OLD | NEW |
---|---|
1 /* | 1 /* |
2 * Copyright (C) 2011 Google, Inc. All rights reserved. | 2 * Copyright (C) 2011 Google, Inc. All rights reserved. |
3 * | 3 * |
4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
5 * modification, are permitted provided that the following conditions | 5 * modification, are permitted provided that the following conditions |
6 * are met: | 6 * are met: |
7 * 1. Redistributions of source code must retain the above copyright | 7 * 1. Redistributions of source code must retain the above copyright |
8 * notice, this list of conditions and the following disclaimer. | 8 * notice, this list of conditions and the following disclaimer. |
9 * 2. Redistributions in binary form must reproduce the above copyright | 9 * 2. Redistributions in binary form must reproduce the above copyright |
10 * notice, this list of conditions and the following disclaimer in the | 10 * notice, this list of conditions and the following disclaimer in the |
(...skipping 117 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
128 InlineViolation, | 128 InlineViolation, |
129 EvalViolation, | 129 EvalViolation, |
130 URLViolation | 130 URLViolation |
131 }; | 131 }; |
132 | 132 |
133 enum class InlineType { | 133 enum class InlineType { |
134 Block, | 134 Block, |
135 Attribute | 135 Attribute |
136 }; | 136 }; |
137 | 137 |
138 enum DispositionType { | |
Mike West
2016/09/14 13:03:01
We already have `ContentSecurityPolicyHeaderType`,
Sergey Shekyan
2016/09/16 05:36:45
Acknowledged.
| |
139 Enforce, | |
140 Report | |
141 }; | |
142 | |
138 static ContentSecurityPolicy* create() | 143 static ContentSecurityPolicy* create() |
139 { | 144 { |
140 return new ContentSecurityPolicy(); | 145 return new ContentSecurityPolicy(); |
141 } | 146 } |
142 ~ContentSecurityPolicy(); | 147 ~ContentSecurityPolicy(); |
143 DECLARE_TRACE(); | 148 DECLARE_TRACE(); |
144 | 149 |
145 void bindToExecutionContext(ExecutionContext*); | 150 void bindToExecutionContext(ExecutionContext*); |
146 void setupSelf(const SecurityOrigin&); | 151 void setupSelf(const SecurityOrigin&); |
147 void copyStateFrom(const ContentSecurityPolicy*); | 152 void copyStateFrom(const ContentSecurityPolicy*); |
(...skipping 96 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
244 void reportInvalidInReportOnly(const String&); | 249 void reportInvalidInReportOnly(const String&); |
245 void reportInvalidDirectiveInMeta(const String& directiveName); | 250 void reportInvalidDirectiveInMeta(const String& directiveName); |
246 void reportInvalidReferrer(const String&); | 251 void reportInvalidReferrer(const String&); |
247 void reportReportOnlyInMeta(const String&); | 252 void reportReportOnlyInMeta(const String&); |
248 void reportMetaOutsideHead(const String&); | 253 void reportMetaOutsideHead(const String&); |
249 void reportValueForEmptyDirective(const String& directiveName, const String& value); | 254 void reportValueForEmptyDirective(const String& directiveName, const String& value); |
250 | 255 |
251 // If a frame is passed in, the report will be sent using it as a context. I f no frame is | 256 // If a frame is passed in, the report will be sent using it as a context. I f no frame is |
252 // passed in, the report will be sent via this object's |m_executionContext| (or dropped | 257 // passed in, the report will be sent via this object's |m_executionContext| (or dropped |
253 // on the floor if no such context is available). | 258 // on the floor if no such context is available). |
254 void reportViolation(const String& directiveText, const String& effectiveDir ective, const String& consoleMessage, const KURL& blockedURL, const Vector<Strin g>& reportEndpoints, const String& header, ViolationType, LocalFrame* = nullptr, RedirectStatus = RedirectStatus::FollowedRedirect, int contextLine = 0); | 259 void reportViolation(const String& directiveText, DispositionType, const Str ing& effectiveDirective, const String& consoleMessage, const KURL& blockedURL, c onst Vector<String>& reportEndpoints, const String& header, ViolationType, Local Frame* = nullptr, RedirectStatus = RedirectStatus::FollowedRedirect, int context Line = 0); |
Mike West
2016/09/14 13:03:01
Nit: I'd put the disposition next to the Violation
Sergey Shekyan
2016/09/16 05:36:45
Acknowledged.
| |
255 | 260 |
256 // Called when mixed content is detected on a page; will trigger a violation report if | 261 // Called when mixed content is detected on a page; will trigger a violation report if |
257 // the 'block-all-mixed-content' directive is specified for a policy. | 262 // the 'block-all-mixed-content' directive is specified for a policy. |
258 void reportMixedContent(const KURL& mixedURL, RedirectStatus); | 263 void reportMixedContent(const KURL& mixedURL, RedirectStatus); |
259 | 264 |
260 void reportBlockedScriptExecutionToInspector(const String& directiveText) co nst; | 265 void reportBlockedScriptExecutionToInspector(const String& directiveText) co nst; |
261 | 266 |
262 const KURL url() const; | 267 const KURL url() const; |
263 void enforceSandboxFlags(SandboxFlags); | 268 void enforceSandboxFlags(SandboxFlags); |
264 void treatAsPublicAddress(); | 269 void treatAsPublicAddress(); |
(...skipping 58 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
323 String m_disableEvalErrorMessage; | 328 String m_disableEvalErrorMessage; |
324 WebInsecureRequestPolicy m_insecureRequestPolicy; | 329 WebInsecureRequestPolicy m_insecureRequestPolicy; |
325 | 330 |
326 Member<CSPSource> m_selfSource; | 331 Member<CSPSource> m_selfSource; |
327 String m_selfProtocol; | 332 String m_selfProtocol; |
328 }; | 333 }; |
329 | 334 |
330 } // namespace blink | 335 } // namespace blink |
331 | 336 |
332 #endif | 337 #endif |
OLD | NEW |