OLD | NEW |
1 // Copyright 2017 The Chromium Authors. All rights reserved. | 1 // Copyright 2017 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef CONTENT_COMMON_CONTENT_SECURITY_POLICY_CONTENT_SECURITY_POLICY_H_ | 5 #ifndef CONTENT_COMMON_CONTENT_SECURITY_POLICY_CONTENT_SECURITY_POLICY_H_ |
6 #define CONTENT_COMMON_CONTENT_SECURITY_POLICY_CONTENT_SECURITY_POLICY_H_ | 6 #define CONTENT_COMMON_CONTENT_SECURITY_POLICY_CONTENT_SECURITY_POLICY_H_ |
7 | 7 |
8 #include <memory> | 8 #include <memory> |
9 #include <vector> | 9 #include <vector> |
10 | 10 |
11 #include "content/common/content_export.h" | 11 #include "content/common/content_export.h" |
12 #include "content/common/content_security_policy/csp_directive.h" | 12 #include "content/common/content_security_policy/csp_directive.h" |
13 #include "content/common/content_security_policy_header.h" | 13 #include "content/common/content_security_policy_header.h" |
14 #include "url/gurl.h" | 14 #include "url/gurl.h" |
15 | 15 |
16 namespace content { | 16 namespace content { |
17 | 17 |
18 class CSPContext; | 18 class CSPContext; |
19 | 19 |
20 // https://www.w3.org/TR/CSP3/#framework-policy | 20 // https://www.w3.org/TR/CSP3/#framework-policy |
21 // | 21 // |
22 // A ContentSecurityPolicy is a collection of CSPDirectives which will be | 22 // A ContentSecurityPolicy is a collection of CSPDirectives which will be |
23 // enforced upon requests. | 23 // enforced upon requests. |
24 struct CONTENT_EXPORT ContentSecurityPolicy { | 24 struct CONTENT_EXPORT ContentSecurityPolicy { |
25 ContentSecurityPolicy(); | 25 ContentSecurityPolicy(); |
26 ContentSecurityPolicy(blink::WebContentSecurityPolicyType disposition, | 26 ContentSecurityPolicy(const ContentSecurityPolicyHeader& header, |
27 blink::WebContentSecurityPolicySource source, | |
28 const std::vector<CSPDirective>& directives, | 27 const std::vector<CSPDirective>& directives, |
29 const std::vector<std::string>& report_endpoints, | 28 const std::vector<std::string>& report_endpoints); |
30 const std::string& header); | |
31 ContentSecurityPolicy(const ContentSecurityPolicy&); | 29 ContentSecurityPolicy(const ContentSecurityPolicy&); |
32 ~ContentSecurityPolicy(); | 30 ~ContentSecurityPolicy(); |
33 | 31 |
34 blink::WebContentSecurityPolicyType disposition; | 32 ContentSecurityPolicyHeader header; |
35 blink::WebContentSecurityPolicySource source; | |
36 std::vector<CSPDirective> directives; | 33 std::vector<CSPDirective> directives; |
37 std::vector<std::string> report_endpoints; | 34 std::vector<std::string> report_endpoints; |
38 std::string header; | |
39 | 35 |
40 std::string ToString() const; | 36 std::string ToString() const; |
41 | 37 |
42 // Return true when the |policy| allows a request to the |url| in relation to | 38 // Return true when the |policy| allows a request to the |url| in relation to |
43 // the |directive| for a given |context|. | 39 // the |directive| for a given |context|. |
44 // Note: Any policy violation are reported to the |context|. | 40 // Note: Any policy violation are reported to the |context|. |
45 static bool Allow(const ContentSecurityPolicy& policy, | 41 static bool Allow(const ContentSecurityPolicy& policy, |
46 CSPDirective::Name directive, | 42 CSPDirective::Name directive, |
47 const GURL& url, | 43 const GURL& url, |
48 CSPContext* context, | 44 CSPContext* context, |
49 bool is_redirect = false); | 45 bool is_redirect = false); |
50 }; | 46 }; |
51 | 47 |
52 } // namespace content | 48 } // namespace content |
53 #endif // CONTENT_COMMON_CONTENT_SECURITY_POLICY_CONTENT_SECURITY_POLICY_H_ | 49 #endif // CONTENT_COMMON_CONTENT_SECURITY_POLICY_CONTENT_SECURITY_POLICY_H_ |
OLD | NEW |