OLD | NEW |
---|---|
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef CSPDirectiveList_h | 5 #ifndef CSPDirectiveList_h |
6 #define CSPDirectiveList_h | 6 #define CSPDirectiveList_h |
7 | 7 |
8 #include "core/frame/csp/ContentSecurityPolicy.h" | 8 #include "core/frame/csp/ContentSecurityPolicy.h" |
9 #include "core/frame/csp/MediaListDirective.h" | 9 #include "core/frame/csp/MediaListDirective.h" |
10 #include "core/frame/csp/SourceListDirective.h" | 10 #include "core/frame/csp/SourceListDirective.h" |
11 #include "platform/heap/Handle.h" | 11 #include "platform/heap/Handle.h" |
12 #include "platform/loader/fetch/Resource.h" | 12 #include "platform/loader/fetch/Resource.h" |
13 #include "platform/network/ContentSecurityPolicyParsers.h" | 13 #include "platform/network/ContentSecurityPolicyParsers.h" |
14 #include "platform/network/HTTPParsers.h" | 14 #include "platform/network/HTTPParsers.h" |
15 #include "platform/network/ResourceRequest.h" | 15 #include "platform/network/ResourceRequest.h" |
16 #include "platform/weborigin/KURL.h" | 16 #include "platform/weborigin/KURL.h" |
17 #include "public/platform/WebContentSecurityPolicy.h" | |
17 #include "wtf/Vector.h" | 18 #include "wtf/Vector.h" |
18 #include "wtf/text/AtomicString.h" | 19 #include "wtf/text/AtomicString.h" |
19 #include "wtf/text/WTFString.h" | 20 #include "wtf/text/WTFString.h" |
20 | 21 |
21 namespace blink { | 22 namespace blink { |
22 | 23 |
23 class ContentSecurityPolicy; | 24 class ContentSecurityPolicy; |
24 | 25 |
25 typedef HeapVector<Member<SourceListDirective>> SourceListDirectiveVector; | 26 typedef HeapVector<Member<SourceListDirective>> SourceListDirectiveVector; |
26 | 27 |
(...skipping 128 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
155 // browsing context. | 156 // browsing context. |
156 bool hasPluginTypes() const { return !!m_pluginTypes; } | 157 bool hasPluginTypes() const { return !!m_pluginTypes; } |
157 const String& pluginTypesText() const; | 158 const String& pluginTypesText() const; |
158 | 159 |
159 bool shouldSendCSPHeader(Resource::Type) const; | 160 bool shouldSendCSPHeader(Resource::Type) const; |
160 | 161 |
161 // The algorithm is described here: | 162 // The algorithm is described here: |
162 // https://w3c.github.io/webappsec-csp/embedded/#subsume-policy | 163 // https://w3c.github.io/webappsec-csp/embedded/#subsume-policy |
163 bool subsumes(const CSPDirectiveListVector&); | 164 bool subsumes(const CSPDirectiveListVector&); |
164 | 165 |
166 // Export a subset of the Policy. The primary goal of this method if to make | |
Mike West
2017/02/15 16:18:18
Nit: s/if/is/
arthursonzogni
2017/02/16 13:30:25
Done.
| |
167 // the embedders able to enforce the directives that are not stricly internal | |
Mike West
2017/02/15 16:18:18
How about "the embedder aware of the directives th
arthursonzogni
2017/02/16 13:30:25
Done.
| |
168 // to blink. | |
169 // It currently contains the following ones: | |
170 // * default-src | |
171 // * child-src | |
172 // * frame-src | |
173 // * form-action | |
174 // The exported directives only contains sources that can be checked outside | |
175 // of blink. For instance it doesn't contains 'unsafe-inline' or 'unsafe-eval' | |
Mike West
2017/02/15 16:18:18
Nit: s/that can be checked outside of blink/that a
arthursonzogni
2017/02/16 13:30:25
Done.
| |
176 WebContentSecurityPolicyPolicy expose() const; | |
177 | |
165 DECLARE_TRACE(); | 178 DECLARE_TRACE(); |
166 | 179 |
167 private: | 180 private: |
168 FRIEND_TEST_ALL_PREFIXES(CSPDirectiveListTest, IsMatchingNoncePresent); | 181 FRIEND_TEST_ALL_PREFIXES(CSPDirectiveListTest, IsMatchingNoncePresent); |
169 FRIEND_TEST_ALL_PREFIXES(CSPDirectiveListTest, GetSourceVector); | 182 FRIEND_TEST_ALL_PREFIXES(CSPDirectiveListTest, GetSourceVector); |
170 FRIEND_TEST_ALL_PREFIXES(CSPDirectiveListTest, OperativeDirectiveGivenType); | 183 FRIEND_TEST_ALL_PREFIXES(CSPDirectiveListTest, OperativeDirectiveGivenType); |
171 | 184 |
172 enum RequireSRIForToken { None = 0, Script = 1 << 0, Style = 1 << 1 }; | 185 enum RequireSRIForToken { None = 0, Script = 1 << 0, Style = 1 << 1 }; |
173 | 186 |
174 CSPDirectiveList(ContentSecurityPolicy*, | 187 CSPDirectiveList(ContentSecurityPolicy*, |
(...skipping 142 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
317 uint8_t m_requireSRIFor; | 330 uint8_t m_requireSRIFor; |
318 | 331 |
319 Vector<String> m_reportEndpoints; | 332 Vector<String> m_reportEndpoints; |
320 | 333 |
321 String m_evalDisabledErrorMessage; | 334 String m_evalDisabledErrorMessage; |
322 }; | 335 }; |
323 | 336 |
324 } // namespace blink | 337 } // namespace blink |
325 | 338 |
326 #endif | 339 #endif |
OLD | NEW |