mirror of
https://github.com/electron/electron.git
synced 2026-04-10 03:01:51 -04:00
aae1bfde05
* feat: support wasm-eval csp behind WebAssemblyCSP flag * update patches Co-authored-by: Cheng Zhao <zcbenz@gmail.com> Co-authored-by: Electron Bot <electron@github.com>
120 lines
5.4 KiB
Diff
120 lines
5.4 KiB
Diff
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
From: Cheng Zhao <zcbenz@gmail.com>
|
|
Date: Thu, 4 Oct 2018 14:57:02 -0700
|
|
Subject: feat: support wasm-eval csp behind WebAssemblyCSP flag
|
|
|
|
This is a minimal backport of
|
|
https://chromium.googlesource.com/chromium/src/+/83913676803db53648b6a47d159102a7cf1dac36
|
|
|
|
The tracking issue in Chromium is
|
|
https://bugs.chromium.org/p/chromium/issues/detail?id=948834
|
|
|
|
diff --git a/third_party/blink/renderer/core/frame/csp/content_security_policy.cc b/third_party/blink/renderer/core/frame/csp/content_security_policy.cc
|
|
index d720aac224e80a924121eb0a98e1ad5636a2e929..d78cc8725ec8d61b3cab7a15529dc6cf7d881fe4 100644
|
|
--- a/third_party/blink/renderer/core/frame/csp/content_security_policy.cc
|
|
+++ b/third_party/blink/renderer/core/frame/csp/content_security_policy.cc
|
|
@@ -294,7 +294,8 @@ void ContentSecurityPolicy::DidReceiveHeaders(
|
|
const ContentSecurityPolicyResponseHeaders& headers) {
|
|
scoped_refptr<SecurityOrigin> self_origin =
|
|
SecurityOrigin::Create(headers.ResponseUrl());
|
|
- if (headers.ShouldParseWasmEval())
|
|
+ if (RuntimeEnabledFeatures::WebAssemblyCSPEnabled() ||
|
|
+ headers.ShouldParseWasmEval())
|
|
supports_wasm_eval_ = true;
|
|
|
|
Vector<network::mojom::blink::ContentSecurityPolicyPtr> parsed_policies;
|
|
diff --git a/third_party/blink/renderer/core/frame/csp/csp_directive_list.cc b/third_party/blink/renderer/core/frame/csp/csp_directive_list.cc
|
|
index 76590740ee6000f9b5bfe67f8ffc3432351b66a2..9fd518d00ab33bf4ca379eed92e277f30c39adc4 100644
|
|
--- a/third_party/blink/renderer/core/frame/csp/csp_directive_list.cc
|
|
+++ b/third_party/blink/renderer/core/frame/csp/csp_directive_list.cc
|
|
@@ -625,8 +625,14 @@ bool CheckEval(const network::mojom::blink::CSPSourceList* directive) {
|
|
return !directive || directive->allow_eval;
|
|
}
|
|
|
|
-bool CheckWasmEval(const network::mojom::blink::CSPSourceList* directive) {
|
|
- return !directive || directive->allow_wasm_eval;
|
|
+bool SupportsWasmEval(const ContentSecurityPolicy* policy) {
|
|
+ return RuntimeEnabledFeatures::WebAssemblyCSPEnabled() ||
|
|
+ policy->SupportsWasmEval();
|
|
+}
|
|
+
|
|
+bool CheckWasmEval(const network::mojom::blink::CSPSourceList* directive,
|
|
+ const ContentSecurityPolicy* policy) {
|
|
+ return !directive || (SupportsWasmEval(policy) && directive->allow_wasm_eval);
|
|
}
|
|
|
|
bool CheckHash(const network::mojom::blink::CSPSourceList* directive,
|
|
@@ -732,7 +738,7 @@ bool CheckWasmEvalAndReportViolation(
|
|
const String& content) {
|
|
CSPOperativeDirective directive =
|
|
