OLD | NEW |
---|---|
1 // Copyright 2017 The Chromium Authors. All rights reserved. | 1 // Copyright 2017 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef CONTENT_COMMON_CONTENT_SECURITY_POLICY_CSP_CONTEXT_H_ | 5 #ifndef CONTENT_COMMON_CONTENT_SECURITY_POLICY_CSP_CONTEXT_H_ |
6 #define CONTENT_COMMON_CONTENT_SECURITY_POLICY_CSP_CONTEXT_H_ | 6 #define CONTENT_COMMON_CONTENT_SECURITY_POLICY_CSP_CONTEXT_H_ |
7 | 7 |
8 #include <vector> | 8 #include <vector> |
9 | 9 |
10 #include "content/common/content_export.h" | 10 #include "content/common/content_export.h" |
11 #include "content/common/content_security_policy/csp_policy.h" | 11 #include "content/common/content_security_policy/csp_policy.h" |
12 #include "content/common/content_security_policy_header.h" | 12 #include "content/common/content_security_policy_header.h" |
13 #include "url/gurl.h" | 13 #include "url/gurl.h" |
14 #include "url/origin.h" | 14 #include "url/origin.h" |
15 | 15 |
16 namespace content { | 16 namespace content { |
17 | 17 |
18 struct CSPViolationParams; | |
19 | |
18 class CONTENT_EXPORT CSPContext { | 20 class CONTENT_EXPORT CSPContext { |
19 public: | 21 public: |
20 CSPContext(); | 22 CSPContext(); |
21 virtual ~CSPContext(); | 23 virtual ~CSPContext(); |
22 | 24 |
23 bool Allow(const std::vector<CSPPolicy>& policies, | 25 bool Allow(const std::vector<CSPPolicy>& policies, |
24 CSPDirective::Name directive_name, | 26 CSPDirective::Name directive_name, |
25 const GURL& url, | 27 const GURL& url, |
26 bool is_redirect = false); | 28 bool is_redirect = false); |
27 | 29 |
28 void SetSelf(const url::Origin origin); | 30 void SetSelf(const url::Origin origin); |
29 bool AllowSelf(const GURL& url); | 31 bool AllowSelf(const GURL& url); |
30 bool ProtocolMatchesSelf(const GURL& url); | 32 bool ProtocolMatchesSelf(const GURL& url); |
31 | 33 |
32 virtual void LogToConsole(const std::string& message); | 34 virtual void LogToConsole(const std::string& message); |
33 virtual void ReportViolation( | 35 virtual void ReportViolation(const CSPViolationParams& violation_params); |
34 const std::string& directive_text, | |
35 const std::string& effective_directive, | |
36 const std::string& message, | |
37 const GURL& blocked_url, | |
38 const std::vector<std::string>& report_end_points, | |
39 const std::string& header, | |
40 blink::WebContentSecurityPolicyType disposition); | |
41 | 36 |
42 bool SelfSchemeShouldBypassCSP(); | 37 bool SelfSchemeShouldBypassCSP(); |
43 | 38 |
44 private: | 39 private: |
45 virtual bool SchemeShouldBypassCSP(const base::StringPiece& scheme); | 40 virtual bool SchemeShouldBypassCSP(const base::StringPiece& scheme); |
46 | 41 |
47 bool has_self_ = false; | 42 bool has_self_ = false; |
48 std::string self_scheme_; | 43 std::string self_scheme_; |
49 CSPSource self_source_; | 44 CSPSource self_source_; |
50 | 45 |
51 DISALLOW_COPY_AND_ASSIGN(CSPContext); | 46 DISALLOW_COPY_AND_ASSIGN(CSPContext); |
52 }; | 47 }; |
53 | 48 |
49 // Used in CSPContext::ReportViolation() | |
50 struct CONTENT_EXPORT CSPViolationParams { | |
51 CSPViolationParams(); | |
52 CSPViolationParams(const std::string& directive, | |
53 const std::string& effective_directive, | |
54 const std::string& console_message, | |
55 const GURL& blocked_url, | |
56 const std::vector<std::string>& report_endpoints, | |
57 const std::string& header, | |
58 const blink::WebContentSecurityPolicyType& disposition, | |
59 bool followed_redirect); | |
60 CSPViolationParams(const CSPViolationParams& other); | |
61 ~CSPViolationParams(); | |
62 | |
63 // The name of the directive that infringe the policy. |directive| might be a | |
64 // directive that serves as a fallback to the |effective_directive|. | |
65 std::string directive; | |
66 | |
67 // The name the effective directive that was checked against. | |
68 std::string effective_directive; | |
69 | |
70 // The console message that was displayed to the user. | |
71 std::string console_message; | |
72 | |
73 // The URL that was blocked by the policy. | |
74 GURL blocked_url; | |
75 | |
76 // The set of URI where a JSON-formatted report of the violation should be | |
77 // sent. | |
78 std::vector<std::string> report_endpoints; | |
79 | |
80 // The raw content security policy header that was infringed. | |
81 std::string header; | |
82 | |
83 // Each policy has an associated disposition, which is either "enforce" or | |
84 // "report". | |
85 blink::WebContentSecurityPolicyType disposition; | |
86 | |
87 // Whether or not the violation happens after a redirection. | |
alexmos
2017/02/14 06:57:20
nit: s/redirection/redirect/
arthursonzogni
2017/02/15 09:26:10
Done.
| |
88 bool followed_redirect; | |
89 }; | |
90 | |
54 } // namespace content | 91 } // namespace content |
55 #endif // CONTENT_COMMON_CONTENT_SECURITY_POLICY_CSP_CONTEXT_H_ | 92 #endif // CONTENT_COMMON_CONTENT_SECURITY_POLICY_CSP_CONTEXT_H_ |
OLD | NEW |