| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef CSPDirectiveList_h | 5 #ifndef CSPDirectiveList_h |
| 6 #define CSPDirectiveList_h | 6 #define CSPDirectiveList_h |
| 7 | 7 |
| 8 #include "core/frame/csp/ContentSecurityPolicy.h" | 8 #include "core/frame/csp/ContentSecurityPolicy.h" |
| 9 #include "core/frame/csp/MediaListDirective.h" | 9 #include "core/frame/csp/MediaListDirective.h" |
| 10 #include "core/frame/csp/SourceListDirective.h" | 10 #include "core/frame/csp/SourceListDirective.h" |
| (...skipping 31 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 42 bool allowScriptFromSource(const KURL&, ContentSecurityPolicy::ReportingStat
us) const; | 42 bool allowScriptFromSource(const KURL&, ContentSecurityPolicy::ReportingStat
us) const; |
| 43 bool allowObjectFromSource(const KURL&, ContentSecurityPolicy::ReportingStat
us) const; | 43 bool allowObjectFromSource(const KURL&, ContentSecurityPolicy::ReportingStat
us) const; |
| 44 bool allowChildFrameFromSource(const KURL&, ContentSecurityPolicy::Reporting
Status) const; | 44 bool allowChildFrameFromSource(const KURL&, ContentSecurityPolicy::Reporting
Status) const; |
| 45 bool allowImageFromSource(const KURL&, ContentSecurityPolicy::ReportingStatu
s) const; | 45 bool allowImageFromSource(const KURL&, ContentSecurityPolicy::ReportingStatu
s) const; |
| 46 bool allowStyleFromSource(const KURL&, ContentSecurityPolicy::ReportingStatu
s) const; | 46 bool allowStyleFromSource(const KURL&, ContentSecurityPolicy::ReportingStatu
s) const; |
| 47 bool allowFontFromSource(const KURL&, ContentSecurityPolicy::ReportingStatus
) const; | 47 bool allowFontFromSource(const KURL&, ContentSecurityPolicy::ReportingStatus
) const; |
| 48 bool allowMediaFromSource(const KURL&, ContentSecurityPolicy::ReportingStatu
s) const; | 48 bool allowMediaFromSource(const KURL&, ContentSecurityPolicy::ReportingStatu
s) const; |
| 49 bool allowConnectToSource(const KURL&, ContentSecurityPolicy::ReportingStatu
s) const; | 49 bool allowConnectToSource(const KURL&, ContentSecurityPolicy::ReportingStatu
s) const; |
| 50 bool allowFormAction(const KURL&, ContentSecurityPolicy::ReportingStatus) co
nst; | 50 bool allowFormAction(const KURL&, ContentSecurityPolicy::ReportingStatus) co
nst; |
| 51 bool allowBaseURI(const KURL&, ContentSecurityPolicy::ReportingStatus) const
; | 51 bool allowBaseURI(const KURL&, ContentSecurityPolicy::ReportingStatus) const
; |
| 52 bool allowAncestors(LocalFrame*, ContentSecurityPolicy::ReportingStatus) con
st; | 52 bool allowAncestors(LocalFrame*, const KURL&, ContentSecurityPolicy::Reporti
ngStatus) const; |
| 53 bool allowChildContextFromSource(const KURL&, ContentSecurityPolicy::Reporti
ngStatus) const; | 53 bool allowChildContextFromSource(const KURL&, ContentSecurityPolicy::Reporti
ngStatus) const; |
| 54 bool allowScriptNonce(const String&) const; | 54 bool allowScriptNonce(const String&) const; |
| 55 bool allowStyleNonce(const String&) const; | 55 bool allowStyleNonce(const String&) const; |
| 56 bool allowScriptHash(const CSPHashValue&) const; | 56 bool allowScriptHash(const CSPHashValue&) const; |
| 57 bool allowStyleHash(const CSPHashValue&) const; | 57 bool allowStyleHash(const CSPHashValue&) const; |
| 58 | 58 |
| 59 const String& evalDisabledErrorMessage() const { return m_evalDisabledErrorM
essage; } | 59 const String& evalDisabledErrorMessage() const { return m_evalDisabledErrorM
essage; } |
| 60 ReflectedXSSDisposition reflectedXSSDisposition() const { return m_reflected
XSSDisposition; } | 60 ReflectedXSSDisposition reflectedXSSDisposition() const { return m_reflected
XSSDisposition; } |
| 61 ReferrerPolicy referrerPolicy() const { return m_referrerPolicy; } | 61 ReferrerPolicy referrerPolicy() const { return m_referrerPolicy; } |
| 62 bool didSetReferrerPolicy() const { return m_didSetReferrerPolicy; } | 62 bool didSetReferrerPolicy() const { return m_didSetReferrerPolicy; } |
| (...skipping 10 matching lines...) Expand all Loading... |
| 73 void parseReferrer(const String& name, const String& value); | 73 void parseReferrer(const String& name, const String& value); |
| 74 void addDirective(const String& name, const String& value); | 74 void addDirective(const String& name, const String& value); |
| 75 void applySandboxPolicy(const String& name, const String& sandboxPolicy); | 75 void applySandboxPolicy(const String& name, const String& sandboxPolicy); |
| 76 | 76 |
| 77 template <class CSPDirectiveType> | 77 template <class CSPDirectiveType> |
| 78 void setCSPDirective(const String& name, const String& value, OwnPtr<CSPDire
ctiveType>&); | 78 void setCSPDirective(const String& name, const String& value, OwnPtr<CSPDire
ctiveType>&); |
| 79 | 79 |
| 80 SourceListDirective* operativeDirective(SourceListDirective*) const; | 80 SourceListDirective* operativeDirective(SourceListDirective*) const; |
| 81 SourceListDirective* operativeDirective(SourceListDirective*, SourceListDire
ctive* override) const; | 81 SourceListDirective* operativeDirective(SourceListDirective*, SourceListDire
