Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(64)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.h

Issue 2480303002: CSP3: Implement 'worker-src'. (Closed)
Patch Set: feedback Created 4 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/worker-src/shared-self.html ('k') | third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.cpp » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef CSPDirectiveList_h 5 #ifndef CSPDirectiveList_h
6 #define CSPDirectiveList_h 6 #define CSPDirectiveList_h
7 7
8 #include "core/fetch/Resource.h" 8 #include "core/fetch/Resource.h"
9 #include "core/frame/csp/ContentSecurityPolicy.h" 9 #include "core/frame/csp/ContentSecurityPolicy.h"
10 #include "core/frame/csp/MediaListDirective.h" 10 #include "core/frame/csp/MediaListDirective.h"
(...skipping 65 matching lines...) Expand 10 before | Expand all | Expand 10 after
76 ResourceRequest::RedirectStatus, 76 ResourceRequest::RedirectStatus,
77 ContentSecurityPolicy::ReportingStatus) const; 77 ContentSecurityPolicy::ReportingStatus) const;
78 bool allowStyleFromSource(const KURL&, 78 bool allowStyleFromSource(const KURL&,
79 const String& nonce, 79 const String& nonce,
80 ResourceRequest::RedirectStatus, 80 ResourceRequest::RedirectStatus,
81 ContentSecurityPolicy::ReportingStatus) const; 81 ContentSecurityPolicy::ReportingStatus) const;
82 82
83 bool allowObjectFromSource(const KURL&, 83 bool allowObjectFromSource(const KURL&,
84 ResourceRequest::RedirectStatus, 84 ResourceRequest::RedirectStatus,
85 ContentSecurityPolicy::ReportingStatus) const; 85 ContentSecurityPolicy::ReportingStatus) const;
86 bool allowChildFrameFromSource(const KURL&, 86 bool allowFrameFromSource(const KURL&,
87 ResourceRequest::RedirectStatus, 87 ResourceRequest::RedirectStatus,
88 ContentSecurityPolicy::ReportingStatus) const; 88 ContentSecurityPolicy::ReportingStatus) const;
89 bool allowImageFromSource(const KURL&, 89 bool allowImageFromSource(const KURL&,
90 ResourceRequest::RedirectStatus, 90 ResourceRequest::RedirectStatus,
91 ContentSecurityPolicy::ReportingStatus) const; 91 ContentSecurityPolicy::ReportingStatus) const;
92 bool allowFontFromSource(const KURL&, 92 bool allowFontFromSource(const KURL&,
93 ResourceRequest::RedirectStatus, 93 ResourceRequest::RedirectStatus,
94 ContentSecurityPolicy::ReportingStatus) const; 94 ContentSecurityPolicy::ReportingStatus) const;
95 bool allowMediaFromSource(const KURL&, 95 bool allowMediaFromSource(const KURL&,
96 ResourceRequest::RedirectStatus, 96 ResourceRequest::RedirectStatus,
97 ContentSecurityPolicy::ReportingStatus) const; 97 ContentSecurityPolicy::ReportingStatus) const;
98 bool allowManifestFromSource(const KURL&, 98 bool allowManifestFromSource(const KURL&,
99 ResourceRequest::RedirectStatus, 99 ResourceRequest::RedirectStatus,
100 ContentSecurityPolicy::ReportingStatus) const; 100 ContentSecurityPolicy::ReportingStatus) const;
101 bool allowConnectToSource(const KURL&, 101 bool allowConnectToSource(const KURL&,
102 ResourceRequest::RedirectStatus, 102 ResourceRequest::RedirectStatus,
103 ContentSecurityPolicy::ReportingStatus) const; 103 ContentSecurityPolicy::ReportingStatus) const;
104 bool allowFormAction(const KURL&, 104 bool allowFormAction(const KURL&,
105 ResourceRequest::RedirectStatus, 105 ResourceRequest::RedirectStatus,
106 ContentSecurityPolicy::ReportingStatus) const; 106 ContentSecurityPolicy::ReportingStatus) const;
107 bool allowBaseURI(const KURL&, 107 bool allowBaseURI(const KURL&,
108 ResourceRequest::RedirectStatus, 108 ResourceRequest::RedirectStatus,
109 ContentSecurityPolicy::ReportingStatus) const; 109 ContentSecurityPolicy::ReportingStatus) const;
110 bool allowChildContextFromSource( 110 bool allowWorkerFromSource(const KURL&,
111 const KURL&, 111 ResourceRequest::RedirectStatus,
112 ResourceRequest::RedirectStatus, 112 ContentSecurityPolicy::ReportingStatus) const;
113 ContentSecurityPolicy::ReportingStatus) const;
114 // |allowAncestors| does not need to know whether the resource was a 113 // |allowAncestors| does not need to know whether the resource was a
115 // result of a redirect. After a redirect, source paths are usually 114 // result of a redirect. After a redirect, source paths are usually
116 // ignored to stop a page from learning the path to which the 115 // ignored to stop a page from learning the path to which the
117 // request was redirected, but this is not a concern for ancestors, 116 // request was redirected, but this is not a concern for ancestors,
118 // because a child frame can't manipulate the URL of a cross-origin 117 // because a child frame can't manipulate the URL of a cross-origin
119 // parent. 118 // parent.
120 bool allowAncestors(LocalFrame*, 119 bool allowAncestors(LocalFrame*,
121 const KURL&, 120 const KURL&,
122 ContentSecurityPolicy::ReportingStatus) const; 121 ContentSecurityPolicy::ReportingStatus) const;
123 bool allowScriptHash(const CSPHashValue&, 122 bool allowScriptHash(const CSPHashValue&,
(...skipping 163 matching lines...) Expand 10 before | Expand all | Expand 10 after
287 Member<SourceListDirective> m_fontSrc; 286 Member<SourceListDirective> m_fontSrc;
288 Member<SourceListDirective> m_formAction; 287 Member<SourceListDirective> m_formAction;
289 Member<SourceListDirective> m_frameAncestors; 288 Member<SourceListDirective> m_frameAncestors;
290 Member<SourceListDirective> m_frameSrc; 289 Member<SourceListDirective> m_frameSrc;
291 Member<SourceListDirective> m_imgSrc; 290 Member<SourceListDirective> m_imgSrc;
292 Member<SourceListDirective> m_mediaSrc; 291 Member<SourceListDirective> m_mediaSrc;
293 Member<SourceListDirective> m_manifestSrc; 292 Member<SourceListDirective> m_manifestSrc;
294 Member<SourceListDirective> m_objectSrc; 293 Member<SourceListDirective> m_objectSrc;
295 Member<SourceListDirective> m_scriptSrc; 294 Member<SourceListDirective> m_scriptSrc;
296 Member<SourceListDirective> m_styleSrc; 295 Member<SourceListDirective> m_styleSrc;
296 Member<SourceListDirective> m_workerSrc;
297 297
298 uint8_t m_requireSRIFor; 298 uint8_t m_requireSRIFor;
299 299
300 Vector<String> m_reportEndpoints; 300 Vector<String> m_reportEndpoints;
301 301
302 String m_evalDisabledErrorMessage; 302 String m_evalDisabledErrorMessage;
303 }; 303 };
304 304
305 } // namespace blink 305 } // namespace blink
306 306
307 #endif 307 #endif
OLDNEW
« no previous file with comments | « third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/worker-src/shared-self.html ('k') | third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.cpp » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698