OLD | NEW |
1 /* | 1 /* |
2 * Copyright (C) 2011 Google, Inc. All rights reserved. | 2 * Copyright (C) 2011 Google, Inc. All rights reserved. |
3 * | 3 * |
4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
5 * modification, are permitted provided that the following conditions | 5 * modification, are permitted provided that the following conditions |
6 * are met: | 6 * are met: |
7 * 1. Redistributions of source code must retain the above copyright | 7 * 1. Redistributions of source code must retain the above copyright |
8 * notice, this list of conditions and the following disclaimer. | 8 * notice, this list of conditions and the following disclaimer. |
9 * 2. Redistributions in binary form must reproduce the above copyright | 9 * 2. Redistributions in binary form must reproduce the above copyright |
10 * notice, this list of conditions and the following disclaimer in the | 10 * notice, this list of conditions and the following disclaimer in the |
(...skipping 57 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
68 static const char FontSrc[]; | 68 static const char FontSrc[]; |
69 static const char FrameSrc[]; | 69 static const char FrameSrc[]; |
70 static const char ImgSrc[]; | 70 static const char ImgSrc[]; |
71 static const char MediaSrc[]; | 71 static const char MediaSrc[]; |
72 static const char ObjectSrc[]; | 72 static const char ObjectSrc[]; |
73 static const char ReportURI[]; | 73 static const char ReportURI[]; |
74 static const char Sandbox[]; | 74 static const char Sandbox[]; |
75 static const char ScriptSrc[]; | 75 static const char ScriptSrc[]; |
76 static const char StyleSrc[]; | 76 static const char StyleSrc[]; |
77 | 77 |
78 // CSP 1.1 Directives | 78 // CSP Level 2 Directives |
79 static const char BaseURI[]; | 79 static const char BaseURI[]; |
80 static const char ChildSrc[]; | 80 static const char ChildSrc[]; |
81 static const char FormAction[]; | 81 static const char FormAction[]; |
82 static const char FrameAncestors[]; | 82 static const char FrameAncestors[]; |
83 static const char PluginTypes[]; | 83 static const char PluginTypes[]; |
84 static const char ReflectedXSS[]; | 84 static const char ReflectedXSS[]; |
85 static const char Referrer[]; | 85 static const char Referrer[]; |
86 | 86 |
| 87 // Manifest Directives (to be merged into CSP Level 2) |
| 88 // https://w3c.github.io/manifest/#content-security-policy |
| 89 static const char ManifestSrc[]; |
| 90 |
87 enum ReportingStatus { | 91 enum ReportingStatus { |
88 SendReport, | 92 SendReport, |
89 SuppressReport | 93 SuppressReport |
90 }; | 94 }; |
91 | 95 |
92 static PassRefPtr<ContentSecurityPolicy> create() | 96 static PassRefPtr<ContentSecurityPolicy> create() |
93 { | 97 { |
94 return adoptRef(new ContentSecurityPolicy()); | 98 return adoptRef(new ContentSecurityPolicy()); |
95 } | 99 } |
96 ~ContentSecurityPolicy(); | 100 ~ContentSecurityPolicy(); |
(...skipping 23 matching lines...) Expand all Loading... |
120 bool allowStyleFromSource(const KURL&, ReportingStatus = SendReport) const; | 124 bool allowStyleFromSource(const KURL&, ReportingStatus = SendReport) const; |
121 bool allowFontFromSource(const KURL&, ReportingStatus = SendReport) const; | 125 bool allowFontFromSource(const KURL&, ReportingStatus = SendReport) const; |
122 bool allowMediaFromSource(const KURL&, ReportingStatus = SendReport) const; | 126 bool allowMediaFromSource(const KURL&, ReportingStatus = SendReport) const; |
123 bool allowConnectToSource(const KURL&, ReportingStatus = SendReport) const; | 127 bool allowConnectToSource(const KURL&, ReportingStatus = SendReport) const; |
124 bool allowFormAction(const KURL&, ReportingStatus = SendReport) const; | 128 bool allowFormAction(const KURL&, ReportingStatus = SendReport) const; |
125 bool allowBaseURI(const KURL&, ReportingStatus = SendReport) const; | 129 bool allowBaseURI(const KURL&, ReportingStatus = SendReport) const; |
126 bool allowAncestors(LocalFrame*, const KURL&, ReportingStatus = SendReport)
const; | 130 bool allowAncestors(LocalFrame*, const KURL&, ReportingStatus = SendReport)
const; |
127 bool allowChildContextFromSource(const KURL&, ReportingStatus = SendReport)
const; | 131 bool allowChildContextFromSource(const KURL&, ReportingStatus = SendReport)
const; |
128 bool allowWorkerContextFromSource(const KURL&, ReportingStatus = SendReport)
const; | 132 bool allowWorkerContextFromSource(const KURL&, ReportingStatus = SendReport)
const; |
129 | 133 |
| 134 bool allowManifestFromSource(const KURL&, ReportingStatus = SendReport) cons
t; |
| 135 |
130 // The nonce and hash allow functions are guaranteed to not have any side | 136 // The nonce and hash allow functions are guaranteed to not have any side |
131 // effects, including reporting. | 137 // effects, including reporting. |
132 // Nonce/Hash functions check all policies relating to use of a script/style | 138 // Nonce/Hash functions check all policies relating to use of a script/style |
133 // with the given nonce/hash and return true all CSP policies allow it. | 139 // with the given nonce/hash and return true all CSP policies allow it. |
134 // If these return true, callers can then process the content or | 140 // If these return true, callers can then process the content or |
135 // issue a load and be safe disabling any further CSP checks. | 141 // issue a load and be safe disabling any further CSP checks. |
136 bool allowScriptWithNonce(const String& nonce) const; | 142 bool allowScriptWithNonce(const String& nonce) const; |
137 bool allowStyleWithNonce(const String& nonce) const; | 143 bool allowStyleWithNonce(const String& nonce) const; |
138 bool allowScriptWithHash(const String& source) const; | 144 bool allowScriptWithHash(const String& source) const; |
139 bool allowStyleWithHash(const String& source) const; | 145 bool allowStyleWithHash(const String& source) const; |
(...skipping 82 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
222 SandboxFlags m_sandboxMask; | 228 SandboxFlags m_sandboxMask; |
223 ReferrerPolicy m_referrerPolicy; | 229 ReferrerPolicy m_referrerPolicy; |
224 String m_disableEvalErrorMessage; | 230 String m_disableEvalErrorMessage; |
225 | 231 |
226 OwnPtr<CSPSource> m_selfSource; | 232 OwnPtr<CSPSource> m_selfSource; |
227 }; | 233 }; |
228 | 234 |
229 } | 235 } |
230 | 236 |
231 #endif | 237 #endif |
OLD | NEW |