2011-02-05 Jochen Eisinger <jochen@chromium.org>
authorjochen@chromium.org <jochen@chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Sat, 5 Feb 2011 11:52:15 +0000 (11:52 +0000)
committerjochen@chromium.org <jochen@chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Sat, 5 Feb 2011 11:52:15 +0000 (11:52 +0000)
        Reviewed by Adam Barth.

        Add ContentSecurityPolicy object to Document and pass the X-WebKit-CSP header from the MainResourceLoader.
        https://bugs.webkit.org/show_bug.cgi?id=53685

        * WebCore.xcodeproj/project.pbxproj:
        * dom/Document.h:
        (WebCore::Document::contentSecurityPolicy):
        * loader/MainResourceLoader.cpp:
        (WebCore::MainResourceLoader::didReceiveResponse):
        * page/ContentSecurityPolicy.cpp:
        (WebCore::ContentSecurityPolicy::didReceiveHeader):
        * page/ContentSecurityPolicy.h:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@77742 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/WebCore/ChangeLog
Source/WebCore/WebCore.xcodeproj/project.pbxproj
Source/WebCore/dom/Document.h
Source/WebCore/loader/MainResourceLoader.cpp
Source/WebCore/page/ContentSecurityPolicy.cpp
Source/WebCore/page/ContentSecurityPolicy.h

index ccce480eea8626686dc9682477fa61a3c307fc06..678d4218b448c39e2adbe3c5f5746e5a291a6046 100644 (file)
@@ -1,3 +1,19 @@
+2011-02-05  Jochen Eisinger  <jochen@chromium.org>
+
+        Reviewed by Adam Barth.
+
+        Add ContentSecurityPolicy object to Document and pass the X-WebKit-CSP header from the MainResourceLoader.
+        https://bugs.webkit.org/show_bug.cgi?id=53685
+
+        * WebCore.xcodeproj/project.pbxproj:
+        * dom/Document.h:
+        (WebCore::Document::contentSecurityPolicy):
+        * loader/MainResourceLoader.cpp:
+        (WebCore::MainResourceLoader::didReceiveResponse):
+        * page/ContentSecurityPolicy.cpp:
+        (WebCore::ContentSecurityPolicy::didReceiveHeader):
+        * page/ContentSecurityPolicy.h:
+
 2011-02-05  Eric Seidel  <eric@webkit.org>
 
         Reviewed by Adam Barth.
index 34b72e55594d5cbd4fee92df7e82d04bcbba7ac6..c4528a92aa7126ff1eff6752992a1f4ac16776bc 100644 (file)
                97BC84B412371180000C6161 /* TextDocument.h in Headers */ = {isa = PBXBuildFile; fileRef = 97BC84B212371180000C6161 /* TextDocument.h */; };
                97C078501165D5BE003A32EF /* SuffixTree.h in Headers */ = {isa = PBXBuildFile; fileRef = 97C0784F1165D5BE003A32EF /* SuffixTree.h */; };
                97C471DB12F925BD0086354B /* ContentSecurityPolicy.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 97C471D912F925BC0086354B /* ContentSecurityPolicy.cpp */; };
-               97C471DC12F925BD0086354B /* ContentSecurityPolicy.h in Headers */ = {isa = PBXBuildFile; fileRef = 97C471DA12F925BD0086354B /* ContentSecurityPolicy.h */; };
+               97C471DC12F925BD0086354B /* ContentSecurityPolicy.h in Headers */ = {isa = PBXBuildFile; fileRef = 97C471DA12F925BD0086354B /* ContentSecurityPolicy.h */; settings = {ATTRIBUTES = (Private, ); }; };
                97DCE20110807C750057D394 /* HistoryController.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 97DCE1FF10807C750057D394 /* HistoryController.cpp */; };
                97DCE20210807C750057D394 /* HistoryController.h in Headers */ = {isa = PBXBuildFile; fileRef = 97DCE20010807C750057D394 /* HistoryController.h */; settings = {ATTRIBUTES = (Private, ); }; };
                97DD4D860FDF4D6E00ECF9A4 /* XSSAuditor.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 97DD4D840FDF4D6D00ECF9A4 /* XSSAuditor.cpp */; };
index 5a745e46b02068ba72edc1a47b85fcf59f0be48a..946e57af2b6f8f1c0f767929031c8db60a13d896 100644 (file)
@@ -32,6 +32,7 @@
 #include "CollectionType.h"
 #include "Color.h"
 #include "ContainerNode.h"
+#include "ContentSecurityPolicy.h"
 #include "DOMTimeStamp.h"
 #include "DocumentOrderedMap.h"
 #include "DocumentTiming.h"
@@ -1089,6 +1090,8 @@ public:
 
     void initDNSPrefetch();
 
+    ContentSecurityPolicy* contentSecurityPolicy() { return &m_contentSecurityPolicy; }
+
 protected:
     Document(Frame*, const KURL& url, bool isXHTML, bool isHTML, const KURL& baseURL = KURL());
 
@@ -1390,6 +1393,8 @@ private:
     OwnPtr<RequestAnimationFrameCallbackList> m_requestAnimationFrameCallbacks;
     int m_nextRequestAnimationFrameCallbackId;
 #endif
+
+    ContentSecurityPolicy m_contentSecurityPolicy;
 };
 
 inline bool Document::hasElementWithId(AtomicStringImpl* id) const
index e6abefd1b43af64d0f82b1f2e667cea20a84ffbf..9f350e8c1ee6353896cc5f94f6b4c4f57380f189 100644 (file)
@@ -31,6 +31,8 @@
 #include "MainResourceLoader.h"
 
 #include "ApplicationCacheHost.h"
+#include "ContentSecurityPolicy.h"
+#include "Document.h"
 #include "DocumentLoadTiming.h"
 #include "DocumentLoader.h"
 #include "FormState.h"
@@ -356,6 +358,12 @@ void MainResourceLoader::didReceiveResponse(const ResourceResponse& r)
         }
     }
 
+    it = r.httpHeaderFields().find(AtomicString("x-webkit-csp"));
+    if (it != r.httpHeaderFields().end()) {
+        String content = it->second;
+        m_frame->document()->contentSecurityPolicy()->didReceiveHeader(content);
+    }
+
     // There is a bug in CFNetwork where callbacks can be dispatched even when loads are deferred.
     // See <rdar://problem/6304600> for more details.
 #if !PLATFORM(CF)
index ba2fe7c12816669300f6bbd94c4489da21877398..b0b951684b024741b060a7991dd8b86a4e15032e 100644 (file)
@@ -32,4 +32,9 @@ ContentSecurityPolicy::ContentSecurityPolicy()
 {
 }
 
+void ContentSecurityPolicy::didReceiveHeader(const String& header)
+{
+    m_header = header;
+}
+
 }
index 740f13c70765eeaf20b47c67200a3cab5012bd5f..23bfbf29f5628239f031dee7b32167fee252ecd0 100644 (file)
@@ -34,6 +34,11 @@ class ContentSecurityPolicy {
     WTF_MAKE_NONCOPYABLE(ContentSecurityPolicy);
 public:
     ContentSecurityPolicy();
+
+    void didReceiveHeader(const String&);
+
+private:
+    String m_header;
 };
 
 }