Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(734)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: Source/core/frame/csp/ContentSecurityPolicy.h

Issue 27073003: CSP Suborigins Base URL: https://chromium.googlesource.com/chromium/blink.git@master
Patch Set: Address abarth's comments Created 6 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« Source/core/frame/csp/CSPDirectiveList.cpp ('K') | « Source/core/frame/csp/CSPDirectiveList.cpp ('k') | Source/core/frame/csp/ContentSecurityPolicy.cpp » ('j') | Source/core/frame/csp/ContentSecurityPolicy.cpp » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 2011 Google, Inc. All rights reserved. 2 * Copyright (C) 2011 Google, Inc. All rights reserved.
3 * 3 *
4 * Redistribution and use in source and binary forms, with or without 4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions 5 * modification, are permitted provided that the following conditions
6 * are met: 6 * are met:
7 * 1. Redistributions of source code must retain the above copyright 7 * 1. Redistributions of source code must retain the above copyright
8 * notice, this list of conditions and the following disclaimer. 8 * notice, this list of conditions and the following disclaimer.
9 * 2. Redistributions in binary form must reproduce the above copyright 9 * 2. Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the 10 * notice, this list of conditions and the following disclaimer in the
(...skipping 70 matching lines...) Expand 10 before | Expand all | Expand 10 after
81 static const char FormAction[]; 81 static const char FormAction[];
82 static const char FrameAncestors[]; 82 static const char FrameAncestors[];
83 static const char PluginTypes[]; 83 static const char PluginTypes[];
84 static const char ReflectedXSS[]; 84 static const char ReflectedXSS[];
85 static const char Referrer[]; 85 static const char Referrer[];
86 86
87 // Manifest Directives (to be merged into CSP Level 2) 87 // Manifest Directives (to be merged into CSP Level 2)
88 // https://w3c.github.io/manifest/#content-security-policy 88 // https://w3c.github.io/manifest/#content-security-policy
89 static const char ManifestSrc[]; 89 static const char ManifestSrc[];
90 90
91 // Experimental Directives (post CSP 1.1)
92 static const char Suborigin[];
93
91 enum ReportingStatus { 94 enum ReportingStatus {
92 SendReport, 95 SendReport,
93 SuppressReport 96 SuppressReport
94 }; 97 };
95 98
96 static PassRefPtr<ContentSecurityPolicy> create() 99 static PassRefPtr<ContentSecurityPolicy> create()
97 { 100 {
98 return adoptRef(new ContentSecurityPolicy()); 101 return adoptRef(new ContentSecurityPolicy());
99 } 102 }
100 ~ContentSecurityPolicy(); 103 ~ContentSecurityPolicy();
(...skipping 59 matching lines...) Expand 10 before | Expand all | Expand 10 after
160 // If a frame is passed in, the message will be logged to its active documen t's console. 163 // If a frame is passed in, the message will be logged to its active documen t's console.
161 // Otherwise, the message will be logged to this object's |m_executionContex t|. 164 // Otherwise, the message will be logged to this object's |m_executionContex t|.
162 void logToConsole(PassRefPtrWillBeRawPtr<ConsoleMessage>, LocalFrame* = 0); 165 void logToConsole(PassRefPtrWillBeRawPtr<ConsoleMessage>, LocalFrame* = 0);
163 166
164 void reportDirectiveAsSourceExpression(const String& directiveName, const St ring& sourceExpression); 167 void reportDirectiveAsSourceExpression(const String& directiveName, const St ring& sourceExpression);
165 void reportDuplicateDirective(const String&); 168 void reportDuplicateDirective(const String&);
166 void reportInvalidDirectiveValueCharacter(const String& directiveName, const String& value); 169 void reportInvalidDirectiveValueCharacter(const String& directiveName, const String& value);
167 void reportInvalidPathCharacter(const String& directiveName, const String& v alue, const char); 170 void reportInvalidPathCharacter(const String& directiveName, const String& v alue, const char);
168 void reportInvalidPluginTypes(const String&); 171 void reportInvalidPluginTypes(const String&);
169 void reportInvalidSandboxFlags(const String&); 172 void reportInvalidSandboxFlags(const String&);
173 void reportInvalidSuboriginFlags(const String&);
170 void reportInvalidSourceExpression(const String& directiveName, const String & source); 174 void reportInvalidSourceExpression(const String& directiveName, const String & source);
171 void reportInvalidReflectedXSS(const String&); 175 void reportInvalidReflectedXSS(const String&);
172 void reportMissingReportURI(const String&); 176 void reportMissingReportURI(const String&);
173 void reportUnsupportedDirective(const String&); 177 void reportUnsupportedDirective(const String&);
174 void reportInvalidInReportOnly(const String&); 178 void reportInvalidInReportOnly(const String&);
175 void reportInvalidReferrer(const String&); 179 void reportInvalidReferrer(const String&);
176 void reportReportOnlyInMeta(const String&); 180 void reportReportOnlyInMeta(const String&);
177 void reportMetaOutsideHead(const String&); 181 void reportMetaOutsideHead(const String&);
178 182
179 // If a frame is passed in, the report will be sent using it as a context. I f no frame is 183 // If a frame is passed in, the report will be sent using it as a context. I f no frame is
180 // passed in, the report will be sent via this object's |m_executionContext| (or dropped 184 // passed in, the report will be sent via this object's |m_executionContext| (or dropped
181 // on the floor if no such context is available). 185 // on the floor if no such context is available).
