OLD | NEW |
1 // Copyright 2017 The Chromium Authors. All rights reserved. | 1 // Copyright 2017 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef CONTENT_COMMON_CONTENT_SECURITY_POLICY_CONTENT_SECURITY_POLICY_H_ | 5 #ifndef CONTENT_COMMON_CONTENT_SECURITY_POLICY_CONTENT_SECURITY_POLICY_H_ |
6 #define CONTENT_COMMON_CONTENT_SECURITY_POLICY_CONTENT_SECURITY_POLICY_H_ | 6 #define CONTENT_COMMON_CONTENT_SECURITY_POLICY_CONTENT_SECURITY_POLICY_H_ |
7 | 7 |
8 #include <memory> | 8 #include <memory> |
9 #include <vector> | 9 #include <vector> |
10 | 10 |
11 #include "content/common/content_export.h" | 11 #include "content/common/content_export.h" |
12 #include "content/common/content_security_policy/csp_directive.h" | 12 #include "content/common/content_security_policy/csp_directive.h" |
13 #include "content/common/content_security_policy_header.h" | 13 #include "content/common/content_security_policy_header.h" |
14 #include "url/gurl.h" | 14 #include "url/gurl.h" |
15 | 15 |
16 namespace content { | 16 namespace content { |
17 | 17 |
18 class CSPContext; | 18 class CSPContext; |
| 19 struct SourceLocation; |
19 | 20 |
20 // https://www.w3.org/TR/CSP3/#framework-policy | 21 // https://www.w3.org/TR/CSP3/#framework-policy |
21 // | 22 // |
22 // A ContentSecurityPolicy is a collection of CSPDirectives which will be | 23 // A ContentSecurityPolicy is a collection of CSPDirectives which will be |
23 // enforced upon requests. | 24 // enforced upon requests. |
24 struct CONTENT_EXPORT ContentSecurityPolicy { | 25 struct CONTENT_EXPORT ContentSecurityPolicy { |
25 ContentSecurityPolicy(); | 26 ContentSecurityPolicy(); |
26 ContentSecurityPolicy(blink::WebContentSecurityPolicyType disposition, | 27 ContentSecurityPolicy(blink::WebContentSecurityPolicyType disposition, |
27 blink::WebContentSecurityPolicySource source, | 28 blink::WebContentSecurityPolicySource source, |
28 const std::vector<CSPDirective>& directives, | 29 const std::vector<CSPDirective>& directives, |
29 const std::vector<std::string>& report_endpoints, | 30 const std::vector<std::string>& report_endpoints, |
30 const std::string& header); | 31 const std::string& header); |
31 ContentSecurityPolicy(const ContentSecurityPolicy&); | 32 ContentSecurityPolicy(const ContentSecurityPolicy&); |
32 ~ContentSecurityPolicy(); | 33 ~ContentSecurityPolicy(); |
33 | 34 |
34 blink::WebContentSecurityPolicyType disposition; | 35 blink::WebContentSecurityPolicyType disposition; |
35 blink::WebContentSecurityPolicySource source; | 36 blink::WebContentSecurityPolicySource source; |
36 std::vector<CSPDirective> directives; | 37 std::vector<CSPDirective> directives; |
37 std::vector<std::string> report_endpoints; | 38 std::vector<std::string> report_endpoints; |
38 std::string header; | 39 std::string header; |
39 | 40 |
40 std::string ToString() const; | 41 std::string ToString() const; |
41 | 42 |
42 // Return true when the |policy| allows a request to the |url| in relation to | 43 // Return true when the |policy| allows a request to the |url| in relation to |
43 // the |directive| for a given |context|. | 44 // the |directive| for a given |context|. |
44 // Note: Any policy violation are reported to the |context|. | 45 // Note: Any policy violation are reported to the |context|. |
45 static bool Allow(const ContentSecurityPolicy& policy, | 46 static bool Allow(const ContentSecurityPolicy& policy, |
46 CSPDirective::Name directive, | 47 CSPDirective::Name directive, |
47 const GURL& url, | 48 const GURL& url, |
| 49 bool is_redirect, |
48 CSPContext* context, | 50 CSPContext* context, |
49 bool is_redirect = false); | 51 const SourceLocation& source_location); |
50 }; | 52 }; |
51 | 53 |
52 } // namespace content | 54 } // namespace content |
53 #endif // CONTENT_COMMON_CONTENT_SECURITY_POLICY_CONTENT_SECURITY_POLICY_H_ | 55 #endif // CONTENT_COMMON_CONTENT_SECURITY_POLICY_CONTENT_SECURITY_POLICY_H_ |
OLD | NEW |