Index: third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.h |
diff --git a/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.h b/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.h |
index ad42feb3b252fdf5cf8901514d57690add10d8ce..a8f8033d1b6fb05fd33dcbbe62904f64fcba8825 100644 |
--- a/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.h |
+++ b/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.h |
@@ -72,6 +72,43 @@ |
class CORE_EXPORT ContentSecurityPolicy |
: public GarbageCollectedFinalized<ContentSecurityPolicy> { |
public: |
+ // CSP Level 1 Directives |
+ static const char ConnectSrc[]; |
+ static const char DefaultSrc[]; |
+ static const char FontSrc[]; |
+ static const char FrameSrc[]; |
+ static const char ImgSrc[]; |
+ static const char MediaSrc[]; |
+ static const char ObjectSrc[]; |
+ static const char ReportURI[]; |
+ static const char Sandbox[]; |
+ static const char ScriptSrc[]; |
+ static const char StyleSrc[]; |
+ |
+ // CSP Level 2 Directives |
+ static const char BaseURI[]; |
+ static const char ChildSrc[]; |
+ static const char FormAction[]; |
+ static const char FrameAncestors[]; |
+ static const char PluginTypes[]; |
+ |
+ // CSP Level 3 Directives |
+ static const char ManifestSrc[]; |
+ static const char WorkerSrc[]; |
+ |
+ // Mixed Content Directive |
+ // https://w3c.github.io/webappsec/specs/mixedcontent/#strict-mode |
+ static const char BlockAllMixedContent[]; |
+ |
+ // https://w3c.github.io/webappsec/specs/upgrade/ |
+ static const char UpgradeInsecureRequests[]; |
+ |
+ // https://mikewest.github.io/cors-rfc1918/#csp |
+ static const char TreatAsPublicAddress[]; |
+ |
+ // https://w3c.github.io/webappsec-subresource-integrity/#require-sri-for |
+ static const char RequireSRIFor[]; |
+ |
enum ReportingStatus { SendReport, SuppressReport }; |
enum ExceptionStatus { WillThrowException, WillNotThrowException }; |
@@ -83,32 +120,6 @@ |
enum ViolationType { InlineViolation, EvalViolation, URLViolation }; |
enum class InlineType { Block, Attribute }; |
- |
- enum class DirectiveType { |
- Undefined, |
- BaseURI, |
- BlockAllMixedContent, |
- ChildSrc, |
- ConnectSrc, |
- DefaultSrc, |
- FrameAncestors, |
- FrameSrc, |
- FontSrc, |
- FormAction, |
- ImgSrc, |
- ManifestSrc, |
- MediaSrc, |
- ObjectSrc, |
- PluginTypes, |
- ReportURI, |
- RequireSRIFor, |
- Sandbox, |
- ScriptSrc, |
- StyleSrc, |
- TreatAsPublicAddress, |
- UpgradeInsecureRequests, |
- WorkerSrc, |
- }; |
static ContentSecurityPolicy* create() { return new ContentSecurityPolicy(); } |
~ContentSecurityPolicy(); |
@@ -300,7 +311,7 @@ |
// |m_executionContext| (or dropped on the floor if no such context is |
// available). |
void reportViolation(const String& directiveText, |
- const DirectiveType& effectiveType, |
+ const String& effectiveDirective, |
const String& consoleMessage, |
const KURL& blockedURL, |
const Vector<String>& reportEndpoints, |
@@ -343,6 +354,8 @@ |
static bool shouldBypassMainWorld(const ExecutionContext*); |
+ static bool isDirectiveName(const String&); |
+ |
static bool isNonceableElement(const Element*); |
// This method checks whether the request should be allowed for an |
@@ -350,9 +363,6 @@ |
// Please, see https://w3c.github.io/webappsec-csp/embedded/#origin-allowed. |
static bool shouldEnforceEmbeddersPolicy(const ResourceResponse&, |
SecurityOrigin*); |
- |
- static const char* getDirectiveName(const DirectiveType&); |
- static DirectiveType getDirectiveType(const String& name); |
Document* document() const; |