CORS-RFC1918: Introduce 'treat-as-public-address' CSP directive

third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.h

 /*
  * Copyright (C) 2011 Google, Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
@@ skipping 88 matching lines @@
     // https://w3c.github.io/webappsec/specs/mixedcontent/#strict-mode
     static const char BlockAllMixedContent[];
 
     // https://w3c.github.io/webappsec/specs/upgrade/
     static const char UpgradeInsecureRequests[];
 
     // Suborigin Directive
     // https://metromoxie.github.io/webappsec/specs/suborigins/index.html
     static const char Suborigin[];
 
+    // https://mikewest.github.io/cors-rfc1918/#csp
+    static const char TreatAsPublicAddress[];
+
     enum ReportingStatus {
         SendReport,
         SuppressReport
     };
 
     // When a resource is loaded after a redirect, source paths are
     // ignored in the matching algorithm.
     enum RedirectStatus {
         DidRedirect,
         DidNotRedirect
@@ skipping 121 matching lines @@
     // passed in, the report will be sent via this object's |m_executionContext| (or dropped
     // on the floor if no such context is available).
     void reportViolation(const String& directiveText, const String& effectiveDirective, const String& consoleMessage, const KURL& blockedURL, const Vector<String>& reportEndpoints, const String& header, ViolationType, LocalFrame* = nullptr);
 
     void reportBlockedScriptExecutionToInspector(const String& directiveText) const;
 
     const KURL url() const;
     void enforceSandboxFlags(SandboxFlags);
     void enforceSuborigin(const String&);
     void enforceStrictMixedContentChecking();
+    void treatAsPublicAddress();
     String evalDisabledErrorMessage() const;
 
     void setInsecureRequestsPolicy(SecurityContext::InsecureRequestsPolicy);
     SecurityContext::InsecureRequestsPolicy getInsecureRequestsPolicy() const { return m_insecureRequestsPolicy; }
 
     bool urlMatchesSelf(const KURL&) const;
     bool protocolMatchesSelf(const KURL&) const;
     bool selfMatchesInnerURL() const;
 
     bool experimentalFeaturesEnabled() const;
@@ skipping 40 matching lines @@
     // to calculate a hash once and then distribute it to all of the directives
     // for validation.
     uint8_t m_scriptHashAlgorithmsUsed;
     uint8_t m_styleHashAlgorithmsUsed;
 
     // State flags used to configure the environment after parsing a policy.
     SandboxFlags m_sandboxMask;
     String m_suboriginName;
     bool m_enforceStrictMixedContentChecking;
     ReferrerPolicy m_referrerPolicy;
+    bool m_treatAsPublicAddress;
     String m_disableEvalErrorMessage;
     SecurityContext::InsecureRequestsPolicy m_insecureRequestsPolicy;
 
     OwnPtr<CSPSource> m_selfSource;
     String m_selfProtocol;
 };
 
 } // namespace blink
 
 #endif