OLD | NEW |
---|---|
1 /* | 1 /* |
2 * Copyright (C) 2011 Google, Inc. All rights reserved. | 2 * Copyright (C) 2011 Google, Inc. All rights reserved. |
3 * | 3 * |
4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
5 * modification, are permitted provided that the following conditions | 5 * modification, are permitted provided that the following conditions |
6 * are met: | 6 * are met: |
7 * 1. Redistributions of source code must retain the above copyright | 7 * 1. Redistributions of source code must retain the above copyright |
8 * notice, this list of conditions and the following disclaimer. | 8 * notice, this list of conditions and the following disclaimer. |
9 * 2. Redistributions in binary form must reproduce the above copyright | 9 * 2. Redistributions in binary form must reproduce the above copyright |
10 * notice, this list of conditions and the following disclaimer in the | 10 * notice, this list of conditions and the following disclaimer in the |
(...skipping 37 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
48 class OrdinalNumber; | 48 class OrdinalNumber; |
49 } | 49 } |
50 | 50 |
51 namespace blink { | 51 namespace blink { |
52 | 52 |
53 class ContentSecurityPolicyResponseHeaders; | 53 class ContentSecurityPolicyResponseHeaders; |
54 class ConsoleMessage; | 54 class ConsoleMessage; |
55 class CSPDirectiveList; | 55 class CSPDirectiveList; |
56 class CSPSource; | 56 class CSPSource; |
57 class Document; | 57 class Document; |
58 class FrameLoaderClient; | |
58 class KURL; | 59 class KURL; |
59 class ResourceRequest; | 60 class ResourceRequest; |
60 class SecurityOrigin; | 61 class SecurityOrigin; |
61 | 62 |
62 typedef int SandboxFlags; | 63 typedef int SandboxFlags; |
63 typedef HeapVector<Member<CSPDirectiveList>> CSPDirectiveListVector; | 64 typedef HeapVector<Member<CSPDirectiveList>> CSPDirectiveListVector; |
64 typedef HeapVector<Member<ConsoleMessage>> ConsoleMessageVector; | 65 typedef HeapVector<Member<ConsoleMessage>> ConsoleMessageVector; |
65 typedef std::pair<String, ContentSecurityPolicyHeaderType> CSPHeaderAndType; | 66 typedef std::pair<String, ContentSecurityPolicyHeaderType> CSPHeaderAndType; |
66 | 67 |
67 class CORE_EXPORT ContentSecurityPolicy : public GarbageCollectedFinalized<Conte ntSecurityPolicy> { | 68 class CORE_EXPORT ContentSecurityPolicy : public GarbageCollectedFinalized<Conte ntSecurityPolicy> { |
(...skipping 67 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
135 }; | 136 }; |
136 | 137 |
137 static ContentSecurityPolicy* create() | 138 static ContentSecurityPolicy* create() |
138 { | 139 { |
139 return new ContentSecurityPolicy(); | 140 return new ContentSecurityPolicy(); |
140 } | 141 } |
141 ~ContentSecurityPolicy(); | 142 ~ContentSecurityPolicy(); |
142 DECLARE_TRACE(); | 143 DECLARE_TRACE(); |
143 | 144 |
144 void bindToExecutionContext(ExecutionContext*); | 145 void bindToExecutionContext(ExecutionContext*); |
146 void setupSelf(const SecurityOrigin&); | |
145 void copyStateFrom(const ContentSecurityPolicy*); | 147 void copyStateFrom(const ContentSecurityPolicy*); |
146 void copyPluginTypesFrom(const ContentSecurityPolicy*); | 148 void copyPluginTypesFrom(const ContentSecurityPolicy*); |
147 | 149 |
148 void didReceiveHeaders(const ContentSecurityPolicyResponseHeaders&); | 150 void didReceiveHeaders(const ContentSecurityPolicyResponseHeaders&); |
149 void didReceiveHeader(const String&, ContentSecurityPolicyHeaderType, Conten tSecurityPolicyHeaderSource); | 151 void didReceiveHeader(const String&, ContentSecurityPolicyHeaderType, Conten tSecurityPolicyHeaderSource); |
152 void replicateHeader(const String&, ContentSecurityPolicyHeaderType, Content SecurityPolicyHeaderSource); | |
153 void reportAccumulatedHeaders(FrameLoaderClient*) const; | |
150 | 154 |
151 PassOwnPtr<Vector<CSPHeaderAndType>> headers() const; | 155 PassOwnPtr<Vector<CSPHeaderAndType>> headers() const; |
152 | 156 |
153 bool allowJavaScriptURLs(const String& contextURL, const WTF::OrdinalNumber& contextLine, ReportingStatus = SendReport) const; | 157 bool allowJavaScriptURLs(const String& contextURL, const WTF::OrdinalNumber& contextLine, ReportingStatus = SendReport) const; |
