Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(90)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.h

Issue 2002003002: Generate CSP violation reports for 'block-all-mixed-content' (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 4 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« third_party/WebKit/LayoutTests/http/tests/security/mixedContent/strict-mode-image-blocked.https.html ('K') | « third_party/WebKit/LayoutTests/http/tests/security/mixedContent/strict-mode-image-blocked.https-expected.txt ('k') | third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.cpp » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef CSPDirectiveList_h 5 #ifndef CSPDirectiveList_h
6 #define CSPDirectiveList_h 6 #define CSPDirectiveList_h
7 7
8 #include "core/fetch/Resource.h" 8 #include "core/fetch/Resource.h"
9 #include "core/frame/csp/ContentSecurityPolicy.h" 9 #include "core/frame/csp/ContentSecurityPolicy.h"
10 #include "core/frame/csp/MediaListDirective.h" 10 #include "core/frame/csp/MediaListDirective.h"
(...skipping 47 matching lines...) Expand 10 before | Expand all | Expand 10 after
58 // request was redirected, but this is not a concern for ancestors, 58 // request was redirected, but this is not a concern for ancestors,
59 // because a child frame can't manipulate the URL of a cross-origin 59 // because a child frame can't manipulate the URL of a cross-origin
60 // parent. 60 // parent.
61 bool allowAncestors(LocalFrame*, const KURL&, ContentSecurityPolicy::Reporti ngStatus) const; 61 bool allowAncestors(LocalFrame*, const KURL&, ContentSecurityPolicy::Reporti ngStatus) const;
62 bool allowScriptNonce(const String&) const; 62 bool allowScriptNonce(const String&) const;
63 bool allowStyleNonce(const String&) const; 63 bool allowStyleNonce(const String&) const;
64 bool allowScriptHash(const CSPHashValue&, ContentSecurityPolicy::InlineType) const; 64 bool allowScriptHash(const CSPHashValue&, ContentSecurityPolicy::InlineType) const;
65 bool allowStyleHash(const CSPHashValue&, ContentSecurityPolicy::InlineType) const; 65 bool allowStyleHash(const CSPHashValue&, ContentSecurityPolicy::InlineType) const;
66 bool allowDynamic() const; 66 bool allowDynamic() const;
67 67
68 bool strictMixedContentChecking() const { return m_strictMixedContentCheckin gEnforced; }
69 void reportMixedContent(const KURL& mixedURL) const;
70
68 const String& evalDisabledErrorMessage() const { return m_evalDisabledErrorM essage; } 71 const String& evalDisabledErrorMessage() const { return m_evalDisabledErrorM essage; }
69 ReflectedXSSDisposition getReflectedXSSDisposition() const { return m_reflec tedXSSDisposition; } 72 ReflectedXSSDisposition getReflectedXSSDisposition() const { return m_reflec tedXSSDisposition; }
70 ReferrerPolicy getReferrerPolicy() const { return m_referrerPolicy; } 73 ReferrerPolicy getReferrerPolicy() const { return m_referrerPolicy; }
71 bool didSetReferrerPolicy() const { return m_didSetReferrerPolicy; } 74 bool didSetReferrerPolicy() const { return m_didSetReferrerPolicy; }
72 bool isReportOnly() const { return m_reportOnly; } 75 bool isReportOnly() const { return m_reportOnly; }
73 const Vector<String>& reportEndpoints() const { return m_reportEndpoints; } 76 const Vector<String>& reportEndpoints() const { return m_reportEndpoints; }
74 bool isFrameAncestorsEnforced() const { return m_frameAncestors.get() && !m_ reportOnly; } 77 bool isFrameAncestorsEnforced() const { return m_frameAncestors.get() && !m_ reportOnly; }
75 78
76 // Used to copy plugin-types into a plugin document in a nested 79 // Used to copy plugin-types into a plugin document in a nested
77 // browsing context. 80 // browsing context.
(...skipping 84 matching lines...) Expand 10 before | Expand all | Expand 10 after
162 Member<SourceListDirective> m_styleSrc; 165 Member<SourceListDirective> m_styleSrc;
163 166
164 Vector<String> m_reportEndpoints; 167 Vector<String> m_reportEndpoints;
165 168
166 String m_evalDisabledErrorMessage; 169 String m_evalDisabledErrorMessage;
167 }; 170 };
168 171
169 } // namespace blink 172 } // namespace blink
170 173
171 #endif 174 #endif
OLDNEW
« third_party/WebKit/LayoutTests/http/tests/security/mixedContent/strict-mode-image-blocked.https.html ('K') | « third_party/WebKit/LayoutTests/http/tests/security/mixedContent/strict-mode-image-blocked.https-expected.txt ('k') | third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.cpp » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698