Index: content/common/content_security_policy/csp_context.h |
diff --git a/content/common/content_security_policy/csp_context.h b/content/common/content_security_policy/csp_context.h |
index fff6cf0140dec445eebbd0adc8663fe4a20d88ae..bbc03017f23fb03b558f902263bf1b71a2f0c592 100644 |
--- a/content/common/content_security_policy/csp_context.h |
+++ b/content/common/content_security_policy/csp_context.h |
@@ -15,36 +15,36 @@ |
namespace content { |
-struct CSPViolationParams; |
- |
// A CSPContext represents the system on which the Content-Security-Policy are |
// enforced. One must define via its virtual methods how to report violations, |
// how to log messages on the console and what is the set of scheme that bypass |
-// the CSP. Its main implementation is in |
-// content/browser/frame_host/render_frame_host_impl.h |
+// the CSP. |
+// Its main implementation is in content/browser/frame_host/csp_context_impl.h |
class CONTENT_EXPORT CSPContext { |
public: |
CSPContext(); |
virtual ~CSPContext(); |
- bool IsAllowedByCsp(CSPDirective::Name directive_name, |
- const GURL& url, |
- bool is_redirect = false); |
+ bool Allow(const std::vector<ContentSecurityPolicy>& policies, |
+ CSPDirective::Name directive_name, |
+ const GURL& url, |
+ bool is_redirect = false); |
void SetSelf(const url::Origin origin); |
bool AllowSelf(const GURL& url); |
bool ProtocolMatchesSelf(const GURL& url); |
virtual void LogToConsole(const std::string& message); |
- virtual void ReportContentSecurityPolicyViolation( |
- const CSPViolationParams& violation_params); |
+ virtual void ReportViolation( |
+ const std::string& directive_text, |
+ const std::string& effective_directive, |
+ const std::string& message, |
+ const GURL& blocked_url, |
+ const std::vector<std::string>& report_end_points, |
+ const std::string& header, |
+ blink::WebContentSecurityPolicyType disposition); |
- bool SelfSchemeShouldBypassCsp(); |
- |
- void ResetContentSecurityPolicies() { policies_.clear(); } |
- void AddContentSecurityPolicy(const ContentSecurityPolicy& policy) { |
- policies_.push_back(policy); |
- } |
+ bool SelfSchemeShouldBypassCSP(); |
private: |
virtual bool SchemeShouldBypassCSP(const base::StringPiece& scheme); |
@@ -53,51 +53,7 @@ |
std::string self_scheme_; |
CSPSource self_source_; |
- std::vector<ContentSecurityPolicy> policies_; |
- |
DISALLOW_COPY_AND_ASSIGN(CSPContext); |
-}; |
- |
-// Used in CSPContext::ReportViolation() |
-struct CONTENT_EXPORT CSPViolationParams { |
- CSPViolationParams(); |
- CSPViolationParams(const std::string& directive, |
- const std::string& effective_directive, |
- const std::string& console_message, |
- const GURL& blocked_url, |
- const std::vector<std::string>& report_endpoints, |
- const std::string& header, |
- const blink::WebContentSecurityPolicyType& disposition, |
- bool after_redirect); |
- CSPViolationParams(const CSPViolationParams& other); |
- ~CSPViolationParams(); |
- |
- // The name of the directive that violates the policy. |directive| might be a |
- // directive that serves as a fallback to the |effective_directive|. |
- std::string directive; |
- |
- // The name the effective directive that was checked against. |
- std::string effective_directive; |
- |
- // The console message to be displayed to the user. |
- std::string console_message; |
- |
- // The URL that was blocked by the policy. |
- GURL blocked_url; |
- |
- // The set of URI where a JSON-formatted report of the violation should be |
- // sent. |
- std::vector<std::string> report_endpoints; |
- |
- // The raw content security policy header that was violated. |
- std::string header; |
- |
- // Each policy has an associated disposition, which is either "enforce" or |
- // "report". |
- blink::WebContentSecurityPolicyType disposition; |
- |
- // Whether or not the violation happens after a redirect. |
- bool after_redirect; |
}; |
} // namespace content |