| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef CSPDirectiveList_h | 5 #ifndef CSPDirectiveList_h |
| 6 #define CSPDirectiveList_h | 6 #define CSPDirectiveList_h |
| 7 | 7 |
| 8 #include "core/fetch/Resource.h" | 8 #include "core/fetch/Resource.h" |
| 9 #include "core/frame/csp/ContentSecurityPolicy.h" | 9 #include "core/frame/csp/ContentSecurityPolicy.h" |
| 10 #include "core/frame/csp/MediaListDirective.h" | 10 #include "core/frame/csp/MediaListDirective.h" |
| (...skipping 55 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 66 // because a child frame can't manipulate the URL of a cross-origin | 66 // because a child frame can't manipulate the URL of a cross-origin |
| 67 // parent. | 67 // parent. |
| 68 bool allowAncestors(LocalFrame*, const KURL&, ContentSecurityPolicy::Reporti
ngStatus) const; | 68 bool allowAncestors(LocalFrame*, const KURL&, ContentSecurityPolicy::Reporti
ngStatus) const; |
| 69 NoncePolicyDisposition allowScriptNonce(const String&) const; | 69 NoncePolicyDisposition allowScriptNonce(const String&) const; |
| 70 NoncePolicyDisposition allowStyleNonce(const String&) const; | 70 NoncePolicyDisposition allowStyleNonce(const String&) const; |
| 71 bool allowScriptHash(const CSPHashValue&, ContentSecurityPolicy::InlineType)
const; | 71 bool allowScriptHash(const CSPHashValue&, ContentSecurityPolicy::InlineType)
const; |
| 72 bool allowStyleHash(const CSPHashValue&, ContentSecurityPolicy::InlineType)
const; | 72 bool allowStyleHash(const CSPHashValue&, ContentSecurityPolicy::InlineType)
const; |
| 73 bool allowDynamic() const; | 73 bool allowDynamic() const; |
| 74 | 74 |
| 75 bool strictMixedContentChecking() const { return m_strictMixedContentCheckin
gEnforced; } | 75 bool strictMixedContentChecking() const { return m_strictMixedContentCheckin
gEnforced; } |
| 76 void reportMixedContent(const KURL& mixedURL) const; | 76 void reportMixedContent(const KURL& mixedURL, ResourceRequest::RedirectStatu
s) const; |
| 77 | 77 |
| 78 const String& evalDisabledErrorMessage() const { return m_evalDisabledErrorM
essage; } | 78 const String& evalDisabledErrorMessage() const { return m_evalDisabledErrorM
essage; } |
| 79 ReflectedXSSDisposition getReflectedXSSDisposition() const { return m_reflec
tedXSSDisposition; } | 79 ReflectedXSSDisposition getReflectedXSSDisposition() const { return m_reflec
tedXSSDisposition; } |
| 80 ReferrerPolicy getReferrerPolicy() const { return m_referrerPolicy; } | 80 ReferrerPolicy getReferrerPolicy() const { return m_referrerPolicy; } |
| 81 bool didSetReferrerPolicy() const { return m_didSetReferrerPolicy; } | 81 bool didSetReferrerPolicy() const { return m_didSetReferrerPolicy; } |
| 82 bool isReportOnly() const { return m_reportOnly; } | 82 bool isReportOnly() const { return m_reportOnly; } |
| 83 const Vector<String>& reportEndpoints() const { return m_reportEndpoints; } | 83 const Vector<String>& reportEndpoints() const { return m_reportEndpoints; } |
| 84 bool isFrameAncestorsEnforced() const { return m_frameAncestors.get() && !m_
reportOnly; } | 84 bool isFrameAncestorsEnforced() const { return m_frameAncestors.get() && !m_
reportOnly; } |
| 85 | 85 |
| 86 // Used to copy plugin-types into a plugin document in a nested | 86 // Used to copy plugin-types into a plugin document in a nested |
| (...skipping 17 matching lines...) Expand all Loading... |
| 104 void applySandboxPolicy(const String& name, const String& sandboxPolicy); | 104 void applySandboxPolicy(const String& name, const String& sandboxPolicy); |
| 105 void enforceStrictMixedContentChecking(const String& name, const String& val
ue); | 105 void enforceStrictMixedContentChecking(const String& name, const String& val
ue); |
| 106 void enableInsecureRequestsUpgrade(const String& name, const String& value); | 106 void enableInsecureRequestsUpgrade(const String& name, const String& value); |
