| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2011 Google, Inc. All rights reserved. | 2 * Copyright (C) 2011 Google, Inc. All rights reserved. |
| 3 * | 3 * |
| 4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
| 5 * modification, are permitted provided that the following conditions | 5 * modification, are permitted provided that the following conditions |
| 6 * are met: | 6 * are met: |
| 7 * 1. Redistributions of source code must retain the above copyright | 7 * 1. Redistributions of source code must retain the above copyright |
| 8 * notice, this list of conditions and the following disclaimer. | 8 * notice, this list of conditions and the following disclaimer. |
| 9 * 2. Redistributions in binary form must reproduce the above copyright | 9 * 2. Redistributions in binary form must reproduce the above copyright |
| 10 * notice, this list of conditions and the following disclaimer in the | 10 * notice, this list of conditions and the following disclaimer in the |
| (...skipping 1666 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1677 return DirectiveType::kUpgradeInsecureRequests; | 1677 return DirectiveType::kUpgradeInsecureRequests; |
| 1678 if (name == "worker-src") | 1678 if (name == "worker-src") |
| 1679 return DirectiveType::kWorkerSrc; | 1679 return DirectiveType::kWorkerSrc; |
| 1680 | 1680 |
| 1681 return DirectiveType::kUndefined; | 1681 return DirectiveType::kUndefined; |
| 1682 } | 1682 } |
| 1683 | 1683 |
| 1684 bool ContentSecurityPolicy::Subsumes(const ContentSecurityPolicy& other) const { | 1684 bool ContentSecurityPolicy::Subsumes(const ContentSecurityPolicy& other) const { |
| 1685 if (!policies_.size() || !other.policies_.size()) | 1685 if (!policies_.size() || !other.policies_.size()) |
| 1686 return !policies_.size(); | 1686 return !policies_.size(); |
| 1687 // Embedding-CSP must specify only one policy. | 1687 // Required-CSP must specify only one policy. |
| 1688 if (policies_.size() != 1) | 1688 if (policies_.size() != 1) |
| 1689 return false; | 1689 return false; |
| 1690 | 1690 |
| 1691 CSPDirectiveListVector other_vector; | 1691 CSPDirectiveListVector other_vector; |
| 1692 for (const auto& policy : other.policies_) { | 1692 for (const auto& policy : other.policies_) { |
| 1693 if (!policy->IsReportOnly()) | 1693 if (!policy->IsReportOnly()) |
| 1694 other_vector.push_back(policy); | 1694 other_vector.push_back(policy); |
| 1695 } | 1695 } |
| 1696 | 1696 |
| 1697 return policies_[0]->Subsumes(other_vector); | 1697 return policies_[0]->Subsumes(other_vector); |
| 1698 } | 1698 } |
| 1699 | 1699 |
| 1700 bool ContentSecurityPolicy::ShouldBypassContentSecurityPolicy( | 1700 bool ContentSecurityPolicy::ShouldBypassContentSecurityPolicy( |
| 1701 const KURL& url, | 1701 const KURL& url, |
| 1702 SchemeRegistry::PolicyAreas area) { | 1702 SchemeRegistry::PolicyAreas area) { |
| 1703 if (SecurityOrigin::ShouldUseInnerURL(url)) { | 1703 if (SecurityOrigin::ShouldUseInnerURL(url)) { |
| 1704 return SchemeRegistry::SchemeShouldBypassContentSecurityPolicy( | 1704 return SchemeRegistry::SchemeShouldBypassContentSecurityPolicy( |
| 1705 SecurityOrigin::ExtractInnerURL(url).Protocol(), area); | 1705 SecurityOrigin::ExtractInnerURL(url).Protocol(), area); |
| 1706 } else { | 1706 } else { |
| 1707 return SchemeRegistry::SchemeShouldBypassContentSecurityPolicy( | 1707 return SchemeRegistry::SchemeShouldBypassContentSecurityPolicy( |
| 1708 url.Protocol(), area); | 1708 url.Protocol(), area); |
| 1709 } | 1709 } |
| 1710 } | 1710 } |
| 1711 | 1711 |
| 1712 } // namespace blink | 1712 } // namespace blink |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2892903002:
Renamed `embedding-csp` HTTP request header to `required-csp`. (Closed)