154 bool allowInlineEventHandler(const String& source, const String& contextURL, const WTF::OrdinalNumber& contextLine, ReportingStatus = SendReport) const; | 158 bool allowInlineEventHandler(const String& source, const String& contextURL, const WTF::OrdinalNumber& contextLine, ReportingStatus = SendReport) const; |
155 bool allowInlineScript(const String& contextURL, const WTF::OrdinalNumber& c ontextLine, const String& scriptContent, ReportingStatus = SendReport) const; | 159 bool allowInlineScript(const String& contextURL, const WTF::OrdinalNumber& c ontextLine, const String& scriptContent, ReportingStatus = SendReport) const; |
156 bool allowInlineStyle(const String& contextURL, const WTF::OrdinalNumber& co ntextLine, const String& styleContent, ReportingStatus = SendReport) const; | 160 bool allowInlineStyle(const String& contextURL, const WTF::OrdinalNumber& co ntextLine, const String& styleContent, ReportingStatus = SendReport) const; |
157 // When the reporting status is |SendReport|, the |ExceptionStatus| | 161 // When the reporting status is |SendReport|, the |ExceptionStatus| |
158 // should indicate whether the caller will throw a JavaScript | 162 // should indicate whether the caller will throw a JavaScript |
159 // exception in the event of a violation. When the caller will throw | 163 // exception in the event of a violation. When the caller will throw |
(...skipping 104 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
264 | 268 |
265 static bool isDirectiveName(const String&); | 269 static bool isDirectiveName(const String&); |
266 | 270 |
267 Document* document() const; | 271 Document* document() const; |
268 | 272 |
269 private: | 273 private: |
270 ContentSecurityPolicy(); | 274 ContentSecurityPolicy(); |
271 | 275 |
272 void applyPolicySideEffectsToExecutionContext(); | 276 void applyPolicySideEffectsToExecutionContext(); |
273 | 277 |
274 SecurityOrigin* getSecurityOrigin() const; | |
275 KURL completeURL(const String&) const; | 278 KURL completeURL(const String&) const; |
276 | 279 |
277 void logToConsole(const String& message, MessageLevel = ErrorMessageLevel); | 280 void logToConsole(const String& message, MessageLevel = ErrorMessageLevel); |
278 void addPolicyFromHeaderValue(const String&, ContentSecurityPolicyHeaderType , ContentSecurityPolicyHeaderSource); | 281 |
282 FrameLoaderClient* frameLoaderClient() const; | |
283 enum FrameLoaderClientNotificationAction { | |
dcheng
2016/05/17 05:57:15
This enum is quite a mouthful. Since the replicati
Łukasz Anforowicz
2016/05/17 17:01:23
Done.
After the changes the check "if this is a r
| |
284 NotifyFrameLoaderClient, | |
285 DontNotifyFrameLoaderClient, | |
286 }; | |
287 void addPolicyFromHeaderValue(const String&, ContentSecurityPolicyHeaderType , ContentSecurityPolicyHeaderSource, FrameLoaderClientNotificationAction = Notif yFrameLoaderClient); | |
279 | 288 |
280 bool shouldSendViolationReport(const String&) const; | 289 bool shouldSendViolationReport(const String&) const; |
281 void didSendViolationReport(const String&); | 290 void didSendViolationReport(const String&); |
282 | 291 |
283 Member<ExecutionContext> m_executionContext; | 292 Member<ExecutionContext> m_executionContext; |
284 bool m_overrideInlineStyleAllowed; | 293 bool m_overrideInlineStyleAllowed; |
285 CSPDirectiveListVector m_policies; | 294 CSPDirectiveListVector m_policies; |
286 ConsoleMessageVector m_consoleMessages; | 295 ConsoleMessageVector m_consoleMessages; |
287 | 296 |
288 HashSet<unsigned, AlreadyHashed> m_violationReportsSent; | 297 HashSet<unsigned, AlreadyHashed> m_violationReportsSent; |
(...skipping 12 matching lines...) Expand all Loading... | |
301 String m_disableEvalErrorMessage; | 310 String m_disableEvalErrorMessage; |
302 SecurityContext::InsecureRequestsPolicy m_insecureRequestsPolicy; | 311 SecurityContext::InsecureRequestsPolicy m_insecureRequestsPolicy; |
303 | 312 |
304 Member<CSPSource> m_selfSource; | 313 Member<CSPSource> m_selfSource; |
305 String m_selfProtocol; | 314 String m_selfProtocol; |
306 }; | 315 }; |
307 | 316 |
308 } // namespace blink | 317 } // namespace blink |
309 | 318 |
310 #endif | 319 #endif |
OLD | NEW |