void WorkerGlobalScope::applyContentSecurityPolicyFromString(const String& policy, ContentSecurityPolicyHeaderType contentSecurityPolicyType)
{
// FIXME: This doesn't match the CSP2 spec's Worker behavior (see https://w3c.github.io/webappsec/specs/content-security-policy/#processing-model-workers)
RefPtr<ContentSecurityPolicy> csp = ContentSecurityPolicy::create();
csp->didReceiveHeader(policy, contentSecurityPolicyType, ContentSecurityPolicyHeaderSourceHTTP);
csp->bindToExecutionContext(executionContext());
setContentSecurityPolicy(csp);
}
void WorkerGlobalScope::applyContentSecurityPolicyFromVector(const Vector<CSPHeaderAndType>& headers)
{
if (!contentSecurityPolicy()) {
RawPtr<ContentSecurityPolicy> csp = ContentSecurityPolicy::create();
setContentSecurityPolicy(csp);
}
for (const auto& policyAndType : headers)
contentSecurityPolicy()->didReceiveHeader(policyAndType.first, policyAndType.second, ContentSecurityPolicyHeaderSourceHTTP);
contentSecurityPolicy()->bindToExecutionContext(getExecutionContext());
}
WorkerGlobalScope::WorkerGlobalScope(const URL& url, const String& userAgent, WorkerThread& thread, PassRefPtr<SecurityOrigin> topOrigin)
: m_url(url)
, m_userAgent(userAgent)
, m_script(std::make_unique<WorkerScriptController>(this))
, m_thread(thread)
, m_closing(false)
, m_eventQueue(*this)
, m_topOrigin(topOrigin)
{
setSecurityOriginPolicy(SecurityOriginPolicy::create(SecurityOrigin::create(url)));
setContentSecurityPolicy(std::make_unique<ContentSecurityPolicy>(*this));
}
RemoteSecurityContext::RemoteSecurityContext() : SecurityContext() {
// RemoteSecurityContext's origin is expected to stay uninitialized until
// we set it using replicated origin data from the browser process.
DCHECK(!getSecurityOrigin());
// Start with a clean slate.
setContentSecurityPolicy(ContentSecurityPolicy::create());
// FIXME: Document::initSecurityContext has a few other things we may
// eventually want here, such as enforcing a setting to
// grantUniversalAccess().
}
WorkerContext::WorkerContext(const KURL& url, const String& userAgent, WorkerThread* thread, const String& policy, ContentSecurityPolicy::HeaderType contentSecurityPolicyType)
: m_url(url)
, m_userAgent(userAgent)
, m_script(adoptPtr(new WorkerScriptController(this)))
, m_thread(thread)
#if ENABLE(INSPECTOR)
, m_workerInspectorController(adoptPtr(new WorkerInspectorController(this)))
#endif
, m_closing(false)
, m_eventQueue(WorkerEventQueue::create(this))
{
setSecurityOrigin(SecurityOrigin::create(url));
setContentSecurityPolicy(ContentSecurityPolicy::create(this));
contentSecurityPolicy()->didReceiveHeader(policy, contentSecurityPolicyType);
}
void WorkerGlobalScope::applyContentSecurityPolicyFromString(const String& policy, ContentSecurityPolicy::HeaderType contentSecurityPolicyType)
{
setContentSecurityPolicy(ContentSecurityPolicy::create(this));
contentSecurityPolicy()->didReceiveHeader(policy, contentSecurityPolicyType);
}
void WorkerGlobalScope::applyContentSecurityPolicyFromString(const String& policy, ContentSecurityPolicy::HeaderType contentSecurityPolicyType)
{
setContentSecurityPolicy(std::make_unique<ContentSecurityPolicy>(this));
contentSecurityPolicy()->didReceiveHeader(policy, contentSecurityPolicyType);
}
void RemoteSecurityContext::resetReplicatedContentSecurityPolicy() {
DCHECK(getSecurityOrigin());
setContentSecurityPolicy(ContentSecurityPolicy::create());
contentSecurityPolicy()->setupSelf(*getSecurityOrigin());
}
