Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(128)

Unified Diff: content/common/content_security_policy/csp_context.h

Issue 2655463006: PlzNavigate: Enforce 'frame-src' CSP on the browser. (Closed)
Patch Set: Rebase. Created 3 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
Index: content/common/content_security_policy/csp_context.h
diff --git a/content/common/content_security_policy/csp_context.h b/content/common/content_security_policy/csp_context.h
index bbc03017f23fb03b558f902263bf1b71a2f0c592..fff6cf0140dec445eebbd0adc8663fe4a20d88ae 100644
--- a/content/common/content_security_policy/csp_context.h
+++ b/content/common/content_security_policy/csp_context.h
@@ -15,36 +15,36 @@
namespace content {
+struct CSPViolationParams;
+
// A CSPContext represents the system on which the Content-Security-Policy are
// enforced. One must define via its virtual methods how to report violations,
// how to log messages on the console and what is the set of scheme that bypass
-// the CSP.
-// Its main implementation is in content/browser/frame_host/csp_context_impl.h
+// the CSP. Its main implementation is in
+// content/browser/frame_host/render_frame_host_impl.h
class CONTENT_EXPORT CSPContext {
public:
CSPContext();
virtual ~CSPContext();
- bool Allow(const std::vector<ContentSecurityPolicy>& policies,
- CSPDirective::Name directive_name,
- const GURL& url,
- bool is_redirect = false);
+ bool IsAllowedByCsp(CSPDirective::Name directive_name,
+ const GURL& url,
+ bool is_redirect = false);
void SetSelf(const url::Origin origin);
bool AllowSelf(const GURL& url);
bool ProtocolMatchesSelf(const GURL& url);
virtual void LogToConsole(const std::string& message);
- virtual void ReportViolation(
- const std::string& directive_text,
- const std::string& effective_directive,
- const std::string& message,
- const GURL& blocked_url,
- const std::vector<std::string>& report_end_points,
- const std::string& header,
- blink::WebContentSecurityPolicyType disposition);
+ virtual void ReportContentSecurityPolicyViolation(
+ const CSPViolationParams& violation_params);
+
+ bool SelfSchemeShouldBypassCsp();
- bool SelfSchemeShouldBypassCSP();
+ void ResetContentSecurityPolicies() { policies_.clear(); }
+ void AddContentSecurityPolicy(const ContentSecurityPolicy& policy) {
+ policies_.push_back(policy);
+ }
private:
virtual bool SchemeShouldBypassCSP(const base::StringPiece& scheme);
@@ -53,8 +53,52 @@ class CONTENT_EXPORT CSPContext {
std::string self_scheme_;
CSPSource self_source_;
+ std::vector<ContentSecurityPolicy> policies_;
+
DISALLOW_COPY_AND_ASSIGN(CSPContext);
};
+// Used in CSPContext::ReportViolation()
+struct CONTENT_EXPORT CSPViolationParams {
+ CSPViolationParams();
+ CSPViolationParams(const std::string& directive,
+ const std::string& effective_directive,
+ const std::string& console_message,
+ const GURL& blocked_url,
+ const std::vector<std::string>& report_endpoints,
+ const std::string& header,
+ const blink::WebContentSecurityPolicyType& disposition,
+ bool after_redirect);
+ CSPViolationParams(const CSPViolationParams& other);
+ ~CSPViolationParams();
+
+ // The name of the directive that violates the policy. |directive| might be a
+ // directive that serves as a fallback to the |effective_directive|.
+ std::string directive;
+
+ // The name the effective directive that was checked against.
+ std::string effective_directive;
+
+ // The console message to be displayed to the user.
+ std::string console_message;
+
+ // The URL that was blocked by the policy.
+ GURL blocked_url;
+
+ // The set of URI where a JSON-formatted report of the violation should be
+ // sent.
+ std::vector<std::string> report_endpoints;
+
+ // The raw content security policy header that was violated.
+ std::string header;
+
+ // Each policy has an associated disposition, which is either "enforce" or
+ // "report".
+ blink::WebContentSecurityPolicyType disposition;
+
+ // Whether or not the violation happens after a redirect.
+ bool after_redirect;
+};
+
} // namespace content
#endif // CONTENT_COMMON_CONTENT_SECURITY_POLICY_CSP_CONTEXT_H_

Powered by Google App Engine
This is Rietveld 408576698