CSP: Permit exempting schemes only for certain policy areas.

Source/platform/weborigin/SchemeRegistry.h

 /*
  * Copyright (C) 2010 Apple Inc. All Rights Reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
@@ skipping 10 matching lines @@
  * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  *
  */
 
 #ifndef SchemeRegistry_h
 #define SchemeRegistry_h
 
 #include "platform/PlatformExport.h"
+#include "wtf/HashMap.h"
 #include "wtf/HashSet.h"
 #include "wtf/text/StringHash.h"
 #include "wtf/text/WTFString.h"
 
 namespace blink {
 
-typedef HashSet<String, CaseFoldingHash> URLSchemesMap;
+using URLSchemesSet = HashSet<String, CaseFoldingHash>;
+
+template <typename T>
+using URLSchemesMap = HashMap<String, T, CaseFoldingHash>;
 
 class PLATFORM_EXPORT SchemeRegistry {
 public:
     static void registerURLSchemeAsLocal(const String&);
     static void removeURLSchemeRegisteredAsLocal(const String&);
-    static const URLSchemesMap& localSchemes();
+    static const URLSchemesSet& localSchemes();
 
     static bool shouldTreatURLSchemeAsLocal(const String&);
 
     // Secure schemes do not trigger mixed content warnings. For example,
     // https and data are secure schemes because they cannot be corrupted by
     // active network attackers.
     static void registerURLSchemeAsSecure(const String&);
     static bool shouldTreatURLSchemeAsSecure(const String&);
 
     static void registerURLSchemeAsNoAccess(const String&);
@@ skipping 26 matching lines @@
 
     // Serialize the registered schemes in a comma-separated list.
     static String listOfCORSEnabledURLSchemes();
 
     // "Legacy" schemes (e.g. 'ftp:', 'gopher:') which we might want to treat differently from "webby" schemes.
     static void registerURLSchemeAsLegacy(const String& scheme);
     static bool shouldTreatURLSchemeAsLegacy(const String& scheme);
 
     // Allow resources from some schemes to load on a page, regardless of its
     // Content Security Policy.
-    static void registerURLSchemeAsBypassingContentSecurityPolicy(const String& scheme);
+    // This enum should be kept in sync with public/web/WebSecurityPolicy.h.
+    // Enforced in AssertMatchingEnums.cpp.
+    enum PolicyAreas : uint32_t {
+        PolicyAreaNone = 0,
+        PolicyAreaImage = 1 << 0,
+        PolicyAreaStyle = 1 << 1,
+        // Add more policy areas as needed by clients.
+        PolicyAreaAll = ~static_cast<uint32_t>(0),
+    };
+    static void registerURLSchemeAsBypassingContentSecurityPolicy(const String& scheme, PolicyAreas = PolicyAreaAll);
     static void removeURLSchemeRegisteredAsBypassingContentSecurityPolicy(const String& scheme);
-    static bool schemeShouldBypassContentSecurityPolicy(const String& scheme);
+    static bool schemeShouldBypassContentSecurityPolicy(const String& scheme, PolicyAreas = PolicyAreaAll);
 };
 
 } // namespace blink
 
 #endif // SchemeRegistry_h