| Index: third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.cpp
|
| diff --git a/third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.cpp b/third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.cpp
|
| index f40f1cca42bbab5a59f3b9049d374326773fbced..899562df2db1ebcd3554b25ea72c55a4c6f26d97 100644
|
| --- a/third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.cpp
|
| +++ b/third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.cpp
|
| @@ -87,7 +87,7 @@
|
|
|
| void CSPDirectiveList::reportViolation(
|
| const String& directiveText,
|
| - const ContentSecurityPolicy::DirectiveType& effectiveType,
|
| + const String& effectiveDirective,
|
| const String& consoleMessage,
|
| const KURL& blockedURL,
|
| ResourceRequest::RedirectStatus redirectStatus) const {
|
| @@ -95,15 +95,15 @@
|
| isReportOnly() ? "[Report Only] " + consoleMessage : consoleMessage;
|
| m_policy->logToConsole(ConsoleMessage::create(SecurityMessageSource,
|
| ErrorMessageLevel, message));
|
| - m_policy->reportViolation(directiveText, effectiveType, message, blockedURL,
|
| - m_reportEndpoints, m_header, m_headerType,
|
| - ContentSecurityPolicy::URLViolation, nullptr,
|
| - redirectStatus);
|
| + m_policy->reportViolation(directiveText, effectiveDirective, message,
|
| + blockedURL, m_reportEndpoints, m_header,
|
| + m_headerType, ContentSecurityPolicy::URLViolation,
|
| + nullptr, redirectStatus);
|
| }
|
|
|
| void CSPDirectiveList::reportViolationWithFrame(
|
| const String& directiveText,
|
| - const ContentSecurityPolicy::DirectiveType& effectiveType,
|
| + const String& effectiveDirective,
|
| const String& consoleMessage,
|
| const KURL& blockedURL,
|
| LocalFrame* frame) const {
|
| @@ -112,14 +112,14 @@
|
| m_policy->logToConsole(
|
| ConsoleMessage::create(SecurityMessageSource, ErrorMessageLevel, message),
|
| frame);
|
| - m_policy->reportViolation(directiveText, effectiveType, message, blockedURL,
|
| - m_reportEndpoints, m_header, m_headerType,
|
| - ContentSecurityPolicy::URLViolation, frame);
|
| + m_policy->reportViolation(
|
| + directiveText, effectiveDirective, message, blockedURL, m_reportEndpoints,
|
| + m_header, m_headerType, ContentSecurityPolicy::URLViolation, frame);
|
| }
|
|
|
| void CSPDirectiveList::reportViolationWithLocation(
|
| const String& directiveText,
|
| - const ContentSecurityPolicy::DirectiveType& effectiveType,
|
| + const String& effectiveDirective,
|
| const String& consoleMessage,
|
| const KURL& blockedURL,
|
| const String& contextURL,
|
| @@ -131,14 +131,14 @@
|
| SecurityMessageSource, ErrorMessageLevel, message,
|
| SourceLocation::capture(contextURL, contextLine.oneBasedInt(), 0)));
|
| m_policy->reportViolation(
|
| - directiveText, effectiveType, message, blockedURL, m_reportEndpoints,
|
| + directiveText, effectiveDirective, message, blockedURL, m_reportEndpoints,
|
| m_header, m_headerType, ContentSecurityPolicy::InlineViolation, nullptr,
|
| RedirectStatus::NoRedirect, contextLine.oneBasedInt(), element);
|
| }
|
|
|
| void CSPDirectiveList::reportViolationWithState(
|
| const String& directiveText,
|
| - const ContentSecurityPolicy::DirectiveType& effectiveType,
|
| + const String& effectiveDirective,
|
| const String& message,
|
| const KURL& blockedURL,
|
| ScriptState* scriptState,
|
| @@ -154,9 +154,9 @@
|
| SecurityMessageSource, ErrorMessageLevel, reportMessage);
|
| m_policy->logToConsole(consoleMessage);
|
| }
|
| - m_policy->reportViolation(directiveText, effectiveType, message, blockedURL,
|
| - m_reportEndpoints, m_header, m_headerType,
