OLD | NEW |
(Empty) | |
| 1 // Copyright 2017 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #ifndef CONTENT_COMMON_CONTENT_SECURITY_POLICY_CSP_CONTEXT_H_ |
| 6 #define CONTENT_COMMON_CONTENT_SECURITY_POLICY_CSP_CONTEXT_H_ |
| 7 |
| 8 #include <vector> |
| 9 |
| 10 #include "content/common/content_export.h" |
| 11 #include "content/common/content_security_policy/content_security_policy.h" |
| 12 #include "content/common/content_security_policy_header.h" |
| 13 #include "url/gurl.h" |
| 14 #include "url/origin.h" |
| 15 |
| 16 namespace content { |
| 17 |
| 18 // A CSPContext represents the system on which the Content-Security-Policy are |
| 19 // enforced. One must define via its virtual methods how to report violations, |
| 20 // how to log messages on the console and what is the set of scheme that bypass |
| 21 // the CSP. |
| 22 // Its main implementation is in content/browser/frame_host/csp_context_impl.h |
| 23 class CONTENT_EXPORT CSPContext { |
| 24 public: |
| 25 CSPContext(); |
| 26 virtual ~CSPContext(); |
| 27 |
| 28 bool Allow(const std::vector<ContentSecurityPolicy>& policies, |
| 29 CSPDirective::Name directive_name, |
| 30 const GURL& url, |
| 31 bool is_redirect = false); |
| 32 |
| 33 void SetSelf(const url::Origin origin); |
| 34 bool AllowSelf(const GURL& url); |
| 35 bool ProtocolMatchesSelf(const GURL& url); |
| 36 |
| 37 virtual void LogToConsole(const std::string& message); |
| 38 virtual void ReportViolation( |
| 39 const std::string& directive_text, |
| 40 const std::string& effective_directive, |
| 41 const std::string& message, |
| 42 const GURL& blocked_url, |
| 43 const std::vector<std::string>& report_end_points, |
| 44 const std::string& header, |
| 45 blink::WebContentSecurityPolicyType disposition); |
| 46 |
| 47 bool SelfSchemeShouldBypassCSP(); |
| 48 |
| 49 private: |
| 50 virtual bool SchemeShouldBypassCSP(const base::StringPiece& scheme); |
| 51 |
| 52 bool has_self_ = false; |
| 53 std::string self_scheme_; |
| 54 CSPSource self_source_; |
| 55 |
| 56 DISALLOW_COPY_AND_ASSIGN(CSPContext); |
| 57 }; |
| 58 |
| 59 } // namespace content |
| 60 #endif // CONTENT_COMMON_CONTENT_SECURITY_POLICY_CSP_CONTEXT_H_ |
OLD | NEW |