OLD | NEW |
---|---|
1 /* | 1 /* |
2 * Copyright (C) 2011 Google, Inc. All rights reserved. | 2 * Copyright (C) 2011 Google, Inc. All rights reserved. |
3 * | 3 * |
4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
5 * modification, are permitted provided that the following conditions | 5 * modification, are permitted provided that the following conditions |
6 * are met: | 6 * are met: |
7 * 1. Redistributions of source code must retain the above copyright | 7 * 1. Redistributions of source code must retain the above copyright |
8 * notice, this list of conditions and the following disclaimer. | 8 * notice, this list of conditions and the following disclaimer. |
9 * 2. Redistributions in binary form must reproduce the above copyright | 9 * 2. Redistributions in binary form must reproduce the above copyright |
10 * notice, this list of conditions and the following disclaimer in the | 10 * notice, this list of conditions and the following disclaimer in the |
(...skipping 68 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
79 | 79 |
80 // CSP 1.1 Directives | 80 // CSP 1.1 Directives |
81 static const char BaseURI[]; | 81 static const char BaseURI[]; |
82 static const char ChildSrc[]; | 82 static const char ChildSrc[]; |
83 static const char FormAction[]; | 83 static const char FormAction[]; |
84 static const char FrameAncestors[]; | 84 static const char FrameAncestors[]; |
85 static const char PluginTypes[]; | 85 static const char PluginTypes[]; |
86 static const char ReflectedXSS[]; | 86 static const char ReflectedXSS[]; |
87 static const char Referrer[]; | 87 static const char Referrer[]; |
88 | 88 |
89 // Manifest Directives (to be merged into CSP 1.1) | |
Mike West
2014/09/29 11:00:46
Nit: Can you change this and line 80 to refer to "
| |
90 // https://w3c.github.io/manifest/#content-security-policy | |
91 static const char ManifestSrc[]; | |
92 | |
89 enum ReportingStatus { | 93 enum ReportingStatus { |
90 SendReport, | 94 SendReport, |
91 SuppressReport | 95 SuppressReport |
92 }; | 96 }; |
93 | 97 |
94 static PassRefPtr<ContentSecurityPolicy> create() | 98 static PassRefPtr<ContentSecurityPolicy> create() |
95 { | 99 { |
96 return adoptRef(new ContentSecurityPolicy()); | 100 return adoptRef(new ContentSecurityPolicy()); |
97 } | 101 } |
98 ~ContentSecurityPolicy(); | 102 ~ContentSecurityPolicy(); |
(...skipping 23 matching lines...) Expand all Loading... | |
122 bool allowStyleFromSource(const KURL&, ReportingStatus = SendReport) const; | 126 bool allowStyleFromSource(const KURL&, ReportingStatus = SendReport) const; |
123 bool allowFontFromSource(const KURL&, ReportingStatus = SendReport) const; | 127 bool allowFontFromSource(const KURL&, ReportingStatus = SendReport) const; |
124 bool allowMediaFromSource(const KURL&, ReportingStatus = SendReport) const; | 128 bool allowMediaFromSource(const KURL&, ReportingStatus = SendReport) const; |
125 bool allowConnectToSource(const KURL&, ReportingStatus = SendReport) const; | 129 bool allowConnectToSource(const KURL&, ReportingStatus = SendReport) const; |
126 bool allowFormAction(const KURL&, ReportingStatus = SendReport) const; | 130 bool allowFormAction(const KURL&, ReportingStatus = SendReport) const; |
127 bool allowBaseURI(const KURL&, ReportingStatus = SendReport) const; | 131 bool allowBaseURI(const KURL&, ReportingStatus = SendReport) const; |
128 bool allowAncestors(LocalFrame*, const KURL&, ReportingStatus = SendReport) const; | 132 bool allowAncestors(LocalFrame*, const KURL&, ReportingStatus = SendReport) const; |
129 bool allowChildContextFromSource(const KURL&, ReportingStatus = SendReport) const; | 133 bool allowChildContextFromSource(const KURL&, ReportingStatus = SendReport) const; |
130 bool allowWorkerContextFromSource(const KURL&, ReportingStatus = SendReport) const; | 134 bool allowWorkerContextFromSource(const KURL&, ReportingStatus = SendReport) const; |
131 | 135 |
136 bool allowManifestFromSource(const KURL&, ReportingStatus = SendReport) cons t; | |
137 | |
132 // The nonce and hash allow functions are guaranteed to not have any side | 138 // The nonce and hash allow functions are guaranteed to not have any side |
133 // effects, including reporting. | 139 // effects, including reporting. |
134 // Nonce/Hash functions check all policies relating to use of a script/style | 140 // Nonce/Hash functions check all policies relating to use of a script/style |
135 // with the given nonce/hash and return true all CSP policies allow it. | 141 // with the given nonce/hash and return true all CSP policies allow it. |
136 // If these return true, callers can then process the content or | 142 // If these return true, callers can then process the content or |
137 // issue a load and be safe disabling any further CSP checks. | 143 // issue a load and be safe disabling any further CSP checks. |
138 bool allowScriptWithNonce(const String& nonce) const; | 144 bool allowScriptWithNonce(const String& nonce) const; |
139 bool allowStyleWithNonce(const String& nonce) const; | 145 bool allowStyleWithNonce(const String& nonce) const; |
140 bool allowScriptWithHash(const String& source) const; | 146 bool allowScriptWithHash(const String& source) const; |
141 bool allowStyleWithHash(const String& source) const; | 147 bool allowStyleWithHash(const String& source) const; |
(...skipping 82 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
224 SandboxFlags m_sandboxMask; | 230 SandboxFlags m_sandboxMask; |
225 ReferrerPolicy m_referrerPolicy; | 231 ReferrerPolicy m_referrerPolicy; |
226 String m_disableEvalErrorMessage; | 232 String m_disableEvalErrorMessage; |
227 | 233 |
228 OwnPtr<CSPSource> m_selfSource; | 234 OwnPtr<CSPSource> m_selfSource; |
229 }; | 235 }; |
230 | 236 |
231 } | 237 } |
232 | 238 |
233 #endif | 239 #endif |
OLD | NEW |