|
| - ContentSecurityPolicy::EvalViolation);
|
| + m_policy->reportViolation(directiveText, effectiveDirective, message,
|
| + blockedURL, m_reportEndpoints, m_header,
|
| + m_headerType, ContentSecurityPolicy::EvalViolation);
|
| }
|
|
|
| bool CSPDirectiveList::checkEval(SourceListDirective* directive) const {
|
| @@ -191,12 +191,11 @@
|
| const KURL& mixedURL,
|
| ResourceRequest::RedirectStatus redirectStatus) const {
|
| if (strictMixedContentChecking()) {
|
| - m_policy->reportViolation(
|
| - ContentSecurityPolicy::getDirectiveName(
|
| - ContentSecurityPolicy::DirectiveType::BlockAllMixedContent),
|
| - ContentSecurityPolicy::DirectiveType::BlockAllMixedContent, String(),
|
| - mixedURL, m_reportEndpoints, m_header, m_headerType,
|
| - ContentSecurityPolicy::URLViolation, nullptr, redirectStatus);
|
| + m_policy->reportViolation(ContentSecurityPolicy::BlockAllMixedContent,
|
| + ContentSecurityPolicy::BlockAllMixedContent,
|
| + String(), mixedURL, m_reportEndpoints, m_header,
|
| + m_headerType, ContentSecurityPolicy::URLViolation,
|
| + nullptr, redirectStatus);
|
| }
|
| }
|
|
|
| @@ -283,9 +282,8 @@
|
| break;
|
| }
|
|
|
| - reportViolation(ContentSecurityPolicy::getDirectiveName(
|
| - ContentSecurityPolicy::DirectiveType::RequireSRIFor),
|
| - ContentSecurityPolicy::DirectiveType::RequireSRIFor,
|
| + reportViolation(ContentSecurityPolicy::RequireSRIFor,
|
| + ContentSecurityPolicy::RequireSRIFor,
|
| "Refused to load the " + resourceType + " '" +
|
| url.elidedString() +
|
| "' because 'require-sri-for' directive requires "
|
| @@ -342,7 +340,7 @@
|
| "used as a fallback.";
|
|
|
| reportViolationWithState(
|
| - directive->text(), ContentSecurityPolicy::DirectiveType::ScriptSrc,
|
| + directive->text(), ContentSecurityPolicy::ScriptSrc,
|
| consoleMessage + "\"" + directive->text() + "\"." + suffix + "\n", KURL(),
|
| scriptState, exceptionStatus);
|
| if (!isReportOnly()) {
|
| @@ -371,9 +369,9 @@
|
| // 'RedirectStatus::NoRedirect' is safe here, as we do the media type check
|
| // before actually loading data; this means that we shouldn't leak redirect
|
| // targets, as we won't have had a chance to redirect yet.
|
| - reportViolation(
|
| - directive->text(), ContentSecurityPolicy::DirectiveType::PluginTypes,
|
| - message + "\n", KURL(), ResourceRequest::RedirectStatus::NoRedirect);
|
| + reportViolation(directive->text(), ContentSecurityPolicy::PluginTypes,
|
| + message + "\n", KURL(),
|
| + ResourceRequest::RedirectStatus::NoRedirect);
|
| return denyIfEnforcingPolicy();
|
| }
|
|
|
| @@ -407,9 +405,8 @@
|
| }
|
|
|
| reportViolationWithLocation(
|
| - directive->text(),
|
| - isScript ? ContentSecurityPolicy::DirectiveType::ScriptSrc
|
| - : ContentSecurityPolicy::DirectiveType::StyleSrc,
|
| + directive->text(), isScript ? ContentSecurityPolicy::ScriptSrc
|
| + : ContentSecurityPolicy::StyleSrc,
|
| consoleMessage + "\"" + directive->text() + "\"." + suffix + "\n", KURL(),
|
| contextURL, contextLine, element);
|
|
|
| @@ -424,7 +421,7 @@
|
| bool CSPDirectiveList::checkSourceAndReportViolation(
|
| SourceListDirective* directive,
|
| const KURL& url,
|
| - const ContentSecurityPolicy::DirectiveType& effectiveType,
|
| + const String& effectiveDirective,
|
| ResourceRequest::RedirectStatus redirectStatus) const {
|
| if (!directive)
|
| return true;
|
| @@ -436,33 +433,33 @@
|
| // We should never have a violation against `child-src` or `default-src`
|
| // directly; the effective directive should always be one of the explicit
|
| // fetch directives.
