| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef CSPDirectiveList_h | 5 #ifndef CSPDirectiveList_h |
| 6 #define CSPDirectiveList_h | 6 #define CSPDirectiveList_h |
| 7 | 7 |
| 8 #include "core/fetch/Resource.h" | 8 #include "core/fetch/Resource.h" |
| 9 #include "core/frame/csp/ContentSecurityPolicy.h" | 9 #include "core/frame/csp/ContentSecurityPolicy.h" |
| 10 #include "core/frame/csp/MediaListDirective.h" | 10 #include "core/frame/csp/MediaListDirective.h" |
| (...skipping 68 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 79 bool shouldSendCSPHeader(Resource::Type) const; | 79 bool shouldSendCSPHeader(Resource::Type) const; |
| 80 | 80 |
| 81 private: | 81 private: |
| 82 CSPDirectiveList(ContentSecurityPolicy*, ContentSecurityPolicyHeaderType, Co
ntentSecurityPolicyHeaderSource); | 82 CSPDirectiveList(ContentSecurityPolicy*, ContentSecurityPolicyHeaderType, Co
ntentSecurityPolicyHeaderSource); |
| 83 | 83 |
| 84 bool parseDirective(const UChar* begin, const UChar* end, String& name, Stri
ng& value); | 84 bool parseDirective(const UChar* begin, const UChar* end, String& name, Stri
ng& value); |
| 85 void parseReportURI(const String& name, const String& value); | 85 void parseReportURI(const String& name, const String& value); |
| 86 void parsePluginTypes(const String& name, const String& value); | 86 void parsePluginTypes(const String& name, const String& value); |
| 87 void parseReflectedXSS(const String& name, const String& value); | 87 void parseReflectedXSS(const String& name, const String& value); |
| 88 void parseReferrer(const String& name, const String& value); | 88 void parseReferrer(const String& name, const String& value); |
| 89 String parseSuboriginName(const String& policy); |
| 89 void addDirective(const String& name, const String& value); | 90 void addDirective(const String& name, const String& value); |
| 90 void applySandboxPolicy(const String& name, const String& sandboxPolicy); | 91 void applySandboxPolicy(const String& name, const String& sandboxPolicy); |
| 92 void applySuboriginPolicy(const String& name, const String& suboriginPolicy)
; |
| 91 void enforceStrictMixedContentChecking(const String& name, const String& val
ue); | 93 void enforceStrictMixedContentChecking(const String& name, const String& val
ue); |
| 92 void enableInsecureRequestsUpgrade(const String& name, const String& value); | 94 void enableInsecureRequestsUpgrade(const String& name, const String& value); |
| 93 | 95 |
| 94 template <class CSPDirectiveType> | 96 template <class CSPDirectiveType> |
| 95 void setCSPDirective(const String& name, const String& value, OwnPtr<CSPDire
ctiveType>&); | 97 void setCSPDirective(const String& name, const String& value, OwnPtr<CSPDire
ctiveType>&); |
| 96 | 98 |
| 97 SourceListDirective* operativeDirective(SourceListDirective*) const; | 99 SourceListDirective* operativeDirective(SourceListDirective*) const; |
| 98 SourceListDirective* operativeDirective(SourceListDirective*, SourceListDire
ctive* override) const; | 100 SourceListDirective* operativeDirective(SourceListDirective*, SourceListDire
ctive* override) const; |
| 99 void reportViolation(const String& directiveText, const String& effectiveDir
ective, const String& consoleMessage, const KURL& blockedURL) const; | 101 void reportViolation(const String& directiveText, const String& effectiveDir
ective, const String& consoleMessage, const KURL& blockedURL) const; |
| 100 void reportViolationWithFrame(const String& directiveText, const String& eff
ectiveDirective, const String& consoleMessage, const KURL& blockedURL, LocalFram
e*) const; | 102 void reportViolationWithFrame(const String& directiveText, const String& eff
ectiveDirective, const String& consoleMessage, const KURL& blockedURL, LocalFram
e*) const; |
| (...skipping 19 matching lines...) Expand all Loading... |
| 120 | 122 |
| 121 bool denyIfEnforcingPolicy() const { return m_reportOnly; } | 123 bool denyIfEnforcingPolicy() const { return m_reportOnly; } |
| 122 | 124 |
| 123 ContentSecurityPolicy* m_policy; | 125 ContentSecurityPolicy* m_policy; |
| 124 | 126 |
| 125 String m_header; | 127 String m_header; |
| 126 ContentSecurityPolicyHeaderType m_headerType; | 128 ContentSecurityPolicyHeaderType m_headerType; |
| 127 ContentSecurityPolicyHeaderSource m_headerSource; | 129 ContentSecurityPolicyHeaderSource m_headerSource; |
| 128 | 130 |
| 129 bool m_reportOnly; | 131 bool m_reportOnly; |
| 130 bool m_haveSandboxPolicy; | 132 bool m_hasSandboxPolicy; |
| 133 bool m_hasSuboriginPolicy; |
| 131 ReflectedXSSDisposition m_reflectedXSSDisposition; | 134 ReflectedXSSDisposition m_reflectedXSSDisposition; |
| 132 | 135 |
| 133 bool m_didSetReferrerPolicy; | 136 bool m_didSetReferrerPolicy; |
| 134 ReferrerPolicy m_referrerPolicy; | 137 ReferrerPolicy m_referrerPolicy; |
| 135 | 138 |
| 136 bool m_strictMixedContentCheckingEnforced; | 139 bool m_strictMixedContentCheckingEnforced; |
| 137 | 140 |
| 138 bool m_upgradeInsecureRequests; | 141 bool m_upgradeInsecureRequests; |
| 139 | 142 |
| 140 OwnPtr<MediaListDirective> m_pluginTypes; | 143 OwnPtr<MediaListDirective> m_pluginTypes; |
| (...skipping 14 matching lines...) Expand all Loading... |
| 155 | 158 |
| 156 Vector<String> m_reportEndpoints; | 159 Vector<String> m_reportEndpoints; |
| 157 | 160 |
| 158 String m_evalDisabledErrorMessage; | 161 String m_evalDisabledErrorMessage; |
| 159 }; | 162 }; |
| 160 | 163 |
| 161 | 164 |
| 162 } // namespace | 165 } // namespace |
| 163 | 166 |
| 164 #endif | 167 #endif |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1109633002:
Basic experimental suborigin CSP directive and SecurityOrigin mods (Closed)
Base URL: https://chromium.googlesource.com/chromium/blink.git@master