Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(185)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.h

Issue 1957783002: Replicate Content-Security-Policy into remote frame proxies. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 4 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« third_party/WebKit/Source/core/dom/RemoteSecurityContext.cpp ('K') | « third_party/WebKit/Source/core/dom/RemoteSecurityContext.cpp ('k') | third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp » ('j') | third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 2011 Google, Inc. All rights reserved. 2 * Copyright (C) 2011 Google, Inc. All rights reserved.
3 * 3 *
4 * Redistribution and use in source and binary forms, with or without 4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions 5 * modification, are permitted provided that the following conditions
6 * are met: 6 * are met:
7 * 1. Redistributions of source code must retain the above copyright 7 * 1. Redistributions of source code must retain the above copyright
8 * notice, this list of conditions and the following disclaimer. 8 * notice, this list of conditions and the following disclaimer.
9 * 2. Redistributions in binary form must reproduce the above copyright 9 * 2. Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the 10 * notice, this list of conditions and the following disclaimer in the
(...skipping 124 matching lines...) Expand 10 before | Expand all | Expand 10 after
135 }; 135 };
136 136
137 static ContentSecurityPolicy* create() 137 static ContentSecurityPolicy* create()
138 { 138 {
139 return new ContentSecurityPolicy(); 139 return new ContentSecurityPolicy();
140 } 140 }
141 ~ContentSecurityPolicy(); 141 ~ContentSecurityPolicy();
142 DECLARE_TRACE(); 142 DECLARE_TRACE();
143 143
144 void bindToExecutionContext(ExecutionContext*); 144 void bindToExecutionContext(ExecutionContext*);
145 void bindToSecurityOrigin(const SecurityOrigin&);
145 void copyStateFrom(const ContentSecurityPolicy*); 146 void copyStateFrom(const ContentSecurityPolicy*);
146 void copyPluginTypesFrom(const ContentSecurityPolicy*); 147 void copyPluginTypesFrom(const ContentSecurityPolicy*);
147 148
148 void didReceiveHeaders(const ContentSecurityPolicyResponseHeaders&); 149 void didReceiveHeaders(const ContentSecurityPolicyResponseHeaders&);
149 void didReceiveHeader(const String&, ContentSecurityPolicyHeaderType, Conten tSecurityPolicyHeaderSource); 150 void didReceiveHeader(const String&, ContentSecurityPolicyHeaderType, Conten tSecurityPolicyHeaderSource);
151 void replicateHeader(const String&, ContentSecurityPolicyHeaderType, Content SecurityPolicyHeaderSource);
150 152
151 PassOwnPtr<Vector<CSPHeaderAndType>> headers() const; 153 PassOwnPtr<Vector<CSPHeaderAndType>> headers() const;
152 154
153 bool allowJavaScriptURLs(const String& contextURL, const WTF::OrdinalNumber& contextLine, ReportingStatus = SendReport) const; 155 bool allowJavaScriptURLs(const String& contextURL, const WTF::OrdinalNumber& contextLine, ReportingStatus = SendReport) const;
154 bool allowInlineEventHandler(const String& source, const String& contextURL, const WTF::OrdinalNumber& contextLine, ReportingStatus = SendReport) const; 156 bool allowInlineEventHandler(const String& source, const String& contextURL, const WTF::OrdinalNumber& contextLine, ReportingStatus = SendReport) const;
155 bool allowInlineScript(const String& contextURL, const WTF::OrdinalNumber& c ontextLine, const String& scriptContent, ReportingStatus = SendReport) const; 157 bool allowInlineScript(const String& contextURL, const WTF::OrdinalNumber& c ontextLine, const String& scriptContent, ReportingStatus = SendReport) const;
156 bool allowInlineStyle(const String& contextURL, const WTF::OrdinalNumber& co ntextLine, const String& styleContent, ReportingStatus = SendReport) const; 158 bool allowInlineStyle(const String& contextURL, const WTF::OrdinalNumber& co ntextLine, const String& styleContent, ReportingStatus = SendReport) const;
157 // When the reporting status is |SendReport|, the |ExceptionStatus| 159 // When the reporting status is |SendReport|, the |ExceptionStatus|
158 // should indicate whether the caller will throw a JavaScript 160 // should indicate whether the caller will throw a JavaScript
159 // exception in the event of a violation. When the caller will throw 161 // exception in the event of a violation. When the caller will throw
(...skipping 104 matching lines...) Expand 10 before | Expand all | Expand 10 after
264 266
265 static bool isDirectiveName(const String&); 267 static bool isDirectiveName(const String&);
266 268
267 Document* document() const; 269 Document* document() const;
268 270
269 private: 271 private:
270 ContentSecurityPolicy(); 272 ContentSecurityPolicy();
271 273
272 void applyPolicySideEffectsToExecutionContext(); 274 void applyPolicySideEffectsToExecutionContext();
273 275
274 SecurityOrigin* getSecurityOrigin() const;
275 KURL completeURL(const String&) const; 276 KURL completeURL(const String&) const;
276 277
277 void logToConsole(const String& message, MessageLevel = ErrorMessageLevel); 278 void logToConsole(const String& message, MessageLevel = ErrorMessageLevel);
278 void addPolicyFromHeaderValue(const String&, ContentSecurityPolicyHeaderType , ContentSecurityPolicyHeaderSource); 279 void addPolicyFromHeaderValue(const String&, ContentSecurityPolicyHeaderType , ContentSecurityPolicyHeaderSource, bool notifyFrameLoaderClient = true);
Mike West 2016/05/11 06:21:04 Nit: Prefer a meaningfully named enum to a bool.
Łukasz Anforowicz 2016/05/11 23:14:48 Done.
279 280
280 bool shouldSendViolationReport(const String&) const; 281 bool shouldSendViolationReport(const String&) const;
281 void didSendViolationReport(const String&); 282 void didSendViolationReport(const String&);
282 283
283 Member<ExecutionContext> m_executionContext; 284 Member<ExecutionContext> m_executionContext;
284 bool m_overrideInlineStyleAllowed; 285 bool m_overrideInlineStyleAllowed;
285 CSPDirectiveListVector m_policies; 286 CSPDirectiveListVector m_policies;
286 ConsoleMessageVector m_consoleMessages; 287 ConsoleMessageVector m_consoleMessages;
287 288
288 HashSet<unsigned, AlreadyHashed> m_violationReportsSent; 289 HashSet<unsigned, AlreadyHashed> m_violationReportsSent;
(...skipping 12 matching lines...) Expand all
301 String m_disableEvalErrorMessage; 302 String m_disableEvalErrorMessage;
302 SecurityContext::InsecureRequestsPolicy m_insecureRequestsPolicy; 303 SecurityContext::InsecureRequestsPolicy m_insecureRequestsPolicy;
303 304
304 Member<CSPSource> m_selfSource; 305 Member<CSPSource> m_selfSource;
305 String m_selfProtocol; 306 String m_selfProtocol;
306 }; 307 };
307 308
308 } // namespace blink 309 } // namespace blink
309 310
310 #endif 311 #endif
OLDNEW
« third_party/WebKit/Source/core/dom/RemoteSecurityContext.cpp ('K') | « third_party/WebKit/Source/core/dom/RemoteSecurityContext.cpp ('k') | third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp » ('j') | third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp » ('J')

Powered by Google App Engine
This is Rietveld 408576698