|
| - DCHECK_NE(ContentSecurityPolicy::DirectiveType::ChildSrc, effectiveType);
|
| - DCHECK_NE(ContentSecurityPolicy::DirectiveType::DefaultSrc, effectiveType);
|
| + DCHECK_NE(ContentSecurityPolicy::ChildSrc, effectiveDirective);
|
| + DCHECK_NE(ContentSecurityPolicy::DefaultSrc, effectiveDirective);
|
|
|
| String prefix;
|
| - if (ContentSecurityPolicy::DirectiveType::BaseURI == effectiveType)
|
| + if (ContentSecurityPolicy::BaseURI == effectiveDirective)
|
| prefix = "Refused to set the document's base URI to '";
|
| - else if (ContentSecurityPolicy::DirectiveType::WorkerSrc == effectiveType)
|
| + else if (ContentSecurityPolicy::WorkerSrc == effectiveDirective)
|
| prefix = "Refused to create a worker from '";
|
| - else if (ContentSecurityPolicy::DirectiveType::ConnectSrc == effectiveType)
|
| + else if (ContentSecurityPolicy::ConnectSrc == effectiveDirective)
|
| prefix = "Refused to connect to '";
|
| - else if (ContentSecurityPolicy::DirectiveType::FontSrc == effectiveType)
|
| + else if (ContentSecurityPolicy::FontSrc == effectiveDirective)
|
| prefix = "Refused to load the font '";
|
| - else if (ContentSecurityPolicy::DirectiveType::FormAction == effectiveType)
|
| + else if (ContentSecurityPolicy::FormAction == effectiveDirective)
|
| prefix = "Refused to send form data to '";
|
| - else if (ContentSecurityPolicy::DirectiveType::FrameSrc == effectiveType)
|
| + else if (ContentSecurityPolicy::FrameSrc == effectiveDirective)
|
| prefix = "Refused to frame '";
|
| - else if (ContentSecurityPolicy::DirectiveType::ImgSrc == effectiveType)
|
| + else if (ContentSecurityPolicy::ImgSrc == effectiveDirective)
|
| prefix = "Refused to load the image '";
|
| - else if (ContentSecurityPolicy::DirectiveType::MediaSrc == effectiveType)
|
| + else if (ContentSecurityPolicy::MediaSrc == effectiveDirective)
|
| prefix = "Refused to load media from '";
|
| - else if (ContentSecurityPolicy::DirectiveType::ManifestSrc == effectiveType)
|
| + else if (ContentSecurityPolicy::ManifestSrc == effectiveDirective)
|
| prefix = "Refused to load manifest from '";
|
| - else if (ContentSecurityPolicy::DirectiveType::ObjectSrc == effectiveType)
|
| + else if (ContentSecurityPolicy::ObjectSrc == effectiveDirective)
|
| prefix = "Refused to load plugin data from '";
|
| - else if (ContentSecurityPolicy::DirectiveType::ScriptSrc == effectiveType)
|
| + else if (ContentSecurityPolicy::ScriptSrc == effectiveDirective)
|
| prefix = "Refused to load the script '";
|
| - else if (ContentSecurityPolicy::DirectiveType::StyleSrc == effectiveType)
|
| + else if (ContentSecurityPolicy::StyleSrc == effectiveDirective)
|
| prefix = "Refused to load the stylesheet '";
|
|
|
| String suffix = String();
|
| @@ -471,11 +468,10 @@
|
| " 'strict-dynamic' is present, so host-based whitelisting is disabled.";
|
| if (directive == m_defaultSrc)
|
| suffix =
|
| - suffix + " Note that '" +
|
| - ContentSecurityPolicy::getDirectiveName(effectiveType) +
|
| + suffix + " Note that '" + effectiveDirective +
|
| "' was not explicitly set, so 'default-src' is used as a fallback.";
|
|
|
