Index: content/common/content_security_policy/csp_context.h |
diff --git a/content/common/content_security_policy/csp_context.h b/content/common/content_security_policy/csp_context.h |
index bbc03017f23fb03b558f902263bf1b71a2f0c592..390c60ff4e447fbc750fb9bc0f01235b1fc18616 100644 |
--- a/content/common/content_security_policy/csp_context.h |
+++ b/content/common/content_security_policy/csp_context.h |
@@ -15,37 +15,37 @@ |
namespace content { |
+struct CSPViolationParams; |
+ |
// A CSPContext represents the system on which the Content-Security-Policy are |
// enforced. One must define via its virtual methods how to report violations, |
// how to log messages on the console and what is the set of scheme that bypass |
-// the CSP. |
-// Its main implementation is in content/browser/frame_host/csp_context_impl.h |
+// the CSP. Its main implementation is in |
+// content/browser/frame_host/render_frame_host_impl.h |
class CONTENT_EXPORT CSPContext { |
public: |
CSPContext(); |
virtual ~CSPContext(); |
- bool Allow(const std::vector<ContentSecurityPolicy>& policies, |
- CSPDirective::Name directive_name, |
- const GURL& url, |
- bool is_redirect = false); |
+ bool AllowContentSecurityPolicy(CSPDirective::Name directive_name, |
+ const GURL& url, |
+ bool is_redirect = false); |
void SetSelf(const url::Origin origin); |
bool AllowSelf(const GURL& url); |
bool ProtocolMatchesSelf(const GURL& url); |
virtual void LogToConsole(const std::string& message); |
- virtual void ReportViolation( |
- const std::string& directive_text, |
- const std::string& effective_directive, |
- const std::string& message, |
- const GURL& blocked_url, |
- const std::vector<std::string>& report_end_points, |
- const std::string& header, |
- blink::WebContentSecurityPolicyType disposition); |
+ virtual void ReportContentSecurityPolicyViolation( |
+ const CSPViolationParams& violation_params); |
bool SelfSchemeShouldBypassCSP(); |
+ void ResetContentSecurityPolicies() { policies_.clear(); } |
+ void AddContentSecurityPolicy(const ContentSecurityPolicy& policy) { |
+ policies_.push_back(policy); |
+ } |
+ |
private: |
virtual bool SchemeShouldBypassCSP(const base::StringPiece& scheme); |
@@ -53,8 +53,52 @@ class CONTENT_EXPORT CSPContext { |
std::string self_scheme_; |
CSPSource self_source_; |
+ std::vector<ContentSecurityPolicy> policies_; |
+ |
DISALLOW_COPY_AND_ASSIGN(CSPContext); |
}; |
+// Used in CSPContext::ReportViolation() |
+struct CONTENT_EXPORT CSPViolationParams { |
+ CSPViolationParams(); |
+ CSPViolationParams(const std::string& directive, |
+ const std::string& effective_directive, |
+ const std::string& console_message, |
+ const GURL& blocked_url, |
+ const std::vector<std::string>& report_endpoints, |
+ const std::string& header, |
+ const blink::WebContentSecurityPolicyType& disposition, |
+ bool after_redirect); |
+ CSPViolationParams(const CSPViolationParams& other); |
+ ~CSPViolationParams(); |
+ |
+ // The name of the directive that infringe the policy. |directive| might be a |
+ // directive that serves as a fallback to the |effective_directive|. |
+ std::string directive; |
+ |
+ // The name the effective directive that was checked against. |
+ std::string effective_directive; |
+ |
+ // The console message to be displayed to the user. |
+ std::string console_message; |
+ |
+ // The URL that was blocked by the policy. |
+ GURL blocked_url; |
+ |
+ // The set of URI where a JSON-formatted report of the violation should be |
+ // sent. |
+ std::vector<std::string> report_endpoints; |
+ |
+ // The raw content security policy header that was violated. |
+ std::string header; |
+ |
+ // Each policy has an associated disposition, which is either "enforce" or |
+ // "report". |
+ blink::WebContentSecurityPolicyType disposition; |
+ |
+ // Whether or not the violation happens after a redirect. |
+ bool after_redirect; |
+}; |
+ |
} // namespace content |
#endif // CONTENT_COMMON_CONTENT_SECURITY_POLICY_CSP_CONTEXT_H_ |