| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef CSPSource_h | 5 #ifndef CSPSource_h |
| 6 #define CSPSource_h | 6 #define CSPSource_h |
| 7 | 7 |
| 8 #include "core/CoreExport.h" | 8 #include "core/CoreExport.h" |
| 9 #include "core/frame/csp/ContentSecurityPolicy.h" | 9 #include "core/frame/csp/ContentSecurityPolicy.h" |
| 10 #include "platform/heap/Handle.h" | 10 #include "platform/heap/Handle.h" |
| 11 #include "platform/network/ResourceRequest.h" | 11 #include "platform/network/ResourceRequest.h" |
| 12 #include "public/platform/WebContentSecurityPolicyStruct.h" |
| 12 #include "wtf/Allocator.h" | 13 #include "wtf/Allocator.h" |
| 13 #include "wtf/text/WTFString.h" | 14 #include "wtf/text/WTFString.h" |
| 14 | 15 |
| 15 namespace blink { | 16 namespace blink { |
| 16 | 17 |
| 17 class ContentSecurityPolicy; | 18 class ContentSecurityPolicy; |
| 18 class KURL; | 19 class KURL; |
| 19 | 20 |
| 20 class CORE_EXPORT CSPSource : public GarbageCollectedFinalized<CSPSource> { | 21 class CORE_EXPORT CSPSource : public GarbageCollectedFinalized<CSPSource> { |
| 21 public: | 22 public: |
| 22 enum WildcardDisposition { HasWildcard, NoWildcard }; | 23 enum WildcardDisposition { NoWildcard, HasWildcard }; |
| 23 | 24 |
| 24 CSPSource(ContentSecurityPolicy*, | 25 CSPSource(ContentSecurityPolicy*, |
| 25 const String& scheme, | 26 const String& scheme, |
| 26 const String& host, | 27 const String& host, |
| 27 int port, | 28 int port, |
| 28 const String& path, | 29 const String& path, |
| 29 WildcardDisposition hostWildcard, | 30 WildcardDisposition hostWildcard, |
| 30 WildcardDisposition portWildcard); | 31 WildcardDisposition portWildcard); |
| 31 bool isSchemeOnly() const; | 32 bool isSchemeOnly() const; |
| 32 const String& getScheme() { return m_scheme; }; | 33 const String& getScheme() { return m_scheme; }; |
| 33 bool matches(const KURL&, | 34 bool matches(const KURL&, |
| 34 ResourceRequest::RedirectStatus = | 35 ResourceRequest::RedirectStatus = |
| 35 ResourceRequest::RedirectStatus::NoRedirect) const; | 36 ResourceRequest::RedirectStatus::NoRedirect) const; |
| 36 | 37 |
| 37 // Returns true if this CSPSource subsumes the other, as defined by the | 38 // Returns true if this CSPSource subsumes the other, as defined by the |
| 38 // algorithm at https://w3c.github.io/webappsec-csp/embedded/#subsume-policy | 39 // algorithm at https://w3c.github.io/webappsec-csp/embedded/#subsume-policy |
| 39 bool subsumes(CSPSource*) const; | 40 bool subsumes(CSPSource*) const; |
| 40 // Retrieve the most restrictive information from the two CSPSources if | 41 // Retrieve the most restrictive information from the two CSPSources if |
| 41 // isSimilar is true for the two. Otherwise, return nullptr. | 42 // isSimilar is true for the two. Otherwise, return nullptr. |
| 42 CSPSource* intersect(CSPSource*) const; | 43 CSPSource* intersect(CSPSource*) const; |
| 43 // Returns true if the first list subsumes the second, as defined by the | 44 // Returns true if the first list subsumes the second, as defined by the |
| 44 // algorithm at | 45 // algorithm at |
| 45 // https://w3c.github.io/webappsec-csp/embedded/#subsume-source-list | 46 // https://w3c.github.io/webappsec-csp/embedded/#subsume-source-list |
| 46 static bool firstSubsumesSecond(const HeapVector<Member<CSPSource>>&, | 47 static bool firstSubsumesSecond(const HeapVector<Member<CSPSource>>&, |
| 47 const HeapVector<Member<CSPSource>>&); | 48 const HeapVector<Member<CSPSource>>&); |
| 48 | 49 |
| 50 WebContentSecurityPolicySourceExpression expose() const; |
| 51 |
| 49 DECLARE_TRACE(); | 52 DECLARE_TRACE(); |
| 50 | 53 |
| 51 private: | 54 private: |
| 52 FRIEND_TEST_ALL_PREFIXES(CSPSourceTest, IsSimilar); | 55 FRIEND_TEST_ALL_PREFIXES(CSPSourceTest, IsSimilar); |
| 53 FRIEND_TEST_ALL_PREFIXES(CSPSourceTest, Intersect); | 56 FRIEND_TEST_ALL_PREFIXES(CSPSourceTest, Intersect); |
| 54 FRIEND_TEST_ALL_PREFIXES(CSPSourceTest, IntersectSchemesOnly); | 57 FRIEND_TEST_ALL_PREFIXES(CSPSourceTest, IntersectSchemesOnly); |
| 55 FRIEND_TEST_ALL_PREFIXES(SourceListDirectiveTest, GetIntersectCSPSources); | 58 FRIEND_TEST_ALL_PREFIXES(SourceListDirectiveTest, GetIntersectCSPSources); |
| 56 FRIEND_TEST_ALL_PREFIXES(SourceListDirectiveTest, | 59 FRIEND_TEST_ALL_PREFIXES(SourceListDirectiveTest, |
| 57 GetIntersectCSPSourcesSchemes); | 60 GetIntersectCSPSourcesSchemes); |
| 58 FRIEND_TEST_ALL_PREFIXES(CSPDirectiveListTest, GetSourceVector); | 61 FRIEND_TEST_ALL_PREFIXES(CSPDirectiveListTest, GetSourceVector); |
| (...skipping 14 matching lines...) Expand all Loading... |
| 73 int m_port; | 76 int m_port; |
| 74 String m_path; | 77 String m_path; |
| 75 | 78 |
| 76 WildcardDisposition m_hostWildcard; | 79 WildcardDisposition m_hostWildcard; |
| 77 WildcardDisposition m_portWildcard; | 80 WildcardDisposition m_portWildcard; |
| 78 }; | 81 }; |
| 79 | 82 |
| 80 } // namespace blink | 83 } // namespace blink |
| 81 | 84 |
| 82 #endif | 85 #endif |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2612793002:
Implement ContentSecurityPolicy on the browser-side. (Closed)
