Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(398)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: Source/core/loader/ResourceLoaderOptions.h

Issue 14949017: Implementation of W3C compliant CSP script-src nonce. (Closed) Base URL: https://chromium.googlesource.com/chromium/blink.git@master
Patch Set: Fixed broken nonce behavior on script redirects. Added test for redirects as well. Created 7 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« Source/core/dom/ScriptElement.cpp ('K') | « Source/core/loader/ResourceLoader.cpp ('k') | Source/core/loader/cache/CachedResourceLoader.h » ('j') | Source/core/loader/cache/CachedResourceLoader.h » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: Source/core/loader/ResourceLoaderOptions.h
diff --git a/Source/core/loader/ResourceLoaderOptions.h b/Source/core/loader/ResourceLoaderOptions.h
index ad1adaa4f8aef418552c287103119babc9c41598..a0cf4ec36bc6d1d1a6d82cf37ce13130e0021674 100644
--- a/Source/core/loader/ResourceLoaderOptions.h
+++ b/Source/core/loader/ResourceLoaderOptions.h
@@ -60,15 +60,21 @@ enum SecurityCheckPolicy {
DoSecurityCheck
};
+enum ContentSecurityPolicyNonceCheck {
+ NonceCheckValid,
+ NonceCheckNotValid
abarth-chromium 2013/05/16 00:59:27 Does this need to be specific to nonces? Perhaps
jww 2013/05/16 20:59:00 Done.
+};
+
struct ResourceLoaderOptions {
- ResourceLoaderOptions() : sendLoadCallbacks(DoNotSendCallbacks), sniffContent(DoNotSniffContent), dataBufferingPolicy(BufferData), allowCredentials(DoNotAllowStoredCredentials), crossOriginCredentialPolicy(DoNotAskClientForCrossOriginCredentials), securityCheck(DoSecurityCheck) { }
- ResourceLoaderOptions(SendCallbackPolicy sendLoadCallbacks, ContentSniffingPolicy sniffContent, DataBufferingPolicy dataBufferingPolicy, StoredCredentials allowCredentials, ClientCrossOriginCredentialPolicy crossOriginCredentialPolicy, SecurityCheckPolicy securityCheck)
+ ResourceLoaderOptions() : sendLoadCallbacks(DoNotSendCallbacks), sniffContent(DoNotSniffContent), dataBufferingPolicy(BufferData), allowCredentials(DoNotAllowStoredCredentials), crossOriginCredentialPolicy(DoNotAskClientForCrossOriginCredentials), securityCheck(DoSecurityCheck), cspNonce(NonceCheckNotValid) { }
+ ResourceLoaderOptions(SendCallbackPolicy sendLoadCallbacks, ContentSniffingPolicy sniffContent, DataBufferingPolicy dataBufferingPolicy, StoredCredentials allowCredentials, ClientCrossOriginCredentialPolicy crossOriginCredentialPolicy, SecurityCheckPolicy securityCheck, ContentSecurityPolicyNonceCheck cspNonce)
: sendLoadCallbacks(sendLoadCallbacks)
, sniffContent(sniffContent)
, dataBufferingPolicy(dataBufferingPolicy)
, allowCredentials(allowCredentials)
, crossOriginCredentialPolicy(crossOriginCredentialPolicy)
, securityCheck(securityCheck)
+ , cspNonce(cspNonce)
{
}
SendCallbackPolicy sendLoadCallbacks;
@@ -77,6 +83,7 @@ struct ResourceLoaderOptions {
StoredCredentials allowCredentials; // Whether HTTP credentials and cookies are sent with the request.
ClientCrossOriginCredentialPolicy crossOriginCredentialPolicy; // Whether we will ask the client for credentials (if we allow credentials at all).
SecurityCheckPolicy securityCheck;
+ ContentSecurityPolicyNonceCheck cspNonce;
};
} // namespace WebCore
« Source/core/dom/ScriptElement.cpp ('K') | « Source/core/loader/ResourceLoader.cpp ('k') | Source/core/loader/cache/CachedResourceLoader.h » ('j') | Source/core/loader/cache/CachedResourceLoader.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698