Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(525)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.h

Issue 2790693002: Split CSP into pre- and post-upgrade checks (Closed)
Patch Set: revert accidental AbstractWorker change Created 3 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/report-uri-multiple-reversed-expected.txt ('k') | third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp » ('j') | third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.h
diff --git a/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.h b/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.h
index ca6bc3274980c931c40bed8fc18a9ea044f9ee81..0dfabaddd4b8b0336d90350ca0b6962f02d32430 100644
--- a/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.h
+++ b/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.h
@@ -112,6 +112,20 @@ class CORE_EXPORT ContentSecurityPolicy
kWorkerSrc,
};
+ // CheckHeaderType can be passed to Allow*FromSource methods to control which
+ // types of CSP headers are checked.
+ enum class CheckHeaderType {
+ // Check both Content-Security-Policy and
+ // Content-Security-Policy-Report-Only headers.
+ kCheckAll,
+ // Check Content-Security-Policy headers only and ignore
+ // Content-Security-Policy-Report-Only headers.
+ kCheckEnforce,
+ // Check Content-Security-Policy-Report-Only headers only and ignore
+ // Content-Security-Policy headers.
+ kCheckReportOnly
+ };
+
static ContentSecurityPolicy* Create() { return new ContentSecurityPolicy(); }
~ContentSecurityPolicy();
DECLARE_TRACE();
@@ -182,35 +196,38 @@ class CORE_EXPORT ContentSecurityPolicy
const KURL&,
RedirectStatus = RedirectStatus::kNoRedirect,
SecurityViolationReportingPolicy =
- SecurityViolationReportingPolicy::kReport) const;
- bool AllowFrameFromSource(
- const KURL&,
- RedirectStatus = RedirectStatus::kNoRedirect,
- SecurityViolationReportingPolicy =
- SecurityViolationReportingPolicy::kReport) const;
- bool AllowImageFromSource(
- const KURL&,
- RedirectStatus = RedirectStatus::kNoRedirect,
- SecurityViolationReportingPolicy =
- SecurityViolationReportingPolicy::kReport) const;
+ SecurityViolationReportingPolicy::kReport,
+ CheckHeaderType = CheckHeaderType::kCheckAll) const;
+ bool AllowFrameFromSource(const KURL&,
+ RedirectStatus = RedirectStatus::kNoRedirect,
+ SecurityViolationReportingPolicy =
+ SecurityViolationReportingPolicy::kReport,
+ CheckHeaderType = CheckHeaderType::kCheckAll) const;
+ bool AllowImageFromSource(const KURL&,
+ RedirectStatus = RedirectStatus::kNoRedirect,
+ SecurityViolationReportingPolicy =
+ SecurityViolationReportingPolicy::kReport,
+ CheckHeaderType = CheckHeaderType::kCheckAll) const;
bool AllowFontFromSource(const KURL&,
RedirectStatus = RedirectStatus::kNoRedirect,
SecurityViolationReportingPolicy =
- SecurityViolationReportingPolicy::kReport) const;
- bool AllowMediaFromSource(
- const KURL&,
- RedirectStatus = RedirectStatus::kNoRedirect,
- SecurityViolationReportingPolicy =
- SecurityViolationReportingPolicy::kReport) const;
- bool AllowConnectToSource(
- const KURL&,
- RedirectStatus = RedirectStatus::kNoRedirect,
- SecurityViolationReportingPolicy =
- SecurityViolationReportingPolicy::kReport) const;
+ SecurityViolationReportingPolicy::kReport,
+ CheckHeaderType = CheckHeaderType::kCheckAll) const;
+ bool AllowMediaFromSource(const KURL&,
+ RedirectStatus = RedirectStatus::kNoRedirect,
+ SecurityViolationReportingPolicy =
+ SecurityViolationReportingPolicy::kReport,
+ CheckHeaderType = CheckHeaderType::kCheckAll) const;
+ bool AllowConnectToSource(const KURL&,
+ RedirectStatus = RedirectStatus::kNoRedirect,
+ SecurityViolationReportingPolicy =
+ SecurityViolationReportingPolicy::kReport,
+ CheckHeaderType = CheckHeaderType::kCheckAll) const;
bool AllowFormAction(const KURL&,
RedirectStatus = RedirectStatus::kNoRedirect,
SecurityViolationReportingPolicy =
- SecurityViolationReportingPolicy::kReport) const;
+ SecurityViolationReportingPolicy::kReport,
+ CheckHeaderType = CheckHeaderType::kCheckAll) const;
bool AllowBaseURI(const KURL&,
RedirectStatus = RedirectStatus::kNoRedirect,
SecurityViolationReportingPolicy =
@@ -219,13 +236,15 @@ class CORE_EXPORT ContentSecurityPolicy
const KURL&,
RedirectStatus = RedirectStatus::kNoRedirect,
SecurityViolationReportingPolicy =
- SecurityViolationReportingPolicy::kReport) const;
+ SecurityViolationReportingPolicy::kReport,
+ CheckHeaderType = CheckHeaderType::kCheckAll) const;
bool AllowManifestFromSource(
const KURL&,
RedirectStatus = RedirectStatus::kNoRedirect,
SecurityViolationReportingPolicy =
- SecurityViolationReportingPolicy::kReport) const;
+ SecurityViolationReportingPolicy::kReport,
+ CheckHeaderType = CheckHeaderType::kCheckAll) const;
// Passing 'String()' into the |nonce| arguments in the following methods
// represents an unnonced resource load.
