| Index: content/common/content_security_policy/csp_context.h
|
| diff --git a/content/common/content_security_policy/csp_context.h b/content/common/content_security_policy/csp_context.h
|
| index fff6cf0140dec445eebbd0adc8663fe4a20d88ae..bbc03017f23fb03b558f902263bf1b71a2f0c592 100644
|
| --- a/content/common/content_security_policy/csp_context.h
|
| +++ b/content/common/content_security_policy/csp_context.h
|
| @@ -15,36 +15,36 @@
|
|
|
| namespace content {
|
|
|
| -struct CSPViolationParams;
|
| -
|
| // A CSPContext represents the system on which the Content-Security-Policy are
|
| // enforced. One must define via its virtual methods how to report violations,
|
| // how to log messages on the console and what is the set of scheme that bypass
|
| -// the CSP. Its main implementation is in
|
| -// content/browser/frame_host/render_frame_host_impl.h
|
| +// the CSP.
|
| +// Its main implementation is in content/browser/frame_host/csp_context_impl.h
|
| class CONTENT_EXPORT CSPContext {
|
| public:
|
| CSPContext();
|
| virtual ~CSPContext();
|
|
|
| - bool IsAllowedByCsp(CSPDirective::Name directive_name,
|
| - const GURL& url,
|
| - bool is_redirect = false);
|
| + bool Allow(const std::vector<ContentSecurityPolicy>& policies,
|
| + CSPDirective::Name directive_name,
|
| + const GURL& url,
|
| + bool is_redirect = false);
|
|
|
| void SetSelf(const url::Origin origin);
|
| bool AllowSelf(const GURL& url);
|
| bool ProtocolMatchesSelf(const GURL& url);
|
|
|
| virtual void LogToConsole(const std::string& message);
|
| - virtual void ReportContentSecurityPolicyViolation(
|
| - const CSPViolationParams& violation_params);
|
| + virtual void ReportViolation(
|
| + const std::string& directive_text,
|
| + const std::string& effective_directive,
|
| + const std::string& message,
|
| + const GURL& blocked_url,
|
| + const std::vector<std::string>& report_end_points,
|
| + const std::string& header,
|
| + blink::WebContentSecurityPolicyType disposition);
|
|
|
| - bool SelfSchemeShouldBypassCsp();
|
| -
|
| - void ResetContentSecurityPolicies() { policies_.clear(); }
|
| - void AddContentSecurityPolicy(const ContentSecurityPolicy& policy) {
|
| - policies_.push_back(policy);
|
| - }
|
| + bool SelfSchemeShouldBypassCSP();
|
|
|
| private:
|
| virtual bool SchemeShouldBypassCSP(const base::StringPiece& scheme);
|
| @@ -53,51 +53,7 @@
|
| std::string self_scheme_;
|
| CSPSource self_source_;
|
|
|
| - std::vector<ContentSecurityPolicy> policies_;
|
| -
|
| DISALLOW_COPY_AND_ASSIGN(CSPContext);
|
| -};
|
| -
|
| -// Used in CSPContext::ReportViolation()
|
| -struct CONTENT_EXPORT CSPViolationParams {
|
| - CSPViolationParams();
|
| - CSPViolationParams(const std::string& directive,
|
| - const std::string& effective_directive,
|
| - const std::string& console_message,
|
| - const GURL& blocked_url,
|
| - const std::vector<std::string>& report_endpoints,
|
| - const std::string& header,
|
| - const blink::WebContentSecurityPolicyType& disposition,
|
| - bool after_redirect);
|
| - CSPViolationParams(const CSPViolationParams& other);
|
| - ~CSPViolationParams();
|
| -
|
| - // The name of the directive that violates the policy. |directive| might be a
|
| - // directive that serves as a fallback to the |effective_directive|.
|
| - std::string directive;
|
| -
|
| - // The name the effective directive that was checked against.
|
| - std::string effective_directive;
|
| -
|
| - // The console message to be displayed to the user.
|
| - std::string console_message;
|
| -
|
| - // The URL that was blocked by the policy.
|
| - GURL blocked_url;
|
| -
|
| - // The set of URI where a JSON-formatted report of the violation should be
|
| - // sent.
|
| - std::vector<std::string> report_endpoints;
|
| -
|
| - // The raw content security policy header that was violated.
|
| - std::string header;
|
| -
|
| - // Each policy has an associated disposition, which is either "enforce" or
|
| - // "report".
|
| - blink::WebContentSecurityPolicyType disposition;
|
| -
|
| - // Whether or not the violation happens after a redirect.
|
| - bool after_redirect;
|
| };
|
|
|
| } // namespace content
|
|
|
Chromium Code Reviews
Issue 2756913002:
Revert of PlzNavigate: Enforce 'frame-src' CSP on the browser. (Closed)
