OLD | NEW |
1 /* | 1 /* |
2 * Copyright (C) 2011 Google, Inc. All rights reserved. | 2 * Copyright (C) 2011 Google, Inc. All rights reserved. |
3 * | 3 * |
4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
5 * modification, are permitted provided that the following conditions | 5 * modification, are permitted provided that the following conditions |
6 * are met: | 6 * are met: |
7 * 1. Redistributions of source code must retain the above copyright | 7 * 1. Redistributions of source code must retain the above copyright |
8 * notice, this list of conditions and the following disclaimer. | 8 * notice, this list of conditions and the following disclaimer. |
9 * 2. Redistributions in binary form must reproduce the above copyright | 9 * 2. Redistributions in binary form must reproduce the above copyright |
10 * notice, this list of conditions and the following disclaimer in the | 10 * notice, this list of conditions and the following disclaimer in the |
(...skipping 158 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
169 | 169 |
170 bool allowManifestFromSource(const KURL&, RedirectStatus = DidNotRedirect, R
eportingStatus = SendReport) const; | 170 bool allowManifestFromSource(const KURL&, RedirectStatus = DidNotRedirect, R
eportingStatus = SendReport) const; |
171 | 171 |
172 // |allowAncestors| does not need to know whether the resource was a | 172 // |allowAncestors| does not need to know whether the resource was a |
173 // result of a redirect. After a redirect, source paths are usually | 173 // result of a redirect. After a redirect, source paths are usually |
174 // ignored to stop a page from learning the path to which the | 174 // ignored to stop a page from learning the path to which the |
175 // request was redirected, but this is not a concern for ancestors, | 175 // request was redirected, but this is not a concern for ancestors, |
176 // because a child frame can't manipulate the URL of a cross-origin | 176 // because a child frame can't manipulate the URL of a cross-origin |
177 // parent. | 177 // parent. |
178 bool allowAncestors(LocalFrame*, const KURL&, ReportingStatus = SendReport)
const; | 178 bool allowAncestors(LocalFrame*, const KURL&, ReportingStatus = SendReport)
const; |
| 179 bool isFrameAncestorsEnforced() const; |
179 | 180 |
180 // The nonce and hash allow functions are guaranteed to not have any side | 181 // The nonce and hash allow functions are guaranteed to not have any side |
181 // effects, including reporting. | 182 // effects, including reporting. |
182 // Nonce/Hash functions check all policies relating to use of a script/style | 183 // Nonce/Hash functions check all policies relating to use of a script/style |
183 // with the given nonce/hash and return true all CSP policies allow it. | 184 // with the given nonce/hash and return true all CSP policies allow it. |
184 // If these return true, callers can then process the content or | 185 // If these return true, callers can then process the content or |
185 // issue a load and be safe disabling any further CSP checks. | 186 // issue a load and be safe disabling any further CSP checks. |
186 bool allowScriptWithNonce(const String& nonce) const; | 187 bool allowScriptWithNonce(const String& nonce) const; |
187 bool allowStyleWithNonce(const String& nonce) const; | 188 bool allowStyleWithNonce(const String& nonce) const; |
188 bool allowScriptWithHash(const String& source) const; | 189 bool allowScriptWithHash(const String& source) const; |
(...skipping 106 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
295 String m_disableEvalErrorMessage; | 296 String m_disableEvalErrorMessage; |
296 SecurityContext::InsecureRequestsPolicy m_insecureRequestsPolicy; | 297 SecurityContext::InsecureRequestsPolicy m_insecureRequestsPolicy; |
297 | 298 |
298 OwnPtr<CSPSource> m_selfSource; | 299 OwnPtr<CSPSource> m_selfSource; |
299 String m_selfProtocol; | 300 String m_selfProtocol; |
300 }; | 301 }; |
301 | 302 |
302 } | 303 } |
303 | 304 |
304 #endif | 305 #endif |
OLD | NEW |