Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(295)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.h

Issue 2056183002: Implement the `require-sri-for` CSP directive (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Updated tests Created 4 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « third_party/WebKit/Source/core/frame/csp/CSPDirectiveListTest.cpp ('k') | third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 2011 Google, Inc. All rights reserved. 2 * Copyright (C) 2011 Google, Inc. All rights reserved.
3 * 3 *
4 * Redistribution and use in source and binary forms, with or without 4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions 5 * modification, are permitted provided that the following conditions
6 * are met: 6 * are met:
7 * 1. Redistributions of source code must retain the above copyright 7 * 1. Redistributions of source code must retain the above copyright
8 * notice, this list of conditions and the following disclaimer. 8 * notice, this list of conditions and the following disclaimer.
9 * 2. Redistributions in binary form must reproduce the above copyright 9 * 2. Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the 10 * notice, this list of conditions and the following disclaimer in the
(...skipping 87 matching lines...) Expand 10 before | Expand all | Expand 10 after
98 // Mixed Content Directive 98 // Mixed Content Directive
99 // https://w3c.github.io/webappsec/specs/mixedcontent/#strict-mode 99 // https://w3c.github.io/webappsec/specs/mixedcontent/#strict-mode
100 static const char BlockAllMixedContent[]; 100 static const char BlockAllMixedContent[];
101 101
102 // https://w3c.github.io/webappsec/specs/upgrade/ 102 // https://w3c.github.io/webappsec/specs/upgrade/
103 static const char UpgradeInsecureRequests[]; 103 static const char UpgradeInsecureRequests[];
104 104
105 // https://mikewest.github.io/cors-rfc1918/#csp 105 // https://mikewest.github.io/cors-rfc1918/#csp
106 static const char TreatAsPublicAddress[]; 106 static const char TreatAsPublicAddress[];
107 107
108 // https://w3c.github.io/webappsec-subresource-integrity/#require-sri-for
109 static const char RequireSRIFor[];
110
108 enum ReportingStatus { 111 enum ReportingStatus {
109 SendReport, 112 SendReport,
110 SuppressReport 113 SuppressReport
111 }; 114 };
112 115
113 enum ExceptionStatus { 116 enum ExceptionStatus {
114 WillThrowException, 117 WillThrowException,
115 WillNotThrowException 118 WillNotThrowException
116 }; 119 };
117 120
(...skipping 80 matching lines...) Expand 10 before | Expand all | Expand 10 after
198 // Hash functions check all policies relating to use of a script/style 201 // Hash functions check all policies relating to use of a script/style
199 // with the given hash and return true all CSP policies allow it. 202 // with the given hash and return true all CSP policies allow it.
200 // If these return true, callers can then process the content or 203 // If these return true, callers can then process the content or
201 // issue a load and be safe disabling any further CSP checks. 204 // issue a load and be safe disabling any further CSP checks.
202 // 205 //
203 // TODO(mkwst): Fold hashes into 'allow{Script,Style}' checks above, just 206 // TODO(mkwst): Fold hashes into 'allow{Script,Style}' checks above, just
204 // as we've done with nonces. https://crbug.com/617065 207 // as we've done with nonces. https://crbug.com/617065
205 bool allowScriptWithHash(const String& source, InlineType) const; 208 bool allowScriptWithHash(const String& source, InlineType) const;
206 bool allowStyleWithHash(const String& source, InlineType) const; 209 bool allowStyleWithHash(const String& source, InlineType) const;
207 210
208 bool allowRequest(WebURLRequest::RequestContext, const KURL&, const String& nonce, RedirectStatus = RedirectStatus::NoRedirect, ReportingStatus = SendReport ) const; 211 bool allowRequestWithoutIntegrity(WebURLRequest::RequestContext, const KURL& , RedirectStatus = RedirectStatus::NoRedirect, ReportingStatus = SendReport) con st;
212
213 bool allowRequest(WebURLRequest::RequestContext, const KURL&, const String& nonce, const IntegrityMetadataSet&, RedirectStatus = RedirectStatus::NoRedirect, ReportingStatus = SendReport) const;
209 214
210 void usesScriptHashAlgorithms(uint8_t ContentSecurityPolicyHashAlgorithm); 215 void usesScriptHashAlgorithms(uint8_t ContentSecurityPolicyHashAlgorithm);
211 void usesStyleHashAlgorithms(uint8_t ContentSecurityPolicyHashAlgorithm); 216 void usesStyleHashAlgorithms(uint8_t ContentSecurityPolicyHashAlgorithm);
212 217
213 ReflectedXSSDisposition getReflectedXSSDisposition() const; 218 ReflectedXSSDisposition getReflectedXSSDisposition() const;
214 219
215 bool didSetReferrerPolicy() const; 220 bool didSetReferrerPolicy() const;
216 221
217 void setOverrideAllowInlineStyle(bool); 222 void setOverrideAllowInlineStyle(bool);
218 void setOverrideURLForSelf(const KURL&); 223 void setOverrideURLForSelf(const KURL&);
219 224
220 bool isActive() const; 225 bool isActive() const;
221 226
222 // If a frame is passed in, the message will be logged to its active documen t's console. 227 // If a frame is passed in, the message will be logged to its active documen t's console.
