third_party/WebKit/Source/core/fetch/ResourceLoaderOptions.h - Issue 2401573003: CSP: Fix 'strict-dynamic' with multiple policies.

Side by Side Diff: third_party/WebKit/Source/core/fetch/ResourceLoaderOptions.h

Issue 2401573003: CSP: Fix 'strict-dynamic' with multiple policies. (Closed)

Patch Set: Created 4 years, 2 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

OLD	NEW
1 /*	1 /*

2 * Copyright (C) 2011 Google Inc. All rights reserved.	2 * Copyright (C) 2011 Google Inc. All rights reserved.

3 *	3 *

4 * Redistribution and use in source and binary forms, with or without	4 * Redistribution and use in source and binary forms, with or without

5 * modification, are permitted provided that the following conditions are	5 * modification, are permitted provided that the following conditions are

6 * met:	6 * met:

7 *	7 *

8 * * Redistributions of source code must retain the above copyright	8 * * Redistributions of source code must retain the above copyright

9 * notice, this list of conditions and the following disclaimer.	9 * notice, this list of conditions and the following disclaimer.

10 * * Redistributions in binary form must reproduce the above	10 * * Redistributions in binary form must reproduce the above

(...skipping 49 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
60 ClientRequestedCredentials,	60 ClientRequestedCredentials,

61 ClientDidNotRequestCredentials	61 ClientDidNotRequestCredentials

62 };	62 };

63	63

64 enum SynchronousPolicy { RequestSynchronously, RequestAsynchronously };	64 enum SynchronousPolicy { RequestSynchronously, RequestAsynchronously };

65	65

66 // A resource fetch can be marked as being CORS enabled. The loader must perform	66 // A resource fetch can be marked as being CORS enabled. The loader must perform

67 // an access check upon seeing the response.	67 // an access check upon seeing the response.

68 enum CORSEnabled { NotCORSEnabled, IsCORSEnabled };	68 enum CORSEnabled { NotCORSEnabled, IsCORSEnabled };

69	69

	70 // Was the request generated from a "parser-inserted" element?

	71 // https://html.spec.whatwg.org/multipage/scripting.html#parser-inserted

	72 enum ParserDisposition { ParserInserted, NotParserInserted };
	jochen (gone - plz use gerrit) 2016/10/06 14:00:08 why not an enum class? why not an enum class? Mike West 2016/10/06 14:47:15 Because nothing else in this file is an enum class Show quoted text On 2016/10/06 at 14:00:08, jochen wrote: > why not an enum class? Because nothing else in this file is an enum class? I'll make it an enum class if you like, no big deal.
	73

70 struct ResourceLoaderOptions {	74 struct ResourceLoaderOptions {

71 USING_FAST_MALLOC(ResourceLoaderOptions);	75 USING_FAST_MALLOC(ResourceLoaderOptions);

72	76

73 public:	77 public:

74 ResourceLoaderOptions()	78 ResourceLoaderOptions()

75 : dataBufferingPolicy(BufferData),	79 : dataBufferingPolicy(BufferData),

76 allowCredentials(DoNotAllowStoredCredentials),	80 allowCredentials(DoNotAllowStoredCredentials),

77 credentialsRequested(ClientDidNotRequestCredentials),	81 credentialsRequested(ClientDidNotRequestCredentials),

78 contentSecurityPolicyOption(CheckContentSecurityPolicy),	82 contentSecurityPolicyOption(CheckContentSecurityPolicy),

79 requestInitiatorContext(DocumentContext),	83 requestInitiatorContext(DocumentContext),

80 synchronousPolicy(RequestAsynchronously),	84 synchronousPolicy(RequestAsynchronously),

81 corsEnabled(NotCORSEnabled) {}	85 corsEnabled(NotCORSEnabled),

	86 parserDisposition(ParserInserted) {}

82	87

83 ResourceLoaderOptions(	88 ResourceLoaderOptions(

84 DataBufferingPolicy dataBufferingPolicy,	89 DataBufferingPolicy dataBufferingPolicy,

85 StoredCredentials allowCredentials,	90 StoredCredentials allowCredentials,

86 CredentialRequest credentialsRequested,	91 CredentialRequest credentialsRequested,

87 ContentSecurityPolicyDisposition contentSecurityPolicyOption,	92 ContentSecurityPolicyDisposition contentSecurityPolicyOption,

