content/common/content_security_policy/csp_policy.h - Issue 2612793002: Implement ContentSecurityPolicy on the browser-side.

Side by Side Diff: content/common/content_security_policy/csp_policy.h

Issue 2612793002: Implement ContentSecurityPolicy on the browser-side. (Closed)

Patch Set: Nit. Created 3 years, 10 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

« content/common/content_security_policy/csp_directive.h ('K') | « content/common/content_security_policy/csp_directive.cc ('k') | content/common/content_security_policy/csp_policy.cc » ('j') | content/common/content_security_policy/csp_source.h » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
(Empty)
	1 // Copyright 2017 The Chromium Authors. All rights reserved.

	2 // Use of this source code is governed by a BSD-style license that can be

	3 // found in the LICENSE file.

	4

	5 #ifndef CONTENT_COMMON_CONTENT_SECURITY_POLICY_CSP_POLICY_H_

	6 #define CONTENT_COMMON_CONTENT_SECURITY_POLICY_CSP_POLICY_H_

	7

	8 #include <memory>

	9 #include <vector>

	10

	11 #include "content/common/content_export.h"

	12 #include "content/common/content_security_policy/csp_directive.h"

	13 #include "content/common/content_security_policy_header.h"

	14 #include "url/gurl.h"

	15

	16 namespace content {

	17

	18 class CSPContext;

	19

	20 // https://www.w3.org/TR/CSP3/#framework-policy

	21 //

	22 // A CSPPolicy is a set of \|directives\| that needs to be enforced.
	Mike West 2017/02/15 16:18:18 1. "CSPPolicy". :( 2. Perhaps "... is a collectio 1. "CSPPolicy". :( 2. Perhaps "... is a collection of CSPDirectives which will be enforced upon requests."? arthursonzogni 2017/02/16 13:30:25 Okay, it breaks my heart, but I think I will repla Show quoted text On 2017/02/15 16:18:18, Mike West (sloooooow) wrote: > 1. "CSPPolicy". :( Okay, it breaks my heart, but I think I will replace all CSPPolicy with CSP, or maybe ContentSecurityPolicy. Show quoted text > 2. Perhaps "... is a collection of CSPDirectives which will be enforced upon > requests."? I applied you suggestion.
	23 // Example of CSPPolicy:

	24 // "Content-Security-Policy: default-src example.com img.cdn.com ;

	25 // form-action 'self';

	26 // frame-src 'self';"
	Mike West 2017/02/15 16:18:18 I'm not sure this helps much unless you explain ho I'm not sure this helps much unless you explain how this turns into an object with three CSPDirective objects in 'directives'. arthursonzogni 2017/02/16 13:30:25 Okay, I removed it. Show quoted text On 2017/02/15 16:18:18, Mike West (sloooooow) wrote: > I'm not sure this helps much unless you explain how this turns into an object > with three CSPDirective objects in 'directives'. Okay, I removed it.
	27 struct CONTENT_EXPORT CSPPolicy {

	28 CSPPolicy();

	29 CSPPolicy(blink::WebContentSecurityPolicyType disposition,

	30 blink::WebContentSecurityPolicySource source,

	31 const std::vector<CSPDirective>& directives,

	32 const std::vector<std::string>& report_endpoints);

	33 CSPPolicy(const CSPPolicy&);

	34 ~CSPPolicy();

	35

	36 blink::WebContentSecurityPolicyType disposition;

	37 blink::WebContentSecurityPolicySource source;

	38 std::vector<CSPDirective> directives;

	39 std::vector<std::string> report_endpoints;

	40

	41 bool Allow(CSPContext* context,

	42 CSPDirective::Name directive,

	43 const GURL& url,

	44 bool is_redirect = false) const;

	45

	46 std::string ToString() const;

	47

	48 private:

	49 bool AllowDirective(CSPContext* context,

	50 CSPDirective::Name directive_name,

	51 const CSPDirective& directive,

	52 const GURL& url,

	53 bool is_redirect) const;

	54

	55 void ReportViolation(CSPContext* context,

	56 const CSPDirective::Name effective_directive,

	57 const CSPDirective& directive,

	58 const GURL& url) const;

	59 };

	60

	61 } // namespace content

	62 #endif // CONTENT_COMMON_CONTENT_SECURITY_POLICY_CSP_POLICY_H_

OLD	NEW