Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(69)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.h

Issue 2551893002: Upgrade-Insecure-Requests: Split CSP checks into pre-upgrade and post-upgrade.
Patch Set: Created 4 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « third_party/WebKit/Source/core/fetch/ResourceFetcher.cpp ('k') | third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.h
diff --git a/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.h b/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.h
index 128d5e9a8b87b653eb1a45f3203595dd379b17f5..46861b273460d169aed964d11ea26b7af8010209 100644
--- a/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.h
+++ b/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.h
@@ -170,35 +170,55 @@ class CORE_EXPORT ContentSecurityPolicy
bool allowObjectFromSource(const KURL&,
RedirectStatus = RedirectStatus::NoRedirect,
- ReportingStatus = SendReport) const;
+ ReportingStatus = SendReport,
+ ContentSecurityPolicyHeaderType =
+ ContentSecurityPolicyHeaderTypeEnforce) const;
bool allowFrameFromSource(const KURL&,
RedirectStatus = RedirectStatus::NoRedirect,
- ReportingStatus = SendReport) const;
+ ReportingStatus = SendReport,
+ ContentSecurityPolicyHeaderType =
+ ContentSecurityPolicyHeaderTypeEnforce) const;
bool allowImageFromSource(const KURL&,
RedirectStatus = RedirectStatus::NoRedirect,
- ReportingStatus = SendReport) const;
+ ReportingStatus = SendReport,
+ ContentSecurityPolicyHeaderType =
+ ContentSecurityPolicyHeaderTypeEnforce) const;
bool allowFontFromSource(const KURL&,
RedirectStatus = RedirectStatus::NoRedirect,
- ReportingStatus = SendReport) const;
+ ReportingStatus = SendReport,
+ ContentSecurityPolicyHeaderType =
+ ContentSecurityPolicyHeaderTypeEnforce) const;
bool allowMediaFromSource(const KURL&,
RedirectStatus = RedirectStatus::NoRedirect,
- ReportingStatus = SendReport) const;
+ ReportingStatus = SendReport,
+ ContentSecurityPolicyHeaderType =
+ ContentSecurityPolicyHeaderTypeEnforce) const;
bool allowConnectToSource(const KURL&,
RedirectStatus = RedirectStatus::NoRedirect,
- ReportingStatus = SendReport) const;
+ ReportingStatus = SendReport,
+ ContentSecurityPolicyHeaderType =
+ ContentSecurityPolicyHeaderTypeEnforce) const;
bool allowFormAction(const KURL&,
RedirectStatus = RedirectStatus::NoRedirect,
- ReportingStatus = SendReport) const;
+ ReportingStatus = SendReport,
+ ContentSecurityPolicyHeaderType =
+ ContentSecurityPolicyHeaderTypeEnforce) const;
bool allowBaseURI(const KURL&,
RedirectStatus = RedirectStatus::NoRedirect,
ReportingStatus = SendReport) const;
- bool allowWorkerContextFromSource(const KURL&,
- RedirectStatus = RedirectStatus::NoRedirect,
- ReportingStatus = SendReport) const;
-
- bool allowManifestFromSource(const KURL&,
- RedirectStatus = RedirectStatus::NoRedirect,
- ReportingStatus = SendReport) const;
+ bool allowWorkerContextFromSource(
+ const KURL&,
+ RedirectStatus = RedirectStatus::NoRedirect,
+ ReportingStatus = SendReport,
+ ContentSecurityPolicyHeaderType =
+ ContentSecurityPolicyHeaderTypeEnforce) const;
+
+ bool allowManifestFromSource(
+ const KURL&,
+ RedirectStatus = RedirectStatus::NoRedirect,
+ ReportingStatus = SendReport,
+ ContentSecurityPolicyHeaderType =
+ ContentSecurityPolicyHeaderTypeEnforce) const;
// Passing 'String()' into the |nonce| arguments in the following methods
// represents an unnonced resource load.
@@ -206,11 +226,15 @@ class CORE_EXPORT ContentSecurityPolicy
const String& nonce,
ParserDisposition,
RedirectStatus = RedirectStatus::NoRedirect,
- ReportingStatus = SendReport) const;
+ ReportingStatus = SendReport,
+ ContentSecurityPolicyHeaderType =
+ ContentSecurityPolicyHeaderTypeEnforce) const;
bool allowStyleFromSource(const KURL&,
const String& nonce,
RedirectStatus = RedirectStatus::NoRedirect,
- ReportingStatus = SendReport) const;
+ ReportingStatus = SendReport,
+ ContentSecurityPolicyHeaderType =
+ ContentSecurityPolicyHeaderTypeEnforce) const;
bool allowInlineScript(Element*,
const String& contextURL,
const String& nonce,
@@ -249,16 +273,19 @@ class CORE_EXPORT ContentSecurityPolicy
bool allowRequestWithoutIntegrity(WebURLRequest::RequestContext,
const KURL&,
- RedirectStatus = RedirectStatus::NoRedirect,
- ReportingStatus = SendReport) const;
+ RedirectStatus,
+ ReportingStatus,
+ ContentSecurityPolicyHeaderType) const;
bool allowRequest(WebURLRequest::RequestContext,
const KURL&,
const String& nonce,
const IntegrityMetadataSet&,
ParserDisposition,
- RedirectStatus = RedirectStatus::NoRedirect,
- ReportingStatus = SendReport) const;
+ RedirectStatus,
+ ReportingStatus,
+ ContentSecurityPolicyHeaderType =
+ ContentSecurityPolicyHeaderTypeEnforce) const;
void usesScriptHashAlgorithms(uint8_t ContentSecurityPolicyHashAlgorithm);
void usesStyleHashAlgorithms(uint8_t ContentSecurityPolicyHashAlgorithm);
« no previous file with comments | « third_party/WebKit/Source/core/fetch/ResourceFetcher.cpp ('k') | third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698