Revert of Embedding-CSP: Refactoring directive strings into enum

third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.h

 /*
  * Copyright (C) 2011 Google, Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
@@ skipping 54 matching lines @@
 
 typedef int SandboxFlags;
 typedef HeapVector<Member<CSPDirectiveList>> CSPDirectiveListVector;
 typedef HeapVector<Member<ConsoleMessage>> ConsoleMessageVector;
 typedef std::pair<String, ContentSecurityPolicyHeaderType> CSPHeaderAndType;
 using RedirectStatus = ResourceRequest::RedirectStatus;
 
 class CORE_EXPORT ContentSecurityPolicy
     : public GarbageCollectedFinalized<ContentSecurityPolicy> {
  public:
+  // CSP Level 1 Directives
+  static const char ConnectSrc[];
+  static const char DefaultSrc[];
+  static const char FontSrc[];
+  static const char FrameSrc[];
+  static const char ImgSrc[];
+  static const char MediaSrc[];
+  static const char ObjectSrc[];
+  static const char ReportURI[];
+  static const char Sandbox[];
+  static const char ScriptSrc[];
+  static const char StyleSrc[];
+
+  // CSP Level 2 Directives
+  static const char BaseURI[];
+  static const char ChildSrc[];
+  static const char FormAction[];
+  static const char FrameAncestors[];
+  static const char PluginTypes[];
+
+  // CSP Level 3 Directives
+  static const char ManifestSrc[];
+  static const char WorkerSrc[];
+
+  // Mixed Content Directive
+  // https://w3c.github.io/webappsec/specs/mixedcontent/#strict-mode
+  static const char BlockAllMixedContent[];
+
+  // https://w3c.github.io/webappsec/specs/upgrade/
+  static const char UpgradeInsecureRequests[];
+
+  // https://mikewest.github.io/cors-rfc1918/#csp
+  static const char TreatAsPublicAddress[];
+
+  // https://w3c.github.io/webappsec-subresource-integrity/#require-sri-for
+  static const char RequireSRIFor[];
+
   enum ReportingStatus { SendReport, SuppressReport };
 
   enum ExceptionStatus { WillThrowException, WillNotThrowException };
 
   // This covers the possible values of a violation's 'resource', as defined in
   // https://w3c.github.io/webappsec-csp/#violation-resource. By the time we
   // generate a report, we're guaranteed that the value isn't 'null', so we
   // don't need that state in this enum.
   enum ViolationType { InlineViolation, EvalViolation, URLViolation };
 
   enum class InlineType { Block, Attribute };
 
-  enum class DirectiveType {
-    Undefined,
-    BaseURI,
-    BlockAllMixedContent,
-    ChildSrc,
-    ConnectSrc,
-    DefaultSrc,
-    FrameAncestors,
-    FrameSrc,
-    FontSrc,
-    FormAction,
-    ImgSrc,
-    ManifestSrc,
-    MediaSrc,
-    ObjectSrc,
-    PluginTypes,
-    ReportURI,
-    RequireSRIFor,
-    Sandbox,
-    ScriptSrc,
-    StyleSrc,
-    TreatAsPublicAddress,
-    UpgradeInsecureRequests,
-    WorkerSrc,
-  };
-
   static ContentSecurityPolicy* create() { return new ContentSecurityPolicy(); }
   ~ContentSecurityPolicy();
   DECLARE_TRACE();
 
   void bindToExecutionContext(ExecutionContext*);
   void setupSelf(const SecurityOrigin&);
   void copyStateFrom(const ContentSecurityPolicy*);
   void copyPluginTypesFrom(const ContentSecurityPolicy*);
 
   void didReceiveHeaders(const ContentSecurityPolicyResponseHeaders&);
@@ skipping 170 matching lines @@
   void reportReportOnlyInMeta(const String&);
   void reportMetaOutsideHead(const String&);
   void reportValueForEmptyDirective(const String& directiveName,
                                     const String& value);
 
   // If a frame is passed in, the report will be sent using it as a context. If
   // no frame is passed in, the report will be sent via this object's
   // |m_executionContext| (or dropped on the floor if no such context is
   // available).
   void reportViolation(const String& directiveText,
-                       const DirectiveType& effectiveType,
+                       const String& effectiveDirective,
                        const String& consoleMessage,
                        const KURL& blockedURL,
                        const Vector<String>& reportEndpoints,
                        const String& header,
                        ContentSecurityPolicyHeaderType,
                        ViolationType,
                        LocalFrame* = nullptr,
                        RedirectStatus = RedirectStatus::FollowedRedirect,
                        int contextLine = 0,
                        Element* = nullptr);
@@ skipping 22 matching lines @@
   bool urlMatchesSelf(const KURL&) const;
   bool protocolMatchesSelf(const KURL&) const;
   bool selfMatchesInnerURL() const;
 
   bool experimentalFeaturesEnabled() const;
 
   bool shouldSendCSPHeader(Resource::Type) const;
 
   static bool shouldBypassMainWorld(const ExecutionContext*);
 
+  static bool isDirectiveName(const String&);
+
   static bool isNonceableElement(const Element*);
 
   // This method checks whether the request should be allowed for an
   // experimental EmbeddingCSP feature
   // Please, see https://w3c.github.io/webappsec-csp/embedded/#origin-allowed.
   static bool shouldEnforceEmbeddersPolicy(const ResourceResponse&,
                                            SecurityOrigin*);
 
-  static const char* getDirectiveName(const DirectiveType&);
-  static DirectiveType getDirectiveType(const String& name);
-
   Document* document() const;
 
  private:
   FRIEND_TEST_ALL_PREFIXES(ContentSecurityPolicyTest, NonceInline);
   FRIEND_TEST_ALL_PREFIXES(ContentSecurityPolicyTest, NonceSinglePolicy);
   FRIEND_TEST_ALL_PREFIXES(ContentSecurityPolicyTest, NonceMultiplePolicy);
 
   ContentSecurityPolicy();
 
   void applyPolicySideEffectsToExecutionContext();
@@ skipping 33 matching lines @@
   String m_disableEvalErrorMessage;
   WebInsecureRequestPolicy m_insecureRequestPolicy;
 
   Member<CSPSource> m_selfSource;
   String m_selfProtocol;
 };
 
 }  // namespace blink
 
 #endif