| OLD | NEW |
|---|
| 1 // Copyright 2017 The Chromium Authors. All rights reserved. | 1 // Copyright 2017 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef CONTENT_COMMON_CONTENT_SECURITY_POLICY_CONTENT_SECURITY_POLICY_H_ | 5 #ifndef CONTENT_COMMON_CONTENT_SECURITY_POLICY_CONTENT_SECURITY_POLICY_H_ |
| 6 #define CONTENT_COMMON_CONTENT_SECURITY_POLICY_CONTENT_SECURITY_POLICY_H_ | 6 #define CONTENT_COMMON_CONTENT_SECURITY_POLICY_CONTENT_SECURITY_POLICY_H_ |
| 7 | 7 |
| 8 #include <memory> | 8 #include <memory> |
| 9 #include <vector> | 9 #include <vector> |
| 10 | 10 |
| 11 #include "content/common/content_export.h" | 11 #include "content/common/content_export.h" |
| 12 #include "content/common/content_security_policy/csp_directive.h" | 12 #include "content/common/content_security_policy/csp_directive.h" |
| 13 #include "content/common/content_security_policy_header.h" | 13 #include "content/common/content_security_policy_header.h" |
| 14 #include "url/gurl.h" | 14 #include "url/gurl.h" |
| 15 | 15 |
| 16 namespace content { | 16 namespace content { |
| 17 | 17 |
| 18 class CSPContext; | 18 class CSPContext; |
| 19 struct SourceLocation; |
| 19 | 20 |
| 20 // https://www.w3.org/TR/CSP3/#framework-policy | 21 // https://www.w3.org/TR/CSP3/#framework-policy |
| 21 // | 22 // |
| 22 // A ContentSecurityPolicy is a collection of CSPDirectives which will be | 23 // A ContentSecurityPolicy is a collection of CSPDirectives which will be |
| 23 // enforced upon requests. | 24 // enforced upon requests. |
| 24 struct CONTENT_EXPORT ContentSecurityPolicy { | 25 struct CONTENT_EXPORT ContentSecurityPolicy { |
| 25 ContentSecurityPolicy(); | 26 ContentSecurityPolicy(); |
| 26 ContentSecurityPolicy(const ContentSecurityPolicyHeader& header, | 27 ContentSecurityPolicy(const ContentSecurityPolicyHeader& header, |
| 27 const std::vector<CSPDirective>& directives, | 28 const std::vector<CSPDirective>& directives, |
| 28 const std::vector<std::string>& report_endpoints); | 29 const std::vector<std::string>& report_endpoints); |
| 29 ContentSecurityPolicy(const ContentSecurityPolicy&); | 30 ContentSecurityPolicy(const ContentSecurityPolicy&); |
| 30 ~ContentSecurityPolicy(); | 31 ~ContentSecurityPolicy(); |
| 31 | 32 |
| 32 ContentSecurityPolicyHeader header; | 33 ContentSecurityPolicyHeader header; |
| 33 std::vector<CSPDirective> directives; | 34 std::vector<CSPDirective> directives; |
| 34 std::vector<std::string> report_endpoints; | 35 std::vector<std::string> report_endpoints; |
| 35 | 36 |
| 36 std::string ToString() const; | 37 std::string ToString() const; |
| 37 | 38 |
| 38 // Return true when the |policy| allows a request to the |url| in relation to | 39 // Return true when the |policy| allows a request to the |url| in relation to |
| 39 // the |directive| for a given |context|. | 40 // the |directive| for a given |context|. |
| 40 // Note: Any policy violation are reported to the |context|. | 41 // Note: Any policy violation are reported to the |context|. |
| 41 static bool Allow(const ContentSecurityPolicy& policy, | 42 static bool Allow(const ContentSecurityPolicy& policy, |
| 42 CSPDirective::Name directive, | 43 CSPDirective::Name directive, |
| 43 const GURL& url, | 44 const GURL& url, |
| 45 bool is_redirect, |
| 44 CSPContext* context, | 46 CSPContext* context, |
| 45 bool is_redirect = false); | 47 const SourceLocation& source_location); |
| 46 }; | 48 }; |
| 47 | 49 |
| 48 } // namespace content | 50 } // namespace content |
| 49 #endif // CONTENT_COMMON_CONTENT_SECURITY_POLICY_CONTENT_SECURITY_POLICY_H_ | 51 #endif // CONTENT_COMMON_CONTENT_SECURITY_POLICY_CONTENT_SECURITY_POLICY_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2761153003:
PlzNavigate & CSP. Use the SourceLocation in violation reports. (Closed)
