OLD | NEW |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef CSPDirectiveList_h | 5 #ifndef CSPDirectiveList_h |
6 #define CSPDirectiveList_h | 6 #define CSPDirectiveList_h |
7 | 7 |
8 #include "core/fetch/Resource.h" | 8 #include "core/fetch/Resource.h" |
9 #include "core/frame/csp/ContentSecurityPolicy.h" | 9 #include "core/frame/csp/ContentSecurityPolicy.h" |
10 #include "core/frame/csp/MediaListDirective.h" | 10 #include "core/frame/csp/MediaListDirective.h" |
(...skipping 55 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
66 // because a child frame can't manipulate the URL of a cross-origin | 66 // because a child frame can't manipulate the URL of a cross-origin |
67 // parent. | 67 // parent. |
68 bool allowAncestors(LocalFrame*, const KURL&, ContentSecurityPolicy::Reporti
ngStatus) const; | 68 bool allowAncestors(LocalFrame*, const KURL&, ContentSecurityPolicy::Reporti
ngStatus) const; |
69 NoncePolicyDisposition allowScriptNonce(const String&) const; | 69 NoncePolicyDisposition allowScriptNonce(const String&) const; |
70 NoncePolicyDisposition allowStyleNonce(const String&) const; | 70 NoncePolicyDisposition allowStyleNonce(const String&) const; |
71 bool allowScriptHash(const CSPHashValue&, ContentSecurityPolicy::InlineType)
const; | 71 bool allowScriptHash(const CSPHashValue&, ContentSecurityPolicy::InlineType)
const; |
72 bool allowStyleHash(const CSPHashValue&, ContentSecurityPolicy::InlineType)
const; | 72 bool allowStyleHash(const CSPHashValue&, ContentSecurityPolicy::InlineType)
const; |
73 bool allowDynamic() const; | 73 bool allowDynamic() const; |
74 | 74 |
75 bool strictMixedContentChecking() const { return m_strictMixedContentCheckin
gEnforced; } | 75 bool strictMixedContentChecking() const { return m_strictMixedContentCheckin
gEnforced; } |
76 void reportMixedContent(const KURL& mixedURL) const; | 76 void reportMixedContent(const KURL& mixedURL, ResourceRequest::RedirectStatu
s) const; |
77 | 77 |
78 const String& evalDisabledErrorMessage() const { return m_evalDisabledErrorM
essage; } | 78 const String& evalDisabledErrorMessage() const { return m_evalDisabledErrorM
essage; } |
79 ReflectedXSSDisposition getReflectedXSSDisposition() const { return m_reflec
tedXSSDisposition; } | 79 ReflectedXSSDisposition getReflectedXSSDisposition() const { return m_reflec
tedXSSDisposition; } |
80 ReferrerPolicy getReferrerPolicy() const { return m_referrerPolicy; } | 80 ReferrerPolicy getReferrerPolicy() const { return m_referrerPolicy; } |
81 bool didSetReferrerPolicy() const { return m_didSetReferrerPolicy; } | 81 bool didSetReferrerPolicy() const { return m_didSetReferrerPolicy; } |
82 bool isReportOnly() const { return m_reportOnly; } | 82 bool isReportOnly() const { return m_reportOnly; } |
83 const Vector<String>& reportEndpoints() const { return m_reportEndpoints; } | 83 const Vector<String>& reportEndpoints() const { return m_reportEndpoints; } |
84 bool isFrameAncestorsEnforced() const { return m_frameAncestors.get() && !m_
reportOnly; } | 84 bool isFrameAncestorsEnforced() const { return m_frameAncestors.get() && !m_
reportOnly; } |
85 | 85 |
86 // Used to copy plugin-types into a plugin document in a nested | 86 // Used to copy plugin-types into a plugin document in a nested |
(...skipping 17 matching lines...) Expand all Loading... |
104 void applySandboxPolicy(const String& name, const String& sandboxPolicy); | 104 void applySandboxPolicy(const String& name, const String& sandboxPolicy); |
105 void enforceStrictMixedContentChecking(const String& name, const String& val
ue); | 105 void enforceStrictMixedContentChecking(const String& name, const String& val
ue); |
