CSP-report-only support enabled

author Andrzej Surdej <a.surdej@samsung.com>

Wed, 27 Feb 2013 14:06:23 +0000 (15:06 +0100)

committer Pawel Sikorski <p.sikorski@samsung.com>

Mon, 11 Mar 2013 16:10:06 +0000 (17:10 +0100)
author Andrzej Surdej <a.surdej@samsung.com>
Wed, 27 Feb 2013 14:06:23 +0000 (15:06 +0100)
committer Pawel Sikorski <p.sikorski@samsung.com>
Mon, 11 Mar 2013 16:10:06 +0000 (17:10 +0100)
diff --git a/src/domain/widget_model.cpp b/src/domain/widget_model.cpp

index ba92b4c..b378da4 100644 (file)
--- a/src/domain/widget_model.cpp
+++ b/src/domain/widget_model.cpp
@@ -57,6 +57,8 @@ WidgetModel::WidgetModel(const std::string &tizenId) :
                                  &WidgetDAOReadOnly::getWidgetType>::Get),
      CspPolicy(this, &BindToWidgetDAO<DPL::OptionalString,
                                       &WidgetDAOReadOnly::getCspPolicy>::Get),
+    CspReportOnlyPolicy(this, &BindToWidgetDAO<DPL::OptionalString,
+                        &WidgetDAOReadOnly::getCspPolicyReportOnly>::Get),
      ActualSize(this),
      PreferredSize(this,
                    &BindToWidgetDAO<WidgetSize,
diff --git a/src/domain/widget_model.h b/src/domain/widget_model.h

index 431c6b6..496383d 100644 (file)
--- a/src/domain/widget_model.h
+++ b/src/domain/widget_model.h
@@ -78,6 +78,14 @@ class WidgetModel : public DPL::Event::Model
                           DPL::Event::PropertyStorageDynamicCached> CspPolicy;
  
      /**
+     * @brief Config file based csp policy - report only
+     */
+    DPL::Event::Property<DPL::OptionalString,
+                         DPL::Event::PropertyReadOnly,
+                         DPL::Event::PropertyStorageDynamicCached>
+    CspReportOnlyPolicy;
+
+    /**
       * @brief Current widget actual size
       */
      DPL::Event::Property<WidgetSize> ActualSize;
diff --git a/src/view/webkit/view_logic.cpp b/src/view/webkit/view_logic.cpp

index 701ab6b..55d04c2 100755 (executable)
--- a/src/view/webkit/view_logic.cpp
+++ b/src/view/webkit/view_logic.cpp
@@ -610,10 +610,14 @@ void ViewLogic::prepareEwkView(Evas_Object *wkView)
      Assert(wkView);
  
  #ifdef CSP_ENABLED
+    ewk_context_tizen_extensible_api_set(
+        m_ewkContext, EWK_EXTENSIBLE_API_CSP, true);
      LogInfo("Setting CSP default policy");
      // setting CSP policy rules
      ewk_view_content_security_policy_set(
-        wkView, "default-src 'self';", EWK_ENFORCE_POLICY);
+        wkView,
+        "default-src '*'; script-src 'self'; style-src 'self'; object-src 'none';",
+        EWK_ENFORCE_POLICY);
      LogInfo("Default policy set");
  
      DPL::OptionalString policy = m_model->CspPolicy.Get();
@@ -627,7 +631,15 @@ void ViewLogic::prepareEwkView(Evas_Object *wkView)
          LogDebug("Config CSP policy is not present");
      }
  
-    //TODO: support report only csp will be added soon
+    policy = m_model->CspReportOnlyPolicy.Get();
+    if (!(policy.IsNull()))
+    {
+        LogDebug("CSP report only policy present in manifest: " << *policy);
+        ewk_view_content_security_policy_set(
+            wkView, DPL::ToUTF8String(*policy).c_str(), EWK_REPORT_ONLY);
+    } else {
+        LogDebug("Config CSP report only policy is not present");
+    }
  
      LogInfo("CSP set.");
  #endif
author	Andrzej Surdej <a.surdej@samsung.com>
	Wed, 27 Feb 2013 14:06:23 +0000 (15:06 +0100)
committer	Pawel Sikorski <p.sikorski@samsung.com>
	Mon, 11 Mar 2013 16:10:06 +0000 (17:10 +0100)
src/domain/widget_model.cpp		patch \| blob \| history
src/domain/widget_model.h		patch \| blob \| history
src/view/webkit/view_logic.cpp		patch \| blob \| history