blob: 2529f9eefbde52ad90627cbe473982764c579d28 [file] [log] [blame]
// Copyright 2018 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "content/browser/initiator_csp_context.h"
namespace content {
InitiatorCSPContext::InitiatorCSPContext(
const std::vector<ContentSecurityPolicy>& policies,
base::Optional<CSPSource>& self_source,
blink::mojom::NavigationInitiatorPtr navigation_initiator)
: reporting_render_frame_host_impl_(nullptr),
initiator_ptr(std::move(navigation_initiator)) {
for (const auto& policy : policies)
AddContentSecurityPolicy(policy);
if (self_source.has_value())
SetSelf(self_source.value());
}
InitiatorCSPContext::~InitiatorCSPContext() {}
void InitiatorCSPContext::SetReportingRenderFrameHost(
RenderFrameHostImpl* rfh) {
reporting_render_frame_host_impl_ = rfh;
}
void InitiatorCSPContext::ReportContentSecurityPolicyViolation(
const CSPViolationParams& violation_params) {
if (initiator_ptr.is_bound()) {
initiator_ptr->SendViolationReport(blink::mojom::CSPViolationParams::New(
violation_params.directive, violation_params.effective_directive,
violation_params.console_message, violation_params.blocked_url.spec(),
violation_params.report_endpoints, violation_params.use_reporting_api,
violation_params.header,
(blink::mojom::WebContentSecurityPolicyType)
violation_params.disposition,
violation_params.after_redirect,
blink::mojom::SourceLocation::New(
violation_params.source_location.url,
violation_params.source_location.column_number,
violation_params.source_location.line_number)));
}
}
bool InitiatorCSPContext::SchemeShouldBypassCSP(
const base::StringPiece& scheme) {
// TODO(andypaicu): RenderFrameHostImpl::SchemeShouldBypassCSP could be
// static except for the fact that it's virtual. It's weird to use
// the reporting RFH to do this check but overall harmless.
if (reporting_render_frame_host_impl_)
return reporting_render_frame_host_impl_->SchemeShouldBypassCSP(scheme);
return false;
}
void InitiatorCSPContext::SanitizeDataForUseInCspViolation(
bool is_redirect,
CSPDirective::Name directive,
GURL* blocked_url,
SourceLocation* source_location) const {
if (reporting_render_frame_host_impl_) {
reporting_render_frame_host_impl_->SanitizeDataForUseInCspViolation(
is_redirect, directive, blocked_url, source_location);
}
}
} // namespace content