223 // Otherwise, the message will be logged to this object's |m_executionContex t|. 228 // Otherwise, the message will be logged to this object's |m_executionContex t|.
224 void logToConsole(ConsoleMessage*, LocalFrame* = nullptr); 229 void logToConsole(ConsoleMessage*, LocalFrame* = nullptr);
225 230
226 void reportDirectiveAsSourceExpression(const String& directiveName, const St ring& sourceExpression); 231 void reportDirectiveAsSourceExpression(const String& directiveName, const St ring& sourceExpression);
227 void reportDuplicateDirective(const String&); 232 void reportDuplicateDirective(const String&);
228 void reportInvalidDirectiveValueCharacter(const String& directiveName, const String& value); 233 void reportInvalidDirectiveValueCharacter(const String& directiveName, const String& value);
229 void reportInvalidPathCharacter(const String& directiveName, const String& v alue, const char); 234 void reportInvalidPathCharacter(const String& directiveName, const String& v alue, const char);
230 void reportInvalidPluginTypes(const String&); 235 void reportInvalidPluginTypes(const String&);
236 void reportInvalidRequireSRIForTokens(const String&);
231 void reportInvalidSandboxFlags(const String&); 237 void reportInvalidSandboxFlags(const String&);
232 void reportInvalidSourceExpression(const String& directiveName, const String & source); 238 void reportInvalidSourceExpression(const String& directiveName, const String & source);
233 void reportInvalidReflectedXSS(const String&); 239 void reportInvalidReflectedXSS(const String&);
234 void reportMissingReportURI(const String&); 240 void reportMissingReportURI(const String&);
235 void reportUnsupportedDirective(const String&); 241 void reportUnsupportedDirective(const String&);
236 void reportInvalidInReportOnly(const String&); 242 void reportInvalidInReportOnly(const String&);
237 void reportInvalidDirectiveInMeta(const String& directiveName); 243 void reportInvalidDirectiveInMeta(const String& directiveName);
238 void reportInvalidReferrer(const String&); 244 void reportInvalidReferrer(const String&);
239 void reportReportOnlyInMeta(const String&); 245 void reportReportOnlyInMeta(const String&);
240 void reportMetaOutsideHead(const String&); 246 void reportMetaOutsideHead(const String&);
(...skipping 72 matching lines...) Expand 10 before | Expand all | Expand 10 after
313 String m_disableEvalErrorMessage; 319 String m_disableEvalErrorMessage;
314 SecurityContext::InsecureRequestsPolicy m_insecureRequestsPolicy; 320 SecurityContext::InsecureRequestsPolicy m_insecureRequestsPolicy;
315 321
316 Member<CSPSource> m_selfSource; 322 Member<CSPSource> m_selfSource;
317 String m_selfProtocol; 323 String m_selfProtocol;
318 }; 324 };
319 325
320 } // namespace blink 326 } // namespace blink
321 327
322 #endif 328 #endif
OLDNEW
« no previous file with comments | « third_party/WebKit/Source/core/frame/csp/CSPDirectiveListTest.cpp ('k') | third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698