Index: third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.cpp |
diff --git a/third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.cpp b/third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.cpp |
index 899562df2db1ebcd3554b25ea72c55a4c6f26d97..f40f1cca42bbab5a59f3b9049d374326773fbced 100644 |
--- a/third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.cpp |
+++ b/third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.cpp |
@@ -87,7 +87,7 @@ CSPDirectiveList* CSPDirectiveList::create( |
void CSPDirectiveList::reportViolation( |
const String& directiveText, |
- const String& effectiveDirective, |
+ const ContentSecurityPolicy::DirectiveType& effectiveType, |
const String& consoleMessage, |
const KURL& blockedURL, |
ResourceRequest::RedirectStatus redirectStatus) const { |
@@ -95,15 +95,15 @@ void CSPDirectiveList::reportViolation( |
isReportOnly() ? "[Report Only] " + consoleMessage : consoleMessage; |
m_policy->logToConsole(ConsoleMessage::create(SecurityMessageSource, |
ErrorMessageLevel, message)); |
- m_policy->reportViolation(directiveText, effectiveDirective, message, |
- blockedURL, m_reportEndpoints, m_header, |
- m_headerType, ContentSecurityPolicy::URLViolation, |
- nullptr, redirectStatus); |
+ m_policy->reportViolation(directiveText, effectiveType, message, blockedURL, |
+ m_reportEndpoints, m_header, m_headerType, |
+ ContentSecurityPolicy::URLViolation, nullptr, |
+ redirectStatus); |
} |
void CSPDirectiveList::reportViolationWithFrame( |
const String& directiveText, |
- const String& effectiveDirective, |
+ const ContentSecurityPolicy::DirectiveType& effectiveType, |
const String& consoleMessage, |
const KURL& blockedURL, |
LocalFrame* frame) const { |
@@ -112,14 +112,14 @@ void CSPDirectiveList::reportViolationWithFrame( |
m_policy->logToConsole( |
ConsoleMessage::create(SecurityMessageSource, ErrorMessageLevel, message), |
frame); |
- m_policy->reportViolation( |
- directiveText, effectiveDirective, message, blockedURL, m_reportEndpoints, |
- m_header, m_headerType, ContentSecurityPolicy::URLViolation, frame); |
+ m_policy->reportViolation(directiveText, effectiveType, message, blockedURL, |
+ m_reportEndpoints, m_header, m_headerType, |
+ ContentSecurityPolicy::URLViolation, frame); |
} |
void CSPDirectiveList::reportViolationWithLocation( |
const String& directiveText, |
- const String& effectiveDirective, |
+ const ContentSecurityPolicy::DirectiveType& effectiveType, |
const String& consoleMessage, |
const KURL& blockedURL, |
const String& contextURL, |
@@ -131,14 +131,14 @@ void CSPDirectiveList::reportViolationWithLocation( |
SecurityMessageSource, ErrorMessageLevel, message, |
SourceLocation::capture(contextURL, contextLine.oneBasedInt(), 0))); |
m_policy->reportViolation( |
- directiveText, effectiveDirective, message, blockedURL, m_reportEndpoints, |
+ directiveText, effectiveType, message, blockedURL, m_reportEndpoints, |
m_header, m_headerType, ContentSecurityPolicy::InlineViolation, nullptr, |
RedirectStatus::NoRedirect, contextLine.oneBasedInt(), element); |
} |
void CSPDirectiveList::reportViolationWithState( |
const String& directiveText, |
- const String& effectiveDirective, |
+ const ContentSecurityPolicy::DirectiveType& effectiveType, |
