    2070320704    <ClInclude Include="..\page\csp\ContentSecurityPolicy.h" />
     20705    <ClInclude Include="..\page\csp\ContentSecurityPolicyResponseHeaders.h" />
    2070420706    <ClInclude Include="..\page\ContextMenuClient.h" />
    2070520707    <ClInclude Include="..\page\ContextMenuContext.h" />
  • trunk/Source/WebCore/WebCore.vcxproj/WebCore.vcxproj.filters

    r195764 r195948  
    681681      <Filter>page\csp</Filter>
    682682    </ClCompile>
     683    <ClCompile Include="..\page\csp\ContentSecurityPolicyResponseHeaders.cpp">
     684      <Filter>page\csp</Filter>
     685    </ClCompile>
    683686    <ClCompile Include="..\page\ContextMenuController.cpp">
    684687      <Filter>page</Filter>
     
    76687671    </ClInclude>
    76697672    <ClInclude Include="..\page\csp\ContentSecurityPolicy.h">
     7673      <Filter>page\csp</Filter>
     7674    </ClInclude>
     7675    <ClInclude Include="..\page\csp\ContentSecurityPolicyResponseHeaders.h">
    76707676      <Filter>page\csp</Filter>
    76717677    </ClInclude>
  • trunk/Source/WebCore/WebCore.xcodeproj/project.pbxproj

    r195764 r195948  
    61686168                CE1252551A1BEC0E00864480 /* NSURLDownloadSPI.h in Headers */ = {isa = PBXBuildFile; fileRef = CE1252541A1BEC0E00864480 /* NSURLDownloadSPI.h */; settings = {ATTRIBUTES = (Private, ); }; };
    61696169                CE12525B1A1C018200864480 /* CFNetworkSPI.h in Headers */ = {isa = PBXBuildFile; fileRef = CE12525A1A1C018200864480 /* CFNetworkSPI.h */; settings = {ATTRIBUTES = (Private, ); }; };
     6170                CE6DADF91C591E6A003F6A88 /* ContentSecurityPolicyResponseHeaders.cpp in Sources */ = {isa = PBXBuildFile; fileRef = CE6DADF71C591E6A003F6A88 /* ContentSecurityPolicyResponseHeaders.cpp */; };
     6171                CE6DADFA1C591E6A003F6A88 /* ContentSecurityPolicyResponseHeaders.h in Headers */ = {isa = PBXBuildFile; fileRef = CE6DADF81C591E6A003F6A88 /* ContentSecurityPolicyResponseHeaders.h */; };
    61706172                CE7B2DB31586ABAD0098B3FA /* AlternativeTextUIController.h in Headers */ = {isa = PBXBuildFile; fileRef = CE7B2DAF1586ABAD0098B3FA /* AlternativeTextUIController.h */; settings = {ATTRIBUTES = (Private, ); }; };
    61716173                CE7B2DB41586ABAD0098B3FA /* AlternativeTextUIController.mm in Sources */ = {isa = PBXBuildFile; fileRef = CE7B2DB01586ABAD0098B3FA /* AlternativeTextUIController.mm */; };
     
    1409614098                CE5CB1B314EDAB6F00BB2795 /* EventSender.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = EventSender.h; sourceTree = "<group>"; };
    1409714099                CE6D89294C7AACE0AD89B3DD /* MathMLMencloseElement.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = MathMLMencloseElement.h; sourceTree = "<group>"; };
     14100                CE6DADF71C591E6A003F6A88 /* ContentSecurityPolicyResponseHeaders.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = ContentSecurityPolicyResponseHeaders.cpp; path = csp/ContentSecurityPolicyResponseHeaders.cpp; sourceTree = "<group>"; };
     14101                CE6DADF81C591E6A003F6A88 /* ContentSecurityPolicyResponseHeaders.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = ContentSecurityPolicyResponseHeaders.h; path = csp/ContentSecurityPolicyResponseHeaders.h; sourceTree = "<group>"; };
    1409814102                CE7B2DAF1586ABAD0098B3FA /* AlternativeTextUIController.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = AlternativeTextUIController.h; sourceTree = "<group>"; };
    1409914103                CE7B2DB01586ABAD0098B3FA /* AlternativeTextUIController.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = AlternativeTextUIController.mm; sourceTree = "<group>"; };
     
    2296422968                                97C471D912F925BC0086354B /* ContentSecurityPolicy.cpp */,
    2296522969                                97C471DA12F925BD0086354B /* ContentSecurityPolicy.h */,
     22970                                CE6DADF71C591E6A003F6A88 /* ContentSecurityPolicyResponseHeaders.cpp */,
     22971                                CE6DADF81C591E6A003F6A88 /* ContentSecurityPolicyResponseHeaders.h */,
    2296622972                        );
    2296722973                        name = csp;
     