ctive* override) const; |
| 82 void reportViolation(const String& directiveText, const String& effectiveDir
ective, const String& consoleMessage, const KURL& blockedURL) const; | 82 void reportViolation(const String& directiveText, const String& effectiveDir
ective, const String& consoleMessage, const KURL& blockedURL) const; |
| 83 void reportViolationWithFrame(const String& directiveText, const String& eff
ectiveDirective, const String& consoleMessage, const KURL& blockedURL, LocalFram
e*) const; |
| 83 void reportViolationWithLocation(const String& directiveText, const String&
effectiveDirective, const String& consoleMessage, const KURL& blockedURL, const
String& contextURL, const WTF::OrdinalNumber& contextLine) const; | 84 void reportViolationWithLocation(const String& directiveText, const String&
effectiveDirective, const String& consoleMessage, const KURL& blockedURL, const
String& contextURL, const WTF::OrdinalNumber& contextLine) const; |
| 84 void reportViolationWithState(const String& directiveText, const String& eff
ectiveDirective, const String& message, const KURL& blockedURL, ScriptState*) co
nst; | 85 void reportViolationWithState(const String& directiveText, const String& eff
ectiveDirective, const String& message, const KURL& blockedURL, ScriptState*) co
nst; |
| 85 | 86 |
| 86 bool checkEval(SourceListDirective*) const; | 87 bool checkEval(SourceListDirective*) const; |
| 87 bool checkInline(SourceListDirective*) const; | 88 bool checkInline(SourceListDirective*) const; |
| 88 bool checkNonce(SourceListDirective*, const String&) const; | 89 bool checkNonce(SourceListDirective*, const String&) const; |
| 89 bool checkHash(SourceListDirective*, const CSPHashValue&) const; | 90 bool checkHash(SourceListDirective*, const CSPHashValue&) const; |
| 90 bool checkSource(SourceListDirective*, const KURL&) const; | 91 bool checkSource(SourceListDirective*, const KURL&) const; |
| 91 bool checkMediaType(MediaListDirective*, const String& type, const String& t
ypeAttribute) const; | 92 bool checkMediaType(MediaListDirective*, const String& type, const String& t
ypeAttribute) const; |
| 92 bool checkAncestors(SourceListDirective*, LocalFrame*) const; | 93 bool checkAncestors(SourceListDirective*, LocalFrame*) const; |
| 93 | 94 |
| 94 void setEvalDisabledErrorMessage(const String& errorMessage) { m_evalDisable
dErrorMessage = errorMessage; } | 95 void setEvalDisabledErrorMessage(const String& errorMessage) { m_evalDisable
dErrorMessage = errorMessage; } |
| 95 | 96 |
| 96 bool checkEvalAndReportViolation(SourceListDirective*, const String& console
Message, ScriptState*) const; | 97 bool checkEvalAndReportViolation(SourceListDirective*, const String& console
Message, ScriptState*) const; |
| 97 bool checkInlineAndReportViolation(SourceListDirective*, const String& conso
leMessage, const String& contextURL, const WTF::OrdinalNumber& contextLine, bool
isScript) const; | 98 bool checkInlineAndReportViolation(SourceListDirective*, const String& conso
leMessage, const String& contextURL, const WTF::OrdinalNumber& contextLine, bool
isScript) const; |
| 98 | 99 |
| 99 bool checkSourceAndReportViolation(SourceListDirective*, const KURL&, const
String& effectiveDirective) const; | 100 bool checkSourceAndReportViolation(SourceListDirective*, const KURL&, const
String& effectiveDirective) const; |
| 100 bool checkMediaTypeAndReportViolation(MediaListDirective*, const String& typ
e, const String& typeAttribute, const String& consoleMessage) const; | 101 bool checkMediaTypeAndReportViolation(MediaListDirective*, const String& typ
e, const String& typeAttribute, const String& consoleMessage) const; |
| 101 bool checkAncestorsAndReportViolation(SourceListDirective*, LocalFrame*) con
st; | 102 bool checkAncestorsAndReportViolation(SourceListDirective*, LocalFrame*, con
st KURL&) const; |
| 102 | 103 |
| 103 bool denyIfEnforcingPolicy() const { return m_reportOnly; } | 104 bool denyIfEnforcingPolicy() const { return m_reportOnly; } |
| 104 | 105 |
| 105 ContentSecurityPolicy* m_policy; | 106 ContentSecurityPolicy* m_policy; |
| 106 | 107 |
| 107 String m_header; | 108 String m_header; |
| 108 ContentSecurityPolicyHeaderType m_headerType; | 109 ContentSecurityPolicyHeaderType m_headerType; |
| 109 ContentSecurityPolicyHeaderSource m_headerSource; | 110 ContentSecurityPolicyHeaderSource m_headerSource; |
| 110 | 111 |
| 111 bool m_reportOnly; | 112 bool m_reportOnly; |
| (...skipping 20 matching lines...) Expand all Loading... |
| 132 | 133 |
| 133 Vector<String> m_reportEndpoints; | 134 Vector<String> m_reportEndpoints; |
| 134 | 135 |
| 135 String m_evalDisabledErrorMessage; | 136 String m_evalDisabledErrorMessage; |
| 136 }; | 137 }; |
| 137 | 138 |
| 138 | 139 |
| 139 } // namespace | 140 } // namespace |
| 140 | 141 |
| 141 #endif | 142 #endif |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 553423002:
CSP: Use a specified frame for reporting 'frame-ancestors' violations. (Closed)
Base URL: svn://svn.chromium.org/blink/trunk