Index: Source/core/frame/csp/ContentSecurityPolicy.h |
diff --git a/Source/core/frame/csp/ContentSecurityPolicy.h b/Source/core/frame/csp/ContentSecurityPolicy.h |
index 55690b5fa28ea24775458bae413acd2f649878ba..a2aaf590a1a12e8519a8e42fbed7cc6fb2ca8584 100644 |
--- a/Source/core/frame/csp/ContentSecurityPolicy.h |
+++ b/Source/core/frame/csp/ContentSecurityPolicy.h |
@@ -75,7 +75,7 @@ public: |
static const char ScriptSrc[]; |
static const char StyleSrc[]; |
- // CSP 1.1 Directives |
+ // CSP Level 2 Directives |
static const char BaseURI[]; |
static const char ChildSrc[]; |
static const char FormAction[]; |
@@ -84,6 +84,10 @@ public: |
static const char ReflectedXSS[]; |
static const char Referrer[]; |
+ // Manifest Directives (to be merged into CSP Level 2) |
+ // https://w3c.github.io/manifest/#content-security-policy |
+ static const char ManifestSrc[]; |
+ |
enum ReportingStatus { |
SendReport, |
SuppressReport |
@@ -127,6 +131,8 @@ public: |
bool allowChildContextFromSource(const KURL&, ReportingStatus = SendReport) const; |
bool allowWorkerContextFromSource(const KURL&, ReportingStatus = SendReport) const; |
+ bool allowManifestFromSource(const KURL&, ReportingStatus = SendReport) const; |
+ |
// The nonce and hash allow functions are guaranteed to not have any side |
// effects, including reporting. |
// Nonce/Hash functions check all policies relating to use of a script/style |