1
    2
    3
    4
    5
    6
    7
    8
    9
   10
   11
   12
   13
   14
   15
   16
   17
   18
   19
   20
   21
   22
   23
   24
   25
   26
   27
   28
   29
   30
   31
   32
   33
   34
   35
   36
   37
   38
   39
   40
   41
   42
   43
   44
   45
   46
   47
   48
   49
   50
   51
   52
   53
   54
   55
   56
   57
   58
   59
   60
   61
   62
   63
   64
   65
   66
   67
   68


content / browser / renderer_host / render_frame_host_csp_context.cc [blame]

// Copyright 2021 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#include "content/browser/renderer_host/render_frame_host_csp_context.h"

#include "content/browser/renderer_host/render_frame_host_impl.h"
#include "services/network/public/mojom/content_security_policy.mojom.h"

namespace content {

RenderFrameHostCSPContext::RenderFrameHostCSPContext(
    RenderFrameHostImpl* render_frame_host)
    : render_frame_host_(render_frame_host) {}

void RenderFrameHostCSPContext::ReportContentSecurityPolicyViolation(
    network::mojom::CSPViolationPtr violation_params) {
  if (!render_frame_host_)
    return;
  render_frame_host_->GetAssociatedLocalFrame()
      ->ReportContentSecurityPolicyViolation(std::move(violation_params));
}

void RenderFrameHostCSPContext::SanitizeDataForUseInCspViolation(
    network::mojom::CSPDirectiveName directive,
    GURL* blocked_url,
    network::mojom::SourceLocation* source_location) const {
  DCHECK(blocked_url);
  DCHECK(source_location);
  GURL source_location_url(source_location->url);

  // The main goal of this is to avoid leaking information between potentially
  // separate renderers, in the event of one of them being compromised.
  // See https://crbug.com/633306.
  //
  // We need to sanitize the `blocked_url` only for frame-src and
  // fenced-frame-src. All other directive checks pass as `blocked_url` the
  // initial URL (before redirects), which the renderer already knows. check in
  // the browser is reporting to the wrong frame.
  bool sanitize_blocked_url =
      directive == network::mojom::CSPDirectiveName::FrameSrc ||
      directive == network::mojom::CSPDirectiveName::FencedFrameSrc;
  bool sanitize_source_location = true;

  // There is no need to sanitize data when it is same-origin with the current
  // url of the renderer.
  if (render_frame_host_) {
    if (render_frame_host_->GetLastCommittedOrigin().IsSameOriginWith(
            *blocked_url)) {
      sanitize_blocked_url = false;
    }
    if (render_frame_host_->GetLastCommittedOrigin().IsSameOriginWith(
            source_location_url)) {
      sanitize_source_location = false;
    }
  }

  if (sanitize_blocked_url)
    *blocked_url = blocked_url->DeprecatedGetOriginAsURL();
  if (sanitize_source_location) {
    source_location->url =
        source_location_url.DeprecatedGetOriginAsURL().spec();
    source_location->line = 0u;
    source_location->column = 0u;
  }
}

}  // namespace content