Add `disposition` to SecurityPolicyViolationEvent

third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.h

 /*
  * Copyright (C) 2011 Google, Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
@@ skipping 117 matching lines @@
         InlineViolation,
         EvalViolation,
         URLViolation
     };
 
     enum class InlineType {
         Block,
         Attribute
     };
 
+    enum DispositionType {

[Mike West, 2016/09/14 13:03:01]

We already have `ContentSecurityPolicyHeaderType`, I don't think we need this
new enum.

[Sergey Shekyan, 2016/09/16 05:36:45]

Acknowledged.

+        Enforce,
+        Report
+    };
+
     static ContentSecurityPolicy* create()
     {
         return new ContentSecurityPolicy();
     }
     ~ContentSecurityPolicy();
     DECLARE_TRACE();
 
     void bindToExecutionContext(ExecutionContext*);
     void setupSelf(const SecurityOrigin&);
     void copyStateFrom(const ContentSecurityPolicy*);
@@ skipping 96 matching lines @@
     void reportInvalidInReportOnly(const String&);
     void reportInvalidDirectiveInMeta(const String& directiveName);
     void reportInvalidReferrer(const String&);
     void reportReportOnlyInMeta(const String&);
     void reportMetaOutsideHead(const String&);
     void reportValueForEmptyDirective(const String& directiveName, const String& value);
 
     // If a frame is passed in, the report will be sent using it as a context. If no frame is
     // passed in, the report will be sent via this object's |m_executionContext| (or dropped
     // on the floor if no such context is available).
-    void reportViolation(const String& directiveText, const String& effectiveDirective, const String& consoleMessage, const KURL& blockedURL, const Vector<String>& reportEndpoints, const String& header, ViolationType, LocalFrame* = nullptr, RedirectStatus = RedirectStatus::FollowedRedirect, int contextLine = 0);
+    void reportViolation(const String& directiveText, DispositionType, const String& effectiveDirective, const String& consoleMessage, const KURL& blockedURL, const Vector<String>& reportEndpoints, const String& header, ViolationType, LocalFrame* = nullptr, RedirectStatus = RedirectStatus::FollowedRedirect, int contextLine = 0);

[Mike West, 2016/09/14 13:03:01]

Nit: I'd put the disposition next to the ViolationType, but that's little more
than a personal preference.

[Sergey Shekyan, 2016/09/16 05:36:45]

Acknowledged.

 
     // Called when mixed content is detected on a page; will trigger a violation report if
     // the 'block-all-mixed-content' directive is specified for a policy.
     void reportMixedContent(const KURL& mixedURL, RedirectStatus);
 
     void reportBlockedScriptExecutionToInspector(const String& directiveText) const;
 
     const KURL url() const;
     void enforceSandboxFlags(SandboxFlags);
     void treatAsPublicAddress();
@@ skipping 58 matching lines @@
     String m_disableEvalErrorMessage;
     WebInsecureRequestPolicy m_insecureRequestPolicy;
 
     Member<CSPSource> m_selfSource;
     String m_selfProtocol;
 };
 
 } // namespace blink
 
 #endif