88 RequestInitiatorContext requestInitiatorContext)	93 RequestInitiatorContext requestInitiatorContext)

89 : dataBufferingPolicy(dataBufferingPolicy),	94 : dataBufferingPolicy(dataBufferingPolicy),

90 allowCredentials(allowCredentials),	95 allowCredentials(allowCredentials),

91 credentialsRequested(credentialsRequested),	96 credentialsRequested(credentialsRequested),

92 contentSecurityPolicyOption(contentSecurityPolicyOption),	97 contentSecurityPolicyOption(contentSecurityPolicyOption),

93 requestInitiatorContext(requestInitiatorContext),	98 requestInitiatorContext(requestInitiatorContext),

94 synchronousPolicy(RequestAsynchronously),	99 synchronousPolicy(RequestAsynchronously),

95 corsEnabled(NotCORSEnabled) {}	100 corsEnabled(NotCORSEnabled),

	101 parserDisposition(ParserInserted) {}

96	102

97 // Answers the question "can a separate request with these different options	103 // Answers the question "can a separate request with these different options

98 // be re-used" (e.g. preload request) The safe (but possibly slow) answer is	104 // be re-used" (e.g. preload request) The safe (but possibly slow) answer is

99 // always false.	105 // always false.

100 bool canReuseRequest(const ResourceLoaderOptions& other) const {	106 bool canReuseRequest(const ResourceLoaderOptions& other) const {

101 // dataBufferingPolicy differences are believed to be safe for re-use.	107 // dataBufferingPolicy differences are believed to be safe for re-use.

102 // FIXME: check allowCredentials.	108 // FIXME: check allowCredentials.

103 // FIXME: check credentialsRequested.	109 // FIXME: check credentialsRequested.

104 // FIXME: check contentSecurityPolicyOption.	110 // FIXME: check contentSecurityPolicyOption.

105 // initiatorInfo is purely informational and should be benign for re-use.	111 // initiatorInfo is purely informational and should be benign for re-use.

(...skipping 19 matching lines...) Expand all Loading...
125 FetchInitiatorInfo initiatorInfo;	131 FetchInitiatorInfo initiatorInfo;

126 RequestInitiatorContext requestInitiatorContext;	132 RequestInitiatorContext requestInitiatorContext;

127 SynchronousPolicy synchronousPolicy;	133 SynchronousPolicy synchronousPolicy;

128	134

129 // If the resource is loaded out-of-origin, whether or not to use CORS.	135 // If the resource is loaded out-of-origin, whether or not to use CORS.

130 CORSEnabled corsEnabled;	136 CORSEnabled corsEnabled;

131	137

132 RefPtr<SecurityOrigin> securityOrigin;	138 RefPtr<SecurityOrigin> securityOrigin;

133 String contentSecurityPolicyNonce;	139 String contentSecurityPolicyNonce;

134 IntegrityMetadataSet integrityMetadata;	140 IntegrityMetadataSet integrityMetadata;

	141 ParserDisposition parserDisposition;

135 };	142 };

136	143

137 // Encode AtomicString (in FetchInitiatorInfo) as String to cross threads.	144 // Encode AtomicString (in FetchInitiatorInfo) as String to cross threads.

138 struct CrossThreadResourceLoaderOptionsData {	145 struct CrossThreadResourceLoaderOptionsData {

139 DISALLOW_NEW();	146 DISALLOW_NEW();

140 explicit CrossThreadResourceLoaderOptionsData(	147 explicit CrossThreadResourceLoaderOptionsData(

141 const ResourceLoaderOptions& options)	148 const ResourceLoaderOptions& options)

142 : dataBufferingPolicy(options.dataBufferingPolicy),	149 : dataBufferingPolicy(options.dataBufferingPolicy),

143 allowCredentials(options.allowCredentials),	150 allowCredentials(options.allowCredentials),

144 credentialsRequested(options.credentialsRequested),	151 credentialsRequested(options.credentialsRequested),

145 contentSecurityPolicyOption(options.contentSecurityPolicyOption),	152 contentSecurityPolicyOption(options.contentSecurityPolicyOption),

146 initiatorInfo(options.initiatorInfo),	153 initiatorInfo(options.initiatorInfo),

147 requestInitiatorContext(options.requestInitiatorContext),	154 requestInitiatorContext(options.requestInitiatorContext),

148 synchronousPolicy(options.synchronousPolicy),	155 synchronousPolicy(options.synchronousPolicy),

