CSP: Ship hash and nonce expressions, and the 'frame-ancestors' directive.

This matches Firefox's behavior (see [1]). Hooray for interoperation! Intent to Ship thread: https://groups.google.com/a/chromium.org/d/msg/blink-dev/rCiwMvGG8IY/MgRtHrkQfgMJ [1]: https://bugzilla.mozilla.org/show_bug.cgi?id=979580 Review URL: https://codereview.chromium.org/220343005 git-svn-id: svn://svn.chromium.org/blink/trunk@170551 bbb929c8-8fbe-4397-9dbb-9b2b20218538

CSP: Ship hash and nonce expressions, and the 'frame-ancestors' directive.
This matches Firefox's behavior (see [1]). Hooray for interoperation! Intent to Ship thread: https://groups.google.com/a/chromium.org/d/msg/blink-dev/rCiwMvGG8IY/MgRtHrkQfgMJ [1]: https://bugzilla.mozilla.org/show_bug.cgi?id=979580 Review URL: https://codereview.chromium.org/220343005 git-svn-id: svn://svn.chromium.org/blink/trunk@170551 bbb929c8-8fbe-4397-9dbb-9b2b20218538
9f7d5a2e · mkwst@chromium.org · 5ce29ea9 · 9f7d5a2e · 9f7d5a2e
Commit 9f7d5a2e authored Apr 01, 2014 by mkwst@chromium.org
2 changed files
--- a/third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.cpp
+++ b/third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.cpp
@@ -635,6 +635,8 @@ void CSPDirectiveList::addDirective(const String& name, const String& value)
        m_policy->usesScriptHashAlgorithms(m_scriptSrc->hashAlgorithmsUsed());
    } else if (equalIgnoringCase(name, ContentSecurityPolicy::ObjectSrc)) {
        setCSPDirective<SourceListDirective>(name, value, m_objectSrc);
+    } else if (equalIgnoringCase(name, ContentSecurityPolicy::FrameAncestors)) {
+        setCSPDirective<SourceListDirective>(name, value, m_frameAncestors);
    } else if (equalIgnoringCase(name, ContentSecurityPolicy::FrameSrc)) {
        setCSPDirective<SourceListDirective>(name, value, m_frameSrc);
    } else if (equalIgnoringCase(name, ContentSecurityPolicy::ImgSrc)) {
@@ -659,8 +661,6 @@ void CSPDirectiveList::addDirective(const String& name, const String& value)
            setCSPDirective<SourceListDirective>(name, value, m_childSrc);
        else if (equalIgnoringCase(name, ContentSecurityPolicy::FormAction))
            setCSPDirective<SourceListDirective>(name, value, m_formAction);
-        else if (equalIgnoringCase(name, ContentSecurityPolicy::FrameAncestors))
-            setCSPDirective<SourceListDirective>(name, value, m_frameAncestors);
        else if (equalIgnoringCase(name, ContentSecurityPolicy::PluginTypes))
            setCSPDirective<MediaListDirective>(name, value, m_pluginTypes);
        else if (equalIgnoringCase(name, ContentSecurityPolicy::ReflectedXSS))

--- a/third_party/WebKit/Source/core/frame/csp/CSPSourceList.cpp
+++ b/third_party/WebKit/Source/core/frame/csp/CSPSourceList.cpp
@@ -187,25 +187,23 @@ bool CSPSourceList::parseSource(const UChar* begin, const UChar* end, String& sc
        return true;
    }

-    if (m_policy->experimentalFeaturesEnabled()) {
-        String nonce;
-        if (!parseNonce(begin, end, nonce))
-            return false;
+    String nonce;
+    if (!parseNonce(begin, end, nonce))
+        return false;

-        if (!nonce.isNull()) {
-            addSourceNonce(nonce);
-            return true;
-        }
+    if (!nonce.isNull()) {
+        addSourceNonce(nonce);
+        return true;
+    }

-        DigestValue hash;
-        ContentSecurityPolicyHashAlgorithm algorithm = ContentSecurityPolicyHashAlgorithmNone;
-        if (!parseHash(begin, end, hash, algorithm))
-            return false;
+    DigestValue hash;
+    ContentSecurityPolicyHashAlgorithm algorithm = ContentSecurityPolicyHashAlgorithmNone;
+    if (!parseHash(begin, end, hash, algorithm))
+        return false;

-        if (hash.size() > 0) {
-            addSourceHash(algorithm, hash);
-            return true;
-        }
+    if (hash.size() > 0) {
+        addSourceHash(algorithm, hash);
+        return true;
    }

    const UChar* position = begin;