content/common/content_security_policy/csp_context.h - Issue 2655463006: PlzNavigate: Enforce 'frame-src' CSP on the browser.

Unified Diff: content/common/content_security_policy/csp_context.h

Issue 2655463006: PlzNavigate: Enforce 'frame-src' CSP on the browser. (Closed)

Patch Set: Addressed comments(alexmos@ and nasko@) Created 3 years, 10 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

« content/browser/frame_host/navigation_handle_impl.cc ('K') | « content/browser/site_per_process_browsertest.cc ('k') | content/common/content_security_policy/csp_context.cc » ('j') | content/public/browser/navigation_handle.h » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: content/common/content_security_policy/csp_context.h

diff --git a/content/common/content_security_policy/csp_context.h b/content/common/content_security_policy/csp_context.h

index 040a98b08632db7188b937671f0924c87c0d6c71..9af5fb0a32c0ca240623c45e515a0393074e964a 100644

--- a/content/common/content_security_policy/csp_context.h

+++ b/content/common/content_security_policy/csp_context.h

@@ -15,6 +15,8 @@

namespace content {

+struct CSPViolationParams;

class CONTENT_EXPORT CSPContext {

public:

CSPContext();

@@ -30,14 +32,7 @@ class CONTENT_EXPORT CSPContext {

bool ProtocolMatchesSelf(const GURL& url);

virtual void LogToConsole(const std::string& message);

- virtual void ReportViolation(

- const std::string& directive_text,

- const std::string& effective_directive,

- const std::string& message,

- const GURL& blocked_url,

- const std::vector<std::string>& report_end_points,

- const std::string& header,

- blink::WebContentSecurityPolicyType disposition);

+ virtual void ReportViolation(const CSPViolationParams& violation_params);

bool SelfSchemeShouldBypassCSP();

@@ -51,5 +46,47 @@ class CONTENT_EXPORT CSPContext {

DISALLOW_COPY_AND_ASSIGN(CSPContext);

};

+// Used in CSPContext::ReportViolation()

+struct CONTENT_EXPORT CSPViolationParams {

+ CSPViolationParams();

+ CSPViolationParams(const std::string& directive,

+ const std::string& effective_directive,

+ const std::string& console_message,

+ const GURL& blocked_url,

+ const std::vector<std::string>& report_endpoints,

+ const std::string& header,

+ const blink::WebContentSecurityPolicyType& disposition,

+ bool followed_redirect);

+ CSPViolationParams(const CSPViolationParams& other);

+ ~CSPViolationParams();

+ // The name of the directive that infringe the policy. |directive| might be a

+ // directive that serves as a fallback to the |effective_directive|.

+ std::string directive;

+ // The name the effective directive that was checked against.

+ std::string effective_directive;

+ // The console message that was displayed to the user.

+ std::string console_message;

+ // The URL that was blocked by the policy.

+ GURL blocked_url;

+ // The set of URI where a JSON-formatted report of the violation should be

+ // sent.

+ std::vector<std::string> report_endpoints;

+ // The raw content security policy header that was infringed.

+ std::string header;

+ // Each policy has an associated disposition, which is either "enforce" or

+ // "report".

+ blink::WebContentSecurityPolicyType disposition;

+ // Whether or not the violation happens after a redirection.

alexmos 2017/02/14 06:57:20 nit: s/redirection/redirect/

arthursonzogni 2017/02/15 09:26:10 Done.

+ bool followed_redirect;

+};

} // namespace content

#endif // CONTENT_COMMON_CONTENT_SECURITY_POLICY_CSP_CONTEXT_H_