OLD | NEW |
---|---|
1 /* | 1 /* |
2 * Copyright (C) 2011 Google, Inc. All rights reserved. | 2 * Copyright (C) 2011 Google, Inc. All rights reserved. |
3 * | 3 * |
4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
5 * modification, are permitted provided that the following conditions | 5 * modification, are permitted provided that the following conditions |
6 * are met: | 6 * are met: |
7 * 1. Redistributions of source code must retain the above copyright | 7 * 1. Redistributions of source code must retain the above copyright |
8 * notice, this list of conditions and the following disclaimer. | 8 * notice, this list of conditions and the following disclaimer. |
9 * 2. Redistributions in binary form must reproduce the above copyright | 9 * 2. Redistributions in binary form must reproduce the above copyright |
10 * notice, this list of conditions and the following disclaimer in the | 10 * notice, this list of conditions and the following disclaimer in the |
(...skipping 124 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
135 }; | 135 }; |
136 | 136 |
137 static ContentSecurityPolicy* create() | 137 static ContentSecurityPolicy* create() |
138 { | 138 { |
139 return new ContentSecurityPolicy(); | 139 return new ContentSecurityPolicy(); |
140 } | 140 } |
141 ~ContentSecurityPolicy(); | 141 ~ContentSecurityPolicy(); |
142 DECLARE_TRACE(); | 142 DECLARE_TRACE(); |
143 | 143 |
144 void bindToExecutionContext(ExecutionContext*); | 144 void bindToExecutionContext(ExecutionContext*); |
145 void setupSelf(const SecurityOrigin&); | |
145 void copyStateFrom(const ContentSecurityPolicy*); | 146 void copyStateFrom(const ContentSecurityPolicy*); |
146 void copyPluginTypesFrom(const ContentSecurityPolicy*); | 147 void copyPluginTypesFrom(const ContentSecurityPolicy*); |
147 | 148 |
148 void didReceiveHeaders(const ContentSecurityPolicyResponseHeaders&); | 149 void didReceiveHeaders(const ContentSecurityPolicyResponseHeaders&); |
149 void didReceiveHeader(const String&, ContentSecurityPolicyHeaderType, Conten tSecurityPolicyHeaderSource); | 150 void didReceiveHeader(const String&, ContentSecurityPolicyHeaderType, Conten tSecurityPolicyHeaderSource); |
151 void replicateHeader(const String&, ContentSecurityPolicyHeaderType, Content SecurityPolicyHeaderSource); | |
150 | 152 |
151 PassOwnPtr<Vector<CSPHeaderAndType>> headers() const; | 153 PassOwnPtr<Vector<CSPHeaderAndType>> headers() const; |
152 | 154 |
153 bool allowJavaScriptURLs(const String& contextURL, const WTF::OrdinalNumber& contextLine, ReportingStatus = SendReport) const; | 155 bool allowJavaScriptURLs(const String& contextURL, const WTF::OrdinalNumber& contextLine, ReportingStatus = SendReport) const; |
154 bool allowInlineEventHandler(const String& source, const String& contextURL, const WTF::OrdinalNumber& contextLine, ReportingStatus = SendReport) const; | 156 bool allowInlineEventHandler(const String& source, const String& contextURL, const WTF::OrdinalNumber& contextLine, ReportingStatus = SendReport) const; |
155 bool allowInlineScript(const String& contextURL, const WTF::OrdinalNumber& c ontextLine, const String& scriptContent, ReportingStatus = SendReport) const; | 157 bool allowInlineScript(const String& contextURL, const WTF::OrdinalNumber& c ontextLine, const String& scriptContent, ReportingStatus = SendReport) const; |
156 bool allowInlineStyle(const String& contextURL, const WTF::OrdinalNumber& co ntextLine, const String& styleContent, ReportingStatus = SendReport) const; | 158 bool allowInlineStyle(const String& contextURL, const WTF::OrdinalNumber& co ntextLine, const String& styleContent, ReportingStatus = SendReport) const; |
157 // When the reporting status is |SendReport|, the |ExceptionStatus| | 159 // When the reporting status is |SendReport|, the |ExceptionStatus| |
158 // should indicate whether the caller will throw a JavaScript | 160 // should indicate whether the caller will throw a JavaScript |
159 // exception in the event of a violation. When the caller will throw | 161 // exception in the event of a violation. When the caller will throw |
(...skipping 104 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
264 | 266 |
265 static bool isDirectiveName(const String&); | 267 static bool isDirectiveName(const String&); |
266 | 268 |
267 Document* document() const; | 269 Document* document() const; |
268 | 270 |
269 private: | 271 private: |
270 ContentSecurityPolicy(); | 272 ContentSecurityPolicy(); |
271 | 273 |
272 void applyPolicySideEffectsToExecutionContext(); | 274 void applyPolicySideEffectsToExecutionContext(); |
273 | 275 |
274 SecurityOrigin* getSecurityOrigin() const; | |
275 KURL completeURL(const String&) const; | 276 KURL completeURL(const String&) const; |
276 | 277 |
277 void logToConsole(const String& message, MessageLevel = ErrorMessageLevel); | 278 void logToConsole(const String& message, MessageLevel = ErrorMessageLevel); |
278 void addPolicyFromHeaderValue(const String&, ContentSecurityPolicyHeaderType , ContentSecurityPolicyHeaderSource); | 279 |
280 enum FrameLoaderClientNotificationStatus { | |
281 NotifyFrameLoaderClient, | |
282 DontNotifyFrameLoaderClient, | |
283 }; | |
284 void addPolicyFromHeaderValue(const String&, ContentSecurityPolicyHeaderType , ContentSecurityPolicyHeaderSource, FrameLoaderClientNotificationStatus = Notif yFrameLoaderClient); | |
alexmos
2016/05/12 22:37:25
Note that this enum might be useful more generally
Łukasz Anforowicz
2016/05/13 17:29:15
Acknowledged.
| |
279 | 285 |
280 bool shouldSendViolationReport(const String&) const; | 286 bool shouldSendViolationReport(const String&) const; |
281 void didSendViolationReport(const String&); | 287 void didSendViolationReport(const String&); |
282 | 288 |
283 Member<ExecutionContext> m_executionContext; | 289 Member<ExecutionContext> m_executionContext; |
284 bool m_overrideInlineStyleAllowed; | 290 bool m_overrideInlineStyleAllowed; |
285 CSPDirectiveListVector m_policies; | 291 CSPDirectiveListVector m_policies; |
286 ConsoleMessageVector m_consoleMessages; | 292 ConsoleMessageVector m_consoleMessages; |
287 | 293 |
288 HashSet<unsigned, AlreadyHashed> m_violationReportsSent; | 294 HashSet<unsigned, AlreadyHashed> m_violationReportsSent; |
(...skipping 12 matching lines...) Expand all Loading... | |
301 String m_disableEvalErrorMessage; | 307 String m_disableEvalErrorMessage; |
302 SecurityContext::InsecureRequestsPolicy m_insecureRequestsPolicy; | 308 SecurityContext::InsecureRequestsPolicy m_insecureRequestsPolicy; |
303 | 309 |
304 Member<CSPSource> m_selfSource; | 310 Member<CSPSource> m_selfSource; |
305 String m_selfProtocol; | 311 String m_selfProtocol; |
306 }; | 312 }; |
307 | 313 |
308 } // namespace blink | 314 } // namespace blink |
309 | 315 |
310 #endif | 316 #endif |
OLD | NEW |