| Index: third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.h
|
| diff --git a/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.h b/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.h
|
| index ad42feb3b252fdf5cf8901514d57690add10d8ce..a8f8033d1b6fb05fd33dcbbe62904f64fcba8825 100644
|
| --- a/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.h
|
| +++ b/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.h
|
| @@ -72,6 +72,43 @@
|
| class CORE_EXPORT ContentSecurityPolicy
|
| : public GarbageCollectedFinalized<ContentSecurityPolicy> {
|
| public:
|
| + // CSP Level 1 Directives
|
| + static const char ConnectSrc[];
|
| + static const char DefaultSrc[];
|
| + static const char FontSrc[];
|
| + static const char FrameSrc[];
|
| + static const char ImgSrc[];
|
| + static const char MediaSrc[];
|
| + static const char ObjectSrc[];
|
| + static const char ReportURI[];
|
| + static const char Sandbox[];
|
| + static const char ScriptSrc[];
|
| + static const char StyleSrc[];
|
| +
|
| + // CSP Level 2 Directives
|
| + static const char BaseURI[];
|
| + static const char ChildSrc[];
|
| + static const char FormAction[];
|
| + static const char FrameAncestors[];
|
| + static const char PluginTypes[];
|
| +
|
| + // CSP Level 3 Directives
|
| + static const char ManifestSrc[];
|
| + static const char WorkerSrc[];
|
| +
|
| + // Mixed Content Directive
|
| + // https://w3c.github.io/webappsec/specs/mixedcontent/#strict-mode
|
| + static const char BlockAllMixedContent[];
|
| +
|
| + // https://w3c.github.io/webappsec/specs/upgrade/
|
| + static const char UpgradeInsecureRequests[];
|
| +
|
| + // https://mikewest.github.io/cors-rfc1918/#csp
|
| + static const char TreatAsPublicAddress[];
|
| +
|
| + // https://w3c.github.io/webappsec-subresource-integrity/#require-sri-for
|
| + static const char RequireSRIFor[];
|
| +
|
| enum ReportingStatus { SendReport, SuppressReport };
|
|
|
| enum ExceptionStatus { WillThrowException, WillNotThrowException };
|
| @@ -83,32 +120,6 @@
|
| enum ViolationType { InlineViolation, EvalViolation, URLViolation };
|
|
|
| enum class InlineType { Block, Attribute };
|
| -
|
| - enum class DirectiveType {
|
| - Undefined,
|
| - BaseURI,
|
| - BlockAllMixedContent,
|
| - ChildSrc,
|
| - ConnectSrc,
|
| - DefaultSrc,
|
| - FrameAncestors,
|
| - FrameSrc,
|
| - FontSrc,
|
| - FormAction,
|
| - ImgSrc,
|
| - ManifestSrc,
|
| - MediaSrc,
|
| - ObjectSrc,
|
| - PluginTypes,
|
| - ReportURI,
|
| - RequireSRIFor,
|
| - Sandbox,
|
| - ScriptSrc,
|
| - StyleSrc,
|
| - TreatAsPublicAddress,
|
| - UpgradeInsecureRequests,
|
| - WorkerSrc,
|
| - };
|
|
|
| static ContentSecurityPolicy* create() { return new ContentSecurityPolicy(); }
|
| ~ContentSecurityPolicy();
|
| @@ -300,7 +311,7 @@
|
| // |m_executionContext| (or dropped on the floor if no such context is
|
| // available).
|
| void reportViolation(const String& directiveText,
|
| - const DirectiveType& effectiveType,
|
| + const String& effectiveDirective,
|
| const String& consoleMessage,
|
| const KURL& blockedURL,
|
| const Vector<String>& reportEndpoints,
|
| @@ -343,6 +354,8 @@
|
|
|
| static bool shouldBypassMainWorld(const ExecutionContext*);
|
|
|
| + static bool isDirectiveName(const String&);
|
| +
|
| static bool isNonceableElement(const Element*);
|
|
|
| // This method checks whether the request should be allowed for an
|
| @@ -350,9 +363,6 @@
|
| // Please, see https://w3c.github.io/webappsec-csp/embedded/#origin-allowed.
|
| static bool shouldEnforceEmbeddersPolicy(const ResourceResponse&,
|
| SecurityOrigin*);
|
| -
|
| - static const char* getDirectiveName(const DirectiveType&);
|
| - static DirectiveType getDirectiveType(const String& name);
|
|
|
| Document* document() const;
|
|
|
|
|
Chromium Code Reviews
Issue 2528133002:
Revert of Embedding-CSP: Refactoring directive strings into enum (Closed)
