| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "core/frame/csp/CSPDirectiveList.h" | 5 #include "core/frame/csp/CSPDirectiveList.h" |
| 6 | 6 |
| 7 #include "bindings/core/v8/SourceLocation.h" | 7 #include "bindings/core/v8/SourceLocation.h" |
| 8 #include "core/dom/Document.h" | 8 #include "core/dom/Document.h" |
| 9 #include "core/dom/SecurityContext.h" | 9 #include "core/dom/SecurityContext.h" |
| 10 #include "core/dom/SpaceSplitString.h" | 10 #include "core/dom/SpaceSplitString.h" |
| (...skipping 1270 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1281 | 1281 |
| 1282 HeapVector<Member<MediaListDirective>> pluginTypesOther; | 1282 HeapVector<Member<MediaListDirective>> pluginTypesOther; |
| 1283 for (const auto& policy : other) { | 1283 for (const auto& policy : other) { |
| 1284 if (policy->hasPluginTypes()) | 1284 if (policy->hasPluginTypes()) |
| 1285 pluginTypesOther.push_back(policy->m_pluginTypes); | 1285 pluginTypesOther.push_back(policy->m_pluginTypes); |
| 1286 } | 1286 } |
| 1287 | 1287 |
| 1288 return m_pluginTypes->subsumes(pluginTypesOther); | 1288 return m_pluginTypes->subsumes(pluginTypesOther); |
| 1289 } | 1289 } |
| 1290 | 1290 |
| 1291 WebContentSecurityPolicyPolicy CSPDirectiveList::exposeForNavigationalChecks() |
| 1292 const { |
| 1293 WebContentSecurityPolicyPolicy policy; |
| 1294 policy.disposition = static_cast<WebContentSecurityPolicyType>(m_headerType); |
| 1295 policy.source = static_cast<WebContentSecurityPolicySource>(m_headerSource); |
| 1296 std::vector<WebContentSecurityPolicyDirective> directives; |
| 1297 for (const auto& directive : |
| 1298 {m_childSrc, m_defaultSrc, m_formAction, m_frameSrc}) { |
| 1299 if (directive) { |
| 1300 directives.push_back(WebContentSecurityPolicyDirective{ |
| 1301 directive->directiveName(), |
| 1302 directive->exposeForNavigationalChecks()}); |
| 1303 } |
| 1304 } |
| 1305 policy.directives = directives; |
| 1306 policy.reportEndpoints = reportEndpoints(); |
| 1307 policy.header = header(); |
| 1308 |
| 1309 return policy; |
| 1310 } |
| 1311 |
| 1291 DEFINE_TRACE(CSPDirectiveList) { | 1312 DEFINE_TRACE(CSPDirectiveList) { |
| 1292 visitor->trace(m_policy); | 1313 visitor->trace(m_policy); |
| 1293 visitor->trace(m_pluginTypes); | 1314 visitor->trace(m_pluginTypes); |
| 1294 visitor->trace(m_baseURI); | 1315 visitor->trace(m_baseURI); |
| 1295 visitor->trace(m_childSrc); | 1316 visitor->trace(m_childSrc); |
| 1296 visitor->trace(m_connectSrc); | 1317 visitor->trace(m_connectSrc); |
| 1297 visitor->trace(m_defaultSrc); | 1318 visitor->trace(m_defaultSrc); |
| 1298 visitor->trace(m_fontSrc); | 1319 visitor->trace(m_fontSrc); |
| 1299 visitor->trace(m_formAction); | 1320 visitor->trace(m_formAction); |
| 1300 visitor->trace(m_frameAncestors); | 1321 visitor->trace(m_frameAncestors); |
| 1301 visitor->trace(m_frameSrc); | 1322 visitor->trace(m_frameSrc); |
| 1302 visitor->trace(m_imgSrc); | 1323 visitor->trace(m_imgSrc); |
| 1303 visitor->trace(m_mediaSrc); | 1324 visitor->trace(m_mediaSrc); |
| 1304 visitor->trace(m_manifestSrc); | 1325 visitor->trace(m_manifestSrc); |
| 1305 visitor->trace(m_objectSrc); | 1326 visitor->trace(m_objectSrc); |
| 1306 visitor->trace(m_scriptSrc); | 1327 visitor->trace(m_scriptSrc); |
| 1307 visitor->trace(m_styleSrc); | 1328 visitor->trace(m_styleSrc); |
| 1308 visitor->trace(m_workerSrc); | 1329 visitor->trace(m_workerSrc); |
| 1309 } | 1330 } |
| 1310 | 1331 |
| 1311 } // namespace blink | 1332 } // namespace blink |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2612793002:
Implement ContentSecurityPolicy on the browser-side. (Closed)
