| Index: third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.h
|
| diff --git a/third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.h b/third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.h
|
| index 257ccb0ef2b40cd38faa8a21fed5e6c7c6b2a1b6..50c938757911beac334c0e46a096b786180bda5a 100644
|
| --- a/third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.h
|
| +++ b/third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.h
|
| @@ -66,6 +66,8 @@ public:
|
| bool allowStyleHash(const CSPHashValue&, ContentSecurityPolicy::InlineType) const;
|
| bool allowDynamic() const;
|
|
|
| + bool allowRequestWithoutIntegrity(WebURLRequest::RequestContext, const KURL&, ResourceRequest::RedirectStatus, ContentSecurityPolicy::ReportingStatus) const;
|
| +
|
| bool strictMixedContentChecking() const { return m_strictMixedContentCheckingEnforced; }
|
| void reportMixedContent(const KURL& mixedURL, ResourceRequest::RedirectStatus) const;
|
|
|
| @@ -75,6 +77,7 @@ public:
|
| bool didSetReferrerPolicy() const { return m_didSetReferrerPolicy; }
|
| bool isReportOnly() const { return m_reportOnly; }
|
| const Vector<String>& reportEndpoints() const { return m_reportEndpoints; }
|
| + uint8_t requireSRIForTokens() const { return m_requireSRIFor; }
|
| bool isFrameAncestorsEnforced() const { return m_frameAncestors.get() && !m_reportOnly; }
|
|
|
| // Used to copy plugin-types into a plugin document in a nested
|
| @@ -89,9 +92,16 @@ public:
|
| private:
|
| FRIEND_TEST_ALL_PREFIXES(CSPDirectiveListTest, IsMatchingNoncePresent);
|
|
|
| + enum RequireSRIForToken {
|
| + None = 0,
|
| + Script = 1 << 0,
|
| + Style = 1 << 1
|
| + };
|
| +
|
| CSPDirectiveList(ContentSecurityPolicy*, ContentSecurityPolicyHeaderType, ContentSecurityPolicyHeaderSource);
|
|
|
| bool parseDirective(const UChar* begin, const UChar* end, String& name, String& value);
|
| + void parseRequireSRIFor(const String& name, const String& value);
|
| void parseReportURI(const String& name, const String& value);
|
| void parsePluginTypes(const String& name, const String& value);
|
| void parseReflectedXSS(const String& name, const String& value);
|
| @@ -121,6 +131,7 @@ private:
|
| bool checkSource(SourceListDirective*, const KURL&, ResourceRequest::RedirectStatus) const;
|
| bool checkMediaType(MediaListDirective*, const String& type, const String& typeAttribute) const;
|
| bool checkAncestors(SourceListDirective*, LocalFrame*) const;
|
| + bool checkRequestWithoutIntegrity(WebURLRequest::RequestContext) const;
|
|
|
| void setEvalDisabledErrorMessage(const String& errorMessage) { m_evalDisabledErrorMessage = errorMessage; }
|
|
|
| @@ -130,6 +141,7 @@ private:
|
| bool checkSourceAndReportViolation(SourceListDirective*, const KURL&, const String& effectiveDirective, ResourceRequest::RedirectStatus) const;
|
| bool checkMediaTypeAndReportViolation(MediaListDirective*, const String& type, const String& typeAttribute, const String& consoleMessage) const;
|
| bool checkAncestorsAndReportViolation(SourceListDirective*, LocalFrame*, const KURL&) const;
|
| + bool checkRequestWithoutIntegrityAndReportViolation(WebURLRequest::RequestContext, const KURL&, ResourceRequest::RedirectStatus) const;
|
|
|
| bool denyIfEnforcingPolicy() const { return m_reportOnly; }
|
|
|
| @@ -167,6 +179,8 @@ private:
|
| Member<SourceListDirective> m_scriptSrc;
|
| Member<SourceListDirective> m_styleSrc;
|
|
|
| + uint8_t m_requireSRIFor;
|
| +
|
| Vector<String> m_reportEndpoints;
|
|
|
| String m_evalDisabledErrorMessage;
|
|
|
Chromium Code Reviews
Issue 2056183002:
Implement the `require-sri-for` CSP directive (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master