Index: third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.h |
diff --git a/third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.h b/third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.h |
index 7dba69f3398462354117a0d391c704f04d508ad2..f210e9d0a7171bb0be1f6898abf8e239f10410c5 100644 |
--- a/third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.h |
+++ b/third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.h |
@@ -14,6 +14,7 @@ |
#include "platform/network/HTTPParsers.h" |
#include "platform/network/ResourceRequest.h" |
#include "platform/weborigin/KURL.h" |
+#include "public/platform/WebContentSecurityPolicy.h" |
#include "wtf/Vector.h" |
#include "wtf/text/AtomicString.h" |
#include "wtf/text/WTFString.h" |
@@ -162,6 +163,18 @@ class CORE_EXPORT CSPDirectiveList |
// https://w3c.github.io/webappsec-csp/embedded/#subsume-policy |
bool subsumes(const CSPDirectiveListVector&); |
+ // Export a subset of the Policy. The primary goal of this method if to make |
Mike West
2017/02/15 16:18:18
Nit: s/if/is/
arthursonzogni
2017/02/16 13:30:25
Done.
|
+ // the embedders able to enforce the directives that are not stricly internal |
Mike West
2017/02/15 16:18:18
How about "the embedder aware of the directives th
arthursonzogni
2017/02/16 13:30:25
Done.
|
+ // to blink. |
+ // It currently contains the following ones: |
+ // * default-src |
+ // * child-src |
+ // * frame-src |
+ // * form-action |
+ // The exported directives only contains sources that can be checked outside |
+ // of blink. For instance it doesn't contains 'unsafe-inline' or 'unsafe-eval' |
Mike West
2017/02/15 16:18:18
Nit: s/that can be checked outside of blink/that a
arthursonzogni
2017/02/16 13:30:25
Done.
|
+ WebContentSecurityPolicyPolicy expose() const; |
+ |
DECLARE_TRACE(); |
private: |