Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(437)

Unified Diff: third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.h

Issue 1486993002: Report "inline" or "eval" for non-fetch CSP violations (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Clarity. Created 5 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
Index: third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.h
diff --git a/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.h b/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.h
index df15db748397dfd954cae78b00374f1f59d43b9a..7a371065974e896725b56e5ef5a39b96a28748d8 100644
--- a/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.h
+++ b/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.h
@@ -123,6 +123,16 @@ public:
WillNotThrowException
};
+ // This covers the possible values of a violation's 'resource', as defined in
+ // https://w3c.github.io/webappsec-csp/#violation-resource. By the time we
+ // generate a report, we're guaranteed that the value isn't 'null', so we don't
+ // need that state in this enum.
+ enum ViolationType {
+ InlineViolation,
+ EvalViolation,
+ URLViolation
+ };
+
static PassRefPtrWillBeRawPtr<ContentSecurityPolicy> create()
{
return adoptRefWillBeNoop(new ContentSecurityPolicy());
@@ -226,7 +236,7 @@ public:
// If a frame is passed in, the report will be sent using it as a context. If no frame is
// passed in, the report will be sent via this object's |m_executionContext| (or dropped
// on the floor if no such context is available).
- void reportViolation(const String& directiveText, const String& effectiveDirective, const String& consoleMessage, const KURL& blockedURL, const Vector<String>& reportEndpoints, const String& header, LocalFrame* = nullptr);
+ void reportViolation(const String& directiveText, const String& effectiveDirective, const String& consoleMessage, const KURL& blockedURL, const Vector<String>& reportEndpoints, const String& header, ViolationType, LocalFrame* = nullptr);
void reportBlockedScriptExecutionToInspector(const String& directiveText) const;

Powered by Google App Engine
This is Rietveld 408576698