| - reportViolation(directive->text(), effectiveType,
|
| + reportViolation(directive->text(), effectiveDirective,
|
| prefix + url.elidedString() +
|
| "' because it violates the following Content Security "
|
| "Policy directive: \"" +
|
| @@ -491,8 +487,7 @@
|
| if (checkAncestors(directive, frame))
|
| return true;
|
|
|
| - reportViolationWithFrame(directive->text(),
|
| - ContentSecurityPolicy::DirectiveType::FrameAncestors,
|
| + reportViolationWithFrame(directive->text(), "frame-ancestors",
|
| "Refused to display '" + url.elidedString() +
|
| "' in a frame because an ancestor violates the "
|
| "following Content Security Policy directive: "
|
| @@ -618,8 +613,7 @@
|
| return reportingStatus == ContentSecurityPolicy::SendReport
|
| ? checkSourceAndReportViolation(
|
| operativeDirective(m_scriptSrc.get()), url,
|
| - ContentSecurityPolicy::DirectiveType::ScriptSrc,
|
| - redirectStatus)
|
| + ContentSecurityPolicy::ScriptSrc, redirectStatus)
|
| : checkSource(operativeDirective(m_scriptSrc.get()), url,
|
| redirectStatus);
|
| }
|
| @@ -633,8 +627,7 @@
|
| return reportingStatus == ContentSecurityPolicy::SendReport
|
| ? checkSourceAndReportViolation(
|
| operativeDirective(m_objectSrc.get()), url,
|
| - ContentSecurityPolicy::DirectiveType::ObjectSrc,
|
| - redirectStatus)
|
| + ContentSecurityPolicy::ObjectSrc, redirectStatus)
|
| : checkSource(operativeDirective(m_objectSrc.get()), url,
|
| redirectStatus);
|
| }
|
| @@ -654,10 +647,9 @@
|
| m_frameSrc.get(), operativeDirective(m_childSrc.get()));
|
|
|
| return reportingStatus == ContentSecurityPolicy::SendReport
|
| - ? checkSourceAndReportViolation(
|
| - whichDirective, url,
|
| - ContentSecurityPolicy::DirectiveType::FrameSrc,
|
| - redirectStatus)
|
| + ? checkSourceAndReportViolation(whichDirective, url,
|
| + ContentSecurityPolicy::FrameSrc,
|
| + redirectStatus)
|
| : checkSource(whichDirective, url, redirectStatus);
|
| }
|
|
|
| @@ -666,9 +658,9 @@
|
| ResourceRequest::RedirectStatus redirectStatus,
|
| ContentSecurityPolicy::ReportingStatus reportingStatus) const {
|
| return reportingStatus == ContentSecurityPolicy::SendReport
|
| - ? checkSourceAndReportViolation(
|
| - operativeDirective(m_imgSrc.get()), url,
|
| - ContentSecurityPolicy::DirectiveType::ImgSrc, redirectStatus)
|
| + ? checkSourceAndReportViolation(operativeDirective(m_imgSrc.get()),
|
| + url, ContentSecurityPolicy::ImgSrc,
|
| + redirectStatus)
|
| : checkSource(operativeDirective(m_imgSrc.get()), url,
|
| redirectStatus);
|
| }
|
| @@ -683,8 +675,7 @@
|
| return reportingStatus == ContentSecurityPolicy::SendReport
|
| ? checkSourceAndReportViolation(
|
| operativeDirective(m_styleSrc.get()), url,
|
| - ContentSecurityPolicy::DirectiveType::StyleSrc,
|
| - redirectStatus)
|
| + ContentSecurityPolicy::StyleSrc, redirectStatus)
|
| : checkSource(operativeDirective(m_styleSrc.get()), url,
|
| redirectStatus);
|
| }
|
| @@ -696,8 +687,7 @@
|
| return reportingStatus == ContentSecurityPolicy::SendReport
|
| ? checkSourceAndReportViolation(
|
| operativeDirective(m_fontSrc.get()), url,
|
| - ContentSecurityPolicy::DirectiveType::FontSrc,
