Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(127)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: Source/core/frame/csp/CSPDirectiveList.h

Issue 1109633002: Basic experimental suborigin CSP directive and SecurityOrigin mods (Closed) Base URL: https://chromium.googlesource.com/chromium/blink.git@master
Patch Set: Created 5 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« Source/core/dom/ExecutionContext.cpp ('K') | « Source/core/dom/ExecutionContext.cpp ('k') | Source/core/frame/csp/CSPDirectiveList.cpp » ('j') | Source/platform/weborigin/SecurityOrigin.cpp » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef CSPDirectiveList_h 5 #ifndef CSPDirectiveList_h
6 #define CSPDirectiveList_h 6 #define CSPDirectiveList_h
7 7
8 #include "core/fetch/Resource.h" 8 #include "core/fetch/Resource.h"
9 #include "core/frame/csp/ContentSecurityPolicy.h" 9 #include "core/frame/csp/ContentSecurityPolicy.h"
10 #include "core/frame/csp/MediaListDirective.h" 10 #include "core/frame/csp/MediaListDirective.h"
(...skipping 68 matching lines...) Expand 10 before | Expand all | Expand 10 after
79 bool shouldSendCSPHeader(Resource::Type) const; 79 bool shouldSendCSPHeader(Resource::Type) const;
80 80
81 private: 81 private:
82 CSPDirectiveList(ContentSecurityPolicy*, ContentSecurityPolicyHeaderType, Co ntentSecurityPolicyHeaderSource); 82 CSPDirectiveList(ContentSecurityPolicy*, ContentSecurityPolicyHeaderType, Co ntentSecurityPolicyHeaderSource);
83 83
84 bool parseDirective(const UChar* begin, const UChar* end, String& name, Stri ng& value); 84 bool parseDirective(const UChar* begin, const UChar* end, String& name, Stri ng& value);
85 void parseReportURI(const String& name, const String& value); 85 void parseReportURI(const String& name, const String& value);
86 void parsePluginTypes(const String& name, const String& value); 86 void parsePluginTypes(const String& name, const String& value);
87 void parseReflectedXSS(const String& name, const String& value); 87 void parseReflectedXSS(const String& name, const String& value);
88 void parseReferrer(const String& name, const String& value); 88 void parseReferrer(const String& name, const String& value);
89 String parseSuboriginName(const String& policy);
89 void addDirective(const String& name, const String& value); 90 void addDirective(const String& name, const String& value);
90 void applySandboxPolicy(const String& name, const String& sandboxPolicy); 91 void applySandboxPolicy(const String& name, const String& sandboxPolicy);
92 void applySuboriginPolicy(const String& name, const String& suboriginPolicy) ;
91 void enforceStrictMixedContentChecking(const String& name, const String& val ue); 93 void enforceStrictMixedContentChecking(const String& name, const String& val ue);
92 void enableInsecureRequestsUpgrade(const String& name, const String& value); 94 void enableInsecureRequestsUpgrade(const String& name, const String& value);
93 95
94 template <class CSPDirectiveType> 96 template <class CSPDirectiveType>
95 void setCSPDirective(const String& name, const String& value, OwnPtr<CSPDire ctiveType>&); 97 void setCSPDirective(const String& name, const String& value, OwnPtr<CSPDire ctiveType>&);
96 98
97 SourceListDirective* operativeDirective(SourceListDirective*) const; 99 SourceListDirective* operativeDirective(SourceListDirective*) const;
98 SourceListDirective* operativeDirective(SourceListDirective*, SourceListDire ctive* override) const; 100 SourceListDirective* operativeDirective(SourceListDirective*, SourceListDire ctive* override) const;
99 void reportViolation(const String& directiveText, const String& effectiveDir ective, const String& consoleMessage, const KURL& blockedURL) const; 101 void reportViolation(const String& directiveText, const String& effectiveDir ective, const String& consoleMessage, const KURL& blockedURL) const;
100 void reportViolationWithFrame(const String& directiveText, const String& eff ectiveDirective, const String& consoleMessage, const KURL& blockedURL, LocalFram e*) const; 102 void reportViolationWithFrame(const String& directiveText, const String& eff ectiveDirective, const String& consoleMessage, const KURL& blockedURL, LocalFram e*) const;
(...skipping 19 matching lines...) Expand all
120 122
121 bool denyIfEnforcingPolicy() const { return m_reportOnly; } 123 bool denyIfEnforcingPolicy() const { return m_reportOnly; }
122 124
123 ContentSecurityPolicy* m_policy; 125 ContentSecurityPolicy* m_policy;
124 126
125 String m_header; 127 String m_header;
126 ContentSecurityPolicyHeaderType m_headerType; 128 ContentSecurityPolicyHeaderType m_headerType;
127 ContentSecurityPolicyHeaderSource m_headerSource; 129 ContentSecurityPolicyHeaderSource m_headerSource;
128 130
129 bool m_reportOnly; 131 bool m_reportOnly;
130 bool m_haveSandboxPolicy; 132 bool m_hasSandboxPolicy;
133 bool m_hasSuboriginPolicy;
131 ReflectedXSSDisposition m_reflectedXSSDisposition; 134 ReflectedXSSDisposition m_reflectedXSSDisposition;
132 135
133 bool m_didSetReferrerPolicy; 136 bool m_didSetReferrerPolicy;
134 ReferrerPolicy m_referrerPolicy; 137 ReferrerPolicy m_referrerPolicy;
135 138
136 bool m_strictMixedContentCheckingEnforced; 139 bool m_strictMixedContentCheckingEnforced;
137 140
138 bool m_upgradeInsecureRequests; 141 bool m_upgradeInsecureRequests;
139 142
140 OwnPtr<MediaListDirective> m_pluginTypes; 143 OwnPtr<MediaListDirective> m_pluginTypes;
(...skipping 14 matching lines...) Expand all
155 158
156 Vector<String> m_reportEndpoints; 159 Vector<String> m_reportEndpoints;
157 160
158 String m_evalDisabledErrorMessage; 161 String m_evalDisabledErrorMessage;
159 }; 162 };
160 163
161 164
162 } // namespace 165 } // namespace
163 166
164 #endif 167 #endif
OLDNEW
« Source/core/dom/ExecutionContext.cpp ('K') | « Source/core/dom/ExecutionContext.cpp ('k') | Source/core/frame/csp/CSPDirectiveList.cpp » ('j') | Source/platform/weborigin/SecurityOrigin.cpp » ('J')

Powered by Google App Engine
This is Rietveld 408576698