OLD | NEW |
1 /* | 1 /* |
2 * Copyright (C) 2011 Google, Inc. All rights reserved. | 2 * Copyright (C) 2011 Google, Inc. All rights reserved. |
3 * | 3 * |
4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
5 * modification, are permitted provided that the following conditions | 5 * modification, are permitted provided that the following conditions |
6 * are met: | 6 * are met: |
7 * 1. Redistributions of source code must retain the above copyright | 7 * 1. Redistributions of source code must retain the above copyright |
8 * notice, this list of conditions and the following disclaimer. | 8 * notice, this list of conditions and the following disclaimer. |
9 * 2. Redistributions in binary form must reproduce the above copyright | 9 * 2. Redistributions in binary form must reproduce the above copyright |
10 * notice, this list of conditions and the following disclaimer in the | 10 * notice, this list of conditions and the following disclaimer in the |
(...skipping 11 matching lines...) Expand all Loading... |
22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE | 22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE |
23 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 23 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
24 */ | 24 */ |
25 | 25 |
26 #ifndef ContentSecurityPolicy_h | 26 #ifndef ContentSecurityPolicy_h |
27 #define ContentSecurityPolicy_h | 27 #define ContentSecurityPolicy_h |
28 | 28 |
29 #include <memory> | 29 #include <memory> |
30 #include <utility> | 30 #include <utility> |
31 #include "bindings/core/v8/ScriptState.h" | 31 #include "bindings/core/v8/ScriptState.h" |
| 32 #include "bindings/core/v8/SourceLocation.h" |
32 #include "core/CoreExport.h" | 33 #include "core/CoreExport.h" |
33 #include "core/dom/ExecutionContext.h" | 34 #include "core/dom/ExecutionContext.h" |
34 #include "core/dom/SecurityContext.h" | 35 #include "core/dom/SecurityContext.h" |
35 #include "core/inspector/ConsoleTypes.h" | 36 #include "core/inspector/ConsoleTypes.h" |
36 #include "platform/heap/Handle.h" | 37 #include "platform/heap/Handle.h" |
37 #include "platform/loader/fetch/Resource.h" | 38 #include "platform/loader/fetch/Resource.h" |
38 #include "platform/loader/fetch/ResourceRequest.h" | 39 #include "platform/loader/fetch/ResourceRequest.h" |
39 #include "platform/network/ContentSecurityPolicyParsers.h" | 40 #include "platform/network/ContentSecurityPolicyParsers.h" |
40 #include "platform/network/HTTPParsers.h" | 41 #include "platform/network/HTTPParsers.h" |
41 #include "platform/weborigin/SchemeRegistry.h" | 42 #include "platform/weborigin/SchemeRegistry.h" |
(...skipping 15 matching lines...) Expand all Loading... |
57 class ConsoleMessage; | 58 class ConsoleMessage; |
58 class CSPDirectiveList; | 59 class CSPDirectiveList; |
59 class CSPSource; | 60 class CSPSource; |
60 class Document; | 61 class Document; |
61 class Element; | 62 class Element; |
62 class LocalFrameClient; | 63 class LocalFrameClient; |
63 class KURL; | 64 class KURL; |
64 class ResourceRequest; | 65 class ResourceRequest; |
65 class SecurityOrigin; | 66 class SecurityOrigin; |
66 class SecurityPolicyViolationEventInit; | 67 class SecurityPolicyViolationEventInit; |
| 68 class SourceLocation; |
67 | 69 |
68 typedef int SandboxFlags; | 70 typedef int SandboxFlags; |
69 typedef HeapVector<Member<CSPDirectiveList>> CSPDirectiveListVector; | 71 typedef HeapVector<Member<CSPDirectiveList>> CSPDirectiveListVector; |
70 typedef HeapVector<Member<ConsoleMessage>> ConsoleMessageVector; | 72 typedef HeapVector<Member<ConsoleMessage>> ConsoleMessageVector; |
71 typedef std::pair<String, ContentSecurityPolicyHeaderType> CSPHeaderAndType; | 73 typedef std::pair<String, ContentSecurityPolicyHeaderType> CSPHeaderAndType; |