const String& message, |
const KURL& blockedURL, |
ScriptState* scriptState, |
@@ -154,9 +154,9 @@ void CSPDirectiveList::reportViolationWithState( |
SecurityMessageSource, ErrorMessageLevel, reportMessage); |
m_policy->logToConsole(consoleMessage); |
} |
- m_policy->reportViolation(directiveText, effectiveDirective, message, |
- blockedURL, m_reportEndpoints, m_header, |
- m_headerType, ContentSecurityPolicy::EvalViolation); |
+ m_policy->reportViolation(directiveText, effectiveType, message, blockedURL, |
+ m_reportEndpoints, m_header, m_headerType, |
+ ContentSecurityPolicy::EvalViolation); |
} |
bool CSPDirectiveList::checkEval(SourceListDirective* directive) const { |
@@ -191,11 +191,12 @@ void CSPDirectiveList::reportMixedContent( |
const KURL& mixedURL, |
ResourceRequest::RedirectStatus redirectStatus) const { |
if (strictMixedContentChecking()) { |
- m_policy->reportViolation(ContentSecurityPolicy::BlockAllMixedContent, |
- ContentSecurityPolicy::BlockAllMixedContent, |
- String(), mixedURL, m_reportEndpoints, m_header, |
- m_headerType, ContentSecurityPolicy::URLViolation, |
- nullptr, redirectStatus); |
+ m_policy->reportViolation( |
+ ContentSecurityPolicy::getDirectiveName( |
+ ContentSecurityPolicy::DirectiveType::BlockAllMixedContent), |
+ ContentSecurityPolicy::DirectiveType::BlockAllMixedContent, String(), |
+ mixedURL, m_reportEndpoints, m_header, m_headerType, |
+ ContentSecurityPolicy::URLViolation, nullptr, redirectStatus); |
} |
} |
@@ -282,8 +283,9 @@ bool CSPDirectiveList::checkRequestWithoutIntegrityAndReportViolation( |
break; |
} |
- reportViolation(ContentSecurityPolicy::RequireSRIFor, |
- ContentSecurityPolicy::RequireSRIFor, |
+ reportViolation(ContentSecurityPolicy::getDirectiveName( |
+ ContentSecurityPolicy::DirectiveType::RequireSRIFor), |
+ ContentSecurityPolicy::DirectiveType::RequireSRIFor, |
"Refused to load the " + resourceType + " '" + |
url.elidedString() + |
"' because 'require-sri-for' directive requires " |
@@ -340,7 +342,7 @@ bool CSPDirectiveList::checkEvalAndReportViolation( |
"used as a fallback."; |
reportViolationWithState( |
- directive->text(), ContentSecurityPolicy::ScriptSrc, |
+ directive->text(), ContentSecurityPolicy::DirectiveType::ScriptSrc, |
consoleMessage + "\"" + directive->text() + "\"." + suffix + "\n", KURL(), |
scriptState, exceptionStatus); |
if (!isReportOnly()) { |
@@ -369,9 +371,9 @@ bool CSPDirectiveList::checkMediaTypeAndReportViolation( |
// 'RedirectStatus::NoRedirect' is safe here, as we do the media type check |
// before actually loading data; this means that we shouldn't leak redirect |
// targets, as we won't have had a chance to redirect yet. |
- reportViolation(directive->text(), ContentSecurityPolicy::PluginTypes, |
- message + "\n", KURL(), |
- ResourceRequest::RedirectStatus::NoRedirect); |
+ reportViolation( |
+ directive->text(), ContentSecurityPolicy::DirectiveType::PluginTypes, |
+ message + "\n", KURL(), ResourceRequest::RedirectStatus::NoRedirect); |
return denyIfEnforcingPolicy(); |
} |
@@ -405,8 +407,9 @@ bool CSPDirectiveList::checkInlineAndReportViolation( |
} |
reportViolationWithLocation( |
- directive->text(), isScript ? ContentSecurityPolicy::ScriptSrc |
- : ContentSecurityPolicy::StyleSrc, |
+ directive->text(), |