    2500225008                                7C93F34E1AA6BF0700A98BAB /* ContentExtensionCompiler.h in Headers */,
    2500325009                                7CFDC57D1AC1D80500E24A57 /* ContentExtensionError.h in Headers */,
     25010                                CE6DADFA1C591E6A003F6A88 /* ContentSecurityPolicyResponseHeaders.h in Headers */,
    2500425011                                26F0C8981A2E724B002794F8 /* ContentExtensionParser.h in Headers */,
    2500525012                                26F0C89C1A2EC110002794F8 /* ContentExtensionRule.h in Headers */,
     
    3169931706                                A5DEBDA316FB908700836FE0 /* WebKitPlaybackTargetAvailabilityEvent.cpp in Sources */,
    3170031707                                31C0FF240E4CEB6E007D6FE5 /* WebKitTransitionEvent.cpp in Sources */,
     31708                                CE6DADF91C591E6A003F6A88 /* ContentSecurityPolicyResponseHeaders.cpp in Sources */,
    3170131709                                0FCF332E0F2B9A25004B6795 /* WebLayer.mm in Sources */,
    3170231710                                0709D78E1AE55554004E42F8 /* WebMediaSessionManager.cpp in Sources */,
  • trunk/Source/WebCore/dom/Document.cpp

    r195927 r195948  
    32593259
    32603260    case HTTPHeaderName::ContentSecurityPolicy:
    3261         contentSecurityPolicy()->didReceiveHeader(content, ContentSecurityPolicy::Enforce);
     3261        contentSecurityPolicy()->didReceiveHeader(content, ContentSecurityPolicyHeaderType::Enforce);
    32623262        break;
    32633263
    32643264    case HTTPHeaderName::ContentSecurityPolicyReportOnly:
    3265         contentSecurityPolicy()->didReceiveHeader(content, ContentSecurityPolicy::Report);
     3265        contentSecurityPolicy()->didReceiveHeader(content, ContentSecurityPolicyHeaderType::Report);
    32663266        break;
    32673267
    32683268    case HTTPHeaderName::XWebKitCSP:
    3269         contentSecurityPolicy()->didReceiveHeader(content, ContentSecurityPolicy::PrefixedEnforce);
     3269        contentSecurityPolicy()->didReceiveHeader(content, ContentSecurityPolicyHeaderType::PrefixedEnforce);
    32703270        break;
    32713271
    32723272    case HTTPHeaderName::XWebKitCSPReportOnly:
    3273         contentSecurityPolicy()->didReceiveHeader(content, ContentSecurityPolicy::PrefixedReport);
     3273        contentSecurityPolicy()->didReceiveHeader(content, ContentSecurityPolicyHeaderType::PrefixedReport);
    32743274        break;
    32753275
  • trunk/Source/WebCore/loader/FrameLoader.cpp

    r195790 r195948  
    686686            m_frame.document()->parseDNSPrefetchControlHeader(dnsPrefetchControl);
    687687
    688         String policyValue = m_documentLoader->response().httpHeaderField(HTTPHeaderName::ContentSecurityPolicy);
    689         if (!policyValue.isEmpty())
    690             m_frame.document()->contentSecurityPolicy()->didReceiveHeader(policyValue, ContentSecurityPolicy::Enforce);
    691 
    692         policyValue = m_documentLoader->response().httpHeaderField(HTTPHeaderName::ContentSecurityPolicyReportOnly);
    693         if (!policyValue.isEmpty())
    694             m_frame.document()->contentSecurityPolicy()->didReceiveHeader(policyValue, ContentSecurityPolicy::Report);
    695 
    696         policyValue = m_documentLoader->response().httpHeaderField(HTTPHeaderName::XWebKitCSP);
    697         if (!policyValue.isEmpty())
    698             m_frame.document()->contentSecurityPolicy()->didReceiveHeader(policyValue, ContentSecurityPolicy::PrefixedEnforce);
    699 
    700         policyValue = m_documentLoader->response().httpHeaderField(HTTPHeaderName::XWebKitCSPReportOnly);
    701         if (!policyValue.isEmpty())
    702             m_frame.document()->contentSecurityPolicy()->didReceiveHeader(policyValue, ContentSecurityPolicy::PrefixedReport);
     688        m_frame.document()->contentSecurityPolicy()->didReceiveHeaders(ContentSecurityPolicyResponseHeaders(m_documentLoader->response()));
    703689
    704690        String headerContentLanguage = m_documentLoader->response().httpHeaderField(HTTPHeaderName::ContentLanguage);
  • trunk/Source/WebCore/page/csp/ContentSecurityPolicy.cpp

