CSP Suborigins

Source/core/frame/csp/ContentSecurityPolicy.cpp

Index: Source/core/frame/csp/ContentSecurityPolicy.cpp
diff --git a/Source/core/frame/csp/ContentSecurityPolicy.cpp b/Source/core/frame/csp/ContentSecurityPolicy.cpp
index f2fbc59696ce3d0305a178bd968d690a8b42d883..4f8135b30eb97e344f2c9f7c328c105b895fa353 100644
--- a/Source/core/frame/csp/ContentSecurityPolicy.cpp
+++ b/Source/core/frame/csp/ContentSecurityPolicy.cpp
@@ -88,6 +88,9 @@ const char ContentSecurityPolicy::PluginTypes[] = "plugin-types";
 const char ContentSecurityPolicy::ReflectedXSS[] = "reflected-xss";
 const char ContentSecurityPolicy::Referrer[] = "referrer";
 
+// Experimental Directives (post CSP 1.1)
+const char ContentSecurityPolicy::Suborigin[] = "suborigin";
+
 bool ContentSecurityPolicy::isDirectiveName(const String& name)
 {
     return (equalIgnoringCase(name, ConnectSrc)
@@ -100,6 +103,7 @@ bool ContentSecurityPolicy::isDirectiveName(const String& name)
         || equalIgnoringCase(name, ReportURI)
         || equalIgnoringCase(name, Sandbox)
         || equalIgnoringCase(name, ScriptSrc)
+        || equalIgnoringCase(name, Suborigin)
         || equalIgnoringCase(name, StyleSrc)
         || equalIgnoringCase(name, BaseURI)
         || equalIgnoringCase(name, ChildSrc)
@@ -546,6 +550,12 @@ void ContentSecurityPolicy::enforceSandboxFlags(SandboxFlags mask) const
         document->enforceSandboxFlags(mask);
 }
 
+void ContentSecurityPolicy::enforceSuborigin(String name) const

[abarth-chromium, 2014/07/31 04:56:47]

const String&

[jww, 2014/10/21 23:51:06]

Done.

+{
+    if (m_client->isDocument())
+        static_cast<Document*>(m_client)->enforceSuborigin(name);
+}
+
 static String stripURLForUseInReport(Document* document, const KURL& url)
 {
     if (!url.isValid())
@@ -712,6 +722,11 @@ void ContentSecurityPolicy::reportInvalidSandboxFlags(const String& invalidFlags
     logToConsole("Error while parsing the 'sandbox' Content Security Policy directive: " + invalidFlags);
 }
 
+void ContentSecurityPolicy::reportInvalidSuboriginFlags(const String& invalidFlags) const
+{
+    logToConsole("Error while parsing the 'suborigin' Content Security Policy directive: " + invalidFlags);
+}
+
 void ContentSecurityPolicy::reportInvalidReflectedXSS(const String& invalidValue) const
 {
     logToConsole("The 'reflected-xss' Content Security Policy directive has the invalid value \"" + invalidValue + "\". Valid values are \"allow\", \"filter\", and \"block\".");