CSP: Move policy parsing out of Document.

Source/core/frame/csp/ContentSecurityPolicy.h

 /*
  * Copyright (C) 2011 Google, Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
@@ skipping 73 matching lines @@
     static const char FrameAncestors[];
     static const char PluginTypes[];
     static const char ReflectedXSS[];
     static const char Referrer[];
 
     enum ReportingStatus {
         SendReport,
         SuppressReport
     };
 
-    enum SideEffectDisposition {
-        ApplySideEffectsToExecutionContext,
-        DoNotApplySideEffectsToExecutionContext
-    };
-
-    static PassRefPtr<ContentSecurityPolicy> create(ExecutionContext* executionContext)
+    static PassRefPtr<ContentSecurityPolicy> create()
     {
-        return adoptRef(new ContentSecurityPolicy(executionContext));
+        return adoptRef(new ContentSecurityPolicy());
     }
     ~ContentSecurityPolicy();
 
+    void bindToExecutionContext(ExecutionContext*);
     void copyStateFrom(const ContentSecurityPolicy*);
 
     void didReceiveHeaders(const ContentSecurityPolicyResponseHeaders&);
-    void didReceiveHeader(const String&, ContentSecurityPolicyHeaderType, ContentSecurityPolicyHeaderSource, SideEffectDisposition = ApplySideEffectsToExecutionContext);
+    void didReceiveHeader(const String&, ContentSecurityPolicyHeaderType, ContentSecurityPolicyHeaderSource);
 
     // These functions are wrong because they assume that there is only one header.
     // FIXME: Replace them with functions that return vectors.
     const String& deprecatedHeader() const;
     ContentSecurityPolicyHeaderType deprecatedHeaderType() const;
 
     bool allowJavaScriptURLs(const String& contextURL, const WTF::OrdinalNumber& contextLine, ReportingStatus = SendReport) const;
     bool allowInlineEventHandlers(const String& contextURL, const WTF::OrdinalNumber& contextLine, ReportingStatus = SendReport) const;
     bool allowInlineScript(const String& contextURL, const WTF::OrdinalNumber& contextLine, ReportingStatus = SendReport) const;
     bool allowInlineStyle(const String& contextURL, const WTF::OrdinalNumber& contextLine, ReportingStatus = SendReport) const;
@@ skipping 63 matching lines @@
 
     bool urlMatchesSelf(const KURL&) const;
     bool protocolMatchesSelf(const KURL&) const;
 
     bool experimentalFeaturesEnabled() const;
 
     static bool shouldBypassMainWorld(ExecutionContext*);
 
     static bool isDirectiveName(const String&);
 
-    ExecutionContext* executionContext() const { return m_executionContext; }
-
 private:
-    explicit ContentSecurityPolicy(ExecutionContext*);
+    explicit ContentSecurityPolicy();

[sof, 2014/09/11 07:44:04]

nit: drop explicit.

[Mike West, 2014/09/11 08:29:13]

The bane of my existence. :)

 
     void applyPolicySideEffectsToExecutionContext();
 
     Document* document() const;
     SecurityOrigin* securityOrigin() const;
     KURL completeURL(const String&) const;
 
     void logToConsole(const String& message, MessageLevel = ErrorMessageLevel);
     void addPolicyFromHeaderValue(const String&, ContentSecurityPolicyHeaderType, ContentSecurityPolicyHeaderSource);
 
@@ skipping 17 matching lines @@
     SandboxFlags m_sandboxMask;
     ReferrerPolicy m_referrerPolicy;
     String m_disableEvalErrorMessage;
 
     OwnPtr<CSPSource> m_selfSource;
 };
 
 }
 
 #endif