    r195743 r195948  
    772772    WTF_MAKE_FAST_ALLOCATED;
    773773public:
    774     static std::unique_ptr<CSPDirectiveList> create(ContentSecurityPolicy*, const String&, ContentSecurityPolicy::HeaderType);
    775     CSPDirectiveList(ContentSecurityPolicy*, ContentSecurityPolicy::HeaderType);
     774    static std::unique_ptr<CSPDirectiveList> create(ContentSecurityPolicy*, const String&, ContentSecurityPolicyHeaderType);
     775    CSPDirectiveList(ContentSecurityPolicy*, ContentSecurityPolicyHeaderType);
    776776
    777777    const String& header() const { return m_header; }
    778     ContentSecurityPolicy::HeaderType headerType() const { return m_headerType; }
     778    ContentSecurityPolicyHeaderType headerType() const { return m_headerType; }
    779779
    780780    bool allowJavaScriptURLs(const String& contextURL, const WTF::OrdinalNumber& contextLine, ContentSecurityPolicy::ReportingStatus) const;
     
    836836
    837837    String m_header;
    838     ContentSecurityPolicy::HeaderType m_headerType;
     838    ContentSecurityPolicyHeaderType m_headerType;
    839839
    840840    bool m_reportOnly;
     
    860860};
    861861
    862 CSPDirectiveList::CSPDirectiveList(ContentSecurityPolicy* policy, ContentSecurityPolicy::HeaderType type)
     862CSPDirectiveList::CSPDirectiveList(ContentSecurityPolicy* policy, ContentSecurityPolicyHeaderType type)
    863863    : m_policy(policy)
    864864    , m_headerType(type)
     
    867867    , m_reflectedXSSDisposition(ContentSecurityPolicy::ReflectedXSSUnset)
    868868{
    869     m_reportOnly = (type == ContentSecurityPolicy::Report || type == ContentSecurityPolicy::PrefixedReport);
    870 }
    871 
    872 std::unique_ptr<CSPDirectiveList> CSPDirectiveList::create(ContentSecurityPolicy* policy, const String& header, ContentSecurityPolicy::HeaderType type)
     869    m_reportOnly = (type == ContentSecurityPolicyHeaderType::Report || type == ContentSecurityPolicyHeaderType::PrefixedReport);
     870}
     871
     872std::unique_ptr<CSPDirectiveList> CSPDirectiveList::create(ContentSecurityPolicy* policy, const String& header, ContentSecurityPolicyHeaderType type)
    873873{
    874874    auto directives = std::make_unique<CSPDirectiveList>(policy, type);
     
    13721372}
    13731373
    1374 void ContentSecurityPolicy::didReceiveHeader(const String& header, HeaderType type)
     1374ContentSecurityPolicyResponseHeaders ContentSecurityPolicy::responseHeaders() const
     1375{
     1376    ContentSecurityPolicyResponseHeaders result;
     1377    result.m_headers.reserveInitialCapacity(m_policies.size());
     1378    for (auto& policy : m_policies)
     1379        result.m_headers.uncheckedAppend({ policy->header(), policy->headerType() });
     1380    return result;
     1381}
     1382
     1383void ContentSecurityPolicy::didReceiveHeaders(const ContentSecurityPolicyResponseHeaders& headers)
     1384{
     1385    for (auto& header : headers.m_headers)
     1386        didReceiveHeader(header.first, header.second);
     1387}
     1388
     1389void ContentSecurityPolicy::didReceiveHeader(const String& header, ContentSecurityPolicyHeaderType type)
    13751390{
    13761391    // RFC2616, section 4.2 specifies that headers appearing multiple times can
     
    14021417{
    14031418    m_overrideInlineStyleAllowed = value;
    1404 }
    1405 
    1406 const String& ContentSecurityPolicy::deprecatedHeader() const
    1407 {
    1408     return m_policies.isEmpty() ? emptyString() : m_policies[0]->header();
    1409 }
    1410 
    1411 ContentSecurityPolicy::HeaderType ContentSecurityPolicy::deprecatedHeaderType() const
    1412 {
    1413     return m_policies.isEmpty() ? Enforce : m_policies[0]->headerType();
    14141419}
    14151420
  • trunk/Source/WebCore/page/csp/ContentSecurityPolicy.h

    r195711 r195948  
    2727#define ContentSecurityPolicy_h
    2828
     29#include "ContentSecurityPolicyResponseHeaders.h"
    2930#include "URL.h"
    3031#include "ScriptState.h"
     
