OLD | NEW |
1 // Copyright 2017 The Chromium Authors. All rights reserved. | 1 // Copyright 2017 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef CONTENT_COMMON_CONTENT_SECURITY_POLICY_CONTENT_SECURITY_POLICY_H_ | 5 #ifndef CONTENT_COMMON_CONTENT_SECURITY_POLICY_CONTENT_SECURITY_POLICY_H_ |
6 #define CONTENT_COMMON_CONTENT_SECURITY_POLICY_CONTENT_SECURITY_POLICY_H_ | 6 #define CONTENT_COMMON_CONTENT_SECURITY_POLICY_CONTENT_SECURITY_POLICY_H_ |
7 | 7 |
8 #include <memory> | 8 #include <memory> |
9 #include <vector> | 9 #include <vector> |
10 | 10 |
11 #include "content/common/content_export.h" | 11 #include "content/common/content_export.h" |
12 #include "content/common/content_security_policy/csp_directive.h" | 12 #include "content/common/content_security_policy/csp_directive.h" |
13 #include "content/common/content_security_policy_header.h" | 13 #include "content/common/content_security_policy_header.h" |
14 #include "url/gurl.h" | 14 #include "url/gurl.h" |
15 | 15 |
16 namespace content { | 16 namespace content { |
17 | 17 |
18 class CSPContext; | 18 class CSPContext; |
| 19 struct SourceLocation; |
19 | 20 |
20 // https://www.w3.org/TR/CSP3/#framework-policy | 21 // https://www.w3.org/TR/CSP3/#framework-policy |
21 // | 22 // |
22 // A ContentSecurityPolicy is a collection of CSPDirectives which will be | 23 // A ContentSecurityPolicy is a collection of CSPDirectives which will be |
23 // enforced upon requests. | 24 // enforced upon requests. |
24 struct CONTENT_EXPORT ContentSecurityPolicy { | 25 struct CONTENT_EXPORT ContentSecurityPolicy { |
25 ContentSecurityPolicy(); | 26 ContentSecurityPolicy(); |
26 ContentSecurityPolicy(const ContentSecurityPolicyHeader& header, | 27 ContentSecurityPolicy(const ContentSecurityPolicyHeader& header, |
27 const std::vector<CSPDirective>& directives, | 28 const std::vector<CSPDirective>& directives, |
28 const std::vector<std::string>& report_endpoints); | 29 const std::vector<std::string>& report_endpoints); |
29 ContentSecurityPolicy(const ContentSecurityPolicy&); | 30 ContentSecurityPolicy(const ContentSecurityPolicy&); |
30 ~ContentSecurityPolicy(); | 31 ~ContentSecurityPolicy(); |
31 | 32 |
32 ContentSecurityPolicyHeader header; | 33 ContentSecurityPolicyHeader header; |
33 std::vector<CSPDirective> directives; | 34 std::vector<CSPDirective> directives; |
34 std::vector<std::string> report_endpoints; | 35 std::vector<std::string> report_endpoints; |
35 | 36 |
36 std::string ToString() const; | 37 std::string ToString() const; |
37 | 38 |
38 // Return true when the |policy| allows a request to the |url| in relation to | 39 // Return true when the |policy| allows a request to the |url| in relation to |
39 // the |directive| for a given |context|. | 40 // the |directive| for a given |context|. |
40 // Note: Any policy violation are reported to the |context|. | 41 // Note: Any policy violation are reported to the |context|. |
41 static bool Allow(const ContentSecurityPolicy& policy, | 42 static bool Allow(const ContentSecurityPolicy& policy, |
42 CSPDirective::Name directive, | 43 CSPDirective::Name directive, |
43 const GURL& url, | 44 const GURL& url, |
| 45 bool is_redirect, |
44 CSPContext* context, | 46 CSPContext* context, |
45 bool is_redirect = false); | 47 const SourceLocation& source_location); |
46 }; | 48 }; |
47 | 49 |
48 } // namespace content | 50 } // namespace content |
49 #endif // CONTENT_COMMON_CONTENT_SECURITY_POLICY_CONTENT_SECURITY_POLICY_H_ | 51 #endif // CONTENT_COMMON_CONTENT_SECURITY_POLICY_CONTENT_SECURITY_POLICY_H_ |
OLD | NEW |