+ isScript ? ContentSecurityPolicy::DirectiveType::ScriptSrc |
+ : ContentSecurityPolicy::DirectiveType::StyleSrc, |
consoleMessage + "\"" + directive->text() + "\"." + suffix + "\n", KURL(), |
contextURL, contextLine, element); |
@@ -421,7 +424,7 @@ bool CSPDirectiveList::checkInlineAndReportViolation( |
bool CSPDirectiveList::checkSourceAndReportViolation( |
SourceListDirective* directive, |
const KURL& url, |
- const String& effectiveDirective, |
+ const ContentSecurityPolicy::DirectiveType& effectiveType, |
ResourceRequest::RedirectStatus redirectStatus) const { |
if (!directive) |
return true; |
@@ -433,33 +436,33 @@ bool CSPDirectiveList::checkSourceAndReportViolation( |
// We should never have a violation against `child-src` or `default-src` |
// directly; the effective directive should always be one of the explicit |
// fetch directives. |
- DCHECK_NE(ContentSecurityPolicy::ChildSrc, effectiveDirective); |
- DCHECK_NE(ContentSecurityPolicy::DefaultSrc, effectiveDirective); |
+ DCHECK_NE(ContentSecurityPolicy::DirectiveType::ChildSrc, effectiveType); |
+ DCHECK_NE(ContentSecurityPolicy::DirectiveType::DefaultSrc, effectiveType); |
String prefix; |
- if (ContentSecurityPolicy::BaseURI == effectiveDirective) |
+ if (ContentSecurityPolicy::DirectiveType::BaseURI == effectiveType) |
prefix = "Refused to set the document's base URI to '"; |
- else if (ContentSecurityPolicy::WorkerSrc == effectiveDirective) |
+ else if (ContentSecurityPolicy::DirectiveType::WorkerSrc == effectiveType) |
prefix = "Refused to create a worker from '"; |
- else if (ContentSecurityPolicy::ConnectSrc == effectiveDirective) |
+ else if (ContentSecurityPolicy::DirectiveType::ConnectSrc == effectiveType) |
prefix = "Refused to connect to '"; |
- else if (ContentSecurityPolicy::FontSrc == effectiveDirective) |
+ else if (ContentSecurityPolicy::DirectiveType::FontSrc == effectiveType) |
prefix = "Refused to load the font '"; |
- else if (ContentSecurityPolicy::FormAction == effectiveDirective) |
+ else if (ContentSecurityPolicy::DirectiveType::FormAction == effectiveType) |
prefix = "Refused to send form data to '"; |
- else if (ContentSecurityPolicy::FrameSrc == effectiveDirective) |
+ else if (ContentSecurityPolicy::DirectiveType::FrameSrc == effectiveType) |
prefix = "Refused to frame '"; |
- else if (ContentSecurityPolicy::ImgSrc == effectiveDirective) |
+ else if (ContentSecurityPolicy::DirectiveType::ImgSrc == effectiveType) |
prefix = "Refused to load the image '"; |
- else if (ContentSecurityPolicy::MediaSrc == effectiveDirective) |
+ else if (ContentSecurityPolicy::DirectiveType::MediaSrc == effectiveType) |
prefix = "Refused to load media from '"; |
- else if (ContentSecurityPolicy::ManifestSrc == effectiveDirective) |
+ else if (ContentSecurityPolicy::DirectiveType::ManifestSrc == effectiveType) |
prefix = "Refused to load manifest from '"; |
- else if (ContentSecurityPolicy::ObjectSrc == effectiveDirective) |
+ else if (ContentSecurityPolicy::DirectiveType::ObjectSrc == effectiveType) |
prefix = "Refused to load plugin data from '"; |
- else if (ContentSecurityPolicy::ScriptSrc == effectiveDirective) |
+ else if (ContentSecurityPolicy::DirectiveType::ScriptSrc == effectiveType) |
prefix = "Refused to load the script '"; |
