Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(505)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/common/content_security_policy/content_security_policy.h

Issue 2761153003: PlzNavigate & CSP. Use the SourceLocation in violation reports. (Closed)
Patch Set: Nit. Created 3 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« content/browser/frame_host/ancestor_throttle.cc ('K') | « content/browser/frame_host/render_frame_host_impl.cc ('k') | content/common/content_security_policy/content_security_policy.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2017 The Chromium Authors. All rights reserved. 1 // Copyright 2017 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef CONTENT_COMMON_CONTENT_SECURITY_POLICY_CONTENT_SECURITY_POLICY_H_ 5 #ifndef CONTENT_COMMON_CONTENT_SECURITY_POLICY_CONTENT_SECURITY_POLICY_H_
6 #define CONTENT_COMMON_CONTENT_SECURITY_POLICY_CONTENT_SECURITY_POLICY_H_ 6 #define CONTENT_COMMON_CONTENT_SECURITY_POLICY_CONTENT_SECURITY_POLICY_H_
7 7
8 #include <memory> 8 #include <memory>
9 #include <vector> 9 #include <vector>
10 10
11 #include "content/common/content_export.h" 11 #include "content/common/content_export.h"
12 #include "content/common/content_security_policy/csp_directive.h" 12 #include "content/common/content_security_policy/csp_directive.h"
13 #include "content/common/content_security_policy_header.h" 13 #include "content/common/content_security_policy_header.h"
14 #include "url/gurl.h" 14 #include "url/gurl.h"
15 15
16 namespace content { 16 namespace content {
17 17
18 class CSPContext; 18 class CSPContext;
19 struct SourceLocation;
19 20
20 // https://www.w3.org/TR/CSP3/#framework-policy 21 // https://www.w3.org/TR/CSP3/#framework-policy
21 // 22 //
22 // A ContentSecurityPolicy is a collection of CSPDirectives which will be 23 // A ContentSecurityPolicy is a collection of CSPDirectives which will be
23 // enforced upon requests. 24 // enforced upon requests.
24 struct CONTENT_EXPORT ContentSecurityPolicy { 25 struct CONTENT_EXPORT ContentSecurityPolicy {
25 ContentSecurityPolicy(); 26 ContentSecurityPolicy();
26 ContentSecurityPolicy(blink::WebContentSecurityPolicyType disposition, 27 ContentSecurityPolicy(blink::WebContentSecurityPolicyType disposition,
27 blink::WebContentSecurityPolicySource source, 28 blink::WebContentSecurityPolicySource source,
28 const std::vector<CSPDirective>& directives, 29 const std::vector<CSPDirective>& directives,
29 const std::vector<std::string>& report_endpoints, 30 const std::vector<std::string>& report_endpoints,
30 const std::string& header); 31 const std::string& header);
31 ContentSecurityPolicy(const ContentSecurityPolicy&); 32 ContentSecurityPolicy(const ContentSecurityPolicy&);
32 ~ContentSecurityPolicy(); 33 ~ContentSecurityPolicy();
33 34
34 blink::WebContentSecurityPolicyType disposition; 35 blink::WebContentSecurityPolicyType disposition;
35 blink::WebContentSecurityPolicySource source; 36 blink::WebContentSecurityPolicySource source;
36 std::vector<CSPDirective> directives; 37 std::vector<CSPDirective> directives;
37 std::vector<std::string> report_endpoints; 38 std::vector<std::string> report_endpoints;
38 std::string header; 39 std::string header;
39 40
40 std::string ToString() const; 41 std::string ToString() const;
41 42
42 // Return true when the |policy| allows a request to the |url| in relation to 43 // Return true when the |policy| allows a request to the |url| in relation to
43 // the |directive| for a given |context|. 44 // the |directive| for a given |context|.
44 // Note: Any policy violation are reported to the |context|. 45 // Note: Any policy violation are reported to the |context|.
45 static bool Allow(const ContentSecurityPolicy& policy, 46 static bool Allow(const ContentSecurityPolicy& policy,
46 CSPDirective::Name directive, 47 CSPDirective::Name directive,
47 const GURL& url, 48 const GURL& url,
49 bool is_redirect,
48 CSPContext* context, 50 CSPContext* context,
49 bool is_redirect = false); 51 const SourceLocation& source_location);
50 }; 52 };
51 53
52 } // namespace content 54 } // namespace content
53 #endif // CONTENT_COMMON_CONTENT_SECURITY_POLICY_CONTENT_SECURITY_POLICY_H_ 55 #endif // CONTENT_COMMON_CONTENT_SECURITY_POLICY_CONTENT_SECURITY_POLICY_H_
OLDNEW
« content/browser/frame_host/ancestor_throttle.cc ('K') | « content/browser/frame_host/render_frame_host_impl.cc ('k') | content/common/content_security_policy/content_security_policy.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698