Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1361)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: Source/core/loader/ResourceLoaderOptions.h

Issue 14949017: Implementation of W3C compliant CSP script-src nonce. (Closed) Base URL: https://chromium.googlesource.com/chromium/blink.git@master
Patch Set: Factored script nonce checks to point of resource request creation, plus nits from Adam Created 7 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« Source/core/dom/ScriptElement.cpp ('K') | « Source/core/loader/ResourceLoader.cpp ('k') | Source/core/loader/cache/CachedResourceLoader.h » ('j') | Source/core/loader/cache/CachedResourceLoader.cpp » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: Source/core/loader/ResourceLoaderOptions.h
diff --git a/Source/core/loader/ResourceLoaderOptions.h b/Source/core/loader/ResourceLoaderOptions.h
index 88c1fc0359cdef2bae1674142450b74e0bc8cfd5..d45972ff7e5081ca24dc4407ac39d7ae9666a385 100644
--- a/Source/core/loader/ResourceLoaderOptions.h
+++ b/Source/core/loader/ResourceLoaderOptions.h
@@ -60,6 +60,11 @@ enum SecurityCheckPolicy {
DoSecurityCheck
};
+enum ContentSecurityPolicyCheck {
+ CheckContentSecurityPolicy,
+ DoNotCheckContentSecurityPolicy
+};
+
struct ResourceLoaderOptions {
ResourceLoaderOptions()
: sendLoadCallbacks(DoNotSendCallbacks)
@@ -68,7 +73,8 @@ struct ResourceLoaderOptions {
, allowCredentials(DoNotAllowStoredCredentials)
, credentialsRequested(ClientDidNotRequestCredentials)
, crossOriginCredentialPolicy(DoNotAskClientForCrossOriginCredentials)
- , securityCheck(DoSecurityCheck) { }
+ , securityCheck(DoSecurityCheck)
+ , cspCheck(CheckContentSecurityPolicy) { }
ResourceLoaderOptions(
SendCallbackPolicy sendLoadCallbacks,
@@ -77,7 +83,8 @@ struct ResourceLoaderOptions {
StoredCredentials allowCredentials,
CredentialRequest credentialsRequested,
ClientCrossOriginCredentialPolicy crossOriginCredentialPolicy,
- SecurityCheckPolicy securityCheck)
+ SecurityCheckPolicy securityCheck,
+ ContentSecurityPolicyCheck cspCheck)
: sendLoadCallbacks(sendLoadCallbacks)
, sniffContent(sniffContent)
, dataBufferingPolicy(dataBufferingPolicy)
@@ -85,6 +92,7 @@ struct ResourceLoaderOptions {
, credentialsRequested(credentialsRequested)
, crossOriginCredentialPolicy(crossOriginCredentialPolicy)
, securityCheck(securityCheck)
+ , cspCheck(cspCheck)
{
}
SendCallbackPolicy sendLoadCallbacks;
@@ -94,6 +102,7 @@ struct ResourceLoaderOptions {
CredentialRequest credentialsRequested; // Whether the client (e.g. XHR) wanted credentials in the first place.
ClientCrossOriginCredentialPolicy crossOriginCredentialPolicy; // Whether we will ask the client for credentials (if we allow credentials at all).
SecurityCheckPolicy securityCheck;
+ ContentSecurityPolicyCheck cspCheck;
abarth-chromium 2013/05/16 21:09:16 cspCheck -> contentSecurityPolicyOption We prefer
jww 2013/05/16 21:37:46 Done.
};
} // namespace WebCore
« Source/core/dom/ScriptElement.cpp ('K') | « Source/core/loader/ResourceLoader.cpp ('k') | Source/core/loader/cache/CachedResourceLoader.h » ('j') | Source/core/loader/cache/CachedResourceLoader.cpp » ('J')

Powered by Google App Engine
This is Rietveld 408576698