OperativeDirective(csp, CSPDirectiveName::ScriptSrc);
|
|
- if (CheckWasmEval(directive.source_list))
|
|
+ if (CheckWasmEval(directive.source_list, policy))
|
|
return true;
|
|
|
|
String suffix = String();
|
|
@@ -1065,16 +1071,21 @@ bool CSPDirectiveListAllowWasmEval(
|
|
ContentSecurityPolicy::ExceptionStatus exception_status,
|
|
const String& content) {
|
|
if (reporting_disposition == ReportingDisposition::kReport) {
|
|
+ String infix = SupportsWasmEval(policy)
|
|
+ ? "neither 'wasm-eval' nor 'unsafe-eval' is"
|
|
+ : "'unsafe-eval' is not";
|
|
return CheckWasmEvalAndReportViolation(
|
|
csp, policy,
|
|
- "Refused to compile or instantiate WebAssembly module because "
|
|
- "'wasm-eval' is not an allowed source of script in the following "
|
|
- "Content Security Policy directive: ",
|
|
+ "Refused to compile or instantiate WebAssembly module because " +
|
|
+ infix +
|
|
+ " an allowed source of script in the following "
|
|
+ "Content Security Policy directive: ",
|
|
exception_status, content);
|
|
}
|
|
return CSPDirectiveListIsReportOnly(csp) ||
|
|
CheckWasmEval(
|
|
- OperativeDirective(csp, CSPDirectiveName::ScriptSrc).source_list);
|
|
+ OperativeDirective(csp, CSPDirectiveName::ScriptSrc).source_list,
|
|
+ policy);
|
|
}
|
|
|
|
bool CSPDirectiveListShouldDisableEval(
|
|
diff --git a/third_party/blink/renderer/core/frame/csp/source_list_directive.cc b/third_party/blink/renderer/core/frame/csp/source_list_directive.cc
|
|
index 17ae1426ef9662f6f640c36d8ae8bca8e443a15a..de93eb3cf7321e00351f5cfe1d7cde6635ce2b4d 100644
|
|
--- a/third_party/blink/renderer/core/frame/csp/source_list_directive.cc
|
|
+++ b/third_party/blink/renderer/core/frame/csp/source_list_directive.cc
|
|
@@ -403,10 +403,15 @@ bool ParseSource(const UChar* begin,
|
|
return true;
|
|
}
|
|
|
|
- if (policy->SupportsWasmEval() &&
|
|
- EqualIgnoringASCIICase("'wasm-eval'", token)) {
|
|
- source_list.allow_wasm_eval = true;
|
|
- return true;
|
|
+ // Temporarily behind a runtime feature
|
|
+ if (EqualIgnoringASCIICase("'wasm-eval'", token)) {
|
|
+ if (RuntimeEnabledFeatures::WebAssemblyCSPEnabled() ||
|
|
+ policy->SupportsWasmEval()) {
|
|
+ source_list.allow_wasm_eval = true;
|
|
+ return true;
|
|
+ } else {
|
|
+ return false;
|
|
+ }
|
|
}
|
|
|
|
if (EqualIgnoringASCIICase("'strict-dynamic'", token)) {
|
|
diff --git a/third_party/blink/renderer/platform/runtime_enabled_features.json5 b/third_party/blink/renderer/platform/runtime_enabled_features.json5
|
|
index a76f001440d21ee34ffa1a98c9dbc87961fcaff0..95b404a3d371304f9569f66615b4e016bb4d88cb 100644
|
|
--- a/third_party/blink/renderer/platform/runtime_enabled_features.json5
|
|
+++ b/third_party/blink/renderer/platform/runtime_enabled_features.json5
|
|
@@ -2128,6 +2128,9 @@
|
|
{
|
|
name: "WebAppWindowControlsOverlay",
|
|
},
|
|
+ {
|
|
+ name: "WebAssemblyCSP",
|
|
+ },
|
|
{
|
|
name: "WebAssemblySimd",
|
|
origin_trial_feature_name: "WebAssemblySimd",
|