    5758    void copyStateFrom(const ContentSecurityPolicy*);
    5859
    59     enum HeaderType {
    60         Report,
    61         Enforce,
    62         PrefixedReport,
    63         PrefixedEnforce
    64     };
    65 
    6660    enum class ReportingStatus {
    6761        SendReport,
     
    7872    };
    7973
    80     void didReceiveHeader(const String&, HeaderType);
    81 
    82     // These functions are wrong because they assume that there is only one header.
    83     // FIXME: Replace them with functions that return vectors.
    84     const String& deprecatedHeader() const;
    85     HeaderType deprecatedHeaderType() const;
     74    ContentSecurityPolicyResponseHeaders responseHeaders() const;
     75    void didReceiveHeaders(const ContentSecurityPolicyResponseHeaders&);
     76    void didReceiveHeader(const String&, ContentSecurityPolicyHeaderType);
    8677
    8778    bool allowJavaScriptURLs(const String& contextURL, const WTF::OrdinalNumber& contextLine, bool overrideContentSecurityPolicy = false, ContentSecurityPolicy::ReportingStatus = ContentSecurityPolicy::ReportingStatus::SendReport) const;
  • trunk/Source/WebCore/workers/DedicatedWorkerGlobalScope.cpp

    r194496 r195948  
    3232#include "DedicatedWorkerGlobalScope.h"
    3333
     34#include "ContentSecurityPolicyResponseHeaders.h"
    3435#include "DOMWindow.h"
    3536#include "DedicatedWorkerThread.h"
     
    4041namespace WebCore {
    4142
    42 Ref<DedicatedWorkerGlobalScope> DedicatedWorkerGlobalScope::create(const URL& url, const String& userAgent, DedicatedWorkerThread& thread, const String& contentSecurityPolicy, ContentSecurityPolicy::HeaderType contentSecurityPolicyType, PassRefPtr<SecurityOrigin> topOrigin)
     43Ref<DedicatedWorkerGlobalScope> DedicatedWorkerGlobalScope::create(const URL& url, const String& userAgent, DedicatedWorkerThread& thread, const ContentSecurityPolicyResponseHeaders& contentSecurityPolicyResponseHeaders, PassRefPtr<SecurityOrigin> topOrigin)
    4344{
    4445    Ref<DedicatedWorkerGlobalScope> context = adoptRef(*new DedicatedWorkerGlobalScope(url, userAgent, thread, topOrigin));
    45     context->applyContentSecurityPolicyFromString(contentSecurityPolicy, contentSecurityPolicyType);
     46    context->applyContentSecurityPolicyResponseHeaders(contentSecurityPolicyResponseHeaders);
    4647    return context;
    4748}
  • trunk/Source/WebCore/workers/DedicatedWorkerGlobalScope.h

    r181169 r195948  
    3232#define DedicatedWorkerGlobalScope_h
    3333
    34 #include "ContentSecurityPolicy.h"
    3534#include "MessagePort.h"
    3635#include "WorkerGlobalScope.h"
     
    3837namespace WebCore {
    3938
     39    class ContentSecurityPolicyResponseHeaders;
    4040    class DedicatedWorkerThread;
    4141
     
    4343    public:
    4444        typedef WorkerGlobalScope Base;
    45         static Ref<DedicatedWorkerGlobalScope> create(const URL&, const String& userAgent, DedicatedWorkerThread&, const String& contentSecurityPolicy, ContentSecurityPolicy::HeaderType contentSecurityPolicyType, PassRefPtr<SecurityOrigin> topOrigin);
     45        static Ref<DedicatedWorkerGlobalScope> create(const URL&, const String& userAgent, DedicatedWorkerThread&, const ContentSecurityPolicyResponseHeaders&, PassRefPtr<SecurityOrigin> topOrigin);
    4646        virtual ~DedicatedWorkerGlobalScope();
    4747
  • trunk/Source/WebCore/workers/DedicatedWorkerThread.cpp

