mirror of
https://github.com/LadybirdBrowser/ladybird.git
synced 2025-10-05 15:49:15 +00:00
5a1de8a187
Some checks are pending
CI / macOS, arm64, Sanitizer, Clang (push) Waiting to run
CI / Linux, x86_64, Fuzzers, Clang (push) Waiting to run
CI / Linux, x86_64, Sanitizer, GNU (push) Waiting to run
CI / Linux, x86_64, Sanitizer, Clang (push) Waiting to run
Package the js repl as a binary artifact / Linux, arm64 (push) Waiting to run
Package the js repl as a binary artifact / macOS, arm64 (push) Waiting to run
Package the js repl as a binary artifact / Linux, x86_64 (push) Waiting to run
Run test262 and test-wasm / run_and_update_results (push) Waiting to run
Lint Code / lint (push) Waiting to run
Label PRs with merge conflicts / auto-labeler (push) Waiting to run
Push notes / build (push) Waiting to run
56 lines
2.7 KiB
C++
56 lines
2.7 KiB
C++
/*
|
||
* Copyright (c) 2024, Luke Wilde <luke@ladybird.org>
|
||
*
|
||
* SPDX-License-Identifier: BSD-2-Clause
|
||
*/
|
||
|
||
#include <LibWeb/ContentSecurityPolicy/Directives/ChildSourceDirective.h>
|
||
#include <LibWeb/ContentSecurityPolicy/Directives/DirectiveFactory.h>
|
||
#include <LibWeb/ContentSecurityPolicy/Directives/DirectiveOperations.h>
|
||
#include <LibWeb/ContentSecurityPolicy/Directives/Names.h>
|
||
#include <LibWeb/Fetch/Infrastructure/HTTP/Requests.h>
|
||
|
||
namespace Web::ContentSecurityPolicy::Directives {
|
||
|
||
GC_DEFINE_ALLOCATOR(ChildSourceDirective);
|
||
|
||
ChildSourceDirective::ChildSourceDirective(String name, Vector<String> value)
|
||
: Directive(move(name), move(value))
|
||
{
|
||
}
|
||
|
||
// https://w3c.github.io/webappsec-csp/#child-src-pre-request
|
||
Directive::Result ChildSourceDirective::pre_request_check(GC::Heap& heap, GC::Ref<Fetch::Infrastructure::Request const> request, GC::Ref<Policy const> policy) const
|
||
{
|
||
// 1. Let name be the result of executing § 6.8.1 Get the effective directive for request on request.
|
||
auto name = get_the_effective_directive_for_request(request);
|
||
|
||
// 2. If the result of executing § 6.8.4 Should fetch directive execute on name, child-src and policy is "No",
|
||
// return "Allowed".
|
||
if (should_fetch_directive_execute(name, Names::ChildSrc, policy) == ShouldExecute::No)
|
||
return Result::Allowed;
|
||
|
||
// 3. Return the result of executing the pre-request check for the directive whose name is name on request and
|
||
// policy, using this directive’s value for the comparison.
|
||
auto directive = create_directive(heap, name->to_string(), value());
|
||
return directive->pre_request_check(heap, request, policy);
|
||
}
|
||
|
||
// https://w3c.github.io/webappsec-csp/#child-src-post-request
|
||
Directive::Result ChildSourceDirective::post_request_check(GC::Heap& heap, GC::Ref<Fetch::Infrastructure::Request const> request, GC::Ref<Fetch::Infrastructure::Response const> response, GC::Ref<Policy const> policy) const
|
||
{
|
||
// 1. Let name be the result of executing § 6.8.1 Get the effective directive for request on request.
|
||
auto name = get_the_effective_directive_for_request(request);
|
||
|
||
// 2. If the result of executing § 6.8.4 Should fetch directive execute on name, child-src and policy is "No",
|
||
// return "Allowed".
|
||
if (should_fetch_directive_execute(name, Names::ChildSrc, policy) == ShouldExecute::No)
|
||
return Result::Allowed;
|
||
|
||
// 3. Return the result of executing the post-request check for the directive whose name is name on request,
|
||
// response, and policy, using this directive’s value for the comparison.
|
||
auto directive = create_directive(heap, name->to_string(), value());
|
||
return directive->post_request_check(heap, request, response, policy);
|
||
}
|
||
|
||
}
|