| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2011 Google, Inc. All rights reserved. | 2 * Copyright (C) 2011 Google, Inc. All rights reserved. |
| 3 * | 3 * |
| 4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
| 5 * modification, are permitted provided that the following conditions | 5 * modification, are permitted provided that the following conditions |
| 6 * are met: | 6 * are met: |
| 7 * 1. Redistributions of source code must retain the above copyright | 7 * 1. Redistributions of source code must retain the above copyright |
| 8 * notice, this list of conditions and the following disclaimer. | 8 * notice, this list of conditions and the following disclaimer. |
| 9 * 2. Redistributions in binary form must reproduce the above copyright | 9 * 2. Redistributions in binary form must reproduce the above copyright |
| 10 * notice, this list of conditions and the following disclaimer in the | 10 * notice, this list of conditions and the following disclaimer in the |
| (...skipping 11 matching lines...) Expand all Loading... |
| 22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE | 22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE |
| 23 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 23 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| 24 */ | 24 */ |
| 25 | 25 |
| 26 #ifndef ContentSecurityPolicy_h | 26 #ifndef ContentSecurityPolicy_h |
| 27 #define ContentSecurityPolicy_h | 27 #define ContentSecurityPolicy_h |
| 28 | 28 |
| 29 #include <memory> | 29 #include <memory> |
| 30 #include <utility> | 30 #include <utility> |
| 31 #include "bindings/core/v8/ScriptState.h" | 31 #include "bindings/core/v8/ScriptState.h" |
| 32 #include "bindings/core/v8/SourceLocation.h" |
| 32 #include "core/CoreExport.h" | 33 #include "core/CoreExport.h" |
| 33 #include "core/dom/ExecutionContext.h" | 34 #include "core/dom/ExecutionContext.h" |
| 34 #include "core/dom/SecurityContext.h" | 35 #include "core/dom/SecurityContext.h" |
| 35 #include "core/inspector/ConsoleTypes.h" | 36 #include "core/inspector/ConsoleTypes.h" |
| 36 #include "platform/heap/Handle.h" | 37 #include "platform/heap/Handle.h" |
| 37 #include "platform/loader/fetch/Resource.h" | 38 #include "platform/loader/fetch/Resource.h" |
| 38 #include "platform/loader/fetch/ResourceRequest.h" | 39 #include "platform/loader/fetch/ResourceRequest.h" |
| 39 #include "platform/network/ContentSecurityPolicyParsers.h" | 40 #include "platform/network/ContentSecurityPolicyParsers.h" |
| 40 #include "platform/network/HTTPParsers.h" | 41 #include "platform/network/HTTPParsers.h" |
| 41 #include "platform/weborigin/SchemeRegistry.h" | 42 #include "platform/weborigin/SchemeRegistry.h" |
| (...skipping 15 matching lines...) Expand all Loading... |
| 57 class ConsoleMessage; | 58 class ConsoleMessage; |
| 58 class CSPDirectiveList; | 59 class CSPDirectiveList; |
| 59 class CSPSource; | 60 class CSPSource; |
| 60 class Document; | 61 class Document; |
| 61 class Element; | 62 class Element; |
| 62 class LocalFrameClient; | 63 class LocalFrameClient; |
| 63 class KURL; | 64 class KURL; |
| 64 class ResourceRequest; | 65 class ResourceRequest; |
| 65 class SecurityOrigin; | 66 class SecurityOrigin; |
| 66 class SecurityPolicyViolationEventInit; | 67 class SecurityPolicyViolationEventInit; |
| 68 class SourceLocation; |
| 67 | 69 |
| 68 typedef int SandboxFlags; | 70 typedef int SandboxFlags; |
| 69 typedef HeapVector<Member<CSPDirectiveList>> CSPDirectiveListVector; | 71 typedef HeapVector<Member<CSPDirectiveList>> CSPDirectiveListVector; |
| 70 typedef HeapVector<Member<ConsoleMessage>> ConsoleMessageVector; | 72 typedef HeapVector<Member<ConsoleMessage>> ConsoleMessageVector; |
| 71 typedef std::pair<String, ContentSecurityPolicyHeaderType> CSPHeaderAndType; | 73 typedef std::pair<String, ContentSecurityPolicyHeaderType> CSPHeaderAndType; |
| 72 using RedirectStatus = ResourceRequest::RedirectStatus; | 74 using RedirectStatus = ResourceRequest::RedirectStatus; |