- else if (ContentSecurityPolicy::StyleSrc == effectiveDirective) |
+ else if (ContentSecurityPolicy::DirectiveType::StyleSrc == effectiveType) |
prefix = "Refused to load the stylesheet '"; |
String suffix = String(); |
@@ -468,10 +471,11 @@ bool CSPDirectiveList::checkSourceAndReportViolation( |
" 'strict-dynamic' is present, so host-based whitelisting is disabled."; |
if (directive == m_defaultSrc) |
suffix = |
- suffix + " Note that '" + effectiveDirective + |
+ suffix + " Note that '" + |
+ ContentSecurityPolicy::getDirectiveName(effectiveType) + |
"' was not explicitly set, so 'default-src' is used as a fallback."; |
- reportViolation(directive->text(), effectiveDirective, |
+ reportViolation(directive->text(), effectiveType, |
prefix + url.elidedString() + |
"' because it violates the following Content Security " |
"Policy directive: \"" + |
@@ -487,7 +491,8 @@ bool CSPDirectiveList::checkAncestorsAndReportViolation( |
if (checkAncestors(directive, frame)) |
return true; |
- reportViolationWithFrame(directive->text(), "frame-ancestors", |
+ reportViolationWithFrame(directive->text(), |
+ ContentSecurityPolicy::DirectiveType::FrameAncestors, |
"Refused to display '" + url.elidedString() + |
"' in a frame because an ancestor violates the " |
"following Content Security Policy directive: " |
@@ -613,7 +618,8 @@ bool CSPDirectiveList::allowScriptFromSource( |
return reportingStatus == ContentSecurityPolicy::SendReport |
? checkSourceAndReportViolation( |
operativeDirective(m_scriptSrc.get()), url, |
- ContentSecurityPolicy::ScriptSrc, redirectStatus) |
+ ContentSecurityPolicy::DirectiveType::ScriptSrc, |
+ redirectStatus) |
: checkSource(operativeDirective(m_scriptSrc.get()), url, |
redirectStatus); |
} |
@@ -627,7 +633,8 @@ bool CSPDirectiveList::allowObjectFromSource( |
return reportingStatus == ContentSecurityPolicy::SendReport |
? checkSourceAndReportViolation( |
operativeDirective(m_objectSrc.get()), url, |
- ContentSecurityPolicy::ObjectSrc, redirectStatus) |
+ ContentSecurityPolicy::DirectiveType::ObjectSrc, |
+ redirectStatus) |
: checkSource(operativeDirective(m_objectSrc.get()), url, |
redirectStatus); |
} |
@@ -647,9 +654,10 @@ bool CSPDirectiveList::allowFrameFromSource( |
m_frameSrc.get(), operativeDirective(m_childSrc.get())); |
return reportingStatus == ContentSecurityPolicy::SendReport |
- ? checkSourceAndReportViolation(whichDirective, url, |
- ContentSecurityPolicy::FrameSrc, |
- redirectStatus) |
+ ? checkSourceAndReportViolation( |
+ whichDirective, url, |
+ ContentSecurityPolicy::DirectiveType::FrameSrc, |
+ redirectStatus) |
: checkSource(whichDirective, url, redirectStatus); |
} |
@@ -658,9 +666,9 @@ bool CSPDirectiveList::allowImageFromSource( |
ResourceRequest::RedirectStatus redirectStatus, |
ContentSecurityPolicy::ReportingStatus reportingStatus) const { |
return reportingStatus == ContentSecurityPolicy::SendReport |
- ? checkSourceAndReportViolation(operativeDirective(m_imgSrc.get()), |
- url, ContentSecurityPolicy::ImgSrc, |
- redirectStatus) |
+ ? checkSourceAndReportViolation( |
+ operativeDirective(m_imgSrc.get()), url, |
+ ContentSecurityPolicy::DirectiveType::ImgSrc, redirectStatus) |
: checkSource(operativeDirective(m_imgSrc.get()), url, |
redirectStatus); |