    r195785 r195948  
    3939namespace WebCore {
    4040
    41 DedicatedWorkerThread::DedicatedWorkerThread(const URL& url, const String& userAgent, const String& sourceCode, WorkerLoaderProxy& workerLoaderProxy, WorkerObjectProxy& workerObjectProxy, WorkerThreadStartMode startMode, const String& contentSecurityPolicy, ContentSecurityPolicy::HeaderType contentSecurityPolicyType, const SecurityOrigin* topOrigin)
    42     : WorkerThread(url, userAgent, sourceCode, workerLoaderProxy, workerObjectProxy, startMode, contentSecurityPolicy, contentSecurityPolicyType, topOrigin)
     41DedicatedWorkerThread::DedicatedWorkerThread(const URL& url, const String& userAgent, const String& sourceCode, WorkerLoaderProxy& workerLoaderProxy, WorkerObjectProxy& workerObjectProxy, WorkerThreadStartMode startMode, const ContentSecurityPolicyResponseHeaders& contentSecurityPolicyResponseHeaders, const SecurityOrigin* topOrigin)
     42    : WorkerThread(url, userAgent, sourceCode, workerLoaderProxy, workerObjectProxy, startMode, contentSecurityPolicyResponseHeaders, topOrigin)
    4343    , m_workerObjectProxy(workerObjectProxy)
    4444{
     
    4949}
    5050
    51 Ref<WorkerGlobalScope> DedicatedWorkerThread::createWorkerGlobalScope(const URL& url, const String& userAgent, const String& contentSecurityPolicy, ContentSecurityPolicy::HeaderType contentSecurityPolicyType, PassRefPtr<SecurityOrigin> topOrigin)
     51Ref<WorkerGlobalScope> DedicatedWorkerThread::createWorkerGlobalScope(const URL& url, const String& userAgent, const ContentSecurityPolicyResponseHeaders& contentSecurityPolicyResponseHeaders, PassRefPtr<SecurityOrigin> topOrigin)
    5252{
    53     return DedicatedWorkerGlobalScope::create(url, userAgent, *this, contentSecurityPolicy, contentSecurityPolicyType, topOrigin);
     53    return DedicatedWorkerGlobalScope::create(url, userAgent, *this, contentSecurityPolicyResponseHeaders, topOrigin);
    5454}
    5555
  • trunk/Source/WebCore/workers/DedicatedWorkerThread.h

    r195786 r195948  
    3131#define DedicatedWorkerThread_h
    3232
    33 #include "ContentSecurityPolicy.h"
    3433#include "WorkerThread.h"
    3534
    3635namespace WebCore {
    3736
     37    class ContentSecurityPolicyResponseHeaders;
    3838    class WorkerObjectProxy;
    3939
     
    4949
    5050    protected:
    51         virtual Ref<WorkerGlobalScope> createWorkerGlobalScope(const URL&, const String& userAgent, const String& contentSecurityPolicy, ContentSecurityPolicy::HeaderType, PassRefPtr<SecurityOrigin> topOrigin) override;
     51        virtual Ref<WorkerGlobalScope> createWorkerGlobalScope(const URL&, const String& userAgent, const ContentSecurityPolicyResponseHeaders&, PassRefPtr<SecurityOrigin> topOrigin) override;
    5252        virtual void runEventLoop() override;
    5353
    5454    private:
    55         DedicatedWorkerThread(const URL&, const String& userAgent, const String& sourceCode, WorkerLoaderProxy&, WorkerObjectProxy&, WorkerThreadStartMode, const String& contentSecurityPolicy, ContentSecurityPolicy::HeaderType, const SecurityOrigin* topOrigin);
     55        DedicatedWorkerThread(const URL&, const String& userAgent, const String& sourceCode, WorkerLoaderProxy&, WorkerObjectProxy&, WorkerThreadStartMode, const ContentSecurityPolicyResponseHeaders&, const SecurityOrigin* topOrigin);
    5656
    5757        WorkerObjectProxy& m_workerObjectProxy;
  • trunk/Source/WebCore/workers/Worker.cpp

    r194496 r195948  
    3232#include "DOMWindow.h"
    3333#include "CachedResourceLoader.h"
     34#include "ContentSecurityPolicy.h"
    3435#include "Document.h"
    3536#include "EventListener.h"
     
    4142#include "MessageEvent.h"
    4243#include "NetworkStateNotifier.h"
     44#include "SecurityOrigin.h"
    4345#include "TextEncoding.h"
    4446#include "WorkerGlobalScopeProxy.h"
     
    151153}
    152154
    153 void Worker::didReceiveResponse(unsigned long identifier, const ResourceResponse&)
     155void Worker::didReceiveResponse(unsigned long identifier, const ResourceResponse& response)
    154156{
     157    const URL& responseURL = response.url();
     158    if (!responseURL.protocolIs("blob") && !responseURL.protocolIs("file") && !SecurityOrigin::create(responseURL)->isUnique())
     159        m_contentSecurityPolicyResponseHeaders = ContentSecurityPolicyResponseHeaders(response);
    155160    InspectorInstrumentation::didReceiveScriptResponse(scriptExecutionContext(), identifier);
    156161}
     
