OLD | NEW |
---|---|
(Empty) | |
1 // Copyright 2017 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #ifndef CONTENT_COMMON_CONTENT_SECURITY_POLICY_CSP_POLICY_H_ | |
6 #define CONTENT_COMMON_CONTENT_SECURITY_POLICY_CSP_POLICY_H_ | |
7 | |
8 #include <memory> | |
9 #include <vector> | |
10 | |
11 #include "content/common/content_export.h" | |
12 #include "content/common/content_security_policy/csp_directive.h" | |
13 #include "content/common/content_security_policy_header.h" | |
14 #include "url/gurl.h" | |
15 | |
16 namespace content { | |
17 | |
18 class CSPContext; | |
19 | |
20 // https://www.w3.org/TR/CSP3/#framework-policy | |
21 // | |
22 // A CSPPolicy is a set of |directives| that needs to be enforced. | |
Mike West
2017/02/15 16:18:18
1. "CSPPolicy". :(
2. Perhaps "... is a collectio
arthursonzogni
2017/02/16 13:30:25
Okay, it breaks my heart, but I think I will repla
| |
23 // Example of CSPPolicy: | |
24 // "Content-Security-Policy: default-src example.com img.cdn.com ; | |
25 // form-action 'self'; | |
26 // frame-src 'self';" | |
Mike West
2017/02/15 16:18:18
I'm not sure this helps much unless you explain ho
arthursonzogni
2017/02/16 13:30:25
Okay, I removed it.
| |
27 struct CONTENT_EXPORT CSPPolicy { | |
28 CSPPolicy(); | |
29 CSPPolicy(blink::WebContentSecurityPolicyType disposition, | |
30 blink::WebContentSecurityPolicySource source, | |
31 const std::vector<CSPDirective>& directives, | |
32 const std::vector<std::string>& report_endpoints); | |
33 CSPPolicy(const CSPPolicy&); | |
34 ~CSPPolicy(); | |
35 | |
36 blink::WebContentSecurityPolicyType disposition; | |
37 blink::WebContentSecurityPolicySource source; | |
38 std::vector<CSPDirective> directives; | |
39 std::vector<std::string> report_endpoints; | |
40 | |
41 bool Allow(CSPContext* context, | |
42 CSPDirective::Name directive, | |
43 const GURL& url, | |
44 bool is_redirect = false) const; | |
45 | |
46 std::string ToString() const; | |
47 | |
48 private: | |
49 bool AllowDirective(CSPContext* context, | |
50 CSPDirective::Name directive_name, | |
51 const CSPDirective& directive, | |
52 const GURL& url, | |
53 bool is_redirect) const; | |
54 | |
55 void ReportViolation(CSPContext* context, | |
56 const CSPDirective::Name effective_directive, | |
57 const CSPDirective& directive, | |
58 const GURL& url) const; | |
59 }; | |
60 | |
61 } // namespace content | |
62 #endif // CONTENT_COMMON_CONTENT_SECURITY_POLICY_CSP_POLICY_H_ | |
OLD | NEW |