} |
@@ -675,7 +683,8 @@ bool CSPDirectiveList::allowStyleFromSource( |
return reportingStatus == ContentSecurityPolicy::SendReport |
? checkSourceAndReportViolation( |
operativeDirective(m_styleSrc.get()), url, |
- ContentSecurityPolicy::StyleSrc, redirectStatus) |
+ ContentSecurityPolicy::DirectiveType::StyleSrc, |
+ redirectStatus) |
: checkSource(operativeDirective(m_styleSrc.get()), url, |
redirectStatus); |
} |
@@ -687,7 +696,8 @@ bool CSPDirectiveList::allowFontFromSource( |
return reportingStatus == ContentSecurityPolicy::SendReport |
? checkSourceAndReportViolation( |
operativeDirective(m_fontSrc.get()), url, |
- ContentSecurityPolicy::FontSrc, redirectStatus) |
+ ContentSecurityPolicy::DirectiveType::FontSrc, |
+ redirectStatus) |
: checkSource(operativeDirective(m_fontSrc.get()), url, |
redirectStatus); |
} |
@@ -699,7 +709,8 @@ bool CSPDirectiveList::allowMediaFromSource( |
return reportingStatus == ContentSecurityPolicy::SendReport |
? checkSourceAndReportViolation( |
operativeDirective(m_mediaSrc.get()), url, |
- ContentSecurityPolicy::MediaSrc, redirectStatus) |
+ ContentSecurityPolicy::DirectiveType::MediaSrc, |
+ redirectStatus) |
: checkSource(operativeDirective(m_mediaSrc.get()), url, |
redirectStatus); |
} |
@@ -711,7 +722,8 @@ bool CSPDirectiveList::allowManifestFromSource( |
return reportingStatus == ContentSecurityPolicy::SendReport |
? checkSourceAndReportViolation( |
operativeDirective(m_manifestSrc.get()), url, |
- ContentSecurityPolicy::ManifestSrc, redirectStatus) |
+ ContentSecurityPolicy::DirectiveType::ManifestSrc, |
+ redirectStatus) |
: checkSource(operativeDirective(m_manifestSrc.get()), url, |
redirectStatus); |
} |
@@ -723,7 +735,8 @@ bool CSPDirectiveList::allowConnectToSource( |
return reportingStatus == ContentSecurityPolicy::SendReport |
? checkSourceAndReportViolation( |
operativeDirective(m_connectSrc.get()), url, |
- ContentSecurityPolicy::ConnectSrc, redirectStatus) |
+ ContentSecurityPolicy::DirectiveType::ConnectSrc, |
+ redirectStatus) |
: checkSource(operativeDirective(m_connectSrc.get()), url, |
redirectStatus); |
} |
@@ -733,9 +746,10 @@ bool CSPDirectiveList::allowFormAction( |
ResourceRequest::RedirectStatus redirectStatus, |
ContentSecurityPolicy::ReportingStatus reportingStatus) const { |
return reportingStatus == ContentSecurityPolicy::SendReport |
- ? checkSourceAndReportViolation(m_formAction.get(), url, |
- ContentSecurityPolicy::FormAction, |
- redirectStatus) |
+ ? checkSourceAndReportViolation( |
+ m_formAction.get(), url, |
+ ContentSecurityPolicy::DirectiveType::FormAction, |
+ redirectStatus) |
: checkSource(m_formAction.get(), url, redirectStatus); |
} |
@@ -744,9 +758,10 @@ bool CSPDirectiveList::allowBaseURI( |
ResourceRequest::RedirectStatus redirectStatus, |
ContentSecurityPolicy::ReportingStatus reportingStatus) const { |
return reportingStatus == ContentSecurityPolicy::SendReport |
- ? checkSourceAndReportViolation(m_baseURI.get(), url, |
- ContentSecurityPolicy::BaseURI, |
- redirectStatus) |
+ ? checkSourceAndReportViolation( |
+ m_baseURI.get(), url, |
+ ContentSecurityPolicy::DirectiveType::BaseURI, |
+ redirectStatus) |
: checkSource(m_baseURI.get(), url, redirectStatus); |
} |
@@ -762,9 +777,10 @@ bool CSPDirectiveList::allowWorkerFromSource( |
