diff options
Diffstat (limited to 'chromium/third_party/blink/renderer/core/execution_context/security_context_init.cc')
-rw-r--r-- | chromium/third_party/blink/renderer/core/execution_context/security_context_init.cc | 63 |
1 files changed, 27 insertions, 36 deletions
diff --git a/chromium/third_party/blink/renderer/core/execution_context/security_context_init.cc b/chromium/third_party/blink/renderer/core/execution_context/security_context_init.cc index 5acfa322d16..24bb90a7d57 100644 --- a/chromium/third_party/blink/renderer/core/execution_context/security_context_init.cc +++ b/chromium/third_party/blink/renderer/core/execution_context/security_context_init.cc @@ -15,7 +15,6 @@ #include "third_party/blink/renderer/core/frame/local_dom_window.h" #include "third_party/blink/renderer/core/frame/local_frame.h" #include "third_party/blink/renderer/core/frame/local_frame_client.h" -#include "third_party/blink/renderer/core/frame/sandbox_flags.h" #include "third_party/blink/renderer/core/frame/settings.h" #include "third_party/blink/renderer/core/html/imports/html_imports_controller.h" #include "third_party/blink/renderer/core/inspector/console_message.h" @@ -79,7 +78,7 @@ SecurityContextInit::SecurityContextInit(ExecutionContext* context) void SecurityContextInit::ApplyDocumentPolicy( DocumentPolicy::ParsedDocumentPolicy& document_policy, const String& report_only_document_policy_header) { - if (!RuntimeEnabledFeatures::DocumentPolicyEnabled(execution_context_)) + if (!RuntimeEnabledFeatures::DocumentPolicyEnabled()) return; // Because Document-Policy http header is parsed in DocumentLoader, @@ -193,25 +192,14 @@ void SecurityContextInit::ApplyFeaturePolicy( message.content)); } - // DocumentLoader applied the sandbox flags before calling this function, so - // they are accessible here. - auto sandbox_flags = execution_context_->GetSandboxFlags(); - if (sandbox_flags != network::mojom::blink::WebSandboxFlags::kNone && - RuntimeEnabledFeatures::FeaturePolicyForSandboxEnabled()) { - // The sandbox flags might have come from CSP header or the browser; in - // such cases the sandbox is not part of the container policy. They are - // added to the header policy (which specifically makes sense in the case - // of CSP sandbox). - ApplySandboxFlagsToParsedFeaturePolicy(sandbox_flags, - feature_policy_header_); - } - ParsedFeaturePolicy container_policy; if (frame && frame->Owner()) container_policy = frame_policy.container_policy; - // TODO(icelland): This is problematic querying sandbox flags before - // feature policy is initialized. + // DocumentLoader applied the sandbox flags before calling this function, so + // they are accessible here. + auto sandbox_flags = execution_context_->GetSandboxFlags(); + if (RuntimeEnabledFeatures::BlockingFocusWithoutUserActivationEnabled() && frame && frame->Tree().Parent() && (sandbox_flags & network::mojom::blink::WebSandboxFlags::kNavigation) != @@ -223,26 +211,14 @@ void SecurityContextInit::ApplyFeaturePolicy( container_policy); } - // Feature policy should either come from a parent in the case of an - // embedded child frame, or from an opener if any when a new window is - // created by an opener. A main frame without an opener would not have a - // parent policy nor an opener feature state. - // For a main frame, get inherited feature policy from the opener if any. std::unique_ptr<FeaturePolicy> feature_policy; - if (!frame->IsMainFrame() || frame->OpenerFeatureState().empty() || - !RuntimeEnabledFeatures::FeaturePolicyForSandboxEnabled()) { - auto* parent_feature_policy = - frame->Tree().Parent() - ? frame->Tree().Parent()->GetSecurityContext()->GetFeaturePolicy() - : nullptr; - feature_policy = FeaturePolicy::CreateFromParentPolicy( - parent_feature_policy, container_policy, - execution_context_->GetSecurityOrigin()->ToUrlOrigin()); - } else { - feature_policy = FeaturePolicy::CreateWithOpenerPolicy( - frame->OpenerFeatureState(), - execution_context_->GetSecurityOrigin()->ToUrlOrigin()); - } + auto* parent_feature_policy = + frame->Tree().Parent() + ? frame->Tree().Parent()->GetSecurityContext()->GetFeaturePolicy() + : nullptr; + feature_policy = FeaturePolicy::CreateFromParentPolicy( + parent_feature_policy, container_policy, + execution_context_->GetSecurityOrigin()->ToUrlOrigin()); feature_policy->SetHeaderPolicy(feature_policy_header_); execution_context_->GetSecurityContext().SetFeaturePolicy( std::move(feature_policy)); @@ -266,4 +242,19 @@ void SecurityContextInit::ApplyFeaturePolicy( } } +void SecurityContextInit::InitFeaturePolicyFrom(const SecurityContext& other) { + auto& security_context = execution_context_->GetSecurityContext(); + security_context.SetFeaturePolicy( + FeaturePolicy::CopyStateFrom(other.GetFeaturePolicy())); + security_context.SetReportOnlyFeaturePolicy( + FeaturePolicy::CopyStateFrom(other.GetReportOnlyFeaturePolicy())); +} + +void SecurityContextInit::InitDocumentPolicyFrom(const SecurityContext& other) { + auto& security_context = execution_context_->GetSecurityContext(); + security_context.SetDocumentPolicy( + DocumentPolicy::CopyStateFrom(other.GetDocumentPolicy())); + security_context.SetReportOnlyDocumentPolicy( + DocumentPolicy::CopyStateFrom(other.GetReportOnlyDocumentPolicy())); +} } // namespace blink |