106 void enableInsecureRequestsUpgrade(const String& name, const String& value); | 106 void enableInsecureRequestsUpgrade(const String& name, const String& value); |
107 void treatAsPublicAddress(const String& name, const String& value); | 107 void treatAsPublicAddress(const String& name, const String& value); |
108 | 108 |
109 template <class CSPDirectiveType> | 109 template <class CSPDirectiveType> |
110 void setCSPDirective(const String& name, const String& value, Member<CSPDire
ctiveType>&); | 110 void setCSPDirective(const String& name, const String& value, Member<CSPDire
ctiveType>&); |
111 | 111 |
112 SourceListDirective* operativeDirective(SourceListDirective*) const; | 112 SourceListDirective* operativeDirective(SourceListDirective*) const; |
113 SourceListDirective* operativeDirective(SourceListDirective*, SourceListDire
ctive* override) const; | 113 SourceListDirective* operativeDirective(SourceListDirective*, SourceListDire
ctive* override) const; |
114 void reportViolation(const String& directiveText, const String& effectiveDir
ective, const String& consoleMessage, const KURL& blockedURL) const; | 114 void reportViolation(const String& directiveText, const String& effectiveDir
ective, const String& consoleMessage, const KURL& blockedURL, ResourceRequest::R
edirectStatus) const; |
115 void reportViolationWithFrame(const String& directiveText, const String& eff
ectiveDirective, const String& consoleMessage, const KURL& blockedURL, LocalFram
e*) const; | 115 void reportViolationWithFrame(const String& directiveText, const String& eff
ectiveDirective, const String& consoleMessage, const KURL& blockedURL, LocalFram
e*) const; |
116 void reportViolationWithLocation(const String& directiveText, const String&
effectiveDirective, const String& consoleMessage, const KURL& blockedURL, const
String& contextURL, const WTF::OrdinalNumber& contextLine) const; | 116 void reportViolationWithLocation(const String& directiveText, const String&
effectiveDirective, const String& consoleMessage, const KURL& blockedURL, const
String& contextURL, const WTF::OrdinalNumber& contextLine) const; |
117 void reportViolationWithState(const String& directiveText, const String& eff
ectiveDirective, const String& message, const KURL& blockedURL, ScriptState*, co
nst ContentSecurityPolicy::ExceptionStatus) const; | 117 void reportViolationWithState(const String& directiveText, const String& eff
ectiveDirective, const String& message, const KURL& blockedURL, ScriptState*, co
nst ContentSecurityPolicy::ExceptionStatus) const; |
118 | 118 |
119 bool checkEval(SourceListDirective*) const; | 119 bool checkEval(SourceListDirective*) const; |
120 bool checkInline(SourceListDirective*) const; | 120 bool checkInline(SourceListDirective*) const; |
121 bool checkDynamic(SourceListDirective*) const; | 121 bool checkDynamic(SourceListDirective*) const; |
122 bool checkNonce(SourceListDirective*, const String&) const; | 122 bool checkNonce(SourceListDirective*, const String&) const; |
123 bool checkHash(SourceListDirective*, const CSPHashValue&) const; | 123 bool checkHash(SourceListDirective*, const CSPHashValue&) const; |
124 bool checkHashedAttributes(SourceListDirective*) const; | 124 bool checkHashedAttributes(SourceListDirective*) const; |
(...skipping 47 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
172 Member<SourceListDirective> m_styleSrc; | 172 Member<SourceListDirective> m_styleSrc; |
173 | 173 |
174 Vector<String> m_reportEndpoints; | 174 Vector<String> m_reportEndpoints; |
175 | 175 |
176 String m_evalDisabledErrorMessage; | 176 String m_evalDisabledErrorMessage; |
177 }; | 177 }; |
178 | 178 |
179 } // namespace blink | 179 } // namespace blink |
180 | 180 |
181 #endif | 181 #endif |
OLD | NEW |