OLD | NEW |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef CSPDirectiveList_h | 5 #ifndef CSPDirectiveList_h |
6 #define CSPDirectiveList_h | 6 #define CSPDirectiveList_h |
7 | 7 |
8 #include "core/fetch/Resource.h" | 8 #include "core/fetch/Resource.h" |
9 #include "core/frame/csp/ContentSecurityPolicy.h" | 9 #include "core/frame/csp/ContentSecurityPolicy.h" |
10 #include "core/frame/csp/MediaListDirective.h" | 10 #include "core/frame/csp/MediaListDirective.h" |
(...skipping 65 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
76 ResourceRequest::RedirectStatus, | 76 ResourceRequest::RedirectStatus, |
77 ContentSecurityPolicy::ReportingStatus) const; | 77 ContentSecurityPolicy::ReportingStatus) const; |
78 bool allowStyleFromSource(const KURL&, | 78 bool allowStyleFromSource(const KURL&, |
79 const String& nonce, | 79 const String& nonce, |
80 ResourceRequest::RedirectStatus, | 80 ResourceRequest::RedirectStatus, |
81 ContentSecurityPolicy::ReportingStatus) const; | 81 ContentSecurityPolicy::ReportingStatus) const; |
82 | 82 |
83 bool allowObjectFromSource(const KURL&, | 83 bool allowObjectFromSource(const KURL&, |
84 ResourceRequest::RedirectStatus, | 84 ResourceRequest::RedirectStatus, |
85 ContentSecurityPolicy::ReportingStatus) const; | 85 ContentSecurityPolicy::ReportingStatus) const; |
86 bool allowChildFrameFromSource(const KURL&, | 86 bool allowFrameFromSource(const KURL&, |
87 ResourceRequest::RedirectStatus, | 87 ResourceRequest::RedirectStatus, |
88 ContentSecurityPolicy::ReportingStatus) const; | 88 ContentSecurityPolicy::ReportingStatus) const; |
89 bool allowImageFromSource(const KURL&, | 89 bool allowImageFromSource(const KURL&, |
90 ResourceRequest::RedirectStatus, | 90 ResourceRequest::RedirectStatus, |
91 ContentSecurityPolicy::ReportingStatus) const; | 91 ContentSecurityPolicy::ReportingStatus) const; |
92 bool allowFontFromSource(const KURL&, | 92 bool allowFontFromSource(const KURL&, |
93 ResourceRequest::RedirectStatus, | 93 ResourceRequest::RedirectStatus, |
94 ContentSecurityPolicy::ReportingStatus) const; | 94 ContentSecurityPolicy::ReportingStatus) const; |
95 bool allowMediaFromSource(const KURL&, | 95 bool allowMediaFromSource(const KURL&, |
96 ResourceRequest::RedirectStatus, | 96 ResourceRequest::RedirectStatus, |
97 ContentSecurityPolicy::ReportingStatus) const; | 97 ContentSecurityPolicy::ReportingStatus) const; |
98 bool allowManifestFromSource(const KURL&, | 98 bool allowManifestFromSource(const KURL&, |
99 ResourceRequest::RedirectStatus, | 99 ResourceRequest::RedirectStatus, |
100 ContentSecurityPolicy::ReportingStatus) const; | 100 ContentSecurityPolicy::ReportingStatus) const; |
101 bool allowConnectToSource(const KURL&, | 101 bool allowConnectToSource(const KURL&, |
102 ResourceRequest::RedirectStatus, | 102 ResourceRequest::RedirectStatus, |
103 ContentSecurityPolicy::ReportingStatus) const; | 103 ContentSecurityPolicy::ReportingStatus) const; |
104 bool allowFormAction(const KURL&, | 104 bool allowFormAction(const KURL&, |
105 ResourceRequest::RedirectStatus, | 105 ResourceRequest::RedirectStatus, |
106 ContentSecurityPolicy::ReportingStatus) const; | 106 ContentSecurityPolicy::ReportingStatus) const; |
107 bool allowBaseURI(const KURL&, | 107 bool allowBaseURI(const KURL&, |
108 ResourceRequest::RedirectStatus, | 108 ResourceRequest::RedirectStatus, |
109 ContentSecurityPolicy::ReportingStatus) const; | 109 ContentSecurityPolicy::ReportingStatus) const; |
110 bool allowChildContextFromSource( | 110 bool allowWorkerFromSource(const KURL&, |
111 const KURL&, | 111 ResourceRequest::RedirectStatus, |
112 ResourceRequest::RedirectStatus, | 112 ContentSecurityPolicy::ReportingStatus) const; |
113 ContentSecurityPolicy::ReportingStatus) const; | |
114 // |allowAncestors| does not need to know whether the resource was a | 113 // |allowAncestors| does not need to know whether the resource was a |
115 // result of a redirect. After a redirect, source paths are usually | 114 // result of a redirect. After a redirect, source paths are usually |
116 // ignored to stop a page from learning the path to which the | 115 // ignored to stop a page from learning the path to which the |
117 // request was redirected, but this is not a concern for ancestors, | 116 // request was redirected, but this is not a concern for ancestors, |
118 // because a child frame can't manipulate the URL of a cross-origin | 117 // because a child frame can't manipulate the URL of a cross-origin |
119 // parent. | 118 // parent. |
120 bool allowAncestors(LocalFrame*, | 119 bool allowAncestors(LocalFrame*, |
121 const KURL&, | 120 const KURL&, |
122 ContentSecurityPolicy::ReportingStatus) const; | 121 ContentSecurityPolicy::ReportingStatus) const; |
123 bool allowScriptHash(const CSPHashValue&, | 122 bool allowScriptHash(const CSPHashValue&, |
(...skipping 163 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
287 Member<SourceListDirective> m_fontSrc; | 286 Member<SourceListDirective> m_fontSrc; |
288 Member<SourceListDirective> m_formAction; | 287 Member<SourceListDirective> m_formAction; |
289 Member<SourceListDirective> m_frameAncestors; | 288 Member<SourceListDirective> m_frameAncestors; |
290 Member<SourceListDirective> m_frameSrc; | 289 Member<SourceListDirective> m_frameSrc; |
291 Member<SourceListDirective> m_imgSrc; | 290 Member<SourceListDirective> m_imgSrc; |
292 Member<SourceListDirective> m_mediaSrc; | 291 Member<SourceListDirective> m_mediaSrc; |
293 Member<SourceListDirective> m_manifestSrc; | 292 Member<SourceListDirective> m_manifestSrc; |
294 Member<SourceListDirective> m_objectSrc; | 293 Member<SourceListDirective> m_objectSrc; |
295 Member<SourceListDirective> m_scriptSrc; | 294 Member<SourceListDirective> m_scriptSrc; |
296 Member<SourceListDirective> m_styleSrc; | 295 Member<SourceListDirective> m_styleSrc; |
| 296 Member<SourceListDirective> m_workerSrc; |
297 | 297 |
298 uint8_t m_requireSRIFor; | 298 uint8_t m_requireSRIFor; |
299 | 299 |
300 Vector<String> m_reportEndpoints; | 300 Vector<String> m_reportEndpoints; |
301 | 301 |
302 String m_evalDisabledErrorMessage; | 302 String m_evalDisabledErrorMessage; |
303 }; | 303 }; |
304 | 304 |
305 } // namespace blink | 305 } // namespace blink |
306 | 306 |
307 #endif | 307 #endif |
OLD | NEW |