Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(187)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: Source/core/frame/csp/ContentSecurityPolicy.h

Issue 27073003: CSP Suborigins Base URL: https://chromium.googlesource.com/chromium/blink.git@master
Patch Set: Rebase Created 6 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« Source/core/frame/csp/CSPDirectiveList.cpp ('K') | « Source/core/frame/csp/CSPDirectiveList.cpp ('k') | Source/core/frame/csp/ContentSecurityPolicy.cpp » ('j') | Source/core/frame/csp/ContentSecurityPolicy.cpp » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 2011 Google, Inc. All rights reserved. 2 * Copyright (C) 2011 Google, Inc. All rights reserved.
3 * 3 *
4 * Redistribution and use in source and binary forms, with or without 4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions 5 * modification, are permitted provided that the following conditions
6 * are met: 6 * are met:
7 * 1. Redistributions of source code must retain the above copyright 7 * 1. Redistributions of source code must retain the above copyright
8 * notice, this list of conditions and the following disclaimer. 8 * notice, this list of conditions and the following disclaimer.
9 * 2. Redistributions in binary form must reproduce the above copyright 9 * 2. Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the 10 * notice, this list of conditions and the following disclaimer in the
(...skipping 37 matching lines...) Expand 10 before | Expand all | Expand 10 after
48 48
49 class ContentSecurityPolicyResponseHeaders; 49 class ContentSecurityPolicyResponseHeaders;
50 class CSPDirectiveList; 50 class CSPDirectiveList;
51 class DOMStringList; 51 class DOMStringList;
52 class JSONObject; 52 class JSONObject;
53 class KURL; 53 class KURL;
54 class ExecutionContextClient; 54 class ExecutionContextClient;
55 class SecurityOrigin; 55 class SecurityOrigin;
56 56
57 typedef int SandboxFlags; 57 typedef int SandboxFlags;
58 typedef String SuboriginFlags;
abarth-chromium 2014/07/31 04:56:47 I'd skip this typedef.
jww 2014/10/21 23:51:06 Done.
58 typedef Vector<OwnPtr<CSPDirectiveList> > CSPDirectiveListVector; 59 typedef Vector<OwnPtr<CSPDirectiveList> > CSPDirectiveListVector;
59 60
60 class ContentSecurityPolicy : public RefCounted<ContentSecurityPolicy> { 61 class ContentSecurityPolicy : public RefCounted<ContentSecurityPolicy> {
61 WTF_MAKE_FAST_ALLOCATED; 62 WTF_MAKE_FAST_ALLOCATED;
62 public: 63 public:
63 // CSP 1.0 Directives 64 // CSP 1.0 Directives
64 static const char ConnectSrc[]; 65 static const char ConnectSrc[];
65 static const char DefaultSrc[]; 66 static const char DefaultSrc[];
66 static const char FontSrc[]; 67 static const char FontSrc[];
67 static const char FrameSrc[]; 68 static const char FrameSrc[];
68 static const char ImgSrc[]; 69 static const char ImgSrc[];
69 static const char MediaSrc[]; 70 static const char MediaSrc[];
70 static const char ObjectSrc[]; 71 static const char ObjectSrc[];
71 static const char ReportURI[]; 72 static const char ReportURI[];
72 static const char Sandbox[]; 73 static const char Sandbox[];
73 static const char ScriptSrc[]; 74 static const char ScriptSrc[];
74 static const char StyleSrc[]; 75 static const char StyleSrc[];
75 76
76 // CSP 1.1 Directives 77 // CSP 1.1 Directives
77 static const char BaseURI[]; 78 static const char BaseURI[];
78 static const char ChildSrc[]; 79 static const char ChildSrc[];
79 static const char FormAction[]; 80 static const char FormAction[];
80 static const char FrameAncestors[]; 81 static const char FrameAncestors[];
81 static const char PluginTypes[]; 82 static const char PluginTypes[];
82 static const char ReflectedXSS[]; 83 static const char ReflectedXSS[];
83 static const char Referrer[]; 84 static const char Referrer[];
84 85
86 // Experimental Directives (post CSP 1.1)
87 static const char Suborigin[];
88
85 static PassRefPtr<ContentSecurityPolicy> create(ExecutionContextClient* clie nt) 89 static PassRefPtr<ContentSecurityPolicy> create(ExecutionContextClient* clie nt)
86 { 90 {
87 return adoptRef(new ContentSecurityPolicy(client)); 91 return adoptRef(new ContentSecurityPolicy(client));
88 } 92 }
89 ~ContentSecurityPolicy(); 93 ~ContentSecurityPolicy();
90 94
91 void copyStateFrom(const ContentSecurityPolicy*); 95 void copyStateFrom(const ContentSecurityPolicy*);
92 96
93 enum ReportingStatus { 97 enum ReportingStatus {
94 SendReport, 98 SendReport,
(...skipping 47 matching lines...) Expand 10 before | Expand all | Expand 10 after
142 void setOverrideAllowInlineStyle(bool); 146 void setOverrideAllowInlineStyle(bool);
143 147
144 bool isActive() const; 148 bool isActive() const;