|
| - redirectStatus)
|
| + ContentSecurityPolicy::FontSrc, redirectStatus)
|
| : checkSource(operativeDirective(m_fontSrc.get()), url,
|
| redirectStatus);
|
| }
|
| @@ -709,8 +699,7 @@
|
| return reportingStatus == ContentSecurityPolicy::SendReport
|
| ? checkSourceAndReportViolation(
|
| operativeDirective(m_mediaSrc.get()), url,
|
| - ContentSecurityPolicy::DirectiveType::MediaSrc,
|
| - redirectStatus)
|
| + ContentSecurityPolicy::MediaSrc, redirectStatus)
|
| : checkSource(operativeDirective(m_mediaSrc.get()), url,
|
| redirectStatus);
|
| }
|
| @@ -722,8 +711,7 @@
|
| return reportingStatus == ContentSecurityPolicy::SendReport
|
| ? checkSourceAndReportViolation(
|
| operativeDirective(m_manifestSrc.get()), url,
|
| - ContentSecurityPolicy::DirectiveType::ManifestSrc,
|
| - redirectStatus)
|
| + ContentSecurityPolicy::ManifestSrc, redirectStatus)
|
| : checkSource(operativeDirective(m_manifestSrc.get()), url,
|
| redirectStatus);
|
| }
|
| @@ -735,8 +723,7 @@
|
| return reportingStatus == ContentSecurityPolicy::SendReport
|
| ? checkSourceAndReportViolation(
|
| operativeDirective(m_connectSrc.get()), url,
|
| - ContentSecurityPolicy::DirectiveType::ConnectSrc,
|
| - redirectStatus)
|
| + ContentSecurityPolicy::ConnectSrc, redirectStatus)
|
| : checkSource(operativeDirective(m_connectSrc.get()), url,
|
| redirectStatus);
|
| }
|
| @@ -746,10 +733,9 @@
|
| ResourceRequest::RedirectStatus redirectStatus,
|
| ContentSecurityPolicy::ReportingStatus reportingStatus) const {
|
| return reportingStatus == ContentSecurityPolicy::SendReport
|
| - ? checkSourceAndReportViolation(
|
| - m_formAction.get(), url,
|
| - ContentSecurityPolicy::DirectiveType::FormAction,
|
| - redirectStatus)
|
| + ? checkSourceAndReportViolation(m_formAction.get(), url,
|
| + ContentSecurityPolicy::FormAction,
|
| + redirectStatus)
|
| : checkSource(m_formAction.get(), url, redirectStatus);
|
| }
|
|
|
| @@ -758,10 +744,9 @@
|
| ResourceRequest::RedirectStatus redirectStatus,
|
| ContentSecurityPolicy::ReportingStatus reportingStatus) const {
|
| return reportingStatus == ContentSecurityPolicy::SendReport
|
| - ? checkSourceAndReportViolation(
|
| - m_baseURI.get(), url,
|
| - ContentSecurityPolicy::DirectiveType::BaseURI,
|
| - redirectStatus)
|
| + ? checkSourceAndReportViolation(m_baseURI.get(), url,
|
| + ContentSecurityPolicy::BaseURI,
|
| + redirectStatus)
|
| : checkSource(m_baseURI.get(), url, redirectStatus);
|
| }
|
|
|
| @@ -777,10 +762,9 @@
|
| m_workerSrc.get(), operativeDirective(m_childSrc.get()));
|
|
|
| return reportingStatus == ContentSecurityPolicy::SendReport
|
| - ? checkSourceAndReportViolation(
|
| - whichDirective, url,
|
| - ContentSecurityPolicy::DirectiveType::WorkerSrc,
|
| - redirectStatus)
|
| + ? checkSourceAndReportViolation(whichDirective, url,
|
| + ContentSecurityPolicy::WorkerSrc,
|
| + redirectStatus)
|
| : checkSource(whichDirective, url, redirectStatus);
|
| }
|
|
|
| @@ -1013,8 +997,7 @@
|
| // Remove frame-ancestors directives in meta policies, per
|
| // https://www.w3.org/TR/CSP2/#delivery-html-meta-element.
