Index: third_party/WebKit/Source/core/frame/csp/SourceListDirective.h |
diff --git a/third_party/WebKit/Source/core/frame/csp/SourceListDirective.h b/third_party/WebKit/Source/core/frame/csp/SourceListDirective.h |
index 425680c9acde18c6058bbd4ef227ece2f08a5c86..17aadca820b441a385e5009ae98f9406681159d2 100644 |
--- a/third_party/WebKit/Source/core/frame/csp/SourceListDirective.h |
+++ b/third_party/WebKit/Source/core/frame/csp/SourceListDirective.h |
@@ -11,6 +11,7 @@ |
#include "platform/Crypto.h" |
#include "platform/network/ContentSecurityPolicyParsers.h" |
#include "platform/network/ResourceRequest.h" |
+#include "public/platform/WebContentSecurityPolicy.h" |
#include "wtf/HashSet.h" |
#include "wtf/text/WTFString.h" |
@@ -52,6 +53,12 @@ class CORE_EXPORT SourceListDirective final : public CSPDirective { |
// https://w3c.github.io/webappsec-csp/embedded/#subsume-source-list |
bool subsumes(const HeapVector<Member<SourceListDirective>>&) const; |
+ // Export a subset of the source list that affect navigation. |
+ // It contains every source-expressions, '*', 'none' and 'self'. |
+ // It doesn't contain 'unsafe-inline' or 'unsafe-eval' for instance. |
+ WebContentSecurityPolicySourceList exposeForNavigationalChecks() const; |
+ String directiveName() const { return m_directiveName; } |
+ |
private: |
FRIEND_TEST_ALL_PREFIXES(SourceListDirectiveTest, GetIntersectCSPSources); |
FRIEND_TEST_ALL_PREFIXES(SourceListDirectiveTest, |