Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(410)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.h

Issue 2190183002: Forward CSP violation reporting from RenderFrameProxy to RenderFrameImpl. Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Sanitize report endpoints from IPC against actual CSP contents. Created 4 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « third_party/WebKit/Source/core/frame/RemoteFrameClient.h ('k') | third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.h
diff --git a/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.h b/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.h
index bc89a13bca92a0070e7a806d2bf94b18f36abcb7..b279c1b4a8810dba06d9da16466b295e59d7df52 100644
--- a/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.h
+++ b/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.h
@@ -138,8 +138,8 @@ public:
{
return new ContentSecurityPolicy();
}
- ~ContentSecurityPolicy();
- DECLARE_TRACE();
+ virtual ~ContentSecurityPolicy();
+ DECLARE_VIRTUAL_TRACE();
void bindToExecutionContext(ExecutionContext*);
void setupSelf(const SecurityOrigin&);
@@ -250,7 +250,7 @@ public:
// If a frame is passed in, the report will be sent using it as a context. If no frame is
// passed in, the report will be sent via this object's |m_executionContext| (or dropped
// on the floor if no such context is available).
- void reportViolation(const String& directiveText, const String& effectiveDirective, const String& consoleMessage, const KURL& blockedURL, const Vector<String>& reportEndpoints, const String& header, ViolationType, LocalFrame* = nullptr, RedirectStatus = RedirectStatus::FollowedRedirect, int contextLine = 0);
+ virtual void reportViolation(const String& directiveText, const String& effectiveDirective, const String& consoleMessage, const KURL& blockedURL, const Vector<String>& reportEndpoints, const String& header, ViolationType, LocalFrame* = nullptr, RedirectStatus = RedirectStatus::FollowedRedirect, int contextLine = 0);
// Called when mixed content is detected on a page; will trigger a violation report if
// the 'block-all-mixed-content' directive is specified for a policy.
@@ -282,13 +282,16 @@ public:
Document* document() const;
+ bool coversReportEndpoint(const String& reportEndpointToVerify);
+
+protected:
+ ContentSecurityPolicy();
+
private:
FRIEND_TEST_ALL_PREFIXES(ContentSecurityPolicyTest, NonceInline);
FRIEND_TEST_ALL_PREFIXES(ContentSecurityPolicyTest, NonceSinglePolicy);
FRIEND_TEST_ALL_PREFIXES(ContentSecurityPolicyTest, NonceMultiplePolicy);
- ContentSecurityPolicy();
-
void applyPolicySideEffectsToExecutionContext();
KURL completeURL(const String&) const;
« no previous file with comments | « third_party/WebKit/Source/core/frame/RemoteFrameClient.h ('k') | third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698