|
| if (m_headerSource == ContentSecurityPolicyHeaderSourceMeta &&
|
| - ContentSecurityPolicy::getDirectiveType(name) ==
|
| - ContentSecurityPolicy::DirectiveType::FrameAncestors) {
|
| + name == ContentSecurityPolicy::FrameAncestors) {
|
| m_policy->reportInvalidDirectiveInMeta(name);
|
| return;
|
| }
|
| @@ -1099,64 +1082,60 @@
|
| void CSPDirectiveList::addDirective(const String& name, const String& value) {
|
| ASSERT(!name.isEmpty());
|
|
|
| - ContentSecurityPolicy::DirectiveType type =
|
| - ContentSecurityPolicy::getDirectiveType(name);
|
| - if (type == ContentSecurityPolicy::DirectiveType::DefaultSrc) {
|
| + if (equalIgnoringCase(name, ContentSecurityPolicy::DefaultSrc)) {
|
| setCSPDirective<SourceListDirective>(name, value, m_defaultSrc);
|
| // TODO(mkwst) It seems unlikely that developers would use different
|
| // algorithms for scripts and styles. We may want to combine the
|
| // usesScriptHashAlgorithms() and usesStyleHashAlgorithms.
|
| m_policy->usesScriptHashAlgorithms(m_defaultSrc->hashAlgorithmsUsed());
|
| m_policy->usesStyleHashAlgorithms(m_defaultSrc->hashAlgorithmsUsed());
|
| - } else if (type == ContentSecurityPolicy::DirectiveType::ScriptSrc) {
|
| + } else if (equalIgnoringCase(name, ContentSecurityPolicy::ScriptSrc)) {
|
| setCSPDirective<SourceListDirective>(name, value, m_scriptSrc);
|
| m_policy->usesScriptHashAlgorithms(m_scriptSrc->hashAlgorithmsUsed());
|
| - } else if (type == ContentSecurityPolicy::DirectiveType::ObjectSrc) {
|
| + } else if (equalIgnoringCase(name, ContentSecurityPolicy::ObjectSrc)) {
|
| setCSPDirective<SourceListDirective>(name, value, m_objectSrc);
|
| - } else if (type ==
|
| -
|
| - ContentSecurityPolicy::DirectiveType::FrameAncestors) {
|
| + } else if (equalIgnoringCase(name, ContentSecurityPolicy::FrameAncestors)) {
|
| setCSPDirective<SourceListDirective>(name, value, m_frameAncestors);
|
| - } else if (type == ContentSecurityPolicy::DirectiveType::FrameSrc) {
|
| + } else if (equalIgnoringCase(name, ContentSecurityPolicy::FrameSrc)) {
|
| setCSPDirective<SourceListDirective>(name, value, m_frameSrc);
|
| - } else if (type == ContentSecurityPolicy::DirectiveType::ImgSrc) {
|
| + } else if (equalIgnoringCase(name, ContentSecurityPolicy::ImgSrc)) {
|
| setCSPDirective<SourceListDirective>(name, value, m_imgSrc);
|
| - } else if (type == ContentSecurityPolicy::DirectiveType::StyleSrc) {
|
| + } else if (equalIgnoringCase(name, ContentSecurityPolicy::StyleSrc)) {
|
| setCSPDirective<SourceListDirective>(name, value, m_styleSrc);
|
| m_policy->usesStyleHashAlgorithms(m_styleSrc->hashAlgorithmsUsed());
|
| - } else if (type == ContentSecurityPolicy::DirectiveType::FontSrc) {
|
| + } else if (equalIgnoringCase(name, ContentSecurityPolicy::FontSrc)) {
|
| setCSPDirective<SourceListDirective>(name, value, m_fontSrc);
|
| - } else if (type == ContentSecurityPolicy::DirectiveType::MediaSrc) {
|
| + } else if (equalIgnoringCase(name, ContentSecurityPolicy::MediaSrc)) {
|
| setCSPDirective<SourceListDirective>(name, value, m_mediaSrc);
|
