Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(3)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.h

Issue 2612793002: Implement ContentSecurityPolicy on the browser-side. (Closed)
Patch Set: Nit. Created 3 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« content/common/content_security_policy/csp_source.h ('K') | « third_party/WebKit/LayoutTests/FlagExpectations/enable-browser-side-navigation ('k') | third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.cpp » ('j') | third_party/WebKit/Source/core/frame/csp/SourceListDirective.h » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef CSPDirectiveList_h 5 #ifndef CSPDirectiveList_h
6 #define CSPDirectiveList_h 6 #define CSPDirectiveList_h
7 7
8 #include "core/frame/csp/ContentSecurityPolicy.h" 8 #include "core/frame/csp/ContentSecurityPolicy.h"
9 #include "core/frame/csp/MediaListDirective.h" 9 #include "core/frame/csp/MediaListDirective.h"
10 #include "core/frame/csp/SourceListDirective.h" 10 #include "core/frame/csp/SourceListDirective.h"
11 #include "platform/heap/Handle.h" 11 #include "platform/heap/Handle.h"
12 #include "platform/loader/fetch/Resource.h" 12 #include "platform/loader/fetch/Resource.h"
13 #include "platform/network/ContentSecurityPolicyParsers.h" 13 #include "platform/network/ContentSecurityPolicyParsers.h"
14 #include "platform/network/HTTPParsers.h" 14 #include "platform/network/HTTPParsers.h"
15 #include "platform/network/ResourceRequest.h" 15 #include "platform/network/ResourceRequest.h"
16 #include "platform/weborigin/KURL.h" 16 #include "platform/weborigin/KURL.h"
17 #include "public/platform/WebContentSecurityPolicy.h"
17 #include "wtf/Vector.h" 18 #include "wtf/Vector.h"
18 #include "wtf/text/AtomicString.h" 19 #include "wtf/text/AtomicString.h"
19 #include "wtf/text/WTFString.h" 20 #include "wtf/text/WTFString.h"
20 21
21 namespace blink { 22 namespace blink {
22 23
23 class ContentSecurityPolicy; 24 class ContentSecurityPolicy;
24 25
25 typedef HeapVector<Member<SourceListDirective>> SourceListDirectiveVector; 26 typedef HeapVector<Member<SourceListDirective>> SourceListDirectiveVector;
26 27
(...skipping 128 matching lines...) Expand 10 before | Expand all | Expand 10 after
155 // browsing context. 156 // browsing context.
156 bool hasPluginTypes() const { return !!m_pluginTypes; } 157 bool hasPluginTypes() const { return !!m_pluginTypes; }
157 const String& pluginTypesText() const; 158 const String& pluginTypesText() const;
158 159
159 bool shouldSendCSPHeader(Resource::Type) const; 160 bool shouldSendCSPHeader(Resource::Type) const;
160 161
161 // The algorithm is described here: 162 // The algorithm is described here:
162 // https://w3c.github.io/webappsec-csp/embedded/#subsume-policy 163 // https://w3c.github.io/webappsec-csp/embedded/#subsume-policy
163 bool subsumes(const CSPDirectiveListVector&); 164 bool subsumes(const CSPDirectiveListVector&);
164 165
166 // Export a subset of the Policy. The primary goal of this method if to make
Mike West 2017/02/15 16:18:18 Nit: s/if/is/
arthursonzogni 2017/02/16 13:30:25 Done.
167 // the embedders able to enforce the directives that are not stricly internal
Mike West 2017/02/15 16:18:18 How about "the embedder aware of the directives th
arthursonzogni 2017/02/16 13:30:25 Done.
168 // to blink.
169 // It currently contains the following ones:
170 // * default-src
171 // * child-src
172 // * frame-src
173 // * form-action
174 // The exported directives only contains sources that can be checked outside
175 // of blink. For instance it doesn't contains 'unsafe-inline' or 'unsafe-eval'
Mike West 2017/02/15 16:18:18 Nit: s/that can be checked outside of blink/that a
arthursonzogni 2017/02/16 13:30:25 Done.
176 WebContentSecurityPolicyPolicy expose() const;
177
165 DECLARE_TRACE(); 178 DECLARE_TRACE();
166 179
167 private: 180 private:
168 FRIEND_TEST_ALL_PREFIXES(CSPDirectiveListTest, IsMatchingNoncePresent); 181 FRIEND_TEST_ALL_PREFIXES(CSPDirectiveListTest, IsMatchingNoncePresent);
169 FRIEND_TEST_ALL_PREFIXES(CSPDirectiveListTest, GetSourceVector); 182 FRIEND_TEST_ALL_PREFIXES(CSPDirectiveListTest, GetSourceVector);
170 FRIEND_TEST_ALL_PREFIXES(CSPDirectiveListTest, OperativeDirectiveGivenType); 183 FRIEND_TEST_ALL_PREFIXES(CSPDirectiveListTest, OperativeDirectiveGivenType);
171 184
172 enum RequireSRIForToken { None = 0, Script = 1 << 0, Style = 1 << 1 }; 185 enum RequireSRIForToken { None = 0, Script = 1 << 0, Style = 1 << 1 };
173 186
174 CSPDirectiveList(ContentSecurityPolicy*, 187 CSPDirectiveList(ContentSecurityPolicy*,
(...skipping 142 matching lines...) Expand 10 before | Expand all | Expand 10 after
317 uint8_t m_requireSRIFor; 330 uint8_t m_requireSRIFor;
318 331
319 Vector<String> m_reportEndpoints; 332 Vector<String> m_reportEndpoints;
320 333
321 String m_evalDisabledErrorMessage; 334 String m_evalDisabledErrorMessage;
322 }; 335 };
323 336
324 } // namespace blink 337 } // namespace blink
325 338
326 #endif 339 #endif
OLDNEW
« content/common/content_security_policy/csp_source.h ('K') | « third_party/WebKit/LayoutTests/FlagExpectations/enable-browser-side-navigation ('k') | third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.cpp » ('j') | third_party/WebKit/Source/core/frame/csp/SourceListDirective.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698