Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(6)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.h

Issue 2428473004: Remove the 'reflected-xss' directive from CSP. (Closed)
Patch Set: Test. Created 4 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « third_party/WebKit/LayoutTests/http/tests/security/xssAuditor/xss-filter-bypass-sjis-expected.txt ('k') | third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.cpp » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef CSPDirectiveList_h 5 #ifndef CSPDirectiveList_h
6 #define CSPDirectiveList_h 6 #define CSPDirectiveList_h
7 7
8 #include "core/fetch/Resource.h" 8 #include "core/fetch/Resource.h"
9 #include "core/frame/csp/ContentSecurityPolicy.h" 9 #include "core/frame/csp/ContentSecurityPolicy.h"
10 #include "core/frame/csp/MediaListDirective.h" 10 #include "core/frame/csp/MediaListDirective.h"
(...skipping 124 matching lines...) Expand 10 before | Expand all | Expand 10 after
135 135
136 bool strictMixedContentChecking() const { 136 bool strictMixedContentChecking() const {
137 return m_strictMixedContentCheckingEnforced; 137 return m_strictMixedContentCheckingEnforced;
138 } 138 }
139 void reportMixedContent(const KURL& mixedURL, 139 void reportMixedContent(const KURL& mixedURL,
140 ResourceRequest::RedirectStatus) const; 140 ResourceRequest::RedirectStatus) const;
141 141
142 const String& evalDisabledErrorMessage() const { 142 const String& evalDisabledErrorMessage() const {
143 return m_evalDisabledErrorMessage; 143 return m_evalDisabledErrorMessage;
144 } 144 }
145 ReflectedXSSDisposition getReflectedXSSDisposition() const {
146 return m_reflectedXSSDisposition;
147 }
148 ReferrerPolicy getReferrerPolicy() const { return m_referrerPolicy; } 145 ReferrerPolicy getReferrerPolicy() const { return m_referrerPolicy; }
149 bool didSetReferrerPolicy() const { return m_didSetReferrerPolicy; } 146 bool didSetReferrerPolicy() const { return m_didSetReferrerPolicy; }
150 bool isReportOnly() const { 147 bool isReportOnly() const {
151 return m_headerType == ContentSecurityPolicyHeaderTypeReport; 148 return m_headerType == ContentSecurityPolicyHeaderTypeReport;
152 } 149 }
153 const Vector<String>& reportEndpoints() const { return m_reportEndpoints; } 150 const Vector<String>& reportEndpoints() const { return m_reportEndpoints; }
154 uint8_t requireSRIForTokens() const { return m_requireSRIFor; } 151 uint8_t requireSRIForTokens() const { return m_requireSRIFor; }
155 bool isFrameAncestorsEnforced() const { 152 bool isFrameAncestorsEnforced() const {
156 return m_frameAncestors.get() && !isReportOnly(); 153 return m_frameAncestors.get() && !isReportOnly();
157 } 154 }
(...skipping 16 matching lines...) Expand all
174 ContentSecurityPolicyHeaderType, 171 ContentSecurityPolicyHeaderType,
175 ContentSecurityPolicyHeaderSource); 172 ContentSecurityPolicyHeaderSource);
176 173
177 bool parseDirective(const UChar* begin, 174 bool parseDirective(const UChar* begin,
178 const UChar* end, 175 const UChar* end,
179 String& name, 176 String& name,
180 String& value); 177 String& value);
181 void parseRequireSRIFor(const String& name, const String& value); 178 void parseRequireSRIFor(const String& name, const String& value);
182 void parseReportURI(const String& name, const String& value); 179 void parseReportURI(const String& name, const String& value);
183 void parsePluginTypes(const String& name, const String& value); 180 void parsePluginTypes(const String& name, const String& value);
184 void parseReflectedXSS(const String& name, const String& value);
185 void parseReferrer(const String& name, const String& value); 181 void parseReferrer(const String& name, const String& value);
186 void addDirective(const String& name, const String& value); 182 void addDirective(const String& name, const String& value);
187 void applySandboxPolicy(const String& name, const String& sandboxPolicy); 183 void applySandboxPolicy(const String& name, const String& sandboxPolicy);
188 void enforceStrictMixedContentChecking(const String& name, 184 void enforceStrictMixedContentChecking(const String& name,
189 const String& value); 185 const String& value);
190 void enableInsecureRequestsUpgrade(const String& name, const String& value); 186 void enableInsecureRequestsUpgrade(const String& name, const String& value);
191 void treatAsPublicAddress(const String& name, const String& value); 187 void treatAsPublicAddress(const String& name, const String& value);
192 188
193 template <class CSPDirectiveType> 189 template <class CSPDirectiveType>
194 void setCSPDirective(const String& name, 190 void setCSPDirective(const String& name,
(...skipping 79 matching lines...) Expand 10 before | Expand all | Expand 10 after
274 270
275 bool denyIfEnforcingPolicy() const { return isReportOnly(); } 271 bool denyIfEnforcingPolicy() const { return isReportOnly(); }
276 272
277 Member<ContentSecurityPolicy> m_policy; 273 Member<ContentSecurityPolicy> m_policy;
278 274
279 String m_header; 275 String m_header;
280 ContentSecurityPolicyHeaderType m_headerType; 276 ContentSecurityPolicyHeaderType m_headerType;
281 ContentSecurityPolicyHeaderSource m_headerSource; 277 ContentSecurityPolicyHeaderSource m_headerSource;
282 278
283 bool m_hasSandboxPolicy; 279 bool m_hasSandboxPolicy;
284 ReflectedXSSDisposition m_reflectedXSSDisposition;
285 280
286 bool m_didSetReferrerPolicy; 281 bool m_didSetReferrerPolicy;
287 ReferrerPolicy m_referrerPolicy; 282 ReferrerPolicy m_referrerPolicy;
288 283
289 bool m_strictMixedContentCheckingEnforced; 284 bool m_strictMixedContentCheckingEnforced;
290 285
291 bool m_upgradeInsecureRequests; 286 bool m_upgradeInsecureRequests;
292 bool m_treatAsPublicAddress; 287 bool m_treatAsPublicAddress;
293 288
294 Member<MediaListDirective> m_pluginTypes; 289 Member<MediaListDirective> m_pluginTypes;
(...skipping 15 matching lines...) Expand all
310 uint8_t m_requireSRIFor; 305 uint8_t m_requireSRIFor;
311 306
312 Vector<String> m_reportEndpoints; 307 Vector<String> m_reportEndpoints;
313 308
314 String m_evalDisabledErrorMessage; 309 String m_evalDisabledErrorMessage;
315 }; 310 };
316 311
317 } // namespace blink 312 } // namespace blink
318 313
319 #endif 314 #endif
OLDNEW
« no previous file with comments | « third_party/WebKit/LayoutTests/http/tests/security/xssAuditor/xss-filter-bypass-sjis-expected.txt ('k') | third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.cpp » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698