| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2006 Alexey Proskuryakov (ap@webkit.org) | 2 * Copyright (C) 2006 Alexey Proskuryakov (ap@webkit.org) |
| 3 * Copyright (C) 2009 Google Inc. All rights reserved. | 3 * Copyright (C) 2009 Google Inc. All rights reserved. |
| 4 * Copyright (C) 2011 Apple Inc. All Rights Reserved. | 4 * Copyright (C) 2011 Apple Inc. All Rights Reserved. |
| 5 * | 5 * |
| 6 * Redistribution and use in source and binary forms, with or without | 6 * Redistribution and use in source and binary forms, with or without |
| 7 * modification, are permitted provided that the following conditions | 7 * modification, are permitted provided that the following conditions |
| 8 * are met: | 8 * are met: |
| 9 * | 9 * |
| 10 * 1. Redistributions of source code must retain the above copyright | 10 * 1. Redistributions of source code must retain the above copyright |
| (...skipping 36 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 47 ContentDispositionInline, | 47 ContentDispositionInline, |
| 48 ContentDispositionAttachment, | 48 ContentDispositionAttachment, |
| 49 ContentDispositionOther | 49 ContentDispositionOther |
| 50 } ContentDispositionType; | 50 } ContentDispositionType; |
| 51 | 51 |
| 52 enum ContentTypeOptionsDisposition { | 52 enum ContentTypeOptionsDisposition { |
| 53 ContentTypeOptionsNone, | 53 ContentTypeOptionsNone, |
| 54 ContentTypeOptionsNosniff | 54 ContentTypeOptionsNosniff |
| 55 }; | 55 }; |
| 56 | 56 |
| 57 enum XFrameOptionsDisposition { | |
| 58 XFrameOptionsInvalid, | |
| 59 XFrameOptionsDeny, | |
| 60 XFrameOptionsSameOrigin, | |
| 61 XFrameOptionsAllowAll, | |
| 62 XFrameOptionsConflict | |
| 63 }; | |
| 64 | |
| 65 // Be sure to update the behavior of XSSAuditor::combineXSSProtectionHeaderAndCS
P whenever you change this enum's content or ordering. | 57 // Be sure to update the behavior of XSSAuditor::combineXSSProtectionHeaderAndCS
P whenever you change this enum's content or ordering. |
| 66 enum ReflectedXSSDisposition { | 58 enum ReflectedXSSDisposition { |
| 67 ReflectedXSSUnset = 0, | 59 ReflectedXSSUnset = 0, |
| 68 AllowReflectedXSS, | 60 AllowReflectedXSS, |
| 69 ReflectedXSSInvalid, | 61 ReflectedXSSInvalid, |
| 70 FilterReflectedXSS, | 62 FilterReflectedXSS, |
| 71 BlockReflectedXSS | 63 BlockReflectedXSS |
| 72 }; | 64 }; |
| 73 | 65 |
| 74 using CommaDelimitedHeaderSet = HashSet<String, CaseFoldingHash>; | 66 using CommaDelimitedHeaderSet = HashSet<String, CaseFoldingHash>; |
| (...skipping 27 matching lines...) Expand all Loading... |
| 102 | 94 |
| 103 // Given a Media Type (like "foo/bar; baz=gazonk" - usually from the | 95 // Given a Media Type (like "foo/bar; baz=gazonk" - usually from the |
| 104 // 'Content-Type' HTTP header), extract and return the "type/subtype" portion | 96 // 'Content-Type' HTTP header), extract and return the "type/subtype" portion |
| 105 // ("foo/bar"). | 97 // ("foo/bar"). |
| 106 // Note: This function does not in any way check that the "type/subtype" pair | 98 // Note: This function does not in any way check that the "type/subtype" pair |
| 107 // is well-formed. | 99 // is well-formed. |
| 108 PLATFORM_EXPORT AtomicString extractMIMETypeFromMediaType(const AtomicString&); | 100 PLATFORM_EXPORT AtomicString extractMIMETypeFromMediaType(const AtomicString&); |
| 109 PLATFORM_EXPORT String extractCharsetFromMediaType(const String&); | 101 PLATFORM_EXPORT String extractCharsetFromMediaType(const String&); |
| 110 PLATFORM_EXPORT void findCharsetInMediaType(const String& mediaType, unsigned& c
harsetPos, unsigned& charsetLen, unsigned start = 0); | 102 PLATFORM_EXPORT void findCharsetInMediaType(const String& mediaType, unsigned& c
harsetPos, unsigned& charsetLen, unsigned start = 0); |
| 111 PLATFORM_EXPORT ReflectedXSSDisposition parseXSSProtectionHeader(const String& h
eader, String& failureReason, unsigned& failurePosition, String& reportURL); | 103 PLATFORM_EXPORT ReflectedXSSDisposition parseXSSProtectionHeader(const String& h
eader, String& failureReason, unsigned& failurePosition, String& reportURL); |
| 112 PLATFORM_EXPORT XFrameOptionsDisposition parseXFrameOptionsHeader(const String&)
; | |
| 113 PLATFORM_EXPORT CacheControlHeader parseCacheControlDirectives(const AtomicStrin
g& cacheControlHeader, const AtomicString& pragmaHeader); | 104 PLATFORM_EXPORT CacheControlHeader parseCacheControlDirectives(const AtomicStrin
g& cacheControlHeader, const AtomicString& pragmaHeader); |
| 114 PLATFORM_EXPORT void parseCommaDelimitedHeader(const String& headerValue, CommaD
elimitedHeaderSet&); | 105 PLATFORM_EXPORT void parseCommaDelimitedHeader(const String& headerValue, CommaD
elimitedHeaderSet&); |
| 115 // Returns true on success, otherwise false. The Suborigin argument must be a | 106 // Returns true on success, otherwise false. The Suborigin argument must be a |
| 116 // non-null return argument. |messages| is a list of messages based on any | 107 // non-null return argument. |messages| is a list of messages based on any |
| 117 // parse warnings or errors. Even if parseSuboriginHeader returns true, there | 108 // parse warnings or errors. Even if parseSuboriginHeader returns true, there |
| 118 // may be Strings in |messages|. | 109 // may be Strings in |messages|. |
| 119 PLATFORM_EXPORT bool parseSuboriginHeader(const String& header, Suborigin*, WTF:
:Vector<String>& messages); | 110 PLATFORM_EXPORT bool parseSuboriginHeader(const String& header, Suborigin*, WTF:
:Vector<String>& messages); |
| 120 | 111 |
| 121 PLATFORM_EXPORT ContentTypeOptionsDisposition parseContentTypeOptionsHeader(cons
t String& header); | 112 PLATFORM_EXPORT ContentTypeOptionsDisposition parseContentTypeOptionsHeader(cons
t String& header); |
| 122 | 113 |
| 123 } // namespace blink | 114 } // namespace blink |
| 124 | 115 |
| 125 #endif | 116 #endif |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1617043002:
Introduce AncestorThrottle, which will process 'X-Frame-Options' headers. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@block-response