72 using RedirectStatus = ResourceRequest::RedirectStatus; | 74 using RedirectStatus = ResourceRequest::RedirectStatus; |
73 | 75 |
74 class CORE_EXPORT ContentSecurityPolicy | 76 class CORE_EXPORT ContentSecurityPolicy |
75 : public GarbageCollectedFinalized<ContentSecurityPolicy> { | 77 : public GarbageCollectedFinalized<ContentSecurityPolicy> { |
76 public: | 78 public: |
(...skipping 245 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
322 void reportInvalidDirectiveInMeta(const String& directiveName); | 324 void reportInvalidDirectiveInMeta(const String& directiveName); |
323 void reportReportOnlyInMeta(const String&); | 325 void reportReportOnlyInMeta(const String&); |
324 void reportMetaOutsideHead(const String&); | 326 void reportMetaOutsideHead(const String&); |
325 void reportValueForEmptyDirective(const String& directiveName, | 327 void reportValueForEmptyDirective(const String& directiveName, |
326 const String& value); | 328 const String& value); |
327 | 329 |
328 // If a frame is passed in, the report will be sent using it as a context. If | 330 // If a frame is passed in, the report will be sent using it as a context. If |
329 // no frame is passed in, the report will be sent via this object's | 331 // no frame is passed in, the report will be sent via this object's |
330 // |m_executionContext| (or dropped on the floor if no such context is | 332 // |m_executionContext| (or dropped on the floor if no such context is |
331 // available). | 333 // available). |
| 334 // If |sourceLocation| is not set, the source location will be the context's |
| 335 // current location. |
332 void reportViolation(const String& directiveText, | 336 void reportViolation(const String& directiveText, |
333 const DirectiveType& effectiveType, | 337 const DirectiveType& effectiveType, |
334 const String& consoleMessage, | 338 const String& consoleMessage, |
335 const KURL& blockedURL, | 339 const KURL& blockedURL, |
336 const Vector<String>& reportEndpoints, | 340 const Vector<String>& reportEndpoints, |
337 const String& header, | 341 const String& header, |
338 ContentSecurityPolicyHeaderType, | 342 ContentSecurityPolicyHeaderType, |
339 ViolationType, | 343 ViolationType, |
| 344 std::unique_ptr<SourceLocation>, |
340 LocalFrame* = nullptr, | 345 LocalFrame* = nullptr, |
341 RedirectStatus = RedirectStatus::FollowedRedirect, | 346 RedirectStatus = RedirectStatus::FollowedRedirect, |
342 int contextLine = 0, | |
343 Element* = nullptr, | 347 Element* = nullptr, |
344 const String& source = emptyString); | 348 const String& source = emptyString); |
345 | 349 |
346 // Called when mixed content is detected on a page; will trigger a violation | 350 // Called when mixed content is detected on a page; will trigger a violation |
347 // report if the 'block-all-mixed-content' directive is specified for a | 351 // report if the 'block-all-mixed-content' directive is specified for a |
348 // policy. | 352 // policy. |
349 void reportMixedContent(const KURL& mixedURL, RedirectStatus); | 353 void reportMixedContent(const KURL& mixedURL, RedirectStatus); |
350 | 354 |
351 void reportBlockedScriptExecutionToInspector( | 355 void reportBlockedScriptExecutionToInspector( |
352 const String& directiveText) const; | 356 const String& directiveText) const; |
(...skipping 90 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
443 String m_disableEvalErrorMessage; | 447 String m_disableEvalErrorMessage; |
444 WebInsecureRequestPolicy m_insecureRequestPolicy; | 448 WebInsecureRequestPolicy m_insecureRequestPolicy; |
445 | 449 |
446 Member<CSPSource> m_selfSource; | 450 Member<CSPSource> m_selfSource; |
447 String m_selfProtocol; | 451 String m_selfProtocol; |
448 }; | 452 }; |
449 | 453 |
450 } // namespace blink | 454 } // namespace blink |
451 | 455 |
452 #endif | 456 #endif |
OLD | NEW |