| 73 | 75 |
| 74 class CORE_EXPORT ContentSecurityPolicy | 76 class CORE_EXPORT ContentSecurityPolicy |
| 75 : public GarbageCollectedFinalized<ContentSecurityPolicy> { | 77 : public GarbageCollectedFinalized<ContentSecurityPolicy> { |
| 76 public: | 78 public: |
| (...skipping 245 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 322 void reportInvalidDirectiveInMeta(const String& directiveName); | 324 void reportInvalidDirectiveInMeta(const String& directiveName); |
| 323 void reportReportOnlyInMeta(const String&); | 325 void reportReportOnlyInMeta(const String&); |
| 324 void reportMetaOutsideHead(const String&); | 326 void reportMetaOutsideHead(const String&); |
| 325 void reportValueForEmptyDirective(const String& directiveName, | 327 void reportValueForEmptyDirective(const String& directiveName, |
| 326 const String& value); | 328 const String& value); |
| 327 | 329 |
| 328 // If a frame is passed in, the report will be sent using it as a context. If | 330 // If a frame is passed in, the report will be sent using it as a context. If |
| 329 // no frame is passed in, the report will be sent via this object's | 331 // no frame is passed in, the report will be sent via this object's |
| 330 // |m_executionContext| (or dropped on the floor if no such context is | 332 // |m_executionContext| (or dropped on the floor if no such context is |
| 331 // available). | 333 // available). |
| 334 // If |sourceLocation| is not set, the source location will be the context's |
| 335 // current location. |
| 332 void reportViolation(const String& directiveText, | 336 void reportViolation(const String& directiveText, |
| 333 const DirectiveType& effectiveType, | 337 const DirectiveType& effectiveType, |
| 334 const String& consoleMessage, | 338 const String& consoleMessage, |
| 335 const KURL& blockedURL, | 339 const KURL& blockedURL, |
| 336 const Vector<String>& reportEndpoints, | 340 const Vector<String>& reportEndpoints, |
| 337 const String& header, | 341 const String& header, |
| 338 ContentSecurityPolicyHeaderType, | 342 ContentSecurityPolicyHeaderType, |
| 339 ViolationType, | 343 ViolationType, |
| 344 std::unique_ptr<SourceLocation>, |
| 340 LocalFrame* = nullptr, | 345 LocalFrame* = nullptr, |
| 341 RedirectStatus = RedirectStatus::FollowedRedirect, | 346 RedirectStatus = RedirectStatus::FollowedRedirect, |
| 342 int contextLine = 0, | |
| 343 Element* = nullptr, | 347 Element* = nullptr, |
| 344 const String& source = emptyString); | 348 const String& source = emptyString); |
| 345 | 349 |
| 346 // Called when mixed content is detected on a page; will trigger a violation | 350 // Called when mixed content is detected on a page; will trigger a violation |
| 347 // report if the 'block-all-mixed-content' directive is specified for a | 351 // report if the 'block-all-mixed-content' directive is specified for a |
| 348 // policy. | 352 // policy. |
| 349 void reportMixedContent(const KURL& mixedURL, RedirectStatus); | 353 void reportMixedContent(const KURL& mixedURL, RedirectStatus); |
| 350 | 354 |
| 351 void reportBlockedScriptExecutionToInspector( | 355 void reportBlockedScriptExecutionToInspector( |
| 352 const String& directiveText) const; | 356 const String& directiveText) const; |
| (...skipping 90 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 443 String m_disableEvalErrorMessage; | 447 String m_disableEvalErrorMessage; |
| 444 WebInsecureRequestPolicy m_insecureRequestPolicy; | 448 WebInsecureRequestPolicy m_insecureRequestPolicy; |
| 445 | 449 |
| 446 Member<CSPSource> m_selfSource; | 450 Member<CSPSource> m_selfSource; |
| 447 String m_selfProtocol; | 451 String m_selfProtocol; |
| 448 }; | 452 }; |
| 449 | 453 |
| 450 } // namespace blink | 454 } // namespace blink |
| 451 | 455 |
| 452 #endif | 456 #endif |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2785463002:
CSP: Don't override the location set in reportViolationWithLocation. (Closed)
