OLD | NEW |
---|---|
1 // Copyright 2017 The Chromium Authors. All rights reserved. | 1 // Copyright 2017 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef CONTENT_COMMON_CONTENT_SECURITY_POLICY_CSP_CONTEXT_H_ | 5 #ifndef CONTENT_COMMON_CONTENT_SECURITY_POLICY_CSP_CONTEXT_H_ |
6 #define CONTENT_COMMON_CONTENT_SECURITY_POLICY_CSP_CONTEXT_H_ | 6 #define CONTENT_COMMON_CONTENT_SECURITY_POLICY_CSP_CONTEXT_H_ |
7 | 7 |
8 #include <memory> | 8 #include <memory> |
9 #include <vector> | 9 #include <vector> |
10 | 10 |
11 #include "content/common/content_export.h" | 11 #include "content/common/content_export.h" |
12 #include "content/common/content_security_policy/csp_policy.h" | 12 #include "content/common/content_security_policy/csp_policy.h" |
13 #include "content/common/content_security_policy_header.h" | 13 #include "content/common/content_security_policy_header.h" |
14 #include "url/gurl.h" | 14 #include "url/gurl.h" |
15 #include "url/origin.h" | 15 #include "url/origin.h" |
16 | 16 |
17 namespace content { | 17 namespace content { |
18 | 18 |
19 struct CSPViolationParams; | |
20 | |
19 class CONTENT_EXPORT CSPContext { | 21 class CONTENT_EXPORT CSPContext { |
20 public: | 22 public: |
21 CSPContext(); | 23 CSPContext(); |
22 virtual ~CSPContext(); | 24 virtual ~CSPContext(); |
23 | 25 |
24 bool Allow(const std::vector<CSPPolicy>& policies, | 26 bool Allow(const std::vector<CSPPolicy>& policies, |
25 CSPDirective::Name directive_name, | 27 CSPDirective::Name directive_name, |
26 const GURL& url, | 28 const GURL& url, |
27 bool is_redirect = false); | 29 bool is_redirect = false); |
28 | 30 |
29 void SetSelf(const url::Origin origin); | 31 void SetSelf(const url::Origin origin); |
30 bool AllowSelf(const GURL& url); | 32 bool AllowSelf(const GURL& url); |
31 bool ProtocolMatchesSelf(const GURL& url); | 33 bool ProtocolMatchesSelf(const GURL& url); |
32 | 34 |
33 virtual void LogToConsole(const std::string& message); | 35 virtual void LogToConsole(const std::string& message); |
34 virtual void ReportViolation( | 36 virtual void ReportViolation(const CSPViolationParams& violation_params); |
35 const std::string& directive_text, | |
36 const std::string& effective_directive, | |
37 const std::string& message, | |
38 const GURL& blocked_url, | |
39 const std::vector<std::string>& report_end_points, | |
40 const std::string& header, | |
41 blink::WebContentSecurityPolicyType disposition); | |
42 | 37 |
43 bool IsSelfBypassed(); | 38 bool IsSelfBypassed(); |
44 | 39 |
45 private: | 40 private: |
46 virtual bool SchemeShouldBypass(const base::StringPiece& scheme); | 41 virtual bool SchemeShouldBypass(const base::StringPiece& scheme); |
47 | 42 |
48 bool has_self_ = false; | 43 bool has_self_ = false; |
49 std::string self_scheme_; | 44 std::string self_scheme_; |
50 CSPSource self_source_; | 45 CSPSource self_source_; |
51 | 46 |
52 DISALLOW_COPY_AND_ASSIGN(CSPContext); | 47 DISALLOW_COPY_AND_ASSIGN(CSPContext); |
53 }; | 48 }; |
54 | 49 |
50 // Used in CSPContext::ReportViolation() | |
alexmos
2017/02/10 22:59:53
General note for these CLs: for the new CSP things
arthursonzogni
2017/02/13 16:33:20
Acknowledged.
| |
51 struct CONTENT_EXPORT CSPViolationParams { | |
52 CSPViolationParams(); | |
53 CSPViolationParams(const std::string& directive, | |
54 const std::string& effective_directive, | |
55 const std::string& console_message, | |
56 const GURL& blocked_url, | |
57 const std::vector<std::string>& report_endpoints, | |
58 const std::string& header, | |
59 const blink::WebContentSecurityPolicyType& disposition); | |
60 CSPViolationParams(const CSPViolationParams& other); | |
61 ~CSPViolationParams(); | |
62 | |
63 // The name of the directive that infringe the policy. |directive| might be a | |
64 // directive that serves as a fallback to the |effective_directive|. | |
65 std::string directive; | |
66 | |
67 // The name the effective directive that was checked against. | |
68 std::string effective_directive; | |
69 | |
70 // The console message that was displayed to the user. | |
71 std::string console_message; | |
72 | |
73 // The URL that was blocked by the policy. | |
74 GURL blocked_url; | |
75 | |
76 // The set of URI where a JSON-formatted report of the violation should be | |
77 // sent. | |
78 std::vector<std::string> report_endpoints; | |
79 | |
80 // The raw content security policy header that was infringed. | |
81 std::string header; | |
82 | |
83 // Each policy has an associated disposition, which is either "enforce" or | |
84 // "report". | |
85 blink::WebContentSecurityPolicyType disposition; | |
86 }; | |
87 | |
55 } // namespace content | 88 } // namespace content |
56 #endif // CONTENT_COMMON_CONTENT_SECURITY_POLICY_CSP_CONTEXT_H_ | 89 #endif // CONTENT_COMMON_CONTENT_SECURITY_POLICY_CSP_CONTEXT_H_ |
OLD | NEW |