#include <popup-runner/PopupInvoker.h>
#include "ewk_context_manager.h"
-#include "webkit_csp_support_mock.h"
-
namespace { //Anonymous
const std::string ACCESS_DENIED = _("IDS_BR_POP_ACCESS_DENIED");
const std::string ALREADY_RUNNING = _("IDS_BR_POP_ALREADY_RUNNING");
return false;
}
-#ifdef CSP_ENABLED
- LogInfo("Setting CSP default policy");
- // setting CSP policy rules
- WKStringRef defaultPolicy = WKStringCreateWithUTF8CString("default-src ‘self’;");
- CSP_Rules rule; // = new CSP_Rules;
- rule.default_src = OVERWRITE;
- rule.other_src = OVERWRITE;
- rule.sandbox = OVERWRITE;
- //trusted apps allow unsafe directives
- rule.allow_unsafe = true;
-
- if (0 != apply_csp(ewkContext, defaultPolicy, &rule, NULL))
- LogWarning("Failed to apply default csp policy");
-
- DPL::OptionalString policy = m_widgetModel->CspPolicy.Get();
-
- if (!(policy.IsNull()))
- {
- WrtDB::WidgetDAOReadOnly dao(m_widgetModel->TizenId);
- bool trusted = dao.isTrusted();
-
- LogDebug("CSP policy present in manifest: " << *policy);
- LogDebug("Widget trusted: " << trusted);
-
- //config file policy
- CSP_Rules manifest_rule;
- manifest_rule.default_src = trusted ? OVERWRITE : IGNORE;
- manifest_rule.other_src = SUM;
- manifest_rule.sandbox = SUM;
- //trusted apps allow unsafe directives
- manifest_rule.allow_unsafe = trusted;
-
- //merging algorithm for http/meta policy
- CSP_Rules http_rule;
- http_rule.default_src = INTERSECTION;
- http_rule.other_src = INTERSECTION;
- http_rule.sandbox = INTERSECTION;
- //trusted apps allow unsafe directives
- http_rule.allow_unsafe = trusted;
-
- LogDebug("Setting manifest and http/meta policy");
- if (0 != apply_csp(
- ewkContext,
- WKStringCreateWithUTF8CString(DPL::ToUTF8String(*policy).c_str()),
- &manifest_rule,
- &http_rule))
- {
- LogWarning("Failed to set manifest csp policy");
- }
- } else {
- LogDebug("Config CSP policy is not present");
- }
- LogInfo("CSP set.");
-#endif
ADD_PROFILING_POINT("view_logic_init", "start");
Ewk_Context* context = m_ewkContextManager->getEwkContext();
+++ /dev/null
-/*
- * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- * @file webkit_csp_support_mock.h
- * @author Andrzej Surdej (a.surdej@samsung.com)
- * @brief Mock file for webkit csp api. File will be removed.
- */
-
-#ifndef WRT_SRC_API_NEW_WEBKIT_CSP_SUPPORT_H
-#define WRT_SRC_API_NEW_WEBKIT_CSP_SUPPORT_H
-
-#include <EWebKit2.h>
-#include <dpl/log/log.h>
-#include <WebKit2/WKString.h>
-
-enum Algorithm {
- INTERSECTION = 0, // only entries existing in both directives are used
- SUM, // a sum of both directives is used
- OVERWRITE, // applied directive overwrites existing one
- IGNORE // ignore provided policy
-};
-
-typedef struct _CSP_Rules{
- Algorithm default_src; //algorithm used to combine default-src
- Algorithm other_src; //algorithm used to merge rest of policy
- Algorithm sandbox; //algorithm used to merge sandbox policy
- bool allow_unsafe; //are unsafe directives alloved
-}CSP_Rules;
-
-/*
- * The function is used to parse and merge given policy with existing one. The lifetime * of such policy is equal to the lifetime of the context. For report-uri the latest
- * existing directive is used. It also used to set http/meta csp combining algorithm.
- * @param context – the context for which the policy is applied
- * @param policy – applied policy in form of a string
- * @param CSP_Rules *local – defines CSP apply rules to combine default or manifest
- * defined policy
- * @param CSP_Rules *http_meta– defines CSP apply rules to combine http header csp
- * poicy. If NULL provided use default algorithm - INTERSECTION.
- * @return – error code returned if policy is malformed or some other argument is
- * invalid
- *
- */
-int apply_csp(Ewk_Context* /*context*/, WKStringRef /*policy*/, CSP_Rules */*local*/, CSP_Rules */*http_meta*/)
-{
- LogDebug("Setting csp policy");
- return 0;
-}
-
-#endif /* WRT_SRC_API_NEW_WEBKIT_CSP_SUPPORT_H */
-
{
LogDebug("prepareEwkView called");
Assert(wkView);
+
+#ifdef CSP_ENABLED
+ LogInfo("Setting CSP default policy");
+ // setting CSP policy rules
+ ewk_view_content_security_policy_set(
+ wkView, "default-src 'self';", EWK_ENFORCE_POLICY);
+ LogInfo("Default policy set");
+
+ DPL::OptionalString policy = m_model->CspPolicy.Get();
+
+ if (!(policy.IsNull()))
+ {
+ LogDebug("CSP policy present in manifest: " << *policy);
+ ewk_view_content_security_policy_set(
+ wkView, DPL::ToUTF8String(*policy).c_str(), EWK_ENFORCE_POLICY);
+ } else {
+ LogDebug("Config CSP policy is not present");
+ }
+
+ //TODO: support report only csp will be added soon
+
+ LogInfo("CSP set.");
+#endif
+
Ewk_Settings* settings = ewk_view_settings_get(wkView);
// set user agent