// Copyright 2017 The Chromium Authors // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #include "third_party/blink/renderer/platform/loader/allowed_by_nosniff.h" #include "services/network/public/mojom/fetch_api.mojom-blink.h" #include "third_party/blink/public/mojom/devtools/console_message.mojom-blink.h" #include "third_party/blink/public/mojom/use_counter/metrics/web_feature.mojom-blink.h" #include "third_party/blink/renderer/platform/instrumentation/use_counter.h" #include "third_party/blink/renderer/platform/loader/fetch/console_logger.h" #include "third_party/blink/renderer/platform/loader/fetch/resource_response.h" #include "third_party/blink/renderer/platform/network/http_names.h" #include "third_party/blink/renderer/platform/network/mime/mime_type_registry.h" #include "third_party/blink/renderer/platform/runtime_enabled_features.h" namespace blink { namespace { WebFeature; // In addition to makeing an allowed/not-allowed decision, // AllowedByNosniff::MimeTypeAsScript reports common usage patterns to support // future decisions about which types can be safely be disallowed. Below // is a number of constants about which use counters to report. const std::array<WebFeature, 2> kApplicationFeatures = …; const std::array<WebFeature, 2> kTextFeatures = …; const std::array<WebFeature, 2> kApplicationOctetStreamFeatures = …; const std::array<WebFeature, 2> kApplicationXmlFeatures = …; const std::array<WebFeature, 2> kTextHtmlFeatures = …; const std::array<WebFeature, 2> kTextPlainFeatures = …; const std::array<WebFeature, 2> kTextXmlFeatures = …; const std::array<WebFeature, 2> kJsonFeatures = …; const std::array<WebFeature, 2> kUnknownFeatures = …; // Helper function to decide what to do with with a given mime type. This takes // - a mime type // - inputs that affect the decision (is_same_origin, mime_type_check_mode). // // The return value determines whether this mime should be allowed or blocked. // Additionally, warn returns whether we should log a console warning about // expected future blocking of this resource. 'counter' determines which // Use counter should be used to count this. 'is_worker_global_scope' is used // for choosing 'counter' value. static bool AllowMimeTypeAsScript( const String& mime_type, bool same_origin, AllowedByNosniff::MimeTypeCheck mime_type_check_mode, std::optional<WebFeature>& counter) { … } } // namespace bool AllowedByNosniff::MimeTypeAsScript(UseCounter& use_counter, ConsoleLogger* console_logger, const ResourceResponse& response, MimeTypeCheck mime_type_check_mode) { … } } // namespace blink
Codebase Browser
chromium