Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(6)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: Source/core/frame/csp/CSPDirectiveList.h

Issue 27073003: CSP Suborigins Base URL: https://chromium.googlesource.com/chromium/blink.git@master
Patch Set: Address abarth's comments Created 6 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« Source/core/fetch/CrossOriginAccessControl.cpp ('K') | « Source/core/fetch/CrossOriginAccessControl.cpp ('k') | Source/core/frame/csp/CSPDirectiveList.cpp » ('j') | Source/core/frame/csp/CSPDirectiveList.cpp » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef CSPDirectiveList_h 5 #ifndef CSPDirectiveList_h
6 #define CSPDirectiveList_h 6 #define CSPDirectiveList_h
7 7
8 #include "core/frame/csp/ContentSecurityPolicy.h" 8 #include "core/frame/csp/ContentSecurityPolicy.h"
9 #include "core/frame/csp/MediaListDirective.h" 9 #include "core/frame/csp/MediaListDirective.h"
10 #include "core/frame/csp/SourceListDirective.h" 10 #include "core/frame/csp/SourceListDirective.h"
(...skipping 56 matching lines...) Expand 10 before | Expand all | Expand 10 after
67 private: 67 private:
68 CSPDirectiveList(ContentSecurityPolicy*, ContentSecurityPolicyHeaderType, Co ntentSecurityPolicyHeaderSource); 68 CSPDirectiveList(ContentSecurityPolicy*, ContentSecurityPolicyHeaderType, Co ntentSecurityPolicyHeaderSource);
69 69
70 bool parseDirective(const UChar* begin, const UChar* end, String& name, Stri ng& value); 70 bool parseDirective(const UChar* begin, const UChar* end, String& name, Stri ng& value);
71 void parseReportURI(const String& name, const String& value); 71 void parseReportURI(const String& name, const String& value);
72 void parsePluginTypes(const String& name, const String& value); 72 void parsePluginTypes(const String& name, const String& value);
73 void parseReflectedXSS(const String& name, const String& value); 73 void parseReflectedXSS(const String& name, const String& value);
74 void parseReferrer(const String& name, const String& value); 74 void parseReferrer(const String& name, const String& value);
75 void addDirective(const String& name, const String& value); 75 void addDirective(const String& name, const String& value);
76 void applySandboxPolicy(const String& name, const String& sandboxPolicy); 76 void applySandboxPolicy(const String& name, const String& sandboxPolicy);
77 void applySuboriginPolicy(const String& name, const String& suboriginPolicy) ;
78 String parseSuboriginName(const String& policy);
Mike West 2014/10/23 12:59:19 Nit: Move this up next to the other parse function
jww 2015/03/20 22:50:03 Done.
77 79
78 template <class CSPDirectiveType> 80 template <class CSPDirectiveType>
79 void setCSPDirective(const String& name, const String& value, OwnPtr<CSPDire ctiveType>&); 81 void setCSPDirective(const String& name, const String& value, OwnPtr<CSPDire ctiveType>&);
80 82
81 SourceListDirective* operativeDirective(SourceListDirective*) const; 83 SourceListDirective* operativeDirective(SourceListDirective*) const;
82 SourceListDirective* operativeDirective(SourceListDirective*, SourceListDire ctive* override) const; 84 SourceListDirective* operativeDirective(SourceListDirective*, SourceListDire ctive* override) const;
83 void reportViolation(const String& directiveText, const String& effectiveDir ective, const String& consoleMessage, const KURL& blockedURL) const; 85 void reportViolation(const String& directiveText, const String& effectiveDir ective, const String& consoleMessage, const KURL& blockedURL) const;
84 void reportViolationWithFrame(const String& directiveText, const String& eff ectiveDirective, const String& consoleMessage, const KURL& blockedURL, LocalFram e*) const; 86 void reportViolationWithFrame(const String& directiveText, const String& eff ectiveDirective, const String& consoleMessage, const KURL& blockedURL, LocalFram e*) const;
85 void reportViolationWithLocation(const String& directiveText, const String& effectiveDirective, const String& consoleMessage, const KURL& blockedURL, const String& contextURL, const WTF::OrdinalNumber& contextLine) const; 87 void reportViolationWithLocation(const String& directiveText, const String& effectiveDirective, const String& consoleMessage, const KURL& blockedURL, const String& contextURL, const WTF::OrdinalNumber& contextLine) const;
86 void reportViolationWithState(const String& directiveText, const String& eff ectiveDirective, const String& message, const KURL& blockedURL, ScriptState*) co nst; 88 void reportViolationWithState(const String& directiveText, const String& eff ectiveDirective, const String& message, const KURL& blockedURL, ScriptState*) co nst;
(...skipping 18 matching lines...) Expand all
105 bool denyIfEnforcingPolicy() const { return m_reportOnly; } 107 bool denyIfEnforcingPolicy() const { return m_reportOnly; }
106 108
107 ContentSecurityPolicy* m_policy; 109 ContentSecurityPolicy* m_policy;
108 110
109 String m_header; 111 String m_header;
110 ContentSecurityPolicyHeaderType m_headerType; 112 ContentSecurityPolicyHeaderType m_headerType;
111 ContentSecurityPolicyHeaderSource m_headerSource; 113 ContentSecurityPolicyHeaderSource m_headerSource;
112 114
113 bool m_reportOnly; 115 bool m_reportOnly;
114 bool m_haveSandboxPolicy; 116 bool m_haveSandboxPolicy;
117 bool m_haveSuboriginPolicy;
Mike West 2014/10/23 12:59:19 Nit: These both should be "hasXXX", not "haveXXX".
jww 2015/03/20 22:50:03 Done.
115 ReflectedXSSDisposition m_reflectedXSSDisposition; 118 ReflectedXSSDisposition m_reflectedXSSDisposition;
116 119
117 bool m_didSetReferrerPolicy; 120 bool m_didSetReferrerPolicy;
118 ReferrerPolicy m_referrerPolicy; 121 ReferrerPolicy m_referrerPolicy;
119 122
120 OwnPtr<MediaListDirective> m_pluginTypes; 123 OwnPtr<MediaListDirective> m_pluginTypes;
121 OwnPtr<SourceListDirective> m_baseURI; 124 OwnPtr<SourceListDirective> m_baseURI;
122 OwnPtr<SourceListDirective> m_childSrc; 125 OwnPtr<SourceListDirective> m_childSrc;
123 OwnPtr<SourceListDirective> m_connectSrc; 126 OwnPtr<SourceListDirective> m_connectSrc;
124 OwnPtr<SourceListDirective> m_defaultSrc; 127 OwnPtr<SourceListDirective> m_defaultSrc;
(...skipping 10 matching lines...) Expand all
135 138
136 Vector<String> m_reportEndpoints; 139 Vector<String> m_reportEndpoints;
137 140
138 String m_evalDisabledErrorMessage; 141 String m_evalDisabledErrorMessage;
139 }; 142 };
140 143
141 144
142 } // namespace 145 } // namespace
143 146
144 #endif 147 #endif
OLDNEW
« Source/core/fetch/CrossOriginAccessControl.cpp ('K') | « Source/core/fetch/CrossOriginAccessControl.cpp ('k') | Source/core/frame/csp/CSPDirectiveList.cpp » ('j') | Source/core/frame/csp/CSPDirectiveList.cpp » ('J')

Powered by Google App Engine
This is Rietveld 408576698