    161166        dispatchEvent(Event::create(eventNames().errorEvent, false, true));
    162167    else {
    163         WorkerThreadStartMode startMode = DontPauseWorkerGlobalScopeOnStart;
    164         m_contextProxy->startWorkerGlobalScope(m_scriptLoader->url(), scriptExecutionContext()->userAgent(m_scriptLoader->url()), m_scriptLoader->script(), startMode);
     168        const ContentSecurityPolicyResponseHeaders& contentSecurityPolicyResponseHeaders = m_contentSecurityPolicyResponseHeaders ? m_contentSecurityPolicyResponseHeaders.value() : scriptExecutionContext()->contentSecurityPolicy()->responseHeaders();
     169        m_contextProxy->startWorkerGlobalScope(m_scriptLoader->url(), scriptExecutionContext()->userAgent(m_scriptLoader->url()), m_scriptLoader->script(), contentSecurityPolicyResponseHeaders, DontPauseWorkerGlobalScopeOnStart);
    165170        InspectorInstrumentation::scriptImported(scriptExecutionContext(), m_scriptLoader->identifier(), m_scriptLoader->script());
    166171    }
  • trunk/Source/WebCore/workers/Worker.h

    r192848 r195948  
    3030#include "AbstractWorker.h"
    3131#include "ActiveDOMObject.h"
     32#include "ContentSecurityPolicyResponseHeaders.h"
    3233#include "EventListener.h"
    3334#include "EventTarget.h"
     
    3536#include "WorkerScriptLoaderClient.h"
    3637#include <wtf/Forward.h>
     38#include <wtf/Optional.h>
    3739#include <wtf/PassRefPtr.h>
    3840#include <wtf/RefPtr.h>
     
    8486        RefPtr<WorkerScriptLoader> m_scriptLoader;
    8587        WorkerGlobalScopeProxy* m_contextProxy; // The proxy outlives the worker to perform thread shutdown.
     88        Optional<ContentSecurityPolicyResponseHeaders> m_contentSecurityPolicyResponseHeaders;
    8689    };
    8790
  • trunk/Source/WebCore/workers/WorkerGlobalScope.cpp

    r195588 r195948  
    8686}
    8787
    88 void WorkerGlobalScope::applyContentSecurityPolicyFromString(const String& policy, ContentSecurityPolicy::HeaderType contentSecurityPolicyType)
     88void WorkerGlobalScope::applyContentSecurityPolicyResponseHeaders(const ContentSecurityPolicyResponseHeaders& contentSecurityPolicyResponseHeaders)
    8989{
    9090    setContentSecurityPolicy(std::make_unique<ContentSecurityPolicy>(this));
    91     contentSecurityPolicy()->didReceiveHeader(policy, contentSecurityPolicyType);
     91    contentSecurityPolicy()->didReceiveHeaders(contentSecurityPolicyResponseHeaders);
    9292}
    9393
  • trunk/Source/WebCore/workers/WorkerGlobalScope.h

    r193426 r195948  
    2828#define WorkerGlobalScope_h
    2929
    30 #include "ContentSecurityPolicy.h"
    3130#include "EventListener.h"
    3231#include "EventTarget.h"
     
    4645
    4746    class Blob;
     47    class ContentSecurityPolicyResponseHeaders;
    4848    class ScheduledAction;
    4949    class WorkerLocation;
     
    132132    protected:
    133133        WorkerGlobalScope(const URL&, const String& userAgent, WorkerThread&, PassRefPtr<SecurityOrigin> topOrigin);
    134         void applyContentSecurityPolicyFromString(const String& contentSecurityPolicy, ContentSecurityPolicy::HeaderType);
     134        void applyContentSecurityPolicyResponseHeaders(const ContentSecurityPolicyResponseHeaders&);
    135135
    136136        virtual void logExceptionToConsole(const String& errorMessage, const String& sourceURL, int lineNumber, int columnNumber, RefPtr<Inspector::ScriptCallStack>&&) override;
  • trunk/Source/WebCore/workers/WorkerGlobalScopeProxy.h

    r193426 r195948  
    3939namespace WebCore {
    4040
     41    class ContentSecurityPolicyResponseHeaders;
    4142    class URL;
    4243    class Worker;
     
