Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(753)

Side by Side Diff: third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.h

Issue 2785463002: CSP: Don't override the location set in reportViolationWithLocation. (Closed)
Patch Set: Do not use a default value because of forward declaration. Created 3 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
OLDNEW
1 /* 1 /*
2 * Copyright (C) 2011 Google, Inc. All rights reserved. 2 * Copyright (C) 2011 Google, Inc. All rights reserved.
3 * 3 *
4 * Redistribution and use in source and binary forms, with or without 4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions 5 * modification, are permitted provided that the following conditions
6 * are met: 6 * are met:
7 * 1. Redistributions of source code must retain the above copyright 7 * 1. Redistributions of source code must retain the above copyright
8 * notice, this list of conditions and the following disclaimer. 8 * notice, this list of conditions and the following disclaimer.
9 * 2. Redistributions in binary form must reproduce the above copyright 9 * 2. Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the 10 * notice, this list of conditions and the following disclaimer in the
(...skipping 11 matching lines...) Expand all
22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
23 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 23 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24 */ 24 */
25 25
26 #ifndef ContentSecurityPolicy_h 26 #ifndef ContentSecurityPolicy_h
27 #define ContentSecurityPolicy_h 27 #define ContentSecurityPolicy_h
28 28
29 #include <memory> 29 #include <memory>
30 #include <utility> 30 #include <utility>
31 #include "bindings/core/v8/ScriptState.h" 31 #include "bindings/core/v8/ScriptState.h"
32 #include "bindings/core/v8/SourceLocation.h"
32 #include "core/CoreExport.h" 33 #include "core/CoreExport.h"
33 #include "core/dom/ExecutionContext.h" 34 #include "core/dom/ExecutionContext.h"
34 #include "core/dom/SecurityContext.h" 35 #include "core/dom/SecurityContext.h"
35 #include "core/inspector/ConsoleTypes.h" 36 #include "core/inspector/ConsoleTypes.h"
36 #include "platform/heap/Handle.h" 37 #include "platform/heap/Handle.h"
37 #include "platform/loader/fetch/Resource.h" 38 #include "platform/loader/fetch/Resource.h"
38 #include "platform/loader/fetch/ResourceRequest.h" 39 #include "platform/loader/fetch/ResourceRequest.h"
39 #include "platform/network/ContentSecurityPolicyParsers.h" 40 #include "platform/network/ContentSecurityPolicyParsers.h"
40 #include "platform/network/HTTPParsers.h" 41 #include "platform/network/HTTPParsers.h"
41 #include "platform/weborigin/SchemeRegistry.h" 42 #include "platform/weborigin/SchemeRegistry.h"
(...skipping 15 matching lines...) Expand all
57 class ConsoleMessage; 58 class ConsoleMessage;
58 class CSPDirectiveList; 59 class CSPDirectiveList;
59 class CSPSource; 60 class CSPSource;
60 class Document; 61 class Document;
61 class Element; 62 class Element;
62 class LocalFrameClient; 63 class LocalFrameClient;
63 class KURL; 64 class KURL;
64 class ResourceRequest; 65 class ResourceRequest;
65 class SecurityOrigin; 66 class SecurityOrigin;
66 class SecurityPolicyViolationEventInit; 67 class SecurityPolicyViolationEventInit;
68 class SourceLocation;
67 69
68 typedef int SandboxFlags; 70 typedef int SandboxFlags;
69 typedef HeapVector<Member<CSPDirectiveList>> CSPDirectiveListVector; 71 typedef HeapVector<Member<CSPDirectiveList>> CSPDirectiveListVector;
70 typedef HeapVector<Member<ConsoleMessage>> ConsoleMessageVector; 72 typedef HeapVector<Member<ConsoleMessage>> ConsoleMessageVector;
71 typedef std::pair<String, ContentSecurityPolicyHeaderType> CSPHeaderAndType; 73 typedef std::pair<String, ContentSecurityPolicyHeaderType> CSPHeaderAndType;
