CSP Suborigins

Source/core/frame/csp/ContentSecurityPolicy.h

Index: Source/core/frame/csp/ContentSecurityPolicy.h
diff --git a/Source/core/frame/csp/ContentSecurityPolicy.h b/Source/core/frame/csp/ContentSecurityPolicy.h
index 5aee0ea2ef5bdff5259bb08140f6275bfbd1cbe1..f41e12ae8a8f16c8652ac1445a36b8d66d79a97c 100644
--- a/Source/core/frame/csp/ContentSecurityPolicy.h
+++ b/Source/core/frame/csp/ContentSecurityPolicy.h
@@ -55,6 +55,7 @@ class ExecutionContextClient;
 class SecurityOrigin;
 
 typedef int SandboxFlags;
+typedef String SuboriginFlags;

[abarth-chromium, 2014/07/31 04:56:47]

I'd skip this typedef.

[jww, 2014/10/21 23:51:06]

Done.

 typedef Vector<OwnPtr<CSPDirectiveList> > CSPDirectiveListVector;
 
 class ContentSecurityPolicy : public RefCounted<ContentSecurityPolicy> {
@@ -82,6 +83,9 @@ public:
     static const char ReflectedXSS[];
     static const char Referrer[];
 
+    // Experimental Directives (post CSP 1.1)
+    static const char Suborigin[];
+
     static PassRefPtr<ContentSecurityPolicy> create(ExecutionContextClient* client)
     {
         return adoptRef(new ContentSecurityPolicy(client));
@@ -149,6 +153,7 @@ public:
     void reportInvalidPathCharacter(const String& directiveName, const String& value, const char) const;
     void reportInvalidPluginTypes(const String&) const;
     void reportInvalidSandboxFlags(const String&) const;
+    void reportInvalidSuboriginFlags(const String&) const;
     void reportInvalidSourceExpression(const String& directiveName, const String& source) const;
     void reportInvalidReflectedXSS(const String&) const;
     void reportMissingReportURI(const String&) const;
@@ -165,6 +170,7 @@ public:
     KURL completeURL(const String&) const;
     SecurityOrigin* securityOrigin() const;
     void enforceSandboxFlags(SandboxFlags) const;
+    void enforceSuborigin(SuboriginFlags) const;
     String evalDisabledErrorMessage() const;
 
     bool experimentalFeaturesEnabled() const;