Index: content/common/content_security_policy/csp_context.h |
diff --git a/content/common/content_security_policy/csp_context.h b/content/common/content_security_policy/csp_context.h |
index a7573defdfcf8861023052b2aa6cdfc1a3f5423c..a7122921142f3b81d8a3ec5a94bfd93363670c74 100644 |
--- a/content/common/content_security_policy/csp_context.h |
+++ b/content/common/content_security_policy/csp_context.h |
@@ -15,6 +15,8 @@ |
namespace content { |
+struct CSPViolationParams; |
+ |
// A CSPContext define every dependencies that have to be implemented to be |
// able to check the Content-Security-Policy and report violations to the users. |
class CONTENT_EXPORT CSPContext { |
@@ -32,14 +34,7 @@ class CONTENT_EXPORT CSPContext { |
bool ProtocolMatchesSelf(const GURL& url); |
virtual void LogToConsole(const std::string& message); |
- virtual void ReportViolation( |
- const std::string& directive_text, |
- const std::string& effective_directive, |
- const std::string& message, |
- const GURL& blocked_url, |
- const std::vector<std::string>& report_end_points, |
- const std::string& header, |
- blink::WebContentSecurityPolicyType disposition); |
+ virtual void ReportViolation(const CSPViolationParams& violation_params); |
bool SelfSchemeShouldBypassCSP(); |
@@ -53,5 +48,47 @@ class CONTENT_EXPORT CSPContext { |
DISALLOW_COPY_AND_ASSIGN(CSPContext); |
}; |
+// Used in CSPContext::ReportViolation() |
+struct CONTENT_EXPORT CSPViolationParams { |
+ CSPViolationParams(); |
+ CSPViolationParams(const std::string& directive, |
+ const std::string& effective_directive, |
+ const std::string& console_message, |
+ const GURL& blocked_url, |
+ const std::vector<std::string>& report_endpoints, |
+ const std::string& header, |
+ const blink::WebContentSecurityPolicyType& disposition, |
+ bool followed_redirect); |
+ CSPViolationParams(const CSPViolationParams& other); |
+ ~CSPViolationParams(); |
+ |
+ // The name of the directive that infringe the policy. |directive| might be a |
+ // directive that serves as a fallback to the |effective_directive|. |
+ std::string directive; |
+ |
+ // The name the effective directive that was checked against. |
+ std::string effective_directive; |
+ |
+ // The console message that was displayed to the user. |
nasko
2017/02/15 21:28:44
"to be displayed"? This will be sent to the render
|
+ std::string console_message; |
+ |
+ // The URL that was blocked by the policy. |
+ GURL blocked_url; |
+ |
+ // The set of URI where a JSON-formatted report of the violation should be |
+ // sent. |
+ std::vector<std::string> report_endpoints; |
+ |
+ // The raw content security policy header that was infringed. |
nasko
2017/02/15 21:28:44
nit: s/infringed/violated/
|
+ std::string header; |
+ |
+ // Each policy has an associated disposition, which is either "enforce" or |
+ // "report". |
+ blink::WebContentSecurityPolicyType disposition; |
+ |
+ // Whether or not the violation happens after a redirect. |
+ bool followed_redirect; |
nasko
2017/02/15 21:28:44
nit: after_redirect?
arthursonzogni
2017/02/16 17:32:41
I followed the naming I've found in:
https://coder
|
+}; |
+ |
} // namespace content |
#endif // CONTENT_COMMON_CONTENT_SECURITY_POLICY_CSP_CONTEXT_H_ |