OLD | NEW |
1 /* | 1 /* |
2 * Copyright (C) 2011 Google, Inc. All rights reserved. | 2 * Copyright (C) 2011 Google, Inc. All rights reserved. |
3 * | 3 * |
4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
5 * modification, are permitted provided that the following conditions | 5 * modification, are permitted provided that the following conditions |
6 * are met: | 6 * are met: |
7 * 1. Redistributions of source code must retain the above copyright | 7 * 1. Redistributions of source code must retain the above copyright |
8 * notice, this list of conditions and the following disclaimer. | 8 * notice, this list of conditions and the following disclaimer. |
9 * 2. Redistributions in binary form must reproduce the above copyright | 9 * 2. Redistributions in binary form must reproduce the above copyright |
10 * notice, this list of conditions and the following disclaimer in the | 10 * notice, this list of conditions and the following disclaimer in the |
(...skipping 88 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
99 // https://w3c.github.io/webappsec/specs/mixedcontent/#strict-mode | 99 // https://w3c.github.io/webappsec/specs/mixedcontent/#strict-mode |
100 static const char BlockAllMixedContent[]; | 100 static const char BlockAllMixedContent[]; |
101 | 101 |
102 // https://w3c.github.io/webappsec/specs/upgrade/ | 102 // https://w3c.github.io/webappsec/specs/upgrade/ |
103 static const char UpgradeInsecureRequests[]; | 103 static const char UpgradeInsecureRequests[]; |
104 | 104 |
105 // Suborigin Directive | 105 // Suborigin Directive |
106 // https://metromoxie.github.io/webappsec/specs/suborigins/index.html | 106 // https://metromoxie.github.io/webappsec/specs/suborigins/index.html |
107 static const char Suborigin[]; | 107 static const char Suborigin[]; |
108 | 108 |
| 109 // https://mikewest.github.io/cors-rfc1918/#csp |
| 110 static const char TreatAsPublicAddress[]; |
| 111 |
109 enum ReportingStatus { | 112 enum ReportingStatus { |
110 SendReport, | 113 SendReport, |
111 SuppressReport | 114 SuppressReport |
112 }; | 115 }; |
113 | 116 |
114 // When a resource is loaded after a redirect, source paths are | 117 // When a resource is loaded after a redirect, source paths are |
115 // ignored in the matching algorithm. | 118 // ignored in the matching algorithm. |
116 enum RedirectStatus { | 119 enum RedirectStatus { |
117 DidRedirect, | 120 DidRedirect, |
118 DidNotRedirect | 121 DidNotRedirect |
(...skipping 121 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
240 // passed in, the report will be sent via this object's |m_executionContext|
(or dropped | 243 // passed in, the report will be sent via this object's |m_executionContext|
(or dropped |
241 // on the floor if no such context is available). | 244 // on the floor if no such context is available). |
242 void reportViolation(const String& directiveText, const String& effectiveDir
ective, const String& consoleMessage, const KURL& blockedURL, const Vector<Strin
g>& reportEndpoints, const String& header, ViolationType, LocalFrame* = nullptr)
; | 245 void reportViolation(const String& directiveText, const String& effectiveDir
ective, const String& consoleMessage, const KURL& blockedURL, const Vector<Strin
g>& reportEndpoints, const String& header, ViolationType, LocalFrame* = nullptr)
; |
243 | 246 |
244 void reportBlockedScriptExecutionToInspector(const String& directiveText) co
nst; | 247 void reportBlockedScriptExecutionToInspector(const String& directiveText) co
nst; |
245 | 248 |
246 const KURL url() const; | 249 const KURL url() const; |
247 void enforceSandboxFlags(SandboxFlags); | 250 void enforceSandboxFlags(SandboxFlags); |
248 void enforceSuborigin(const String&); | 251 void enforceSuborigin(const String&); |
249 void enforceStrictMixedContentChecking(); | 252 void enforceStrictMixedContentChecking(); |
| 253 void treatAsPublicAddress(); |
250 String evalDisabledErrorMessage() const; | 254 String evalDisabledErrorMessage() const; |
251 | 255 |
252 void setInsecureRequestsPolicy(SecurityContext::InsecureRequestsPolicy); | 256 void setInsecureRequestsPolicy(SecurityContext::InsecureRequestsPolicy); |
253 SecurityContext::InsecureRequestsPolicy getInsecureRequestsPolicy() const {
return m_insecureRequestsPolicy; } | 257 SecurityContext::InsecureRequestsPolicy getInsecureRequestsPolicy() const {
return m_insecureRequestsPolicy; } |
254 | 258 |
255 bool urlMatchesSelf(const KURL&) const; | 259 bool urlMatchesSelf(const KURL&) const; |
256 bool protocolMatchesSelf(const KURL&) const; | 260 bool protocolMatchesSelf(const KURL&) const; |
257 bool selfMatchesInnerURL() const; | 261 bool selfMatchesInnerURL() const; |
258 | 262 |
259 bool experimentalFeaturesEnabled() const; | 263 bool experimentalFeaturesEnabled() const; |
(...skipping 40 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
300 // to calculate a hash once and then distribute it to all of the directives | 304 // to calculate a hash once and then distribute it to all of the directives |
301 // for validation. | 305 // for validation. |
302 uint8_t m_scriptHashAlgorithmsUsed; | 306 uint8_t m_scriptHashAlgorithmsUsed; |
303 uint8_t m_styleHashAlgorithmsUsed; | 307 uint8_t m_styleHashAlgorithmsUsed; |
304 | 308 |
305 // State flags used to configure the environment after parsing a policy. | 309 // State flags used to configure the environment after parsing a policy. |
306 SandboxFlags m_sandboxMask; | 310 SandboxFlags m_sandboxMask; |
307 String m_suboriginName; | 311 String m_suboriginName; |
308 bool m_enforceStrictMixedContentChecking; | 312 bool m_enforceStrictMixedContentChecking; |
309 ReferrerPolicy m_referrerPolicy; | 313 ReferrerPolicy m_referrerPolicy; |
| 314 bool m_treatAsPublicAddress; |
310 String m_disableEvalErrorMessage; | 315 String m_disableEvalErrorMessage; |
311 SecurityContext::InsecureRequestsPolicy m_insecureRequestsPolicy; | 316 SecurityContext::InsecureRequestsPolicy m_insecureRequestsPolicy; |
312 | 317 |
313 OwnPtr<CSPSource> m_selfSource; | 318 OwnPtr<CSPSource> m_selfSource; |
314 String m_selfProtocol; | 319 String m_selfProtocol; |
315 }; | 320 }; |
316 | 321 |
317 } // namespace blink | 322 } // namespace blink |
318 | 323 |
319 #endif | 324 #endif |
OLD | NEW |