145 149
146 void reportDirectiveAsSourceExpression(const String& directiveName, const St ring& sourceExpression) const; 150 void reportDirectiveAsSourceExpression(const String& directiveName, const St ring& sourceExpression) const;
147 void reportDuplicateDirective(const String&) const; 151 void reportDuplicateDirective(const String&) const;
148 void reportInvalidDirectiveValueCharacter(const String& directiveName, const String& value) const; 152 void reportInvalidDirectiveValueCharacter(const String& directiveName, const String& value) const;
149 void reportInvalidPathCharacter(const String& directiveName, const String& v alue, const char) const; 153 void reportInvalidPathCharacter(const String& directiveName, const String& v alue, const char) const;
150 void reportInvalidPluginTypes(const String&) const; 154 void reportInvalidPluginTypes(const String&) const;
151 void reportInvalidSandboxFlags(const String&) const; 155 void reportInvalidSandboxFlags(const String&) const;
156 void reportInvalidSuboriginFlags(const String&) const;
152 void reportInvalidSourceExpression(const String& directiveName, const String & source) const; 157 void reportInvalidSourceExpression(const String& directiveName, const String & source) const;
153 void reportInvalidReflectedXSS(const String&) const; 158 void reportInvalidReflectedXSS(const String&) const;
154 void reportMissingReportURI(const String&) const; 159 void reportMissingReportURI(const String&) const;
155 void reportUnsupportedDirective(const String&) const; 160 void reportUnsupportedDirective(const String&) const;
156 void reportInvalidInReportOnly(const String&) const; 161 void reportInvalidInReportOnly(const String&) const;
157 void reportInvalidReferrer(const String&) const; 162 void reportInvalidReferrer(const String&) const;
158 void reportReportOnlyInMeta(const String&) const; 163 void reportReportOnlyInMeta(const String&) const;
159 void reportMetaOutsideHead(const String&) const; 164 void reportMetaOutsideHead(const String&) const;
160 void reportViolation(const String& directiveText, const String& effectiveDir ective, const String& consoleMessage, const KURL& blockedURL, const Vector<KURL> & reportURIs, const String& header); 165 void reportViolation(const String& directiveText, const String& effectiveDir ective, const String& consoleMessage, const KURL& blockedURL, const Vector<KURL> & reportURIs, const String& header);
161 166
162 void reportBlockedScriptExecutionToInspector(const String& directiveText) co nst; 167 void reportBlockedScriptExecutionToInspector(const String& directiveText) co nst;
163 168
164 const KURL url() const; 169 const KURL url() const;
165 KURL completeURL(const String&) const; 170 KURL completeURL(const String&) const;
166 SecurityOrigin* securityOrigin() const; 171 SecurityOrigin* securityOrigin() const;
167 void enforceSandboxFlags(SandboxFlags) const; 172 void enforceSandboxFlags(SandboxFlags) const;
173 void enforceSuborigin(SuboriginFlags) const;
168 String evalDisabledErrorMessage() const; 174 String evalDisabledErrorMessage() const;
169 175
170 bool experimentalFeaturesEnabled() const; 176 bool experimentalFeaturesEnabled() const;
171 177
172 static bool shouldBypassMainWorld(ExecutionContext*); 178 static bool shouldBypassMainWorld(ExecutionContext*);
173 179
174 static bool isDirectiveName(const String&); 180 static bool isDirectiveName(const String&);
175 181
176 ExecutionContextClient* client() const { return m_client; } 182 ExecutionContextClient* client() const { return m_client; }
177 Document* document() const { return client()->isDocument() ? toDocument(clie nt()) : 0; } 183 Document* document() const { return client()->isDocument() ? toDocument(clie nt()) : 0; }
(...skipping 16 matching lines...) Expand all
194 // We put the hash functions used on the policy object so that we only need 200 // We put the hash functions used on the policy object so that we only need
195 // to calculate a hash once and then distribute it to all of the directives 201 // to calculate a hash once and then distribute it to all of the directives
196 // for validation. 202 // for validation.
197 uint8_t m_scriptHashAlgorithmsUsed; 203 uint8_t m_scriptHashAlgorithmsUsed;
198 uint8_t m_styleHashAlgorithmsUsed; 204 uint8_t m_styleHashAlgorithmsUsed;
199 }; 205 };
200 206
201 } 207 }
202 208
203 #endif 209 #endif
OLDNEW
« Source/core/frame/csp/CSPDirectiveList.cpp ('K') | « Source/core/frame/csp/CSPDirectiveList.cpp ('k') | Source/core/frame/csp/ContentSecurityPolicy.cpp » ('j') | Source/core/frame/csp/ContentSecurityPolicy.cpp » ('J')

Powered by Google App Engine
This is Rietveld 408576698