72 using RedirectStatus = ResourceRequest::RedirectStatus; 74 using RedirectStatus = ResourceRequest::RedirectStatus;
73 75
74 class CORE_EXPORT ContentSecurityPolicy 76 class CORE_EXPORT ContentSecurityPolicy
75 : public GarbageCollectedFinalized<ContentSecurityPolicy> { 77 : public GarbageCollectedFinalized<ContentSecurityPolicy> {
76 public: 78 public:
(...skipping 245 matching lines...) Expand 10 before | Expand all | Expand 10 after
322 void reportInvalidDirectiveInMeta(const String& directiveName); 324 void reportInvalidDirectiveInMeta(const String& directiveName);
323 void reportReportOnlyInMeta(const String&); 325 void reportReportOnlyInMeta(const String&);
324 void reportMetaOutsideHead(const String&); 326 void reportMetaOutsideHead(const String&);
325 void reportValueForEmptyDirective(const String& directiveName, 327 void reportValueForEmptyDirective(const String& directiveName,
326 const String& value); 328 const String& value);
327 329
328 // If a frame is passed in, the report will be sent using it as a context. If 330 // If a frame is passed in, the report will be sent using it as a context. If
329 // no frame is passed in, the report will be sent via this object's 331 // no frame is passed in, the report will be sent via this object's
330 // |m_executionContext| (or dropped on the floor if no such context is 332 // |m_executionContext| (or dropped on the floor if no such context is
331 // available). 333 // available).
334 // If |sourceLocation| is not set, the source location will be the context's
335 // current location.
332 void reportViolation(const String& directiveText, 336 void reportViolation(const String& directiveText,
333 const DirectiveType& effectiveType, 337 const DirectiveType& effectiveType,
334 const String& consoleMessage, 338 const String& consoleMessage,
335 const KURL& blockedURL, 339 const KURL& blockedURL,
336 const Vector<String>& reportEndpoints, 340 const Vector<String>& reportEndpoints,
337 const String& header, 341 const String& header,
338 ContentSecurityPolicyHeaderType, 342 ContentSecurityPolicyHeaderType,
339 ViolationType, 343 ViolationType,
344 std::unique_ptr<SourceLocation>,
340 LocalFrame* = nullptr, 345 LocalFrame* = nullptr,
341 RedirectStatus = RedirectStatus::FollowedRedirect, 346 RedirectStatus = RedirectStatus::FollowedRedirect,
342 int contextLine = 0,
343 Element* = nullptr, 347 Element* = nullptr,
344 const String& source = emptyString); 348 const String& source = emptyString);
345 349
346 // Called when mixed content is detected on a page; will trigger a violation 350 // Called when mixed content is detected on a page; will trigger a violation
347 // report if the 'block-all-mixed-content' directive is specified for a 351 // report if the 'block-all-mixed-content' directive is specified for a
348 // policy. 352 // policy.
349 void reportMixedContent(const KURL& mixedURL, RedirectStatus); 353 void reportMixedContent(const KURL& mixedURL, RedirectStatus);
350 354
351 void reportBlockedScriptExecutionToInspector( 355 void reportBlockedScriptExecutionToInspector(
352 const String& directiveText) const; 356 const String& directiveText) const;
(...skipping 90 matching lines...) Expand 10 before | Expand all | Expand 10 after
443 String m_disableEvalErrorMessage; 447 String m_disableEvalErrorMessage;
444 WebInsecureRequestPolicy m_insecureRequestPolicy; 448 WebInsecureRequestPolicy m_insecureRequestPolicy;
445 449
446 Member<CSPSource> m_selfSource; 450 Member<CSPSource> m_selfSource;
447 String m_selfProtocol; 451 String m_selfProtocol;
448 }; 452 };
449 453
450 } // namespace blink 454 } // namespace blink
451 455
452 #endif 456 #endif
OLDNEW

Powered by Google App Engine
This is Rietveld 408576698