OLD | NEW |
1 /* | 1 /* |
2 * Copyright (C) 2011 Google, Inc. All rights reserved. | 2 * Copyright (C) 2011 Google, Inc. All rights reserved. |
3 * | 3 * |
4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
5 * modification, are permitted provided that the following conditions | 5 * modification, are permitted provided that the following conditions |
6 * are met: | 6 * are met: |
7 * 1. Redistributions of source code must retain the above copyright | 7 * 1. Redistributions of source code must retain the above copyright |
8 * notice, this list of conditions and the following disclaimer. | 8 * notice, this list of conditions and the following disclaimer. |
9 * 2. Redistributions in binary form must reproduce the above copyright | 9 * 2. Redistributions in binary form must reproduce the above copyright |
10 * notice, this list of conditions and the following disclaimer in the | 10 * notice, this list of conditions and the following disclaimer in the |
(...skipping 338 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
349 | 349 |
350 // This method checks whether the request should be allowed for an | 350 // This method checks whether the request should be allowed for an |
351 // experimental EmbeddingCSP feature | 351 // experimental EmbeddingCSP feature |
352 // Please, see https://w3c.github.io/webappsec-csp/embedded/#origin-allowed. | 352 // Please, see https://w3c.github.io/webappsec-csp/embedded/#origin-allowed. |
353 static bool shouldEnforceEmbeddersPolicy(const ResourceResponse&, | 353 static bool shouldEnforceEmbeddersPolicy(const ResourceResponse&, |
354 SecurityOrigin*); | 354 SecurityOrigin*); |
355 | 355 |
356 static const char* getDirectiveName(const DirectiveType&); | 356 static const char* getDirectiveName(const DirectiveType&); |
357 static DirectiveType getDirectiveType(const String& name); | 357 static DirectiveType getDirectiveType(const String& name); |
358 | 358 |
| 359 // This method checks if if this policy subsumes a given policy. |
| 360 // Note the correct result is guaranteed if this policy contains only one |
| 361 // CSPDirectiveList. More information here: |
| 362 // https://w3c.github.io/webappsec-csp/embedded/#subsume-policy |
| 363 bool subsumes(const ContentSecurityPolicy&); |
| 364 |
359 Document* document() const; | 365 Document* document() const; |
360 | 366 |
361 private: | 367 private: |
362 FRIEND_TEST_ALL_PREFIXES(ContentSecurityPolicyTest, NonceInline); | 368 FRIEND_TEST_ALL_PREFIXES(ContentSecurityPolicyTest, NonceInline); |
363 FRIEND_TEST_ALL_PREFIXES(ContentSecurityPolicyTest, NonceSinglePolicy); | 369 FRIEND_TEST_ALL_PREFIXES(ContentSecurityPolicyTest, NonceSinglePolicy); |
364 FRIEND_TEST_ALL_PREFIXES(ContentSecurityPolicyTest, NonceMultiplePolicy); | 370 FRIEND_TEST_ALL_PREFIXES(ContentSecurityPolicyTest, NonceMultiplePolicy); |
365 | 371 |
366 ContentSecurityPolicy(); | 372 ContentSecurityPolicy(); |
367 | 373 |
368 void applyPolicySideEffectsToExecutionContext(); | 374 void applyPolicySideEffectsToExecutionContext(); |
(...skipping 33 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
402 String m_disableEvalErrorMessage; | 408 String m_disableEvalErrorMessage; |
403 WebInsecureRequestPolicy m_insecureRequestPolicy; | 409 WebInsecureRequestPolicy m_insecureRequestPolicy; |
404 | 410 |
405 Member<CSPSource> m_selfSource; | 411 Member<CSPSource> m_selfSource; |
406 String m_selfProtocol; | 412 String m_selfProtocol; |
407 }; | 413 }; |
408 | 414 |
409 } // namespace blink | 415 } // namespace blink |
410 | 416 |
411 #endif | 417 #endif |
OLD | NEW |