    4950        virtual ~WorkerGlobalScopeProxy() { }
    5051
    51         virtual void startWorkerGlobalScope(const URL& scriptURL, const String& userAgent, const String& sourceCode, WorkerThreadStartMode) = 0;
     52        virtual void startWorkerGlobalScope(const URL& scriptURL, const String& userAgent, const String& sourceCode, const ContentSecurityPolicyResponseHeaders&, WorkerThreadStartMode) = 0;
    5253
    5354        virtual void terminateWorkerGlobalScope() = 0;
  • trunk/Source/WebCore/workers/WorkerMessagingProxy.cpp

    r194496 r195948  
    7373}
    7474
    75 void WorkerMessagingProxy::startWorkerGlobalScope(const URL& scriptURL, const String& userAgent, const String& sourceCode, WorkerThreadStartMode startMode)
     75void WorkerMessagingProxy::startWorkerGlobalScope(const URL& scriptURL, const String& userAgent, const String& sourceCode, const ContentSecurityPolicyResponseHeaders& contentSecurityPolicyResponseHeaders, WorkerThreadStartMode startMode)
    7676{
    7777    // FIXME: This need to be revisited when we support nested worker one day
    7878    ASSERT(m_scriptExecutionContext);
    7979    Document& document = downcast<Document>(*m_scriptExecutionContext);
    80     RefPtr<DedicatedWorkerThread> thread = DedicatedWorkerThread::create(scriptURL, userAgent, sourceCode, *this, *this, startMode, document.contentSecurityPolicy()->deprecatedHeader(), document.contentSecurityPolicy()->deprecatedHeaderType(), document.topOrigin());
     80    RefPtr<DedicatedWorkerThread> thread = DedicatedWorkerThread::create(scriptURL, userAgent, sourceCode, *this, *this, startMode, contentSecurityPolicyResponseHeaders, document.topOrigin());
    8181    workerThreadCreated(thread);
    8282    thread->start();
  • trunk/Source/WebCore/workers/WorkerMessagingProxy.h

    r193426 r195948  
    4141namespace WebCore {
    4242
     43    class ContentSecurityPolicyResponseHeaders;
    4344    class DedicatedWorkerThread;
    4445    class ScriptExecutionContext;
     
    5253        // Implementations of WorkerGlobalScopeProxy.
    5354        // (Only use these methods in the worker object thread.)
    54         virtual void startWorkerGlobalScope(const URL& scriptURL, const String& userAgent, const String& sourceCode, WorkerThreadStartMode) override;
     55        virtual void startWorkerGlobalScope(const URL& scriptURL, const String& userAgent, const String& sourceCode, const ContentSecurityPolicyResponseHeaders&, WorkerThreadStartMode) override;
    5556        virtual void terminateWorkerGlobalScope() override;
    5657        virtual void postMessageToWorkerGlobalScope(PassRefPtr<SerializedScriptValue>, std::unique_ptr<MessagePortChannelArray>) override;
  • trunk/Source/WebCore/workers/WorkerThread.cpp

    r195537 r195948  
    2929#include "WorkerThread.h"
    3030
     31#include "ContentSecurityPolicyResponseHeaders.h"
    3132#include "DedicatedWorkerGlobalScope.h"
    3233#include "ScriptSourceCode.h"
     
    7071    WTF_MAKE_NONCOPYABLE(WorkerThreadStartupData); WTF_MAKE_FAST_ALLOCATED;
    7172public:
    72     WorkerThreadStartupData(const URL& scriptURL, const String& userAgent, const String& sourceCode, WorkerThreadStartMode, const String& contentSecurityPolicy, ContentSecurityPolicy::HeaderType contentSecurityPolicyType, const SecurityOrigin* topOrigin);
     73    WorkerThreadStartupData(const URL& scriptURL, const String& userAgent, const String& sourceCode, WorkerThreadStartMode, const ContentSecurityPolicyResponseHeaders&, const SecurityOrigin* topOrigin);
    7374
    7475    URL m_scriptURL;
     
