| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2011 Google, Inc. All rights reserved. | 2 * Copyright (C) 2011 Google, Inc. All rights reserved. |
| 3 * | 3 * |
| 4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
| 5 * modification, are permitted provided that the following conditions | 5 * modification, are permitted provided that the following conditions |
| 6 * are met: | 6 * are met: |
| 7 * 1. Redistributions of source code must retain the above copyright | 7 * 1. Redistributions of source code must retain the above copyright |
| 8 * notice, this list of conditions and the following disclaimer. | 8 * notice, this list of conditions and the following disclaimer. |
| 9 * 2. Redistributions in binary form must reproduce the above copyright | 9 * 2. Redistributions in binary form must reproduce the above copyright |
| 10 * notice, this list of conditions and the following disclaimer in the | 10 * notice, this list of conditions and the following disclaimer in the |
| (...skipping 120 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 131 | 131 |
| 132 enum class InlineType { | 132 enum class InlineType { |
| 133 Block, | 133 Block, |
| 134 Attribute | 134 Attribute |
| 135 }; | 135 }; |
| 136 | 136 |
| 137 static ContentSecurityPolicy* create() | 137 static ContentSecurityPolicy* create() |
| 138 { | 138 { |
| 139 return new ContentSecurityPolicy(); | 139 return new ContentSecurityPolicy(); |
| 140 } | 140 } |
| 141 ~ContentSecurityPolicy(); | 141 virtual ~ContentSecurityPolicy(); |
| 142 DECLARE_TRACE(); | 142 DECLARE_VIRTUAL_TRACE(); |
| 143 | 143 |
| 144 void bindToExecutionContext(ExecutionContext*); | 144 void bindToExecutionContext(ExecutionContext*); |
| 145 void setupSelf(const SecurityOrigin&); | 145 void setupSelf(const SecurityOrigin&); |
| 146 void copyStateFrom(const ContentSecurityPolicy*); | 146 void copyStateFrom(const ContentSecurityPolicy*); |
| 147 void copyPluginTypesFrom(const ContentSecurityPolicy*); | 147 void copyPluginTypesFrom(const ContentSecurityPolicy*); |
| 148 | 148 |
| 149 void didReceiveHeaders(const ContentSecurityPolicyResponseHeaders&); | 149 void didReceiveHeaders(const ContentSecurityPolicyResponseHeaders&); |
| 150 void didReceiveHeader(const String&, ContentSecurityPolicyHeaderType, Conten
tSecurityPolicyHeaderSource); | 150 void didReceiveHeader(const String&, ContentSecurityPolicyHeaderType, Conten
tSecurityPolicyHeaderSource); |
| 151 void addPolicyFromHeaderValue(const String&, ContentSecurityPolicyHeaderType
, ContentSecurityPolicyHeaderSource); | 151 void addPolicyFromHeaderValue(const String&, ContentSecurityPolicyHeaderType
, ContentSecurityPolicyHeaderSource); |
| 152 void reportAccumulatedHeaders(FrameLoaderClient*) const; | 152 void reportAccumulatedHeaders(FrameLoaderClient*) const; |
| (...skipping 90 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 243 void reportInvalidInReportOnly(const String&); | 243 void reportInvalidInReportOnly(const String&); |
| 244 void reportInvalidDirectiveInMeta(const String& directiveName); | 244 void reportInvalidDirectiveInMeta(const String& directiveName); |
| 245 void reportInvalidReferrer(const String&); | 245 void reportInvalidReferrer(const String&); |
| 246 void reportReportOnlyInMeta(const String&); | 246 void reportReportOnlyInMeta(const String&); |
| 247 void reportMetaOutsideHead(const String&); | 247 void reportMetaOutsideHead(const String&); |
| 248 void reportValueForEmptyDirective(const String& directiveName, const String&
value); | 248 void reportValueForEmptyDirective(const String& directiveName, const String&
value); |
| 249 | 249 |
| 250 // If a frame is passed in, the report will be sent using it as a context. I
f no frame is | 250 // If a frame is passed in, the report will be sent using it as a context. I
f no frame is |
| 251 // passed in, the report will be sent via this object's |m_executionContext|
(or dropped | 251 // passed in, the report will be sent via this object's |m_executionContext|
(or dropped |
| 252 // on the floor if no such context is available). | 252 // on the floor if no such context is available). |
| 253 void reportViolation(const String& directiveText, const String& effectiveDir
ective, const String& consoleMessage, const KURL& blockedURL, const Vector<Strin
g>& reportEndpoints, const String& header, ViolationType, LocalFrame* = nullptr,
