Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(105)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/public/browser/url_data_source.h

Issue 2012393003: Replace frame-src with child-src in WebUI CSP (Closed) Base URL: https://chromium.googlesource.com/a/chromium/src.git@csp
Patch Set: Created 4 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « content/browser/webui/web_ui_data_source_impl.cc ('k') | content/public/browser/url_data_source.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef CONTENT_PUBLIC_BROWSER_URL_DATA_SOURCE_H_ 5 #ifndef CONTENT_PUBLIC_BROWSER_URL_DATA_SOURCE_H_
6 #define CONTENT_PUBLIC_BROWSER_URL_DATA_SOURCE_H_ 6 #define CONTENT_PUBLIC_BROWSER_URL_DATA_SOURCE_H_
7 7
8 #include <string> 8 #include <string>
9 9
10 #include "base/callback.h" 10 #include "base/callback.h"
(...skipping 89 matching lines...) Expand 10 before | Expand all | Expand 10 after
100 // team. 100 // team.
101 // By default, "script-src chrome://resources 'self' 'unsafe-eval';" is added 101 // By default, "script-src chrome://resources 'self' 'unsafe-eval';" is added
102 // to CSP. Override to change this. 102 // to CSP. Override to change this.
103 virtual std::string GetContentSecurityPolicyScriptSrc() const; 103 virtual std::string GetContentSecurityPolicyScriptSrc() const;
104 104
105 // It is OK to override the following methods to a custom CSP directive 105 // It is OK to override the following methods to a custom CSP directive
106 // thereby slightly reducing the protection applied to the page. 106 // thereby slightly reducing the protection applied to the page.
107 107
108 // By default, "object-src 'none';" is added to CSP. Override to change this. 108 // By default, "object-src 'none';" is added to CSP. Override to change this.
109 virtual std::string GetContentSecurityPolicyObjectSrc() const; 109 virtual std::string GetContentSecurityPolicyObjectSrc() const;
110 // By default, "frame-src 'none';" is added to CSP. Override to change this. 110 // By default, "child-src 'none';" is added to CSP. Override to change this.
111 virtual std::string GetContentSecurityPolicyFrameSrc() const; 111 virtual std::string GetContentSecurityPolicyChildSrc() const;
112 // By default empty. Override to change this. 112 // By default empty. Override to change this.
113 virtual std::string GetContentSecurityPolicyStyleSrc() const; 113 virtual std::string GetContentSecurityPolicyStyleSrc() const;
114 // By default empty. Override to change this. 114 // By default empty. Override to change this.
115 virtual std::string GetContentSecurityPolicyImgSrc() const; 115 virtual std::string GetContentSecurityPolicyImgSrc() const;
116 116
117 // By default, the "X-Frame-Options: DENY" header is sent. To stop this from 117 // By default, the "X-Frame-Options: DENY" header is sent. To stop this from
118 // happening, return false. It is OK to return false as needed. 118 // happening, return false. It is OK to return false as needed.
119 virtual bool ShouldDenyXFrameOptions() const; 119 virtual bool ShouldDenyXFrameOptions() const;
120 120
121 // By default, only chrome: and chrome-devtools: requests are allowed. 121 // By default, only chrome: and chrome-devtools: requests are allowed.
(...skipping 23 matching lines...) Expand all
145 // Gives the source an opportunity to rewrite |path| to incorporate extra 145 // Gives the source an opportunity to rewrite |path| to incorporate extra
146 // information from the URLRequest prior to serving. 146 // information from the URLRequest prior to serving.
147 virtual void WillServiceRequest( 147 virtual void WillServiceRequest(
148 const net::URLRequest* request, 148 const net::URLRequest* request,
149 std::string* path) const {} 149 std::string* path) const {}
150 }; 150 };
151 151
152 } // namespace content 152 } // namespace content
153 153
154 #endif // CONTENT_PUBLIC_BROWSER_URL_DATA_SOURCE_H_ 154 #endif // CONTENT_PUBLIC_BROWSER_URL_DATA_SOURCE_H_
OLDNEW
« no previous file with comments | « content/browser/webui/web_ui_data_source_impl.cc ('k') | content/public/browser/url_data_source.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698