Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(4)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/WebKit/Source/core/frame/csp/CSPSource.h

Issue 2612793002: Implement ContentSecurityPolicy on the browser-side. (Closed)
Patch Set: Add the TODO and bug ids that was forgotten. Created 3 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.cpp ('k') | third_party/WebKit/Source/core/frame/csp/CSPSource.cpp » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef CSPSource_h 5 #ifndef CSPSource_h
6 #define CSPSource_h 6 #define CSPSource_h
7 7
8 #include "core/CoreExport.h" 8 #include "core/CoreExport.h"
9 #include "core/frame/csp/ContentSecurityPolicy.h" 9 #include "core/frame/csp/ContentSecurityPolicy.h"
10 #include "platform/heap/Handle.h" 10 #include "platform/heap/Handle.h"
11 #include "platform/network/ResourceRequest.h" 11 #include "platform/network/ResourceRequest.h"
12 #include "public/platform/WebContentSecurityPolicyStruct.h"
12 #include "wtf/Allocator.h" 13 #include "wtf/Allocator.h"
13 #include "wtf/text/WTFString.h" 14 #include "wtf/text/WTFString.h"
14 15
15 namespace blink { 16 namespace blink {
16 17
17 class ContentSecurityPolicy; 18 class ContentSecurityPolicy;
18 class KURL; 19 class KURL;
19 20
20 class CORE_EXPORT CSPSource : public GarbageCollectedFinalized<CSPSource> { 21 class CORE_EXPORT CSPSource : public GarbageCollectedFinalized<CSPSource> {
21 public: 22 public:
22 enum WildcardDisposition { HasWildcard, NoWildcard }; 23 enum WildcardDisposition { NoWildcard, HasWildcard };
23 24
24 CSPSource(ContentSecurityPolicy*, 25 CSPSource(ContentSecurityPolicy*,
25 const String& scheme, 26 const String& scheme,
26 const String& host, 27 const String& host,
27 int port, 28 int port,
28 const String& path, 29 const String& path,
29 WildcardDisposition hostWildcard, 30 WildcardDisposition hostWildcard,
30 WildcardDisposition portWildcard); 31 WildcardDisposition portWildcard);
31 bool isSchemeOnly() const; 32 bool isSchemeOnly() const;
32 const String& getScheme() { return m_scheme; }; 33 const String& getScheme() { return m_scheme; };
33 bool matches(const KURL&, 34 bool matches(const KURL&,
34 ResourceRequest::RedirectStatus = 35 ResourceRequest::RedirectStatus =
35 ResourceRequest::RedirectStatus::NoRedirect) const; 36 ResourceRequest::RedirectStatus::NoRedirect) const;
36 37
37 // Returns true if this CSPSource subsumes the other, as defined by the 38 // Returns true if this CSPSource subsumes the other, as defined by the
38 // algorithm at https://w3c.github.io/webappsec-csp/embedded/#subsume-policy 39 // algorithm at https://w3c.github.io/webappsec-csp/embedded/#subsume-policy
39 bool subsumes(CSPSource*) const; 40 bool subsumes(CSPSource*) const;
40 // Retrieve the most restrictive information from the two CSPSources if 41 // Retrieve the most restrictive information from the two CSPSources if
41 // isSimilar is true for the two. Otherwise, return nullptr. 42 // isSimilar is true for the two. Otherwise, return nullptr.
42 CSPSource* intersect(CSPSource*) const; 43 CSPSource* intersect(CSPSource*) const;
43 // Returns true if the first list subsumes the second, as defined by the 44 // Returns true if the first list subsumes the second, as defined by the
44 // algorithm at 45 // algorithm at
45 // https://w3c.github.io/webappsec-csp/embedded/#subsume-source-list 46 // https://w3c.github.io/webappsec-csp/embedded/#subsume-source-list
46 static bool firstSubsumesSecond(const HeapVector<Member<CSPSource>>&, 47 static bool firstSubsumesSecond(const HeapVector<Member<CSPSource>>&,
47 const HeapVector<Member<CSPSource>>&); 48 const HeapVector<Member<CSPSource>>&);
48 49
50 WebContentSecurityPolicySourceExpression exposeForNavigationalChecks() const;
51
49 DECLARE_TRACE(); 52 DECLARE_TRACE();
50 53
51 private: 54 private:
52 FRIEND_TEST_ALL_PREFIXES(CSPSourceTest, IsSimilar); 55 FRIEND_TEST_ALL_PREFIXES(CSPSourceTest, IsSimilar);
53 FRIEND_TEST_ALL_PREFIXES(CSPSourceTest, Intersect); 56 FRIEND_TEST_ALL_PREFIXES(CSPSourceTest, Intersect);
54 FRIEND_TEST_ALL_PREFIXES(CSPSourceTest, IntersectSchemesOnly); 57 FRIEND_TEST_ALL_PREFIXES(CSPSourceTest, IntersectSchemesOnly);
55 FRIEND_TEST_ALL_PREFIXES(SourceListDirectiveTest, GetIntersectCSPSources); 58 FRIEND_TEST_ALL_PREFIXES(SourceListDirectiveTest, GetIntersectCSPSources);
56 FRIEND_TEST_ALL_PREFIXES(SourceListDirectiveTest, 59 FRIEND_TEST_ALL_PREFIXES(SourceListDirectiveTest,
57 GetIntersectCSPSourcesSchemes); 60 GetIntersectCSPSourcesSchemes);
58 FRIEND_TEST_ALL_PREFIXES(CSPDirectiveListTest, GetSourceVector); 61 FRIEND_TEST_ALL_PREFIXES(CSPDirectiveListTest, GetSourceVector);
(...skipping 14 matching lines...) Expand all
73 int m_port; 76 int m_port;
74 String m_path; 77 String m_path;
75 78
76 WildcardDisposition m_hostWildcard; 79 WildcardDisposition m_hostWildcard;
77 WildcardDisposition m_portWildcard; 80 WildcardDisposition m_portWildcard;
78 }; 81 };
79 82
80 } // namespace blink 83 } // namespace blink
81 84
82 #endif 85 #endif
OLDNEW
« no previous file with comments | « third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.cpp ('k') | third_party/WebKit/Source/core/frame/csp/CSPSource.cpp » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698