| - } else if (type == ContentSecurityPolicy::DirectiveType::ConnectSrc) {
|
| + } else if (equalIgnoringCase(name, ContentSecurityPolicy::ConnectSrc)) {
|
| setCSPDirective<SourceListDirective>(name, value, m_connectSrc);
|
| - } else if (type == ContentSecurityPolicy::DirectiveType::Sandbox) {
|
| + } else if (equalIgnoringCase(name, ContentSecurityPolicy::Sandbox)) {
|
| applySandboxPolicy(name, value);
|
| - } else if (type == ContentSecurityPolicy::DirectiveType::ReportURI) {
|
| + } else if (equalIgnoringCase(name, ContentSecurityPolicy::ReportURI)) {
|
| parseReportURI(name, value);
|
| - } else if (type == ContentSecurityPolicy::DirectiveType::BaseURI) {
|
| + } else if (equalIgnoringCase(name, ContentSecurityPolicy::BaseURI)) {
|
| setCSPDirective<SourceListDirective>(name, value, m_baseURI);
|
| - } else if (type == ContentSecurityPolicy::DirectiveType::ChildSrc) {
|
| + } else if (equalIgnoringCase(name, ContentSecurityPolicy::ChildSrc)) {
|
| setCSPDirective<SourceListDirective>(name, value, m_childSrc);
|
| - } else if (type == ContentSecurityPolicy::DirectiveType::WorkerSrc &&
|
| + } else if (equalIgnoringCase(name, ContentSecurityPolicy::WorkerSrc) &&
|
| m_policy->experimentalFeaturesEnabled()) {
|
| setCSPDirective<SourceListDirective>(name, value, m_workerSrc);
|
| - } else if (type == ContentSecurityPolicy::DirectiveType::FormAction) {
|
| + } else if (equalIgnoringCase(name, ContentSecurityPolicy::FormAction)) {
|
| setCSPDirective<SourceListDirective>(name, value, m_formAction);
|
| - } else if (type == ContentSecurityPolicy::DirectiveType::PluginTypes) {
|
| + } else if (equalIgnoringCase(name, ContentSecurityPolicy::PluginTypes)) {
|
| setCSPDirective<MediaListDirective>(name, value, m_pluginTypes);
|
| - } else if (type ==
|
| - ContentSecurityPolicy::DirectiveType::UpgradeInsecureRequests) {
|
| + } else if (equalIgnoringCase(
|
| + name, ContentSecurityPolicy::UpgradeInsecureRequests)) {
|
| enableInsecureRequestsUpgrade(name, value);
|
| - } else if (type ==
|
| - ContentSecurityPolicy::DirectiveType::BlockAllMixedContent) {
|
| + } else if (equalIgnoringCase(name,
|
| + ContentSecurityPolicy::BlockAllMixedContent)) {
|
| enforceStrictMixedContentChecking(name, value);
|
| - } else if (type == ContentSecurityPolicy::DirectiveType::ManifestSrc) {
|
| + } else if (equalIgnoringCase(name, ContentSecurityPolicy::ManifestSrc)) {
|
| setCSPDirective<SourceListDirective>(name, value, m_manifestSrc);
|
| - } else if (type ==
|
| - ContentSecurityPolicy::DirectiveType::TreatAsPublicAddress) {
|
| + } else if (equalIgnoringCase(name,
|
| + ContentSecurityPolicy::TreatAsPublicAddress)) {
|
| treatAsPublicAddress(name, value);
|
| - } else if (type == ContentSecurityPolicy::DirectiveType::RequireSRIFor &&
|
| + } else if (equalIgnoringCase(name, ContentSecurityPolicy::RequireSRIFor) &&
|
| m_policy->experimentalFeaturesEnabled()) {
|
| parseRequireSRIFor(name, value);
|
| } else {
|
|
|
Chromium Code Reviews
Issue 2528133002:
Revert of Embedding-CSP: Refactoring directive strings into enum (Closed)
