void WorkerGlobalScope::applyContentSecurityPolicyFromString(const String& policy, ContentSecurityPolicyHeaderType contentSecurityPolicyType) { // FIXME: This doesn't match the CSP2 spec's Worker behavior (see https://w3c.github.io/webappsec/specs/content-security-policy/#processing-model-workers) RefPtr<ContentSecurityPolicy> csp = ContentSecurityPolicy::create(); csp->didReceiveHeader(policy, contentSecurityPolicyType, ContentSecurityPolicyHeaderSourceHTTP); csp->bindToExecutionContext(executionContext()); setContentSecurityPolicy(csp); }
void WorkerGlobalScope::applyContentSecurityPolicyFromVector(const Vector<CSPHeaderAndType>& headers) { if (!contentSecurityPolicy()) { RawPtr<ContentSecurityPolicy> csp = ContentSecurityPolicy::create(); setContentSecurityPolicy(csp); } for (const auto& policyAndType : headers) contentSecurityPolicy()->didReceiveHeader(policyAndType.first, policyAndType.second, ContentSecurityPolicyHeaderSourceHTTP); contentSecurityPolicy()->bindToExecutionContext(getExecutionContext()); }
WorkerGlobalScope::WorkerGlobalScope(const URL& url, const String& userAgent, WorkerThread& thread, PassRefPtr<SecurityOrigin> topOrigin) : m_url(url) , m_userAgent(userAgent) , m_script(std::make_unique<WorkerScriptController>(this)) , m_thread(thread) , m_closing(false) , m_eventQueue(*this) , m_topOrigin(topOrigin) { setSecurityOriginPolicy(SecurityOriginPolicy::create(SecurityOrigin::create(url))); setContentSecurityPolicy(std::make_unique<ContentSecurityPolicy>(*this)); }
RemoteSecurityContext::RemoteSecurityContext() : SecurityContext() { // RemoteSecurityContext's origin is expected to stay uninitialized until // we set it using replicated origin data from the browser process. DCHECK(!getSecurityOrigin()); // Start with a clean slate. setContentSecurityPolicy(ContentSecurityPolicy::create()); // FIXME: Document::initSecurityContext has a few other things we may // eventually want here, such as enforcing a setting to // grantUniversalAccess(). }
WorkerContext::WorkerContext(const KURL& url, const String& userAgent, WorkerThread* thread, const String& policy, ContentSecurityPolicy::HeaderType contentSecurityPolicyType) : m_url(url) , m_userAgent(userAgent) , m_script(adoptPtr(new WorkerScriptController(this))) , m_thread(thread) #if ENABLE(INSPECTOR) , m_workerInspectorController(adoptPtr(new WorkerInspectorController(this))) #endif , m_closing(false) , m_eventQueue(WorkerEventQueue::create(this)) { setSecurityOrigin(SecurityOrigin::create(url)); setContentSecurityPolicy(ContentSecurityPolicy::create(this)); contentSecurityPolicy()->didReceiveHeader(policy, contentSecurityPolicyType); }
void WorkerGlobalScope::applyContentSecurityPolicyFromString(const String& policy, ContentSecurityPolicy::HeaderType contentSecurityPolicyType) { setContentSecurityPolicy(ContentSecurityPolicy::create(this)); contentSecurityPolicy()->didReceiveHeader(policy, contentSecurityPolicyType); }
void WorkerGlobalScope::applyContentSecurityPolicyFromString(const String& policy, ContentSecurityPolicy::HeaderType contentSecurityPolicyType) { setContentSecurityPolicy(std::make_unique<ContentSecurityPolicy>(this)); contentSecurityPolicy()->didReceiveHeader(policy, contentSecurityPolicyType); }
void RemoteSecurityContext::resetReplicatedContentSecurityPolicy() { DCHECK(getSecurityOrigin()); setContentSecurityPolicy(ContentSecurityPolicy::create()); contentSecurityPolicy()->setupSelf(*getSecurityOrigin()); }