| 107 void treatAsPublicAddress(const String& name, const String& value); | 107 void treatAsPublicAddress(const String& name, const String& value); |
| 108 | 108 |
| 109 template <class CSPDirectiveType> | 109 template <class CSPDirectiveType> |
| 110 void setCSPDirective(const String& name, const String& value, Member<CSPDire
ctiveType>&); | 110 void setCSPDirective(const String& name, const String& value, Member<CSPDire
ctiveType>&); |
| 111 | 111 |
| 112 SourceListDirective* operativeDirective(SourceListDirective*) const; | 112 SourceListDirective* operativeDirective(SourceListDirective*) const; |
| 113 SourceListDirective* operativeDirective(SourceListDirective*, SourceListDire
ctive* override) const; | 113 SourceListDirective* operativeDirective(SourceListDirective*, SourceListDire
ctive* override) const; |
| 114 void reportViolation(const String& directiveText, const String& effectiveDir
ective, const String& consoleMessage, const KURL& blockedURL) const; | 114 void reportViolation(const String& directiveText, const String& effectiveDir
ective, const String& consoleMessage, const KURL& blockedURL, ResourceRequest::R
edirectStatus) const; |
| 115 void reportViolationWithFrame(const String& directiveText, const String& eff
ectiveDirective, const String& consoleMessage, const KURL& blockedURL, LocalFram
e*) const; | 115 void reportViolationWithFrame(const String& directiveText, const String& eff
ectiveDirective, const String& consoleMessage, const KURL& blockedURL, LocalFram
e*) const; |
| 116 void reportViolationWithLocation(const String& directiveText, const String&
effectiveDirective, const String& consoleMessage, const KURL& blockedURL, const
String& contextURL, const WTF::OrdinalNumber& contextLine) const; | 116 void reportViolationWithLocation(const String& directiveText, const String&
effectiveDirective, const String& consoleMessage, const KURL& blockedURL, const
String& contextURL, const WTF::OrdinalNumber& contextLine) const; |
| 117 void reportViolationWithState(const String& directiveText, const String& eff
ectiveDirective, const String& message, const KURL& blockedURL, ScriptState*, co
nst ContentSecurityPolicy::ExceptionStatus) const; | 117 void reportViolationWithState(const String& directiveText, const String& eff
ectiveDirective, const String& message, const KURL& blockedURL, ScriptState*, co
nst ContentSecurityPolicy::ExceptionStatus) const; |
| 118 | 118 |
| 119 bool checkEval(SourceListDirective*) const; | 119 bool checkEval(SourceListDirective*) const; |
| 120 bool checkInline(SourceListDirective*) const; | 120 bool checkInline(SourceListDirective*) const; |
| 121 bool checkDynamic(SourceListDirective*) const; | 121 bool checkDynamic(SourceListDirective*) const; |
| 122 bool checkNonce(SourceListDirective*, const String&) const; | 122 bool checkNonce(SourceListDirective*, const String&) const; |
| 123 bool checkHash(SourceListDirective*, const CSPHashValue&) const; | 123 bool checkHash(SourceListDirective*, const CSPHashValue&) const; |
| 124 bool checkHashedAttributes(SourceListDirective*) const; | 124 bool checkHashedAttributes(SourceListDirective*) const; |
| (...skipping 47 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 172 Member<SourceListDirective> m_styleSrc; | 172 Member<SourceListDirective> m_styleSrc; |
| 173 | 173 |
| 174 Vector<String> m_reportEndpoints; | 174 Vector<String> m_reportEndpoints; |
| 175 | 175 |
| 176 String m_evalDisabledErrorMessage; | 176 String m_evalDisabledErrorMessage; |
| 177 }; | 177 }; |
| 178 | 178 |
| 179 } // namespace blink | 179 } // namespace blink |
| 180 | 180 |
| 181 #endif | 181 #endif |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2002943002:
CSP violation reports should report the pre-redirect URL. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master