182 void reportViolation(const String& directiveText, const String& effectiveDir ective, const String& consoleMessage, const KURL& blockedURL, const Vector<Strin g>& reportEndpoints, const String& header, LocalFrame* = 0); 186 void reportViolation(const String& directiveText, const String& effectiveDir ective, const String& consoleMessage, const KURL& blockedURL, const Vector<Strin g>& reportEndpoints, const String& header, LocalFrame* = 0);
183 187
184 void reportBlockedScriptExecutionToInspector(const String& directiveText) co nst; 188 void reportBlockedScriptExecutionToInspector(const String& directiveText) co nst;
185 189
186 const KURL url() const; 190 const KURL url() const;
187 void enforceSandboxFlags(SandboxFlags); 191 void enforceSandboxFlags(SandboxFlags);
192 void enforceSuborigin(const String&);
188 String evalDisabledErrorMessage() const; 193 String evalDisabledErrorMessage() const;
189 194
190 bool urlMatchesSelf(const KURL&) const; 195 bool urlMatchesSelf(const KURL&) const;
191 bool protocolMatchesSelf(const KURL&) const; 196 bool protocolMatchesSelf(const KURL&) const;
192 197
193 bool experimentalFeaturesEnabled() const; 198 bool experimentalFeaturesEnabled() const;
194 199
195 static bool shouldBypassMainWorld(ExecutionContext*); 200 static bool shouldBypassMainWorld(ExecutionContext*);
196 201
197 static bool isDirectiveName(const String&); 202 static bool isDirectiveName(const String&);
(...skipping 21 matching lines...) Expand all
219 HashSet<unsigned, AlreadyHashed> m_violationReportsSent; 224 HashSet<unsigned, AlreadyHashed> m_violationReportsSent;
220 225
221 // We put the hash functions used on the policy object so that we only need 226 // We put the hash functions used on the policy object so that we only need
222 // to calculate a hash once and then distribute it to all of the directives 227 // to calculate a hash once and then distribute it to all of the directives
223 // for validation. 228 // for validation.
224 uint8_t m_scriptHashAlgorithmsUsed; 229 uint8_t m_scriptHashAlgorithmsUsed;
225 uint8_t m_styleHashAlgorithmsUsed; 230 uint8_t m_styleHashAlgorithmsUsed;
226 231
227 // State flags used to configure the environment after parsing a policy. 232 // State flags used to configure the environment after parsing a policy.
228 SandboxFlags m_sandboxMask; 233 SandboxFlags m_sandboxMask;
234 String m_suboriginName;
229 ReferrerPolicy m_referrerPolicy; 235 ReferrerPolicy m_referrerPolicy;
230 String m_disableEvalErrorMessage; 236 String m_disableEvalErrorMessage;
231 237
232 OwnPtr<CSPSource> m_selfSource; 238 OwnPtr<CSPSource> m_selfSource;
233 String m_selfProtocol; 239 String m_selfProtocol;
234 }; 240 };
235 241
236 } 242 }
237 243
238 #endif 244 #endif
OLDNEW
« Source/core/frame/csp/CSPDirectiveList.cpp ('K') | « Source/core/frame/csp/CSPDirectiveList.cpp ('k') | Source/core/frame/csp/ContentSecurityPolicy.cpp » ('j') | Source/core/frame/csp/ContentSecurityPolicy.cpp » ('J')

Powered by Google App Engine
This is Rietveld 408576698