Implement ContentSecurityPolicy on the browser-side.

content/common/content_security_policy/csp_source_list.h

Index: content/common/content_security_policy/csp_source_list.h
diff --git a/content/common/content_security_policy/csp_source_list.h b/content/common/content_security_policy/csp_source_list.h
new file mode 100644
index 0000000000000000000000000000000000000000..30429aa819bf81f69080e0babfcbddd9412ad1b5
--- /dev/null
+++ b/content/common/content_security_policy/csp_source_list.h
@@ -0,0 +1,48 @@
+// Copyright 2017 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CONTENT_BROWSER_COMMON_CONTENT_SECURITY_POLICY_SOURCE_LIST_H
+#define CONTENT_BROWSER_COMMON_CONTENT_SECURITY_POLICY_SOURCE_LIST_H
+
+#include <vector>
+
+#include "content/common/content_security_policy/csp_source.h"
+#include "url/gurl.h"
+
+namespace content {
+
+class CSPContext;
+
+struct CONTENT_EXPORT CSPSourceList {
+  CSPSourceList();
+  CSPSourceList(bool allow_self,
+                bool allow_star,
+                std::vector<CSPSource> source_list);
+  CSPSourceList(const CSPSourceList&);
+  ~CSPSourceList();
+
+  // Wildcard hosts and 'self' aren't stored in source_list, but as attributes
+  // on the source list itself.
+  bool allow_self;
+  bool allow_star;
+  std::vector<CSPSource> source_list;
+
+  static CSPSourceList Parse(CSPContext* context,
+                             const base::StringPiece& directive_name,
+                             const base::StringPiece& directive_value);
+
+  bool Allow(CSPContext* context,
+             const GURL& url,
+             bool is_redirect = false) const;
+
+  std::string ToString() const;
+
+ private:
+  bool AllowFromSources(CSPContext* context,
+                        const GURL& url,
+                        bool is_redirect) const;
+};
+
+}  // namespace content
+#endif  // CONTENT_BROWSER_COMMON_CONTENT_SECURITY_POLICY_SOURCE_LIST_DIRECTIVE_H