m_workerSrc.get(), operativeDirective(m_childSrc.get())); |
return reportingStatus == ContentSecurityPolicy::SendReport |
- ? checkSourceAndReportViolation(whichDirective, url, |
- ContentSecurityPolicy::WorkerSrc, |
- redirectStatus) |
+ ? checkSourceAndReportViolation( |
+ whichDirective, url, |
+ ContentSecurityPolicy::DirectiveType::WorkerSrc, |
+ redirectStatus) |
: checkSource(whichDirective, url, redirectStatus); |
} |
@@ -997,7 +1013,8 @@ void CSPDirectiveList::setCSPDirective(const String& name, |
// Remove frame-ancestors directives in meta policies, per |
// https://www.w3.org/TR/CSP2/#delivery-html-meta-element. |
if (m_headerSource == ContentSecurityPolicyHeaderSourceMeta && |
- name == ContentSecurityPolicy::FrameAncestors) { |
+ ContentSecurityPolicy::getDirectiveType(name) == |
+ ContentSecurityPolicy::DirectiveType::FrameAncestors) { |
m_policy->reportInvalidDirectiveInMeta(name); |
return; |
} |
@@ -1082,60 +1099,64 @@ void CSPDirectiveList::enableInsecureRequestsUpgrade(const String& name, |
void CSPDirectiveList::addDirective(const String& name, const String& value) { |
ASSERT(!name.isEmpty()); |
- if (equalIgnoringCase(name, ContentSecurityPolicy::DefaultSrc)) { |
+ ContentSecurityPolicy::DirectiveType type = |
+ ContentSecurityPolicy::getDirectiveType(name); |
+ if (type == ContentSecurityPolicy::DirectiveType::DefaultSrc) { |
setCSPDirective<SourceListDirective>(name, value, m_defaultSrc); |
// TODO(mkwst) It seems unlikely that developers would use different |
// algorithms for scripts and styles. We may want to combine the |
// usesScriptHashAlgorithms() and usesStyleHashAlgorithms. |
m_policy->usesScriptHashAlgorithms(m_defaultSrc->hashAlgorithmsUsed()); |
m_policy->usesStyleHashAlgorithms(m_defaultSrc->hashAlgorithmsUsed()); |
- } else if (equalIgnoringCase(name, ContentSecurityPolicy::ScriptSrc)) { |
+ } else if (type == ContentSecurityPolicy::DirectiveType::ScriptSrc) { |
setCSPDirective<SourceListDirective>(name, value, m_scriptSrc); |
m_policy->usesScriptHashAlgorithms(m_scriptSrc->hashAlgorithmsUsed()); |
- } else if (equalIgnoringCase(name, ContentSecurityPolicy::ObjectSrc)) { |
+ } else if (type == ContentSecurityPolicy::DirectiveType::ObjectSrc) { |
setCSPDirective<SourceListDirective>(name, value, m_objectSrc); |
- } else if (equalIgnoringCase(name, ContentSecurityPolicy::FrameAncestors)) { |
+ } else if (type == |
+ |
+ ContentSecurityPolicy::DirectiveType::FrameAncestors) { |
setCSPDirective<SourceListDirective>(name, value, m_frameAncestors); |
- } else if (equalIgnoringCase(name, ContentSecurityPolicy::FrameSrc)) { |
+ } else if (type == ContentSecurityPolicy::DirectiveType::FrameSrc) { |
setCSPDirective<SourceListDirective>(name, value, m_frameSrc); |
- } else if (equalIgnoringCase(name, ContentSecurityPolicy::ImgSrc)) { |
+ } else if (type == ContentSecurityPolicy::DirectiveType::ImgSrc) { |
setCSPDirective<SourceListDirective>(name, value, m_imgSrc); |
- } else if (equalIgnoringCase(name, ContentSecurityPolicy::StyleSrc)) { |
+ } else if (type == ContentSecurityPolicy::DirectiveType::StyleSrc) { |
setCSPDirective<SourceListDirective>(name, value, m_styleSrc); |
m_policy->usesStyleHashAlgorithms(m_styleSrc->hashAlgorithmsUsed()); |