@@ -236,13 +255,14 @@ class CORE_EXPORT ContentSecurityPolicy
ParserDisposition,
RedirectStatus = RedirectStatus::kNoRedirect,
SecurityViolationReportingPolicy =
- SecurityViolationReportingPolicy::kReport) const;
- bool AllowStyleFromSource(
- const KURL&,
- const String& nonce,
- RedirectStatus = RedirectStatus::kNoRedirect,
- SecurityViolationReportingPolicy =
- SecurityViolationReportingPolicy::kReport) const;
+ SecurityViolationReportingPolicy::kReport,
+ CheckHeaderType = CheckHeaderType::kCheckAll) const;
+ bool AllowStyleFromSource(const KURL&,
+ const String& nonce,
+ RedirectStatus = RedirectStatus::kNoRedirect,
+ SecurityViolationReportingPolicy =
+ SecurityViolationReportingPolicy::kReport,
+ CheckHeaderType = CheckHeaderType::kCheckAll) const;
bool AllowInlineScript(Element*,
const String& context_url,
const String& nonce,
@@ -287,7 +307,8 @@ class CORE_EXPORT ContentSecurityPolicy
const KURL&,
RedirectStatus = RedirectStatus::kNoRedirect,
SecurityViolationReportingPolicy =
- SecurityViolationReportingPolicy::kReport) const;
+ SecurityViolationReportingPolicy::kReport,
+ CheckHeaderType = CheckHeaderType::kCheckAll) const;
bool AllowRequest(WebURLRequest::RequestContext,
const KURL&,
@@ -296,7 +317,8 @@ class CORE_EXPORT ContentSecurityPolicy
ParserDisposition,
RedirectStatus = RedirectStatus::kNoRedirect,
SecurityViolationReportingPolicy =
- SecurityViolationReportingPolicy::kReport) const;
+ SecurityViolationReportingPolicy::kReport,
+ CheckHeaderType = CheckHeaderType::kCheckAll) const;
void UsesScriptHashAlgorithms(uint8_t content_security_policy_hash_algorithm);
void UsesStyleHashAlgorithms(uint8_t content_security_policy_hash_algorithm);
@@ -413,6 +435,12 @@ class CORE_EXPORT ContentSecurityPolicy
FRIEND_TEST_ALL_PREFIXES(ContentSecurityPolicyTest, NonceInline);
FRIEND_TEST_ALL_PREFIXES(ContentSecurityPolicyTest, NonceSinglePolicy);
FRIEND_TEST_ALL_PREFIXES(ContentSecurityPolicyTest, NonceMultiplePolicy);
+ FRIEND_TEST_ALL_PREFIXES(FrameFetchContextTest,
+ RedirectChecksReportedAndEnforcedCSP);
+ FRIEND_TEST_ALL_PREFIXES(FrameFetchContextTest,
+ AllowResponseChecksReportedAndEnforcedCSP);
+ FRIEND_TEST_ALL_PREFIXES(FrameFetchContextTest,
+ PopulateResourceRequestChecksReportOnlyCSP);
ContentSecurityPolicy();
« no previous file with comments | « third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/report-uri-multiple-reversed-expected.txt ('k') | third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp » ('j') | third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp » ('J')

Powered by Google App Engine
This is Rietveld 408576698