Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(7)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.h

Issue 2612793002: Implement ContentSecurityPolicy on the browser-side. (Closed)
Patch Set: Rename SchemeShouldBypass => SchemeShouldBypassCSP. Created 3 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« content/renderer/render_frame_impl.cc ('K') | « third_party/WebKit/LayoutTests/FlagExpectations/enable-browser-side-navigation ('k') | third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.cpp » ('j') | third_party/WebKit/Source/core/frame/csp/CSPSource.cpp » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef CSPDirectiveList_h 5 #ifndef CSPDirectiveList_h
6 #define CSPDirectiveList_h 6 #define CSPDirectiveList_h
7 7
8 #include "core/frame/csp/ContentSecurityPolicy.h" 8 #include "core/frame/csp/ContentSecurityPolicy.h"
9 #include "core/frame/csp/MediaListDirective.h" 9 #include "core/frame/csp/MediaListDirective.h"
10 #include "core/frame/csp/SourceListDirective.h" 10 #include "core/frame/csp/SourceListDirective.h"
11 #include "platform/heap/Handle.h" 11 #include "platform/heap/Handle.h"
12 #include "platform/loader/fetch/Resource.h" 12 #include "platform/loader/fetch/Resource.h"
13 #include "platform/network/ContentSecurityPolicyParsers.h" 13 #include "platform/network/ContentSecurityPolicyParsers.h"
14 #include "platform/network/HTTPParsers.h" 14 #include "platform/network/HTTPParsers.h"
15 #include "platform/network/ResourceRequest.h" 15 #include "platform/network/ResourceRequest.h"
16 #include "platform/weborigin/KURL.h" 16 #include "platform/weborigin/KURL.h"
17 #include "public/platform/WebContentSecurityPolicy.h"
17 #include "wtf/Vector.h" 18 #include "wtf/Vector.h"
18 #include "wtf/text/AtomicString.h" 19 #include "wtf/text/AtomicString.h"
19 #include "wtf/text/WTFString.h" 20 #include "wtf/text/WTFString.h"
20 21
21 namespace blink { 22 namespace blink {
22 23
23 class ContentSecurityPolicy; 24 class ContentSecurityPolicy;
24 25
25 typedef HeapVector<Member<SourceListDirective>> SourceListDirectiveVector; 26 typedef HeapVector<Member<SourceListDirective>> SourceListDirectiveVector;
26 27
(...skipping 128 matching lines...) Expand 10 before | Expand all | Expand 10 after
155 // browsing context. 156 // browsing context.
156 bool hasPluginTypes() const { return !!m_pluginTypes; } 157 bool hasPluginTypes() const { return !!m_pluginTypes; }
157 const String& pluginTypesText() const; 158 const String& pluginTypesText() const;
158 159
159 bool shouldSendCSPHeader(Resource::Type) const; 160 bool shouldSendCSPHeader(Resource::Type) const;
160 161
161 // The algorithm is described here: 162 // The algorithm is described here:
162 // https://w3c.github.io/webappsec-csp/embedded/#subsume-policy 163 // https://w3c.github.io/webappsec-csp/embedded/#subsume-policy
163 bool subsumes(const CSPDirectiveListVector&); 164 bool subsumes(const CSPDirectiveListVector&);
164 165
166 WebContentSecurityPolicyPolicy expose() const;
Mike West 2017/02/13 14:10:51 Please add a comment here regarding the directives
arthursonzogni 2017/02/14 17:07:03 Yes, it is very important. Done. I also added some
167
165 DECLARE_TRACE(); 168 DECLARE_TRACE();
166 169
167 private: 170 private:
168 FRIEND_TEST_ALL_PREFIXES(CSPDirectiveListTest, IsMatchingNoncePresent); 171 FRIEND_TEST_ALL_PREFIXES(CSPDirectiveListTest, IsMatchingNoncePresent);
169 FRIEND_TEST_ALL_PREFIXES(CSPDirectiveListTest, GetSourceVector); 172 FRIEND_TEST_ALL_PREFIXES(CSPDirectiveListTest, GetSourceVector);
170 FRIEND_TEST_ALL_PREFIXES(CSPDirectiveListTest, OperativeDirectiveGivenType); 173 FRIEND_TEST_ALL_PREFIXES(CSPDirectiveListTest, OperativeDirectiveGivenType);
171 174
172 enum RequireSRIForToken { None = 0, Script = 1 << 0, Style = 1 << 1 }; 175 enum RequireSRIForToken { None = 0, Script = 1 << 0, Style = 1 << 1 };
173 176
174 CSPDirectiveList(ContentSecurityPolicy*, 177 CSPDirectiveList(ContentSecurityPolicy*,
(...skipping 142 matching lines...) Expand 10 before | Expand all | Expand 10 after
317 uint8_t m_requireSRIFor; 320 uint8_t m_requireSRIFor;
318 321
319 Vector<String> m_reportEndpoints; 322 Vector<String> m_reportEndpoints;
320 323
321 String m_evalDisabledErrorMessage; 324 String m_evalDisabledErrorMessage;
322 }; 325 };
323 326
324 } // namespace blink 327 } // namespace blink
325 328
326 #endif 329 #endif
OLDNEW
« content/renderer/render_frame_impl.cc ('K') | « third_party/WebKit/LayoutTests/FlagExpectations/enable-browser-side-navigation ('k') | third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.cpp » ('j') | third_party/WebKit/Source/core/frame/csp/CSPSource.cpp » ('J')

Powered by Google App Engine
This is Rietveld 408576698