149 corsEnabled(options.corsEnabled),	156 corsEnabled(options.corsEnabled),

150 securityOrigin(options.securityOrigin	157 securityOrigin(options.securityOrigin

151 ? options.securityOrigin->isolatedCopy()	158 ? options.securityOrigin->isolatedCopy()

152 : nullptr),	159 : nullptr),

153 contentSecurityPolicyNonce(options.contentSecurityPolicyNonce),	160 contentSecurityPolicyNonce(options.contentSecurityPolicyNonce),

154 integrityMetadata(options.integrityMetadata) {}	161 integrityMetadata(options.integrityMetadata),

	162 parserDisposition(options.parserDisposition) {}

155	163

156 operator ResourceLoaderOptions() const {	164 operator ResourceLoaderOptions() const {

157 ResourceLoaderOptions options;	165 ResourceLoaderOptions options;

158 options.dataBufferingPolicy = dataBufferingPolicy;	166 options.dataBufferingPolicy = dataBufferingPolicy;

159 options.allowCredentials = allowCredentials;	167 options.allowCredentials = allowCredentials;

160 options.credentialsRequested = credentialsRequested;	168 options.credentialsRequested = credentialsRequested;

161 options.contentSecurityPolicyOption = contentSecurityPolicyOption;	169 options.contentSecurityPolicyOption = contentSecurityPolicyOption;

162 options.initiatorInfo = initiatorInfo;	170 options.initiatorInfo = initiatorInfo;

163 options.requestInitiatorContext = requestInitiatorContext;	171 options.requestInitiatorContext = requestInitiatorContext;

164 options.synchronousPolicy = synchronousPolicy;	172 options.synchronousPolicy = synchronousPolicy;

165 options.corsEnabled = corsEnabled;	173 options.corsEnabled = corsEnabled;

166 options.securityOrigin = securityOrigin;	174 options.securityOrigin = securityOrigin;

167 options.contentSecurityPolicyNonce = contentSecurityPolicyNonce;	175 options.contentSecurityPolicyNonce = contentSecurityPolicyNonce;

168 options.integrityMetadata = integrityMetadata;	176 options.integrityMetadata = integrityMetadata;

	177 options.parserDisposition = parserDisposition;

169 return options;	178 return options;

170 }	179 }

171	180

172 DataBufferingPolicy dataBufferingPolicy;	181 DataBufferingPolicy dataBufferingPolicy;

173 StoredCredentials allowCredentials;	182 StoredCredentials allowCredentials;

174 CredentialRequest credentialsRequested;	183 CredentialRequest credentialsRequested;

175 ContentSecurityPolicyDisposition contentSecurityPolicyOption;	184 ContentSecurityPolicyDisposition contentSecurityPolicyOption;

176 CrossThreadFetchInitiatorInfoData initiatorInfo;	185 CrossThreadFetchInitiatorInfoData initiatorInfo;

177 RequestInitiatorContext requestInitiatorContext;	186 RequestInitiatorContext requestInitiatorContext;

178 SynchronousPolicy synchronousPolicy;	187 SynchronousPolicy synchronousPolicy;

179 CORSEnabled corsEnabled;	188 CORSEnabled corsEnabled;

180 RefPtr<SecurityOrigin> securityOrigin;	189 RefPtr<SecurityOrigin> securityOrigin;

181 String contentSecurityPolicyNonce;	190 String contentSecurityPolicyNonce;

182 IntegrityMetadataSet integrityMetadata;	191 IntegrityMetadataSet integrityMetadata;

	192 ParserDisposition parserDisposition;

183 };	193 };

184	194

185 template <>	195 template <>

186 struct CrossThreadCopier<ResourceLoaderOptions> {	196 struct CrossThreadCopier<ResourceLoaderOptions> {

187 using Type = CrossThreadResourceLoaderOptionsData;	197 using Type = CrossThreadResourceLoaderOptionsData;

188 static Type copy(const ResourceLoaderOptions& options) {	198 static Type copy(const ResourceLoaderOptions& options) {

189 return CrossThreadResourceLoaderOptionsData(options);	199 return CrossThreadResourceLoaderOptionsData(options);

190 }	200 }

191 };	201 };

192	202

193 } // namespace blink	203 } // namespace blink

194	204

195 #endif // ResourceLoaderOptions_h	205 #endif // ResourceLoaderOptions_h

OLD	NEW

« no previous file with comments | « third_party/WebKit/Source/core/fetch/FetchRequest.h ('k') | third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.h » ('j') | no next file with comments »