RedirectStatus = RedirectStatus::FollowedRedirect, int contextLine = 0); | 253 virtual void reportViolation(const String& directiveText, const String& effe
ctiveDirective, const String& consoleMessage, const KURL& blockedURL, const Vect
or<String>& reportEndpoints, const String& header, ViolationType, LocalFrame* =
nullptr, RedirectStatus = RedirectStatus::FollowedRedirect, int contextLine = 0)
; |
| 254 | 254 |
| 255 // Called when mixed content is detected on a page; will trigger a violation
report if | 255 // Called when mixed content is detected on a page; will trigger a violation
report if |
| 256 // the 'block-all-mixed-content' directive is specified for a policy. | 256 // the 'block-all-mixed-content' directive is specified for a policy. |
| 257 void reportMixedContent(const KURL& mixedURL, RedirectStatus); | 257 void reportMixedContent(const KURL& mixedURL, RedirectStatus); |
| 258 | 258 |
| 259 void reportBlockedScriptExecutionToInspector(const String& directiveText) co
nst; | 259 void reportBlockedScriptExecutionToInspector(const String& directiveText) co
nst; |
| 260 | 260 |
| 261 const KURL url() const; | 261 const KURL url() const; |
| 262 void enforceSandboxFlags(SandboxFlags); | 262 void enforceSandboxFlags(SandboxFlags); |
| 263 void treatAsPublicAddress(); | 263 void treatAsPublicAddress(); |
| (...skipping 11 matching lines...) Expand all Loading... |
| 275 bool experimentalFeaturesEnabled() const; | 275 bool experimentalFeaturesEnabled() const; |
| 276 | 276 |
| 277 bool shouldSendCSPHeader(Resource::Type) const; | 277 bool shouldSendCSPHeader(Resource::Type) const; |
| 278 | 278 |
| 279 static bool shouldBypassMainWorld(const ExecutionContext*); | 279 static bool shouldBypassMainWorld(const ExecutionContext*); |
| 280 | 280 |
| 281 static bool isDirectiveName(const String&); | 281 static bool isDirectiveName(const String&); |
| 282 | 282 |
| 283 Document* document() const; | 283 Document* document() const; |
| 284 | 284 |
| 285 bool coversReportEndpoint(const String& reportEndpointToVerify); |
| 286 |
| 287 protected: |
| 288 ContentSecurityPolicy(); |
| 289 |
| 285 private: | 290 private: |
| 286 FRIEND_TEST_ALL_PREFIXES(ContentSecurityPolicyTest, NonceInline); | 291 FRIEND_TEST_ALL_PREFIXES(ContentSecurityPolicyTest, NonceInline); |
| 287 FRIEND_TEST_ALL_PREFIXES(ContentSecurityPolicyTest, NonceSinglePolicy); | 292 FRIEND_TEST_ALL_PREFIXES(ContentSecurityPolicyTest, NonceSinglePolicy); |
| 288 FRIEND_TEST_ALL_PREFIXES(ContentSecurityPolicyTest, NonceMultiplePolicy); | 293 FRIEND_TEST_ALL_PREFIXES(ContentSecurityPolicyTest, NonceMultiplePolicy); |
| 289 | 294 |
| 290 ContentSecurityPolicy(); | |
| 291 | |
| 292 void applyPolicySideEffectsToExecutionContext(); | 295 void applyPolicySideEffectsToExecutionContext(); |
| 293 | 296 |
| 294 KURL completeURL(const String&) const; | 297 KURL completeURL(const String&) const; |
| 295 | 298 |
| 296 void logToConsole(const String& message, MessageLevel = ErrorMessageLevel); | 299 void logToConsole(const String& message, MessageLevel = ErrorMessageLevel); |
| 297 | 300 |
| 298 void addAndReportPolicyFromHeaderValue(const String&, ContentSecurityPolicyH
eaderType, ContentSecurityPolicyHeaderSource); | 301 void addAndReportPolicyFromHeaderValue(const String&, ContentSecurityPolicyH
eaderType, ContentSecurityPolicyHeaderSource); |
| 299 | 302 |
| 300 bool shouldSendViolationReport(const String&) const; | 303 bool shouldSendViolationReport(const String&) const; |
| 301 void didSendViolationReport(const String&); | 304 void didSendViolationReport(const String&); |
| (...skipping 18 matching lines...) Expand all Loading... |
| 320 String m_disableEvalErrorMessage; | 323 String m_disableEvalErrorMessage; |
| 321 WebInsecureRequestPolicy m_insecureRequestPolicy; | 324 WebInsecureRequestPolicy m_insecureRequestPolicy; |
| 322 | 325 |
| 323 Member<CSPSource> m_selfSource; | 326 Member<CSPSource> m_selfSource; |
| 324 String m_selfProtocol; | 327 String m_selfProtocol; |
| 325 }; | 328 }; |
| 326 | 329 |
| 327 } // namespace blink | 330 } // namespace blink |
| 328 | 331 |
| 329 #endif | 332 #endif |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2190183002:
Forward CSP violation reporting from RenderFrameProxy to RenderFrameImpl.
Base URL: https://chromium.googlesource.com/chromium/src.git@master