Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(84)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: Source/core/loader/ResourceLoaderOptions.h

Issue 14949017: Implementation of W3C compliant CSP script-src nonce. (Closed) Base URL: https://chromium.googlesource.com/chromium/blink.git@master
Patch Set: Fixed broken nonce behavior on script redirects. Added test for redirects as well. Created 7 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« Source/core/dom/ScriptElement.cpp ('K') | « Source/core/loader/ResourceLoader.cpp ('k') | Source/core/loader/cache/CachedResourceLoader.h » ('j') | Source/core/loader/cache/CachedResourceLoader.h » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 2011 Google Inc. All rights reserved. 2 * Copyright (C) 2011 Google Inc. All rights reserved.
3 * 3 *
4 * Redistribution and use in source and binary forms, with or without 4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions are 5 * modification, are permitted provided that the following conditions are
6 * met: 6 * met:
7 * 7 *
8 * * Redistributions of source code must retain the above copyright 8 * * Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer. 9 * notice, this list of conditions and the following disclaimer.
10 * * Redistributions in binary form must reproduce the above 10 * * Redistributions in binary form must reproduce the above
(...skipping 42 matching lines...) Expand 10 before | Expand all | Expand 10 after
53 enum ClientCrossOriginCredentialPolicy { 53 enum ClientCrossOriginCredentialPolicy {
54 AskClientForCrossOriginCredentials, 54 AskClientForCrossOriginCredentials,
55 DoNotAskClientForCrossOriginCredentials 55 DoNotAskClientForCrossOriginCredentials
56 }; 56 };
57 57
58 enum SecurityCheckPolicy { 58 enum SecurityCheckPolicy {
59 SkipSecurityCheck, 59 SkipSecurityCheck,
60 DoSecurityCheck 60 DoSecurityCheck
61 }; 61 };
62 62
63 enum ContentSecurityPolicyNonceCheck {
64 NonceCheckValid,
65 NonceCheckNotValid
abarth-chromium 2013/05/16 00:59:27 Does this need to be specific to nonces? Perhaps
jww 2013/05/16 20:59:00 Done.
66 };
67
63 struct ResourceLoaderOptions { 68 struct ResourceLoaderOptions {
64 ResourceLoaderOptions() : sendLoadCallbacks(DoNotSendCallbacks), sniffConten t(DoNotSniffContent), dataBufferingPolicy(BufferData), allowCredentials(DoNotAll owStoredCredentials), crossOriginCredentialPolicy(DoNotAskClientForCrossOriginCr edentials), securityCheck(DoSecurityCheck) { } 69 ResourceLoaderOptions() : sendLoadCallbacks(DoNotSendCallbacks), sniffConten t(DoNotSniffContent), dataBufferingPolicy(BufferData), allowCredentials(DoNotAll owStoredCredentials), crossOriginCredentialPolicy(DoNotAskClientForCrossOriginCr edentials), securityCheck(DoSecurityCheck), cspNonce(NonceCheckNotValid) { }
65 ResourceLoaderOptions(SendCallbackPolicy sendLoadCallbacks, ContentSniffingP olicy sniffContent, DataBufferingPolicy dataBufferingPolicy, StoredCredentials a llowCredentials, ClientCrossOriginCredentialPolicy crossOriginCredentialPolicy, SecurityCheckPolicy securityCheck) 70 ResourceLoaderOptions(SendCallbackPolicy sendLoadCallbacks, ContentSniffingP olicy sniffContent, DataBufferingPolicy dataBufferingPolicy, StoredCredentials a llowCredentials, ClientCrossOriginCredentialPolicy crossOriginCredentialPolicy, SecurityCheckPolicy securityCheck, ContentSecurityPolicyNonceCheck cspNonce)
66 : sendLoadCallbacks(sendLoadCallbacks) 71 : sendLoadCallbacks(sendLoadCallbacks)
67 , sniffContent(sniffContent) 72 , sniffContent(sniffContent)
68 , dataBufferingPolicy(dataBufferingPolicy) 73 , dataBufferingPolicy(dataBufferingPolicy)
69 , allowCredentials(allowCredentials) 74 , allowCredentials(allowCredentials)
70 , crossOriginCredentialPolicy(crossOriginCredentialPolicy) 75 , crossOriginCredentialPolicy(crossOriginCredentialPolicy)
71 , securityCheck(securityCheck) 76 , securityCheck(securityCheck)
77 , cspNonce(cspNonce)
72 { 78 {
73 } 79 }
74 SendCallbackPolicy sendLoadCallbacks; 80 SendCallbackPolicy sendLoadCallbacks;
75 ContentSniffingPolicy sniffContent; 81 ContentSniffingPolicy sniffContent;
76 DataBufferingPolicy dataBufferingPolicy; 82 DataBufferingPolicy dataBufferingPolicy;
77 StoredCredentials allowCredentials; // Whether HTTP credentials and cookies are sent with the request. 83 StoredCredentials allowCredentials; // Whether HTTP credentials and cookies are sent with the request.
78 ClientCrossOriginCredentialPolicy crossOriginCredentialPolicy; // Whether we will ask the client for credentials (if we allow credentials at all). 84 ClientCrossOriginCredentialPolicy crossOriginCredentialPolicy; // Whether we will ask the client for credentials (if we allow credentials at all).
79 SecurityCheckPolicy securityCheck; 85 SecurityCheckPolicy securityCheck;
86 ContentSecurityPolicyNonceCheck cspNonce;
80 }; 87 };
81 88
82 } // namespace WebCore 89 } // namespace WebCore
83 90
84 #endif // ResourceLoaderOptions_h 91 #endif // ResourceLoaderOptions_h
OLDNEW
« Source/core/dom/ScriptElement.cpp ('K') | « Source/core/loader/ResourceLoader.cpp ('k') | Source/core/loader/cache/CachedResourceLoader.h » ('j') | Source/core/loader/cache/CachedResourceLoader.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698