    7677    String m_sourceCode;
    7778    WorkerThreadStartMode m_startMode;
    78     String m_contentSecurityPolicy;
    79     ContentSecurityPolicy::HeaderType m_contentSecurityPolicyType;
     79    ContentSecurityPolicyResponseHeaders m_contentSecurityPolicyResponseHeaders;
    8080    RefPtr<SecurityOrigin> m_topOrigin;
    8181};
    8282
    83 WorkerThreadStartupData::WorkerThreadStartupData(const URL& scriptURL, const String& userAgent, const String& sourceCode, WorkerThreadStartMode startMode, const String& contentSecurityPolicy, ContentSecurityPolicy::HeaderType contentSecurityPolicyType, const SecurityOrigin* topOrigin)
     83WorkerThreadStartupData::WorkerThreadStartupData(const URL& scriptURL, const String& userAgent, const String& sourceCode, WorkerThreadStartMode startMode, const ContentSecurityPolicyResponseHeaders& contentSecurityPolicyResponseHeaders, const SecurityOrigin* topOrigin)
    8484    : m_scriptURL(scriptURL.isolatedCopy())
    8585    , m_userAgent(userAgent.isolatedCopy())
    8686    , m_sourceCode(sourceCode.isolatedCopy())
    8787    , m_startMode(startMode)
    88     , m_contentSecurityPolicy(contentSecurityPolicy.isolatedCopy())
    89     , m_contentSecurityPolicyType(contentSecurityPolicyType)
     88    , m_contentSecurityPolicyResponseHeaders(contentSecurityPolicyResponseHeaders.isolatedCopy())
    9089    , m_topOrigin(topOrigin ? &topOrigin->isolatedCopy().get() : nullptr)
    9190{
    9291}
    9392
    94 WorkerThread::WorkerThread(const URL& scriptURL, const String& userAgent, const String& sourceCode, WorkerLoaderProxy& workerLoaderProxy, WorkerReportingProxy& workerReportingProxy, WorkerThreadStartMode startMode, const String& contentSecurityPolicy, ContentSecurityPolicy::HeaderType contentSecurityPolicyType, const SecurityOrigin* topOrigin)
     93WorkerThread::WorkerThread(const URL& scriptURL, const String& userAgent, const String& sourceCode, WorkerLoaderProxy& workerLoaderProxy, WorkerReportingProxy& workerReportingProxy, WorkerThreadStartMode startMode, const ContentSecurityPolicyResponseHeaders& contentSecurityPolicyResponseHeaders, const SecurityOrigin* topOrigin)
    9594    : m_threadID(0)
    9695    , m_workerLoaderProxy(workerLoaderProxy)
    9796    , m_workerReportingProxy(workerReportingProxy)
    98     , m_startupData(std::make_unique<WorkerThreadStartupData>(scriptURL, userAgent, sourceCode, startMode, contentSecurityPolicy, contentSecurityPolicyType, topOrigin))
     97    , m_startupData(std::make_unique<WorkerThreadStartupData>(scriptURL, userAgent, sourceCode, startMode, contentSecurityPolicyResponseHeaders, topOrigin))
    9998#if ENABLE(NOTIFICATIONS) || ENABLE(LEGACY_NOTIFICATIONS)
    10099    , m_notificationClient(0)
     
    146145    {
    147146        LockHolder lock(m_threadCreationMutex);
    148         m_workerGlobalScope = createWorkerGlobalScope(m_startupData->m_scriptURL, m_startupData->m_userAgent, m_startupData->m_contentSecurityPolicy, m_startupData->m_contentSecurityPolicyType, m_startupData->m_topOrigin.release());
     147        m_workerGlobalScope = createWorkerGlobalScope(m_startupData->m_scriptURL, m_startupData->m_userAgent, m_startupData->m_contentSecurityPolicyResponseHeaders, m_startupData->m_topOrigin.release());
    149148
    150149        if (m_runLoop.terminated()) {
  • trunk/Source/WebCore/workers/WorkerThread.h

    r188594 r195948  
    2828#define WorkerThread_h
    2929
    30 #include "ContentSecurityPolicy.h"
    3130#include "WorkerRunLoop.h"
    3231#include <memory>
     
    3736namespace WebCore {
    3837
     38    class ContentSecurityPolicyResponseHeaders;
    3939    class URL;
    4040    class NotificationClient;
     
    6969
    7070    protected:
    71         WorkerThread(const URL&, const String& userAgent, const String& sourceCode, WorkerLoaderProxy&, WorkerReportingProxy&, WorkerThreadStartMode, const String& contentSecurityPolicy, ContentSecurityPolicy::HeaderType, const SecurityOrigin* topOrigin);
     71        WorkerThread(const URL&, const String& userAgent, const String& sourceCode, WorkerLoaderProxy&, WorkerReportingProxy&, WorkerThreadStartMode, const ContentSecurityPolicyResponseHeaders&, const SecurityOrigin* topOrigin);
    7272
    7373        // Factory method for creating a new worker context for the thread.
    74         virtual Ref<WorkerGlobalScope> createWorkerGlobalScope(const URL&, const String& userAgent, const String& contentSecurityPolicy, ContentSecurityPolicy::HeaderType, PassRefPtr<SecurityOrigin> topOrigin) = 0;
     74        virtual Ref<WorkerGlobalScope> createWorkerGlobalScope(const URL&, const String& userAgent, const ContentSecurityPolicyResponseHeaders&, PassRefPtr<SecurityOrigin> topOrigin) = 0;
    7575
    7676        // Executes the event loop for the worker thread. Derived classes can override to perform actions before/after entering the event loop.
Note: See TracChangeset for help on using the changeset viewer.