- } else if (equalIgnoringCase(name, ContentSecurityPolicy::FontSrc)) { |
+ } else if (type == ContentSecurityPolicy::DirectiveType::FontSrc) { |
setCSPDirective<SourceListDirective>(name, value, m_fontSrc); |
- } else if (equalIgnoringCase(name, ContentSecurityPolicy::MediaSrc)) { |
+ } else if (type == ContentSecurityPolicy::DirectiveType::MediaSrc) { |
setCSPDirective<SourceListDirective>(name, value, m_mediaSrc); |
- } else if (equalIgnoringCase(name, ContentSecurityPolicy::ConnectSrc)) { |
+ } else if (type == ContentSecurityPolicy::DirectiveType::ConnectSrc) { |
setCSPDirective<SourceListDirective>(name, value, m_connectSrc); |
- } else if (equalIgnoringCase(name, ContentSecurityPolicy::Sandbox)) { |
+ } else if (type == ContentSecurityPolicy::DirectiveType::Sandbox) { |
applySandboxPolicy(name, value); |
- } else if (equalIgnoringCase(name, ContentSecurityPolicy::ReportURI)) { |
+ } else if (type == ContentSecurityPolicy::DirectiveType::ReportURI) { |
parseReportURI(name, value); |
- } else if (equalIgnoringCase(name, ContentSecurityPolicy::BaseURI)) { |
+ } else if (type == ContentSecurityPolicy::DirectiveType::BaseURI) { |
setCSPDirective<SourceListDirective>(name, value, m_baseURI); |
- } else if (equalIgnoringCase(name, ContentSecurityPolicy::ChildSrc)) { |
+ } else if (type == ContentSecurityPolicy::DirectiveType::ChildSrc) { |
setCSPDirective<SourceListDirective>(name, value, m_childSrc); |
- } else if (equalIgnoringCase(name, ContentSecurityPolicy::WorkerSrc) && |
+ } else if (type == ContentSecurityPolicy::DirectiveType::WorkerSrc && |
m_policy->experimentalFeaturesEnabled()) { |
setCSPDirective<SourceListDirective>(name, value, m_workerSrc); |
- } else if (equalIgnoringCase(name, ContentSecurityPolicy::FormAction)) { |
+ } else if (type == ContentSecurityPolicy::DirectiveType::FormAction) { |
setCSPDirective<SourceListDirective>(name, value, m_formAction); |
- } else if (equalIgnoringCase(name, ContentSecurityPolicy::PluginTypes)) { |
+ } else if (type == ContentSecurityPolicy::DirectiveType::PluginTypes) { |
setCSPDirective<MediaListDirective>(name, value, m_pluginTypes); |
- } else if (equalIgnoringCase( |
- name, ContentSecurityPolicy::UpgradeInsecureRequests)) { |
+ } else if (type == |
+ ContentSecurityPolicy::DirectiveType::UpgradeInsecureRequests) { |
enableInsecureRequestsUpgrade(name, value); |
- } else if (equalIgnoringCase(name, |
- ContentSecurityPolicy::BlockAllMixedContent)) { |
+ } else if (type == |
+ ContentSecurityPolicy::DirectiveType::BlockAllMixedContent) { |
enforceStrictMixedContentChecking(name, value); |
- } else if (equalIgnoringCase(name, ContentSecurityPolicy::ManifestSrc)) { |
+ } else if (type == ContentSecurityPolicy::DirectiveType::ManifestSrc) { |
setCSPDirective<SourceListDirective>(name, value, m_manifestSrc); |
- } else if (equalIgnoringCase(name, |
- ContentSecurityPolicy::TreatAsPublicAddress)) { |
+ } else if (type == |
+ ContentSecurityPolicy::DirectiveType::TreatAsPublicAddress) { |
treatAsPublicAddress(name, value); |
- } else if (equalIgnoringCase(name, ContentSecurityPolicy::RequireSRIFor) && |
+ } else if (type == ContentSecurityPolicy::DirectiveType::RequireSRIFor && |
m_policy->experimentalFeaturesEnabled()) { |
parseRequireSRIFor(name, value); |
} else { |